Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Conduit Infected, PC slower...Please help


  • This topic is locked This topic is locked
23 replies to this topic

#1 David...

David...

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 28 November 2012 - 07:36 PM

Mod Edit:Moved to Virus, Trojan, Spyware, and Malware Removal Logs ~~ boopme

This is my first post.

Would like to thank you in advance, I am unable to currently locate the website that allowed me to analyze the HiJackThis results, {R0,R1,O2}.
I believe it was bleepingcomputer, of course it used to require hours of manually enter item.

Any assistance would be appreciated.

My computer was infected with Conduit, I believe BitDefender found the problem, but I wanted to be certain.
Also, my computer is running slower, can you help with some suggestions.

Here is the logsheet from HiJackThis...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:30:17 PM, on 11/04/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10w_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

--
End of file - 8056 bytes

Edited by boopme, 28 November 2012 - 08:32 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:46 AM

Posted 28 November 2012 - 10:33 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 01:11 AM

Gringo, thank you for your assistance.

--= Security Check =--

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
BitDefender Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Malwarebytes Anti-Malware version 1.65.1.1000
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2013
CCleaner
Java 7 Update 9
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
Google Chrome 23.0.1271.91
````````Process Check: objlist.exe by Laurent````````
BitDefender BitDefender 2011 vsserv.exe
BitDefender BitDefender 2011 bdagent.exe
BitDefender BitDefender 2011 pchooklaunch32.exe
BitDefender BitDefender 2011 updatesrv.exe
BitDefender BitDefender 2011 seccenter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````



--= AdwCleaner =--

# AdwCleaner v2.007 - Logfile created 11/29/2012 at 00:40:19
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Nadia - NADIA-PC
# Boot Mode : Normal
# Running from : C:\Users\Nadia\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.91

File : C:\Users\Nadia\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S4].txt - [654 octets] - [29/11/2012 00:40:19]

########## EOF - C:\AdwCleaner[S4].txt - [713 octets] ##########



--= Rogue Killer =--

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Nadia [Admin rights]
Mode : Remove -- Date : 11/29/2012 00:58:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 17 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++
--- User ---
[MBR] bbc31b57db8602ec7081475859493d20
[BSP] 8b95f87e5453cfd8a1366a7aeac232a7 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 53324 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 109209870 | Size: 185147 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11292012_02d0058.txt >>
RKreport[1]_S_11292012_02d0055.txt ; RKreport[2]_D_11292012_02d0058.txt

#4 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 01:36 AM

Gringo,

Regarding the feedback that should have been posted in my previous post.

Computer is responding a little quicker, but not entirely.


David

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:46 AM

Posted 29 November 2012 - 07:22 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 08:28 AM

Gringo,

Having some problems with Combofix. Unable to completely shutdown my BitDefender Total Security. Have always had this problem.
Combofix is unable to completely extract.

Was able to run in SAFEMODE only.


Problems may have had.
- system hangs
- popups online
- Spyware Doctor found 2 problems, 3 warnings but I was unaware that it was required to purchase before the solutions could be applied.
(am used to MalwareBytes FREE)




ComboFix 12-11-28.02 - Nadia 29/11/2012 2:14.1.1 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.1790.1130 [GMT -5:00]
Running from: c:\users\Nadia\Desktop\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\ZeoBIT
c:\users\Nadia\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-29 )))))))))))))))))))))))))))))))
.
.
2012-11-29 07:23 . 2012-11-29 07:27 -------- d-----w- c:\users\Nadia\AppData\Local\temp
2012-11-29 07:23 . 2012-11-29 07:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-29 07:23 . 2012-11-29 07:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-29 03:34 . 2012-11-29 03:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-29 01:46 . 2012-11-29 01:46 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-29 01:01 . 2012-11-29 01:01 -------- d-----w- c:\program files\HitmanPro
2012-11-29 00:49 . 2012-11-29 00:49 -------- d-----w- c:\program files\ESET
2012-11-28 18:21 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1622F438-FBCB-4449-B4D2-71F44555FAB2}\mpengine.dll
2012-11-28 18:14 . 2012-11-28 18:15 -------- d-----w- c:\users\Nadia\AppData\Local\Microsoft Games
2012-11-28 15:21 . 2012-11-28 15:22 -------- d-----w- c:\program files\Trend Micro
2012-11-28 15:12 . 2012-11-28 15:12 388096 ----a-r- c:\users\Nadia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 07:48 . 2012-11-27 07:48 -------- d-----w- c:\programdata\Downloaded Installations
2012-11-27 07:12 . 2012-11-27 07:12 -------- d-----w- c:\users\Nadia\AppData\Local\CRE
2012-11-26 16:10 . 2012-11-26 16:10 -------- d-----w- c:\users\Nadia\AppData\Roaming\HideIPEasy
2012-11-26 16:10 . 2012-11-26 16:10 -------- d-----w- c:\programdata\HideIPEasy
2012-11-26 16:08 . 2012-11-26 16:08 -------- d-----w- c:\program files\HideIPEasy
2012-11-26 15:46 . 2012-11-26 15:46 -------- d-----w- c:\users\Nadia\AppData\Roaming\.anomos
2012-11-26 15:45 . 2009-11-15 18:37 200704 ----a-w- c:\windows\system32\ssleay32.dll
2012-11-26 15:45 . 2009-11-15 18:37 200704 ----a-w- c:\windows\system32\libssl32.dll
2012-11-26 15:45 . 2009-11-15 18:37 1017344 ----a-w- c:\windows\system32\libeay32.dll
2012-11-26 15:43 . 2012-11-26 16:20 -------- d-----w- c:\program files\Anomos
2012-11-25 20:18 . 2012-11-25 20:18 -------- d-----w- C:\Download
2012-11-25 19:21 . 2012-11-25 19:21 -------- d-----w- c:\users\Nadia\Bluetooth Software
2012-11-25 19:20 . 2008-02-08 06:50 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-11-25 19:20 . 2012-11-25 19:20 -------- d-----w- c:\windows\system32\es-MX
2012-11-25 19:20 . 2012-11-25 19:20 -------- d-----w- c:\windows\system32\es-AR
2012-11-25 05:32 . 2012-09-19 17:10 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-11-25 05:31 . 2012-09-19 17:10 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-11-25 05:29 . 2012-11-25 05:29 -------- d-----w- c:\users\Nadia\AppData\Roaming\TuneUp Software
2012-11-25 05:28 . 2012-11-25 05:31 -------- d-----w- c:\program files\TuneUp Utilities 2013
2012-11-25 05:27 . 2012-11-25 05:29 -------- d-----w- c:\programdata\TuneUp Software
2012-11-25 05:26 . 2012-11-25 05:50 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-25 05:26 . 2012-11-25 05:26 -------- d--h--w- c:\programdata\Common Files
2012-11-24 22:17 . 2012-11-24 22:17 -------- d-----w- c:\users\Nadia\AppData\Roaming\Samsung
2012-11-24 22:15 . 2012-11-24 22:15 -------- d-----w- C:\AllShare
2012-11-24 22:14 . 2012-11-24 22:14 -------- d-----w- c:\program files\Samsung
2012-11-24 21:51 . 2012-11-25 05:50 -------- d-----w- c:\users\Nadia\AppData\Local\Downloaded Installations
2012-11-24 15:32 . 2012-11-25 05:09 -------- d-----w- c:\users\Nadia\AppData\Local\NETGEARGenie
2012-11-24 15:32 . 2012-11-24 15:32 -------- d-----w- c:\program files\NETGEAR Genie
2012-11-24 14:35 . 2009-08-05 20:10 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-11-24 14:35 . 2009-07-30 20:48 705536 ----a-w- c:\windows\system32\cohelper.dll
2012-11-24 13:38 . 2012-11-24 14:43 -------- d-----w- c:\programdata\NVIDIA
2012-11-24 13:31 . 2012-11-24 13:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-24 07:37 . 2012-11-24 07:37 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-11-24 07:37 . 2012-11-24 07:37 -------- d-----w- c:\users\UpdatusUser.Nadia-PC
2012-11-24 05:12 . 2011-12-12 22:42 1093888 ----a-w- c:\windows\system32\drivers\bcmwlhigh6.sys
2012-11-24 05:12 . 2011-12-08 22:06 3883264 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-11-24 05:12 . 2011-04-19 21:48 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-24 05:12 . 2011-04-19 21:17 3563520 ----a-w- c:\windows\system32\bcmihvui.dll
2012-11-24 05:11 . 2011-07-22 15:35 21472 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-11-24 05:11 . 2012-11-24 05:11 -------- d-----w- c:\program files\NETGEAR
2012-11-19 00:27 . 2012-11-19 00:27 -------- d-----w- c:\programdata\Linksys
2012-11-19 00:23 . 2012-11-19 00:23 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2012-11-19 00:23 . 2012-11-19 02:05 -------- d-----w- c:\programdata\Pure Networks
2012-11-19 00:22 . 2012-11-19 00:23 -------- d-----w- c:\program files\Linksys
2012-11-18 22:49 . 2012-11-25 05:50 -------- d-----w- c:\users\Nadia\AppData\Roaming\hpqLog
2012-11-18 22:30 . 2012-11-25 05:50 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-11-18 22:22 . 2012-11-24 07:15 -------- d-----w- c:\program files\Hewlett-Packard
2012-11-13 17:08 . 2012-11-13 17:08 -------- d-----w- c:\users\Nadia\AppData\Local\Amazon
2012-11-13 17:08 . 2012-11-13 17:08 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 15:36 . 2012-06-02 11:38 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-18 15:36 . 2011-09-16 02:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-01 20:35 . 2012-10-01 09:47 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-09-30 18:07 . 2010-09-06 23:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-30 18:06 . 2010-09-06 23:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-30 18:05 . 2010-09-06 23:46 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-30 00:54 . 2010-08-29 20:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 22:31 . 2011-06-28 03:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-14 22:28 . 2011-01-02 21:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-09-14 22:27 . 2011-01-02 21:19 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-07 01:04 . 2012-09-07 01:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 01:04 . 2012-09-07 01:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 1451928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View]
2012-06-14 14:58 5235128 ----a-r- c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AllShareAgent"=c:\program files\Samsung\AllShare\AllShareAgent.exe
.
R0 TfFsMon;TfFsMon; [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 WSWNDA3100v2;WSWNDA3100v2;c:\program files\NETGEAR\WNDA3100v2\WifiSvc.exe [x]
R3 ADASPROT;SYSTWEAKASO; [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TfNetMon;TfNetMon; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x]
S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [x]
S2 WDBackup;WD Backup;c:\program files\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WDRulesService;WD Rules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 15:36]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798075149-85950911-1678157633-1001Core.job
- c:\users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 13:19]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798075149-85950911-1678157633-1001UA.job
- c:\users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3540)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\BitDefender\BitDefender 2011\vsserv.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\BitDefender\BitDefender 2011\pchooklaunch32.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-11-29 02:41:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-29 07:40
.
Pre-Run: 93,408,002,048 bytes free
Post-Run: 93,166,972,928 bytes free
.
- - End Of File - - 686269D1F939344E7FFDFFF5FC3EADE1





How is computer running now?
Computer is almost there.
Read in another post about ESET Online Scanner.
Started scan after Combofix.

Please note that the Combofix, ran in only Safemode. Unable to bypass BitDefender. Searched for sometime, many people have had the same problem. But no solution has helped me as of yet.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:46 AM

Posted 29 November 2012 - 09:07 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 11:09 AM

Gringo,

Thank you again for your assistance.
I find it odd that in today's computer society, that we don't have one virus/spyware/malware/rootkit etc... program that simply would run all of the ones mentioned and solve all problems.

Wanna go into business?



Here is the TDSSKiller log file.

10:30:06.0066 2464 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
10:30:08.0234 2464 ============================================================
10:30:08.0234 2464 Current date / time: 2012/11/29 10:30:08.0234
10:30:08.0234 2464 SystemInfo:
10:30:08.0234 2464
10:30:08.0234 2464 OS Version: 6.1.7601 ServicePack: 1.0
10:30:08.0234 2464 Product type: Workstation
10:30:08.0234 2464 ComputerName: NADIA-PC
10:30:08.0234 2464 UserName: Nadia
10:30:08.0234 2464 Windows directory: C:\Windows
10:30:08.0234 2464 System windows directory: C:\Windows
10:30:08.0234 2464 Processor architecture: Intel x86
10:30:08.0234 2464 Number of processors: 1
10:30:08.0234 2464 Page size: 0x1000
10:30:08.0234 2464 Boot type: Normal boot
10:30:08.0234 2464 ============================================================
10:30:10.0169 2464 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:30:10.0231 2464 ============================================================
10:30:10.0231 2464 \Device\Harddisk0\DR0:
10:30:10.0231 2464 MBR partitions:
10:30:10.0231 2464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x682610E
10:30:10.0231 2464 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x682690E, BlocksNum 0x1699DC73
10:30:10.0231 2464 ============================================================
10:30:10.0418 2464 C: <-> \Device\Harddisk0\DR0\Partition2
10:30:10.0621 2464 B: <-> \Device\Harddisk0\DR0\Partition1
10:30:10.0621 2464 ============================================================
10:30:10.0621 2464 Initialize success
10:30:10.0621 2464 ============================================================
10:30:38.0290 4088 ============================================================
10:30:38.0290 4088 Scan started
10:30:38.0290 4088 Mode: Manual;
10:30:38.0290 4088 ============================================================
10:30:40.0302 4088 ================ Scan system memory ========================
10:30:40.0302 4088 System memory - ok
10:30:40.0302 4088 ================ Scan services =============================
10:30:40.0536 4088 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:30:40.0552 4088 1394ohci - ok
10:30:40.0599 4088 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:30:40.0614 4088 ACPI - ok
10:30:40.0677 4088 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:30:40.0692 4088 AcpiPmi - ok
10:30:40.0708 4088 ADASPROT - ok
10:30:40.0817 4088 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:30:40.0817 4088 AdobeARMservice - ok
10:30:40.0926 4088 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:30:40.0942 4088 AdobeFlashPlayerUpdateSvc - ok
10:30:40.0989 4088 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:30:40.0989 4088 adp94xx - ok
10:30:41.0020 4088 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:30:41.0036 4088 adpahci - ok
10:30:41.0051 4088 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:30:41.0051 4088 adpu320 - ok
10:30:41.0098 4088 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:30:41.0098 4088 AeLookupSvc - ok
10:30:41.0145 4088 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
10:30:41.0160 4088 AFD - ok
10:30:41.0192 4088 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
10:30:41.0192 4088 agp440 - ok
10:30:41.0223 4088 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
10:30:41.0223 4088 aic78xx - ok
10:30:41.0254 4088 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
10:30:41.0254 4088 ALG - ok
10:30:41.0285 4088 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
10:30:41.0285 4088 aliide - ok
10:30:41.0316 4088 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:30:41.0316 4088 amdagp - ok
10:30:41.0348 4088 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
10:30:41.0348 4088 amdide - ok
10:30:41.0379 4088 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:30:41.0379 4088 AmdK8 - ok
10:30:41.0394 4088 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:30:41.0410 4088 AmdPPM - ok
10:30:41.0426 4088 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:30:41.0441 4088 amdsata - ok
10:30:41.0472 4088 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:30:41.0472 4088 amdsbs - ok
10:30:41.0504 4088 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:30:41.0504 4088 amdxata - ok
10:30:41.0566 4088 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
10:30:41.0566 4088 AppID - ok
10:30:41.0597 4088 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:30:41.0597 4088 AppIDSvc - ok
10:30:41.0628 4088 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
10:30:41.0628 4088 Appinfo - ok
10:30:41.0675 4088 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
10:30:41.0675 4088 AppMgmt - ok
10:30:41.0706 4088 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:30:41.0706 4088 arc - ok
10:30:41.0738 4088 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:30:41.0738 4088 arcsas - ok
10:30:41.0769 4088 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:30:41.0769 4088 AsyncMac - ok
10:30:41.0816 4088 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
10:30:41.0816 4088 atapi - ok
10:30:41.0878 4088 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
10:30:41.0909 4088 athr - ok
10:30:41.0987 4088 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:30:41.0987 4088 AudioEndpointBuilder - ok
10:30:42.0003 4088 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:30:42.0018 4088 Audiosrv - ok
10:30:42.0065 4088 [ C6CF76384DFC739B0BE55ABB79AD4DC0 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
10:30:42.0081 4088 avc3 - ok
10:30:42.0174 4088 [ B758A219E95C085405B1E356A8267610 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
10:30:42.0237 4088 avckf - ok
10:30:42.0268 4088 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:30:42.0284 4088 AxInstSV - ok
10:30:42.0315 4088 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
10:30:42.0330 4088 b06bdrv - ok
10:30:42.0362 4088 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
10:30:42.0362 4088 b57nd60x - ok
10:30:42.0471 4088 [ B172E759651C4FBD77C009F8E1571EB3 ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh6.sys
10:30:42.0502 4088 BCMH43XX - ok
10:30:42.0549 4088 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
10:30:42.0549 4088 BDESVC - ok
10:30:42.0596 4088 [ 8D4EFC5C378BFFE34C298C92F37D3B14 ] BDFM C:\Windows\system32\DRIVERS\bdfm.sys
10:30:42.0596 4088 BDFM - ok
10:30:42.0658 4088 [ 817FC12BC93A70B0449EBEFAA4D6F4D2 ] Bdfndisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
10:30:42.0658 4088 Bdfndisf - ok
10:30:42.0689 4088 [ C3E025D46368E3D18085EEF26EF6F6A1 ] bdfsfltr C:\Windows\system32\DRIVERS\bdfsfltr.sys
10:30:42.0705 4088 bdfsfltr - ok
10:30:42.0720 4088 [ F16B1B98871A44192C0364A23B57FF35 ] bdfwfpf C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys
10:30:42.0736 4088 bdfwfpf - ok
10:30:42.0814 4088 [ 2DAA9E807C11B4677CAFC1E43A98F8CE ] bdselfpr C:\Program Files\BitDefender\BitDefender 2011\bdselfpr.sys
10:30:42.0814 4088 bdselfpr - ok
10:30:42.0845 4088 [ 375CD0B9F433465EC6F50D4DF44E9448 ] Bdvedisk C:\Windows\system32\DRIVERS\bdvedisk.sys
10:30:42.0845 4088 Bdvedisk - ok
10:30:42.0876 4088 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
10:30:42.0876 4088 Beep - ok
10:30:42.0923 4088 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
10:30:42.0954 4088 BFE - ok
10:30:43.0001 4088 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
10:30:43.0017 4088 BITS - ok
10:30:43.0064 4088 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:30:43.0064 4088 blbdrive - ok
10:30:43.0110 4088 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:30:43.0110 4088 bowser - ok
10:30:43.0142 4088 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:30:43.0142 4088 BrFiltLo - ok
10:30:43.0173 4088 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:30:43.0173 4088 BrFiltUp - ok
10:30:43.0204 4088 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
10:30:43.0204 4088 BridgeMP - ok
10:30:43.0251 4088 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
10:30:43.0251 4088 Browser - ok
10:30:43.0282 4088 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:30:43.0282 4088 Brserid - ok
10:30:43.0313 4088 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:30:43.0329 4088 BrSerWdm - ok
10:30:43.0344 4088 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:30:43.0360 4088 BrUsbMdm - ok
10:30:43.0376 4088 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:30:43.0376 4088 BrUsbSer - ok
10:30:43.0407 4088 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:30:43.0407 4088 BthEnum - ok
10:30:43.0438 4088 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:30:43.0438 4088 BTHMODEM - ok
10:30:43.0469 4088 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:30:43.0485 4088 BthPan - ok
10:30:43.0594 4088 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:30:43.0594 4088 BTHPORT - ok
10:30:43.0641 4088 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
10:30:43.0641 4088 bthserv - ok
10:30:43.0656 4088 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:30:43.0656 4088 BTHUSB - ok
10:30:43.0688 4088 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
10:30:43.0688 4088 btusbflt - ok
10:30:43.0734 4088 [ CE5833C144CA6623BCBDE93B188AA850 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:30:43.0734 4088 btwaudio - ok
10:30:43.0750 4088 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:30:43.0766 4088 btwavdt - ok
10:30:43.0922 4088 [ 34B3A9EA46AE6AA2985B78A10E41B0D3 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:30:43.0922 4088 btwdins - ok
10:30:43.0968 4088 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:30:43.0968 4088 btwl2cap - ok
10:30:44.0000 4088 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:30:44.0000 4088 btwrchid - ok
10:30:44.0140 4088 catchme - ok
10:30:44.0187 4088 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:30:44.0187 4088 cdfs - ok
10:30:44.0218 4088 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
10:30:44.0218 4088 cdrom - ok
10:30:44.0265 4088 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
10:30:44.0265 4088 CertPropSvc - ok
10:30:44.0296 4088 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:30:44.0312 4088 circlass - ok
10:30:44.0390 4088 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
10:30:44.0390 4088 CLFS - ok
10:30:44.0483 4088 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:30:44.0499 4088 clr_optimization_v2.0.50727_32 - ok
10:30:44.0546 4088 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:30:44.0561 4088 clr_optimization_v4.0.30319_32 - ok
10:30:44.0577 4088 clwvd - ok
10:30:44.0608 4088 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:30:44.0608 4088 CmBatt - ok
10:30:44.0655 4088 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:30:44.0655 4088 cmdide - ok
10:30:44.0686 4088 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
10:30:44.0702 4088 CNG - ok
10:30:44.0748 4088 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
10:30:44.0748 4088 CnxtHdAudService - ok
10:30:44.0795 4088 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:30:44.0811 4088 Compbatt - ok
10:30:44.0842 4088 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:30:44.0842 4088 CompositeBus - ok
10:30:44.0873 4088 COMSysApp - ok
10:30:44.0889 4088 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:30:44.0889 4088 crcdisk - ok
10:30:44.0936 4088 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:30:44.0936 4088 CryptSvc - ok
10:30:44.0982 4088 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
10:30:44.0982 4088 CSC - ok
10:30:45.0029 4088 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
10:30:45.0045 4088 CscService - ok
10:30:45.0092 4088 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
10:30:45.0092 4088 DcomLaunch - ok
10:30:45.0154 4088 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
10:30:45.0154 4088 defragsvc - ok
10:30:45.0185 4088 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:30:45.0201 4088 DfsC - ok
10:30:45.0232 4088 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:30:45.0232 4088 Dhcp - ok
10:30:45.0263 4088 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
10:30:45.0263 4088 discache - ok
10:30:45.0294 4088 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:30:45.0294 4088 Disk - ok
10:30:45.0341 4088 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:30:45.0341 4088 Dnscache - ok
10:30:45.0388 4088 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
10:30:45.0388 4088 dot3svc - ok
10:30:45.0435 4088 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:30:45.0435 4088 Dot4 - ok
10:30:45.0482 4088 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:30:45.0497 4088 Dot4Print - ok
10:30:45.0528 4088 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:30:45.0528 4088 dot4usb - ok
10:30:45.0560 4088 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
10:30:45.0560 4088 DPS - ok
10:30:45.0606 4088 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:30:45.0606 4088 drmkaud - ok
10:30:45.0653 4088 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:30:45.0684 4088 DXGKrnl - ok
10:30:45.0716 4088 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
10:30:45.0731 4088 EapHost - ok
10:30:45.0825 4088 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
10:30:45.0903 4088 ebdrv - ok
10:30:45.0934 4088 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
10:30:45.0950 4088 EFS - ok
10:30:46.0028 4088 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:30:46.0028 4088 ehRecvr - ok
10:30:46.0074 4088 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
10:30:46.0074 4088 ehSched - ok
10:30:46.0106 4088 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:30:46.0121 4088 elxstor - ok
10:30:46.0168 4088 [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
10:30:46.0168 4088 epmntdrv - ok
10:30:46.0199 4088 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:30:46.0199 4088 ErrDev - ok
10:30:46.0246 4088 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
10:30:46.0246 4088 EuGdiDrv - ok
10:30:46.0308 4088 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
10:30:46.0308 4088 EventSystem - ok
10:30:46.0355 4088 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
10:30:46.0386 4088 exfat - ok
10:30:46.0433 4088 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:30:46.0464 4088 fastfat - ok
10:30:46.0511 4088 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
10:30:46.0511 4088 Fax - ok
10:30:46.0558 4088 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:30:46.0558 4088 fdc - ok
10:30:46.0605 4088 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
10:30:46.0605 4088 fdPHost - ok
10:30:46.0683 4088 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
10:30:46.0683 4088 FDResPub - ok
10:30:46.0714 4088 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:30:46.0714 4088 FileInfo - ok
10:30:46.0745 4088 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:30:46.0745 4088 Filetrace - ok
10:30:46.0776 4088 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:30:46.0776 4088 flpydisk - ok
10:30:46.0808 4088 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:30:46.0823 4088 FltMgr - ok
10:30:46.0870 4088 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
10:30:46.0886 4088 FontCache - ok
10:30:46.0979 4088 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:30:46.0979 4088 FontCache3.0.0.0 - ok
10:30:47.0026 4088 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:30:47.0026 4088 FsDepends - ok
10:30:47.0073 4088 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:30:47.0073 4088 Fs_Rec - ok
10:30:47.0104 4088 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:30:47.0120 4088 fvevol - ok
10:30:47.0151 4088 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:30:47.0151 4088 gagp30kx - ok
10:30:47.0198 4088 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
10:30:47.0213 4088 gpsvc - ok
10:30:47.0276 4088 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
10:30:47.0291 4088 gupdate - ok
10:30:47.0307 4088 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:30:47.0307 4088 gupdatem - ok
10:30:47.0369 4088 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:30:47.0369 4088 hcw85cir - ok
10:30:47.0432 4088 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:30:47.0432 4088 HdAudAddService - ok
10:30:47.0494 4088 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:30:47.0510 4088 HDAudBus - ok
10:30:47.0556 4088 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:30:47.0556 4088 HidBatt - ok
10:30:47.0619 4088 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:30:47.0619 4088 HidBth - ok
10:30:47.0650 4088 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:30:47.0650 4088 HidIr - ok
10:30:47.0712 4088 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
10:30:47.0728 4088 hidserv - ok
10:30:47.0759 4088 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:30:47.0775 4088 HidUsb - ok
10:30:47.0822 4088 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:30:47.0822 4088 hkmsvc - ok
10:30:47.0868 4088 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:30:47.0868 4088 HomeGroupListener - ok
10:30:47.0915 4088 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:30:47.0931 4088 HomeGroupProvider - ok
10:30:47.0962 4088 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:30:47.0962 4088 HpSAMD - ok
10:30:48.0024 4088 HsfXAudioService - ok
10:30:48.0087 4088 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:30:48.0102 4088 HTTP - ok
10:30:48.0134 4088 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:30:48.0134 4088 hwpolicy - ok
10:30:48.0149 4088 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:30:48.0165 4088 i8042prt - ok
10:30:48.0212 4088 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:30:48.0212 4088 iaStorV - ok
10:30:48.0290 4088 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:30:48.0321 4088 idsvc - ok
10:30:48.0352 4088 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:30:48.0352 4088 iirsp - ok
10:30:48.0414 4088 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
10:30:48.0446 4088 IKEEXT - ok
10:30:48.0508 4088 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
10:30:48.0508 4088 intelide - ok
10:30:48.0524 4088 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:30:48.0539 4088 intelppm - ok
10:30:48.0586 4088 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:30:48.0586 4088 IPBusEnum - ok
10:30:48.0617 4088 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:30:48.0633 4088 IpFilterDriver - ok
10:30:48.0680 4088 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:30:48.0680 4088 iphlpsvc - ok
10:30:48.0726 4088 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:30:48.0742 4088 IPMIDRV - ok
10:30:48.0773 4088 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:30:48.0773 4088 IPNAT - ok
10:30:48.0804 4088 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:30:48.0804 4088 IRENUM - ok
10:30:48.0836 4088 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:30:48.0836 4088 isapnp - ok
10:30:48.0882 4088 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:30:48.0945 4088 iScsiPrt - ok
10:30:48.0960 4088 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:30:48.0976 4088 kbdclass - ok
10:30:49.0007 4088 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:30:49.0007 4088 kbdhid - ok
10:30:49.0038 4088 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
10:30:49.0038 4088 KeyIso - ok
10:30:49.0085 4088 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:30:49.0085 4088 KSecDD - ok
10:30:49.0132 4088 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:30:49.0132 4088 KSecPkg - ok
10:30:49.0179 4088 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
10:30:49.0179 4088 KtmRm - ok
10:30:49.0272 4088 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
10:30:49.0272 4088 LanmanServer - ok
10:30:49.0319 4088 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:30:49.0319 4088 LanmanWorkstation - ok
10:30:49.0397 4088 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:30:49.0397 4088 lltdio - ok
10:30:49.0428 4088 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:30:49.0428 4088 lltdsvc - ok
10:30:49.0460 4088 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
10:30:49.0475 4088 lmhosts - ok
10:30:49.0522 4088 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:30:49.0522 4088 LSI_FC - ok
10:30:49.0553 4088 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:30:49.0553 4088 LSI_SAS - ok
10:30:49.0600 4088 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:30:49.0600 4088 LSI_SAS2 - ok
10:30:49.0631 4088 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:30:49.0647 4088 LSI_SCSI - ok
10:30:49.0678 4088 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
10:30:49.0678 4088 luafv - ok
10:30:49.0725 4088 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:30:49.0725 4088 Mcx2Svc - ok
10:30:49.0756 4088 mdmxsdk - ok
10:30:49.0787 4088 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:30:49.0787 4088 megasas - ok
10:30:49.0818 4088 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:30:49.0834 4088 MegaSR - ok
10:30:49.0912 4088 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:30:49.0912 4088 Microsoft Office Groove Audit Service - ok
10:30:49.0959 4088 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
10:30:49.0959 4088 MMCSS - ok
10:30:49.0990 4088 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
10:30:49.0990 4088 Modem - ok
10:30:50.0021 4088 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:30:50.0021 4088 monitor - ok
10:30:50.0068 4088 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:30:50.0068 4088 mouclass - ok
10:30:50.0099 4088 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:30:50.0099 4088 mouhid - ok
10:30:50.0146 4088 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:30:50.0146 4088 mountmgr - ok
10:30:50.0177 4088 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
10:30:50.0177 4088 mpio - ok
10:30:50.0224 4088 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:30:50.0224 4088 mpsdrv - ok
10:30:50.0271 4088 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:30:50.0286 4088 MpsSvc - ok
10:30:50.0318 4088 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:30:50.0333 4088 MRxDAV - ok
10:30:50.0380 4088 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:30:50.0380 4088 mrxsmb - ok
10:30:50.0427 4088 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:30:50.0427 4088 mrxsmb10 - ok
10:30:50.0474 4088 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:30:50.0474 4088 mrxsmb20 - ok
10:30:50.0505 4088 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
10:30:50.0505 4088 msahci - ok
10:30:50.0552 4088 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:30:50.0552 4088 msdsm - ok
10:30:50.0583 4088 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
10:30:50.0598 4088 MSDTC - ok
10:30:50.0676 4088 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:30:50.0676 4088 Msfs - ok
10:30:50.0739 4088 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:30:50.0739 4088 mshidkmdf - ok
10:30:50.0786 4088 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:30:50.0786 4088 msisadrv - ok
10:30:50.0832 4088 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:30:50.0832 4088 MSiSCSI - ok
10:30:50.0864 4088 msiserver - ok
10:30:50.0910 4088 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:30:50.0910 4088 MSKSSRV - ok
10:30:50.0942 4088 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:30:50.0942 4088 MSPCLOCK - ok
10:30:50.0988 4088 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:30:50.0988 4088 MSPQM - ok
10:30:51.0020 4088 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:30:51.0035 4088 MsRPC - ok
10:30:51.0082 4088 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:30:51.0082 4088 mssmbios - ok
10:30:51.0098 4088 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:30:51.0113 4088 MSTEE - ok
10:30:51.0144 4088 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:30:51.0144 4088 MTConfig - ok
10:30:51.0176 4088 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
10:30:51.0176 4088 Mup - ok
10:30:51.0238 4088 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
10:30:51.0254 4088 napagent - ok
10:30:51.0285 4088 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:30:51.0300 4088 NativeWifiP - ok
10:30:51.0347 4088 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:30:51.0363 4088 NDIS - ok
10:30:51.0394 4088 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:30:51.0410 4088 NdisCap - ok
10:30:51.0441 4088 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:30:51.0441 4088 NdisTapi - ok
10:30:51.0472 4088 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:30:51.0488 4088 Ndisuio - ok
10:30:51.0519 4088 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:30:51.0534 4088 NdisWan - ok
10:30:51.0581 4088 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:30:51.0581 4088 NDProxy - ok
10:30:51.0628 4088 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:30:51.0628 4088 Net Driver HPZ12 - ok
10:30:51.0659 4088 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:30:51.0675 4088 NetBIOS - ok
10:30:51.0722 4088 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:30:51.0722 4088 NetBT - ok
10:30:51.0831 4088 [ 38CE271DAC632044AA18A7457CBBE2D2 ] NETGEARGenieDaemon C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
10:30:51.0846 4088 NETGEARGenieDaemon - ok
10:30:51.0878 4088 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
10:30:51.0878 4088 Netlogon - ok
10:30:51.0924 4088 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
10:30:51.0924 4088 Netman - ok
10:30:51.0956 4088 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
10:30:51.0987 4088 netprofm - ok
10:30:52.0034 4088 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:30:52.0034 4088 NetTcpPortSharing - ok
10:30:52.0080 4088 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:30:52.0080 4088 nfrd960 - ok
10:30:52.0127 4088 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:30:52.0143 4088 NlaSvc - ok
10:30:52.0174 4088 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:30:52.0174 4088 Npfs - ok
10:30:52.0221 4088 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
10:30:52.0268 4088 nsi - ok
10:30:52.0299 4088 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:30:52.0299 4088 nsiproxy - ok
10:30:52.0377 4088 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:30:52.0424 4088 Ntfs - ok
10:30:52.0455 4088 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
10:30:52.0455 4088 Null - ok
10:30:52.0502 4088 [ B5E37E31C053BC9950455A257526514B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
10:30:52.0517 4088 NVENETFD - ok
10:30:52.0548 4088 [ 96C27791D5AE5C77E37C61B15112E38D ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
10:30:52.0564 4088 NVHDA - ok
10:30:52.0814 4088 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:30:53.0048 4088 nvlddmkm - ok
10:30:53.0094 4088 [ 5BF9C11586F4764446407F509F1BECA8 ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
10:30:53.0110 4088 NVNET - ok
10:30:53.0188 4088 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:30:53.0188 4088 nvraid - ok
10:30:53.0250 4088 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:30:53.0250 4088 nvstor - ok
10:30:53.0344 4088 [ E55877BE77A8A31B0416B4E7C3DBE3F2 ] NVSvc C:\Windows\system32\nvvsvc.exe
10:30:53.0360 4088 NVSvc - ok
10:30:53.0406 4088 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:30:53.0406 4088 nv_agp - ok
10:30:53.0531 4088 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:30:53.0547 4088 odserv - ok
10:30:53.0578 4088 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:30:53.0578 4088 ohci1394 - ok
10:30:53.0640 4088 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:30:53.0640 4088 ose - ok
10:30:53.0750 4088 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:30:53.0765 4088 p2pimsvc - ok
10:30:53.0796 4088 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
10:30:53.0812 4088 p2psvc - ok
10:30:53.0859 4088 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:30:53.0874 4088 Parport - ok
10:30:53.0921 4088 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:30:53.0921 4088 partmgr - ok
10:30:53.0952 4088 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
10:30:53.0952 4088 Parvdm - ok
10:30:53.0984 4088 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:30:53.0999 4088 PcaSvc - ok
10:30:54.0046 4088 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
10:30:54.0046 4088 pci - ok
10:30:54.0077 4088 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
10:30:54.0077 4088 pciide - ok
10:30:54.0124 4088 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:30:54.0124 4088 pcmcia - ok
10:30:54.0171 4088 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
10:30:54.0171 4088 pcw - ok
10:30:54.0218 4088 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:30:54.0218 4088 PEAUTH - ok
10:30:54.0296 4088 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:30:54.0327 4088 PeerDistSvc - ok
10:30:54.0436 4088 pgfilter - ok
10:30:54.0514 4088 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
10:30:54.0561 4088 pla - ok
10:30:54.0608 4088 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:30:54.0608 4088 PlugPlay - ok
10:30:54.0654 4088 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:30:54.0654 4088 Pml Driver HPZ12 - ok
10:30:54.0686 4088 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:30:54.0686 4088 PNRPAutoReg - ok
10:30:54.0732 4088 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:30:54.0732 4088 PNRPsvc - ok
10:30:54.0779 4088 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:30:54.0779 4088 PolicyAgent - ok
10:30:54.0842 4088 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
10:30:54.0857 4088 Power - ok
10:30:54.0904 4088 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:30:54.0920 4088 PptpMiniport - ok
10:30:54.0951 4088 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:30:54.0951 4088 Processor - ok
10:30:55.0029 4088 [ 36C46561FDC566FD4943216ABA090343 ] PROCEXP113 C:\Windows\system32\Drivers\PROCEXP113.SYS
10:30:55.0029 4088 PROCEXP113 - ok
10:30:55.0091 4088 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
10:30:55.0091 4088 ProfSvc - ok
10:30:55.0122 4088 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:30:55.0122 4088 ProtectedStorage - ok
10:30:55.0169 4088 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:30:55.0169 4088 Psched - ok
10:30:55.0232 4088 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:30:55.0278 4088 ql2300 - ok
10:30:55.0325 4088 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:30:55.0325 4088 ql40xx - ok
10:30:55.0356 4088 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
10:30:55.0372 4088 QWAVE - ok
10:30:55.0403 4088 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:30:55.0419 4088 QWAVEdrv - ok
10:30:55.0434 4088 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:30:55.0450 4088 RasAcd - ok
10:30:55.0497 4088 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:30:55.0497 4088 RasAgileVpn - ok
10:30:55.0544 4088 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
10:30:55.0544 4088 RasAuto - ok
10:30:55.0575 4088 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:30:55.0575 4088 Rasl2tp - ok
10:30:55.0637 4088 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
10:30:55.0637 4088 RasMan - ok
10:30:55.0668 4088 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:30:55.0668 4088 RasPppoe - ok
10:30:55.0715 4088 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:30:55.0715 4088 RasSstp - ok
10:30:55.0778 4088 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:30:55.0778 4088 rdbss - ok
10:30:55.0809 4088 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:30:55.0809 4088 rdpbus - ok
10:30:55.0856 4088 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:30:55.0856 4088 RDPCDD - ok
10:30:55.0934 4088 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:30:55.0949 4088 RDPDR - ok
10:30:55.0996 4088 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:30:55.0996 4088 RDPENCDD - ok
10:30:56.0043 4088 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:30:56.0043 4088 RDPREFMP - ok
10:30:56.0090 4088 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:30:56.0090 4088 RdpVideoMiniport - ok
10:30:56.0136 4088 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:30:56.0152 4088 RDPWD - ok
10:30:56.0199 4088 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:30:56.0199 4088 rdyboost - ok
10:30:56.0292 4088 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
10:30:56.0292 4088 RemoteAccess - ok
10:30:56.0386 4088 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:30:56.0386 4088 RemoteRegistry - ok
10:30:56.0433 4088 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:30:56.0433 4088 RFCOMM - ok
10:30:56.0495 4088 [ 616EAC1B0E48B236A5A9B8AE07FDB81C ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
10:30:56.0495 4088 RimUsb - ok
10:30:56.0558 4088 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
10:30:56.0558 4088 RimVSerPort - ok
10:30:56.0604 4088 [ 564297827D213F52C7A3A2FF749568CA ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
10:30:56.0604 4088 ROOTMODEM - ok
10:30:56.0651 4088 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:30:56.0651 4088 RpcEptMapper - ok
10:30:56.0698 4088 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
10:30:56.0698 4088 RpcLocator - ok
10:30:56.0745 4088 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
10:30:56.0760 4088 RpcSs - ok
10:30:56.0792 4088 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:30:56.0792 4088 rspndr - ok
10:30:56.0823 4088 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:30:56.0838 4088 s3cap - ok
10:30:56.0870 4088 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
10:30:56.0870 4088 SamSs - ok
10:30:57.0010 4088 [ 328100AF2EFD951EAB657384EC361B6F ] SamsungAllShareV2.0 C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
10:30:57.0010 4088 SamsungAllShareV2.0 - ok
10:30:57.0088 4088 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:30:57.0088 4088 sbp2port - ok
10:30:57.0166 4088 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:30:57.0182 4088 SCardSvr - ok
10:30:57.0213 4088 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:30:57.0213 4088 scfilter - ok
10:30:57.0275 4088 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
10:30:57.0306 4088 Schedule - ok
10:30:57.0353 4088 [ 46FB343BA8538009D5A24B110E8C7724 ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
10:30:57.0353 4088 SCMNdisP - ok
10:30:57.0384 4088 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:30:57.0384 4088 SCPolicySvc - ok
10:30:57.0447 4088 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:30:57.0447 4088 SDRSVC - ok
10:30:57.0509 4088 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:30:57.0509 4088 SeaPort - ok
10:30:57.0572 4088 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:30:57.0572 4088 secdrv - ok
10:30:57.0618 4088 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
10:30:57.0634 4088 seclogon - ok
10:30:57.0665 4088 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
10:30:57.0681 4088 SENS - ok
10:30:57.0728 4088 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:30:57.0728 4088 SensrSvc - ok
10:30:57.0774 4088 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:30:57.0774 4088 Serenum - ok
10:30:57.0806 4088 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:30:57.0821 4088 Serial - ok
10:30:57.0868 4088 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:30:57.0868 4088 sermouse - ok
10:30:57.0962 4088 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
10:30:57.0977 4088 SessionEnv - ok
10:30:58.0024 4088 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:30:58.0024 4088 sffdisk - ok
10:30:58.0071 4088 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:30:58.0086 4088 sffp_mmc - ok
10:30:58.0133 4088 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:30:58.0133 4088 sffp_sd - ok
10:30:58.0180 4088 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:30:58.0180 4088 sfloppy - ok
10:30:58.0289 4088 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:30:58.0289 4088 SharedAccess - ok
10:30:58.0398 4088 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:30:58.0414 4088 ShellHWDetection - ok
10:30:58.0445 4088 [ 1980FE1F5A32067DAD1D8776B63C2669 ] SimpleSlideShowServer C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe
10:30:58.0461 4088 SimpleSlideShowServer - ok
10:30:58.0492 4088 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:30:58.0492 4088 sisagp - ok
10:30:58.0539 4088 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:30:58.0539 4088 SiSRaid2 - ok
10:30:58.0586 4088 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:30:58.0586 4088 SiSRaid4 - ok
10:30:58.0664 4088 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:30:58.0664 4088 SkypeUpdate - ok
10:30:58.0695 4088 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:30:58.0710 4088 Smb - ok
10:30:58.0788 4088 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:30:58.0804 4088 SNMPTRAP - ok
10:30:58.0882 4088 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
10:30:58.0929 4088 spldr - ok
10:30:58.0976 4088 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
10:30:58.0991 4088 Spooler - ok
10:30:59.0100 4088 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
10:30:59.0178 4088 sppsvc - ok
10:30:59.0288 4088 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:30:59.0288 4088 sppuinotify - ok
10:30:59.0334 4088 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:30:59.0350 4088 srv - ok
10:30:59.0397 4088 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:30:59.0397 4088 srv2 - ok
10:30:59.0459 4088 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:30:59.0459 4088 SrvHsfHDA - ok
10:30:59.0522 4088 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:30:59.0568 4088 SrvHsfV92 - ok
10:30:59.0615 4088 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:30:59.0631 4088 SrvHsfWinac - ok
10:30:59.0678 4088 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:30:59.0678 4088 srvnet - ok
10:30:59.0740 4088 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:30:59.0756 4088 SSDPSRV - ok
10:30:59.0787 4088 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:30:59.0787 4088 SstpSvc - ok
10:30:59.0834 4088 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:30:59.0865 4088 stexstor - ok
10:30:59.0958 4088 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
10:30:59.0958 4088 StillCam - ok
10:31:00.0021 4088 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
10:31:00.0036 4088 StiSvc - ok
10:31:00.0083 4088 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:31:00.0083 4088 storflt - ok
10:31:00.0130 4088 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:31:00.0146 4088 storvsc - ok
10:31:00.0177 4088 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
10:31:00.0177 4088 swenum - ok
10:31:00.0239 4088 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
10:31:00.0239 4088 swprv - ok
10:31:00.0270 4088 Synth3dVsc - ok
10:31:00.0333 4088 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:31:00.0333 4088 SynTP - ok
10:31:00.0411 4088 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
10:31:00.0442 4088 SysMain - ok
10:31:00.0489 4088 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:31:00.0489 4088 TabletInputService - ok
10:31:00.0536 4088 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
10:31:00.0551 4088 TapiSrv - ok
10:31:00.0598 4088 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
10:31:00.0614 4088 TBS - ok
10:31:00.0692 4088 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:31:00.0723 4088 Tcpip - ok
10:31:00.0785 4088 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:31:00.0801 4088 TCPIP6 - ok
10:31:00.0863 4088 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:31:00.0863 4088 tcpipreg - ok
10:31:00.0957 4088 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:31:00.0957 4088 TDPIPE - ok
10:31:01.0004 4088 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:31:01.0004 4088 TDTCP - ok
10:31:01.0066 4088 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:31:01.0066 4088 tdx - ok
10:31:01.0113 4088 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:31:01.0175 4088 TermDD - ok
10:31:01.0238 4088 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
10:31:01.0238 4088 TermService - ok
10:31:01.0269 4088 TfFsMon - ok
10:31:01.0300 4088 TfNetMon - ok
10:31:01.0331 4088 TfSysMon - ok
10:31:01.0581 4088 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
10:31:01.0581 4088 Themes - ok
10:31:01.0628 4088 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
10:31:01.0628 4088 THREADORDER - ok
10:31:01.0752 4088 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
10:31:01.0752 4088 TrkWks - ok
10:31:01.0815 4088 [ A919775C03303D0E0690B315D26A5E1D ] Trufos C:\Windows\system32\DRIVERS\Trufos.sys
10:31:01.0815 4088 Trufos - ok
10:31:01.0877 4088 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:31:01.0893 4088 TrustedInstaller - ok
10:31:01.0971 4088 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:31:01.0971 4088 tssecsrv - ok
10:31:02.0018 4088 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:31:02.0018 4088 TsUsbFlt - ok
10:31:02.0049 4088 tsusbhub - ok
10:31:02.0158 4088 [ 423B19F510B1BE1952DB95722BC1FC42 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
10:31:02.0205 4088 TuneUp.UtilitiesSvc - ok
10:31:02.0252 4088 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
10:31:02.0252 4088 TuneUpUtilitiesDrv - ok
10:31:02.0298 4088 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:31:02.0314 4088 tunnel - ok
10:31:02.0345 4088 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:31:02.0345 4088 uagp35 - ok
10:31:02.0408 4088 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:31:02.0423 4088 udfs - ok
10:31:02.0517 4088 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:31:02.0517 4088 UI0Detect - ok
10:31:02.0579 4088 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:31:02.0579 4088 uliagpkx - ok
10:31:02.0626 4088 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:31:02.0626 4088 umbus - ok
10:31:02.0673 4088 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:31:02.0688 4088 UmPass - ok
10:31:02.0751 4088 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
10:31:02.0751 4088 UmRdpService - ok
10:31:02.0860 4088 [ 97AF0BFAC3AB8343E37E19C551E7D9FA ] Update Server C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
10:31:02.0860 4088 Update Server - ok
10:31:02.0938 4088 Updatesrv - ok
10:31:03.0000 4088 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
10:31:03.0000 4088 upnphost - ok
10:31:03.0094 4088 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:31:03.0094 4088 usbaudio - ok
10:31:03.0141 4088 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:31:03.0156 4088 usbccgp - ok
10:31:03.0203 4088 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:31:03.0219 4088 usbcir - ok
10:31:03.0266 4088 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:31:03.0266 4088 usbehci - ok
10:31:03.0312 4088 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:31:03.0312 4088 usbhub - ok
10:31:03.0375 4088 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:31:03.0375 4088 usbohci - ok
10:31:03.0422 4088 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:31:03.0422 4088 usbprint - ok
10:31:03.0468 4088 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:31:03.0484 4088 usbscan - ok
10:31:03.0515 4088 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:31:03.0515 4088 USBSTOR - ok
10:31:03.0578 4088 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:31:03.0578 4088 usbuhci - ok
10:31:03.0640 4088 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:31:03.0640 4088 usbvideo - ok
10:31:03.0687 4088 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
10:31:03.0702 4088 UxSms - ok
10:31:03.0734 4088 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
10:31:03.0734 4088 VaultSvc - ok
10:31:03.0780 4088 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:31:03.0780 4088 vdrvroot - ok
10:31:03.0843 4088 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
10:31:03.0858 4088 vds - ok
10:31:03.0905 4088 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:31:03.0905 4088 vga - ok
10:31:03.0952 4088 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:31:03.0968 4088 VgaSave - ok
10:31:03.0999 4088 VGPU - ok
10:31:04.0046 4088 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:31:04.0046 4088 vhdmp - ok
10:31:04.0077 4088 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:31:04.0092 4088 viaagp - ok
10:31:04.0124 4088 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
10:31:04.0124 4088 ViaC7 - ok
10:31:04.0170 4088 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
10:31:04.0170 4088 viaide - ok
10:31:04.0217 4088 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:31:04.0217 4088 vmbus - ok
10:31:04.0264 4088 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:31:04.0280 4088 VMBusHID - ok
10:31:04.0311 4088 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:31:04.0326 4088 volmgr - ok
10:31:04.0358 4088 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:31:04.0373 4088 volmgrx - ok
10:31:04.0420 4088 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:31:04.0420 4088 volsnap - ok
10:31:04.0482 4088 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:31:04.0482 4088 vsmraid - ok
10:31:04.0545 4088 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
10:31:04.0592 4088 VSS - ok
10:31:04.0607 4088 VSSERV - ok
10:31:04.0654 4088 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:31:04.0654 4088 vwifibus - ok
10:31:04.0701 4088 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:31:04.0701 4088 vwififlt - ok
10:31:04.0763 4088 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:31:04.0763 4088 vwifimp - ok
10:31:04.0841 4088 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
10:31:04.0841 4088 W32Time - ok
10:31:04.0919 4088 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:31:04.0950 4088 WacomPen - ok
10:31:04.0997 4088 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:31:04.0997 4088 WANARP - ok
10:31:05.0028 4088 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:31:05.0028 4088 Wanarpv6 - ok
10:31:05.0122 4088 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:31:05.0153 4088 WatAdminSvc - ok
10:31:05.0231 4088 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
10:31:05.0278 4088 wbengine - ok
10:31:05.0325 4088 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:31:05.0340 4088 WbioSrvc - ok
10:31:05.0387 4088 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:31:05.0403 4088 wcncsvc - ok
10:31:05.0434 4088 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:31:05.0450 4088 WcsPlugInService - ok
10:31:05.0496 4088 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:31:05.0496 4088 Wd - ok
10:31:05.0684 4088 [ D634CFE93E0CD001499D0D6D68890C9E ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
10:31:05.0715 4088 WDBackup - ok
10:31:05.0808 4088 [ 2277CD5B13B18B6DF5F80E8A84254EA7 ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
10:31:05.0808 4088 WDDriveService - ok
10:31:05.0855 4088 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:31:05.0871 4088 Wdf01000 - ok
10:31:05.0918 4088 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:31:05.0918 4088 WdiServiceHost - ok
10:31:05.0980 4088 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:31:05.0980 4088 WdiSystemHost - ok
10:31:06.0074 4088 [ A578AE45097ACAD346C86C96F1C0D5A7 ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
10:31:06.0120 4088 WDRulesService - ok
10:31:06.0167 4088 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
10:31:06.0167 4088 WebClient - ok
10:31:06.0230 4088 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:31:06.0245 4088 Wecsvc - ok
10:31:06.0276 4088 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:31:06.0276 4088 wercplsupport - ok
10:31:06.0323 4088 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
10:31:06.0323 4088 WerSvc - ok
10:31:06.0386 4088 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:31:06.0386 4088 WfpLwf - ok
10:31:06.0432 4088 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:31:06.0432 4088 WIMMount - ok
10:31:06.0510 4088 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:31:06.0542 4088 WinDefend - ok
10:31:06.0588 4088 WinHttpAutoProxySvc - ok
10:31:06.0666 4088 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:31:06.0682 4088 Winmgmt - ok
10:31:06.0744 4088 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
10:31:06.0791 4088 WinRM - ok
10:31:06.0932 4088 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:31:06.0947 4088 WinUsb - ok
10:31:07.0025 4088 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:31:07.0056 4088 Wlansvc - ok
10:31:07.0119 4088 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:31:07.0119 4088 WmiAcpi - ok
10:31:07.0197 4088 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:31:07.0212 4088 wmiApSrv - ok
10:31:07.0322 4088 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:31:07.0368 4088 WMPNetworkSvc - ok
10:31:07.0415 4088 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:31:07.0415 4088 WPCSvc - ok
10:31:07.0462 4088 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:31:07.0478 4088 WPDBusEnum - ok
10:31:07.0540 4088 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:31:07.0540 4088 ws2ifsl - ok
10:31:07.0587 4088 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
10:31:07.0587 4088 wscsvc - ok
10:31:07.0649 4088 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:31:07.0649 4088 WSDPrintDevice - ok
10:31:07.0680 4088 WSearch - ok
10:31:07.0790 4088 [ D161D62AE8D3F3EC1197B012D5E47431 ] WSWNDA3100v2 C:\Program Files\NETGEAR\WNDA3100v2\WifiSvc.exe
10:31:07.0805 4088 WSWNDA3100v2 - ok
10:31:07.0899 4088 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:31:07.0946 4088 wuauserv - ok
10:31:08.0008 4088 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:31:08.0008 4088 WudfPf - ok
10:31:08.0055 4088 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:31:08.0055 4088 WUDFRd - ok
10:31:08.0102 4088 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:31:08.0102 4088 wudfsvc - ok
10:31:08.0164 4088 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:31:08.0180 4088 WwanSvc - ok
10:31:08.0460 4088 ================ Scan global ===============================
10:31:08.0523 4088 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
10:31:08.0554 4088 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:31:08.0570 4088 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
10:31:08.0601 4088 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
10:31:08.0632 4088 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
10:31:08.0648 4088 [Global] - ok
10:31:08.0648 4088 ================ Scan MBR ==================================
10:31:08.0663 4088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:31:09.0147 4088 \Device\Harddisk0\DR0 - ok
10:31:09.0162 4088 ================ Scan VBR ==================================
10:31:09.0178 4088 [ 475873224CBC04144508D62D1FA161AD ] \Device\Harddisk0\DR0\Partition1
10:31:09.0178 4088 \Device\Harddisk0\DR0\Partition1 - ok
10:31:09.0194 4088 [ BBD625552EF4F668770E1F5EB5450C29 ] \Device\Harddisk0\DR0\Partition2
10:31:09.0194 4088 \Device\Harddisk0\DR0\Partition2 - ok
10:31:09.0194 4088 ============================================================
10:31:09.0194 4088 Scan finished
10:31:09.0194 4088 ============================================================
10:31:09.0225 2508 Detected object count: 0
10:31:09.0225 2508 Actual detected object count: 0
10:32:05.0510 2056 Deinitialize success




Here is the aswMBR log file.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-29 10:35:42
-----------------------------
10:35:42.862 OS Version: Windows 6.1.7601 Service Pack 1
10:35:42.862 Number of processors: 1 586 0x301
10:35:42.862 ComputerName: NADIA-PC UserName: Nadia
10:36:02.610 Initialize success
10:37:22.024 AVAST engine defs: 12112900
10:40:57.647 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
10:40:57.647 Disk 0 Vendor: ST9250320AS HP07 Size: 238475MB BusType: 3
10:40:57.694 Disk 0 MBR read successfully
10:40:57.694 Disk 0 MBR scan
10:40:57.710 Disk 0 Windows 7 default MBR code
10:40:57.741 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 53324 MB offset 2048
10:40:57.756 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 185147 MB offset 109209870
10:40:57.772 Disk 0 scanning sectors +488392065
10:40:57.881 Disk 0 scanning C:\Windows\system32\drivers
10:41:13.310 Service scanning
10:41:49.927 Modules scanning
10:42:01.674 Disk 0 trace - called modules:
10:42:01.690 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys nvlddmkm.sys
10:42:01.705 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858cb030]
10:42:01.705 3 CLASSPNP.SYS[885bc59e] -> nt!IofCallDriver -> [0x85788558]
10:42:01.721 5 ACPI.sys[881a63d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x857a8908]
10:42:02.360 AVAST engine scan C:\Windows
10:42:05.387 AVAST engine scan C:\Windows\system32
10:47:25.000 AVAST engine scan C:\Windows\system32\drivers
10:47:47.030 AVAST engine scan C:\Users\Nadia
10:53:18.329 AVAST engine scan C:\ProgramData
10:55:21.647 Scan finished successfully
10:56:23.314 Disk 0 MBR has been saved successfully to "C:\Users\Nadia\Desktop\bleeping computer\MBR.dat"
10:56:23.576 The log file has been saved successfully to "C:\Users\Nadia\Desktop\bleeping computer\aswMBR.txt"



I mentioned earlier that overnight that I was going to run the ESET Online Scanner.
Here are the results,

C:\Documents and Settings\Nadia\Downloads\Adaware_Installer.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Nadia\Downloads\cbsidlm-tr1_7-HitmanPro_3_32bit-10895604.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
C:\Documents and Settings\Nadia\Downloads\defragsetup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\Nadia\Downloads\gusetup.exe probably a variant of Win32/ELEX application cleaned by deleting - quarantined
C:\Documents and Settings\Nadia\Downloads\is360setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Documents and Settings\Nadia\Downloads\RegistryEasy_Lite.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined
C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined


Just to inform you that almost all of the above programs were installed into my system at one time or another.
I have just recently uninstalled almost everything that was not crucial.
Due to the system lag, multitasking hangups.


I will continue to run whatever you recommend...
I just do not trust this computer just yet to continue my online banking and such...

#9 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 05:27 PM

Gringo,

Now my browers are flashing, erratically.

Both internet explorer and chrome.

Never had this problem before.

#10 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 29 November 2012 - 05:32 PM

Gringo,

Sorry about the continuous posts.
This is now occurring during all time with Windows. The screen is constantly flickering.

David

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:46 AM

Posted 30 November 2012 - 08:25 AM

Greetings

restart the computer and check the cables - I have not heard of the screen doing that before

At this time I would like you to run this script for me

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 30 November 2012 - 09:52 AM

Gringo,

Thank you again for the response.

Problems may have had.
- system hangs
- popups online

The computer is running quicker. No system hangs.


ComboFix 12-11-28.02 - Nadia 30/11/2012 9:21.2.1 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.2814.1956 [GMT -5:00]
Running from: c:\users\Nadia\Desktop\ComboFix.exe
Command switches used :: c:\users\Nadia\Desktop\CFScript.txt.txt
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 14:31 . 2012-11-30 14:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-30 14:31 . 2012-11-30 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 01:57 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-30 01:57 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-30 01:57 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-30 01:56 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-30 01:56 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-30 01:56 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-30 01:56 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-30 01:56 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-30 01:56 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-30 01:56 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-30 01:52 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-30 01:50 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-30 01:50 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-30 01:50 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-30 01:48 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-11-30 01:48 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-30 01:48 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-30 01:48 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-30 01:48 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-30 01:48 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-30 01:48 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-30 01:48 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-30 01:47 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-30 01:47 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-30 01:47 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-11-30 01:46 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-30 01:45 . 2012-10-18 17:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-29 08:00 . 2012-11-29 08:00 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-11-29 07:59 . 2012-11-29 07:59 -------- d-----w- c:\program files\Tweaking.com
2012-11-29 07:49 . 2012-11-29 07:49 -------- d-----w- c:\windows\ERUNT
2012-11-29 07:23 . 2012-11-30 14:31 -------- d-----w- c:\users\Nadia\AppData\Local\temp
2012-11-29 06:55 . 2012-11-29 06:57 -------- d-----w- C:\JRT
2012-11-29 06:41 . 2012-11-29 06:42 -------- d-----w- c:\program files\Common Files\Adobe
2012-11-29 03:34 . 2012-11-29 03:33 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-29 01:46 . 2012-11-29 01:46 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-29 01:01 . 2012-11-29 01:01 -------- d-----w- c:\program files\HitmanPro
2012-11-29 00:49 . 2012-11-29 00:49 -------- d-----w- c:\program files\ESET
2012-11-28 18:21 . 2012-11-19 06:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1622F438-FBCB-4449-B4D2-71F44555FAB2}\mpengine.dll
2012-11-28 18:14 . 2012-11-28 18:15 -------- d-----w- c:\users\Nadia\AppData\Local\Microsoft Games
2012-11-28 15:21 . 2012-11-28 15:22 -------- d-----w- c:\program files\Trend Micro
2012-11-28 15:12 . 2012-11-28 15:12 388096 ----a-r- c:\users\Nadia\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-27 07:48 . 2012-11-27 07:48 -------- d-----w- c:\programdata\Downloaded Installations
2012-11-27 07:12 . 2012-11-27 07:12 -------- d-----w- c:\users\Nadia\AppData\Local\CRE
2012-11-26 16:10 . 2012-11-26 16:10 -------- d-----w- c:\users\Nadia\AppData\Roaming\HideIPEasy
2012-11-26 16:10 . 2012-11-26 16:10 -------- d-----w- c:\programdata\HideIPEasy
2012-11-26 16:08 . 2012-11-26 16:08 -------- d-----w- c:\program files\HideIPEasy
2012-11-26 15:46 . 2012-11-26 15:46 -------- d-----w- c:\users\Nadia\AppData\Roaming\.anomos
2012-11-26 15:45 . 2009-11-15 18:37 200704 ----a-w- c:\windows\system32\ssleay32.dll
2012-11-26 15:45 . 2009-11-15 18:37 200704 ----a-w- c:\windows\system32\libssl32.dll
2012-11-26 15:45 . 2009-11-15 18:37 1017344 ----a-w- c:\windows\system32\libeay32.dll
2012-11-26 15:43 . 2012-11-26 16:20 -------- d-----w- c:\program files\Anomos
2012-11-25 20:18 . 2012-11-25 20:18 -------- d-----w- C:\Download
2012-11-25 19:21 . 2012-11-25 19:21 -------- d-----w- c:\users\Nadia\Bluetooth Software
2012-11-25 19:20 . 2008-02-08 06:50 233472 ----a-w- c:\windows\system32\BtwRSupport.dll
2012-11-25 19:20 . 2012-11-25 19:20 -------- d-----w- c:\windows\system32\es-MX
2012-11-25 19:20 . 2012-11-25 19:20 -------- d-----w- c:\windows\system32\es-AR
2012-11-25 05:31 . 2012-09-19 17:10 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-11-25 05:29 . 2012-11-25 05:29 -------- d-----w- c:\users\Nadia\AppData\Roaming\TuneUp Software
2012-11-25 05:28 . 2012-11-25 05:31 -------- d-----w- c:\program files\TuneUp Utilities 2013
2012-11-25 05:27 . 2012-11-25 05:29 -------- d-----w- c:\programdata\TuneUp Software
2012-11-25 05:26 . 2012-11-25 05:50 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-25 05:26 . 2012-11-25 05:26 -------- d--h--w- c:\programdata\Common Files
2012-11-24 22:17 . 2012-11-24 22:17 -------- d-----w- c:\users\Nadia\AppData\Roaming\Samsung
2012-11-24 22:15 . 2012-11-24 22:15 -------- d-----w- C:\AllShare
2012-11-24 22:14 . 2012-11-24 22:14 -------- d-----w- c:\program files\Samsung
2012-11-24 21:51 . 2012-11-25 05:50 -------- d-----w- c:\users\Nadia\AppData\Local\Downloaded Installations
2012-11-24 15:32 . 2012-11-25 05:09 -------- d-----w- c:\users\Nadia\AppData\Local\NETGEARGenie
2012-11-24 15:32 . 2012-11-24 15:32 -------- d-----w- c:\program files\NETGEAR Genie
2012-11-24 14:35 . 2009-08-05 20:10 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2012-11-24 14:35 . 2009-07-30 20:48 705536 ----a-w- c:\windows\system32\cohelper.dll
2012-11-24 13:38 . 2012-11-24 14:43 -------- d-----w- c:\programdata\NVIDIA
2012-11-24 13:31 . 2012-11-24 13:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-24 07:37 . 2012-11-24 07:37 -------- d-----w- c:\windows\B9DB4C7601A446D58910F7AA6376DBAF.TMP
2012-11-24 07:37 . 2012-11-24 07:37 -------- d-----w- c:\users\UpdatusUser.Nadia-PC
2012-11-24 05:12 . 2011-12-12 22:42 1093888 ----a-w- c:\windows\system32\drivers\bcmwlhigh6.sys
2012-11-24 05:12 . 2011-12-08 22:06 3883264 ----a-w- c:\windows\system32\bcmihvsrv.dll
2012-11-24 05:12 . 2011-04-19 21:48 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-24 05:12 . 2011-04-19 21:17 3563520 ----a-w- c:\windows\system32\bcmihvui.dll
2012-11-24 05:11 . 2011-07-22 15:35 21472 ----a-w- c:\windows\system32\drivers\SCMNdisP.sys
2012-11-24 05:11 . 2012-11-24 05:11 -------- d-----w- c:\program files\NETGEAR
2012-11-19 00:27 . 2012-11-19 00:27 -------- d-----w- c:\programdata\Linksys
2012-11-19 00:23 . 2012-11-19 00:23 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2012-11-19 00:23 . 2012-11-19 02:05 -------- d-----w- c:\programdata\Pure Networks
2012-11-19 00:22 . 2012-11-19 00:23 -------- d-----w- c:\program files\Linksys
2012-11-18 22:49 . 2012-11-25 05:50 -------- d-----w- c:\users\Nadia\AppData\Roaming\hpqLog
2012-11-18 22:30 . 2012-11-25 05:50 -------- d-----w- c:\programdata\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
2012-11-18 22:22 . 2012-11-24 07:15 -------- d-----w- c:\program files\Hewlett-Packard
2012-11-13 17:08 . 2012-11-13 17:08 -------- d-----w- c:\users\Nadia\AppData\Local\Amazon
2012-11-13 17:08 . 2012-11-13 17:08 -------- d-----w- c:\program files\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-30 04:42 . 2012-06-02 11:38 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-30 04:42 . 2011-09-16 02:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-01 20:35 . 2012-10-01 09:47 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-10-16 07:39 . 2012-11-30 01:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-30 18:07 . 2010-09-06 23:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-09-30 18:06 . 2010-09-06 23:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-30 18:05 . 2010-09-06 23:46 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-30 00:54 . 2010-08-29 20:38 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 22:31 . 2011-06-28 03:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-09-14 22:28 . 2011-01-02 21:20 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-09-14 22:27 . 2011-01-02 21:19 573776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-09-07 01:04 . 2012-09-07 01:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-07 01:04 . 2012-09-07 01:05 746984 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 92352]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 1451928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-2-8 752168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-02-18 15:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Quick View]
2012-06-14 14:58 5235128 ----a-r- c:\program files\Western Digital\WD Quick View\WDDMStatus.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AllShareAgent"=c:\program files\Samsung\AllShare\AllShareAgent.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]
R3 ADASPROT;SYSTWEAKASO; [x]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh6.sys [x]
R3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
R3 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [x]
R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 04:42]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798075149-85950911-1678157633-1001Core.job
- c:\users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 13:19]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798075149-85950911-1678157633-1001UA.job
- c:\users\Nadia\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-11 13:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Microsoft .NET Framework 4 Client Profile - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2461678 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2729449 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2737019 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-30 09:33:20
ComboFix-quarantined-files.txt 2012-11-30 14:33
ComboFix2.txt 2012-11-29 07:41
.
Pre-Run: 89,224,003,584 bytes free
Post-Run: 89,235,234,816 bytes free
.
- - End Of File - - DC1760E4A35865A0BCB0DBD9BD92F63D




Please note, I noticed that one of the program files is HitmanPro...
I do not have that installed right now.
It was uninstalled 2 weeks ago.
Found to be a virus. Downloaded from a torrent.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:46 AM

Posted 30 November 2012 - 09:57 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 30 November 2012 - 09:59 AM

Gringo,

Thank you for the quick response.


Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader XI MUI
Amazon Kindle
µTorrent
BitDefender Total Security 2011
BlackBerry Desktop Software 6.0.2
BlackBerry Device Software v6.0.0 for the BlackBerry 9800 smartphone
bpd_scan
CCleaner
Conexant HD Audio
ConvertXtoDVD 4.1.19.365
D3DX10
DVDFab Ghosthunter release 5.2.3.2
ESET Online Scanner v3
Google Chrome
Google Update Helper
Hide IP Easy
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Java 7 Update 9
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Genie
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
NVIDIA Drivers
NVIDIA Install Application
Samsung AllShare
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skype™ 5.10
Synaptics Pointing Device Driver
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
Tweaking.com - Windows Repair (All in One)
TweakNow PowerPack 2012
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WD SmartWare
WIDCOMM Bluetooth Software 6.1.0.4400
WinRAR archiver

#15 David...

David...
  • Topic Starter

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Local time:09:46 AM

Posted 30 November 2012 - 10:03 AM

I recently (3 days ago before my first post) uninstalled almost all of my programs that were not everyday.
In an attempt to solve the problem myself.

Ran
Avast
Malware
BitDefender
SuperSpyware

nothing was found




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users