Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random USB and Sata freezes, GMER scan gives BSOD (apc_index_mismatch)


  • This topic is locked This topic is locked
18 replies to this topic

#1 Bas12345

Bas12345

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 17 March 2013 - 11:37 AM

My Dell Alienware M17x R4 experiences Sata port freezes randomly on all ports 0-4 (0+1 Raid-0 SSDs, 2 SSD, 3 mSata, 4 eSata). During a freeze Resource Monitor shows the drive as 100% active and with queue length of 0. The freeze takes from 0.5 second to 20 seconds, after which the sata port drops a step in transfer rate, from 6 Gbps to 3 Gbps to 1.5 Gbps. The system also suffers from random USB drive disconnects and reconnects, also taking from 0.5 second to 20 seconds. The disconnection times vary a bit per version of the specific drivers installed. Both issues occur a one or two times an hour. I've tried numerous combinations of available driver versions for chipset, usb, irst (sata), etc. The issue always remains, however it becomes more frequent on certain driver versions.

 

Might this be a rootkit? What makes me think this might be a rootkit is the fact that a GMER scan ends in a BSOD saying APC_INDEX_MISMATCH. In other cases this was often caused by a rootkit.

 

The system has NO other common malware symptoms, like web redirects, running slow, etc, just the USB disconnects and Sata freezes.

 

Thanks a lot in advance for your help and efforts.

 

Here are the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521
Run by B@s10 at 17:06:41 on 2013-03-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.32718.29312 [GMT 1:00]
.
AV: Bitdefender Antivirus *Disabled/Outdated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Disabled/Outdated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
C:\Windows\sysWow64\CtHdaSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\Program Files (x86)\Flux\Services\FluxB.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Flux\Services\FluxA.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe
C:\Users\B@s10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alienware\Command Center\AlienFusionService.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Alienware\Command Center\AlienFusionController.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
uRun: [loopMIDI] "C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe"
uRun: [Spotify Web Helper] "C:\Users\B@s10\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Sound Blaster Recon3Di Control Panel] "C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" /r
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUALCO~1.LNK - C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\XRGamma.lnk - C:\Program Files (x86)\X-Rite\ColorMunki Display\XRGamma.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %SYSTEMROOT%\system32\BfLLR.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.11.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9B8B3DA0-DAA7-4620-A807-50B7D2899788} : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\B@s10\AppData\Roaming\Mozilla\Firefox\Profiles\4hspo9bx.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-09 08:17; langpack-en-GB@firefox.mozilla.org; C:\Users\B@s10\AppData\Roaming\Mozilla\Firefox\Profiles\4hspo9bx.default\extensions\langpack-en-GB@firefox.mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-3-16 707528]
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-3-16 145696]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-8 647736]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-8 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-2-28 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-24 56208]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-2-11 22128]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-24 39768]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-3-16 93160]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-3-16 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-3-16 76944]
R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\System32\drivers\bflwfx64.sys [2012-2-15 75880]
R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2012-9-14 24560]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\drivers\CLVirtualDrive.sys [2012-9-15 92536]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/03/05 20:13:03];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2013-1-22 130320]
R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-6-15 14704]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2013-3-17 67584]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2012-9-14 377840]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-9-15 89864]
R2 CtHdaSvc;Sound Core3D Service;C:\Windows\SysWOW64\CtHdaSvc.exe [2012-7-24 122880]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-9-15 77576]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-9-15 294664]
R2 FluxA;FluxA;C:\Program Files (x86)\Flux\Services\FluxA.exe [2012-9-25 5783672]
R2 FluxB;FluxB;C:\Program Files (x86)\Flux\Services\FluxB.exe [2012-9-25 3226744]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-15 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-7-23 2439272]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 iocbios2;iocbios2;C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [2011-12-22 22776]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-13 165760]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-9-15 83704]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-5-18 2938880]
R2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [2012-2-15 492032]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-3-16 95184]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-12 3560288]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-3-16 68416]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\Windows\System32\drivers\DDCDrv.sys [2012-8-2 20832]
R2 xrdd.exe;X-Rite Device Services Manager;C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [2011-10-11 203088]
R2 XTU3SERVICE;Intel® Extreme Tuning Utility Service;C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [2012-1-11 14848]
R3 AcpiCtlDrv;AcpiCtlDrv;C:\Windows\System32\drivers\AcpiCtlDrv.sys [2011-6-28 25848]
R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\System32\drivers\Ak27x64.sys [2012-2-15 2740328]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-3-16 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-3-16 589000]
R3 cthda;Sound Core3D(CtHda.sys);C:\Windows\System32\drivers\CtHda.sys [2012-3-27 1052760]
R3 dcdbas;System Management Driver;C:\Windows\System32\drivers\dcdbas64.sys [2013-2-11 38472]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-28 160256]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2011-8-30 26136]
R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2012-5-16 25752]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-2-28 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-2-28 788760]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-3-16 104048]
R3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);C:\Windows\System32\drivers\loopbe30.sys [2011-2-26 16896]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2013-2-18 448288]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-12-14 343696]
R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2012-7-24 67184]
R3 synusb64;eLicenser;C:\Windows\System32\drivers\synusb64.sys [2012-7-25 30352]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-11-19 35112]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\System32\drivers\teVirtualMIDI64.sys [2011-6-26 28160]
R3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-14 25088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe --> C:\Windows\SysWOW64\nlssrv32.exe [?]
S3 applebmt;Apple Wireless Mouse;C:\Windows\System32\drivers\applebmt.sys [2012-8-16 52736]
S3 applebtbc;Apple Broadcom Built-in Bluetooth;C:\Windows\System32\drivers\applebtbc.sys [2012-9-21 16384]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-7-24 138280]
S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-3-16 82384]
S3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-7-24 615464]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-3-7 39976]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-7-24 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-7-24 79360]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2013-1-6 17480]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2013-1-6 9800]
S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2012-7-25 60248]
S3 kore2avs;Kore 2 Midi;C:\Windows\System32\drivers\kore2avs.sys [2011-4-11 358480]
S3 kore2usb_svc;Kore 2 Controller;C:\Windows\System32\drivers\kore2usb.sys [2011-4-11 89168]
S3 paeusbaudio;paeusbaudio;C:\Windows\System32\drivers\paeusbaudio_x64.sys [2012-12-23 250728]
S3 paeusbaudiodsp;paeusbaudiodsp;C:\Windows\System32\drivers\paeusbaudiodsp_x64.sys [2012-12-23 69992]
S3 paeusbaudioks;paeusbaudioks;C:\Windows\System32\drivers\paeusbaudioks_x64.sys [2012-12-23 51560]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-13 19456]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-13 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-13 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-23 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);C:\Windows\System32\drivers\ymidusbx64.sys [2011-11-1 51016]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-3-16 69392]
S4 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-17 15:48:58    --------    d-----w-    C:\Users\B@s10\AppData\Local\ElevatedDiagnostics
2013-03-17 15:35:36    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2013-03-16 14:09:53    2634395    ----a-w-    C:\ProgramData\1363442865.bdinstall.bin
2013-03-16 14:09:31    --------    d-----w-    C:\ProgramData\BDLogging
2013-03-16 14:09:29    93160    ----a-w-    C:\Windows\System32\drivers\BdfNdisf6.sys
2013-03-16 14:09:29    82384    ----a-w-    C:\Windows\System32\drivers\bdsandbox.sys
2013-03-16 14:09:29    76944    ----a-w-    C:\Windows\System32\drivers\bdvedisk.sys
2013-03-16 14:09:29    511328    ----a-w-    C:\Windows\capicom.dll
2013-03-16 14:09:26    707528    ----a-w-    C:\Windows\System32\drivers\avc3.sys
2013-03-16 14:09:26    589000    ----a-w-    C:\Windows\System32\drivers\avckf.sys
2013-03-16 14:09:26    261056    ----a-w-    C:\Windows\System32\drivers\avchv.sys
2013-03-16 14:09:24    --------    d-----w-    C:\Users\B@s10\AppData\Roaming\Bitdefender
2013-03-16 14:09:22    --------    d-----w-    C:\ProgramData\Bitdefender
2013-03-16 14:08:19    --------    d-----w-    C:\Users\B@s10\AppData\Roaming\QuickScan
2013-03-16 14:08:13    350160    ----a-w-    C:\Windows\System32\drivers\trufos.sys
2013-03-16 14:08:13    145696    ----a-w-    C:\Windows\System32\drivers\gzflt.sys
2013-03-16 14:08:13    --------    d-----w-    C:\Program Files\Bitdefender
2013-03-16 14:07:42    --------    d-----w-    C:\Program Files\Common Files\Bitdefender
2013-03-16 09:41:21    --------    d-----w-    C:\ProgramData\Bigfoot Networks
2013-03-16 09:41:20    --------    d-----w-    C:\Program Files\Qualcomm Atheros
2013-03-16 09:39:26    104048    ----a-w-    C:\Windows\System32\drivers\L1C62x64.sys
2013-03-16 09:39:25    --------    d-----w-    C:\Windows\SysWow64\QCA
2013-03-16 06:38:16    --------    d-----w-    C:\Users\B@s10\AppData\Roaming\SUPERAntiSpyware.com
2013-03-16 06:37:57    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-03-16 06:37:57    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-03-15 21:44:41    --------    d-----w-    C:\Users\B@s10\AppData\Roaming\ESET
2013-03-15 21:44:41    --------    d-----w-    C:\Users\B@s10\AppData\Local\ESET
2013-03-15 21:39:50    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB2CD406-93AC-4D3F-AE78-15979B611AFC}\mpengine.dll
2013-03-15 20:51:11    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-15 20:07:51    --------    d-----w-    C:\Users\B@s10\AppData\Local\Avg2013
2013-03-15 18:00:09    98816    ----a-w-    C:\Windows\sed.exe
2013-03-15 18:00:09    256000    ----a-w-    C:\Windows\PEV.exe
2013-03-15 18:00:09    208896    ----a-w-    C:\Windows\MBR.exe
2013-03-15 17:50:12    605    ----a-w-    C:\Windows\DeleteOnReboot.bat
2013-03-15 16:31:03    15859416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-03-14 13:26:09    68880    ----a-w-    C:\Windows\SysWow64\SynTPEnhPS.dll
2013-03-14 13:26:09    404752    ----a-w-    C:\Windows\SysWow64\SynCOM.dll
2013-03-14 13:26:09    309520    ----a-w-    C:\Windows\System32\SynCtrl.dll
2013-03-14 13:26:09    249104    ----a-w-    C:\Windows\SysWow64\SynCtrl.dll
2013-03-14 13:26:09    150800    ----a-w-    C:\Windows\System32\SynTPCo9.dll
2013-03-14 13:26:09    113936    ----a-w-    C:\Windows\SysWow64\SynTPCOM.dll
2013-03-14 13:26:08    431888    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2013-03-14 13:26:08    229648    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2013-03-12 22:04:32    568600    ----a-w-    C:\Windows\System32\drivers\iaStor.sys
2013-03-12 19:53:00    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-03-08 14:38:53    647736    ----a-w-    C:\Windows\System32\drivers\iaStorA.sys
2013-03-08 14:38:53    28216    ----a-w-    C:\Windows\System32\drivers\iaStorF.sys
2013-03-07 14:49:29    39976    ----a-w-    C:\Windows\System32\drivers\btwl2cap.sys
2013-03-07 14:49:29    21544    ----a-w-    C:\Windows\System32\drivers\btwrchid.sys
2013-03-07 14:49:29    210984    ----a-w-    C:\Windows\System32\drivers\btwavdt.sys
2013-03-07 14:49:29    184872    ----a-w-    C:\Windows\System32\drivers\btwaudio.sys
2013-03-07 09:19:49    --------    d-----w-    C:\Users\B@s10\AppData\Roaming\Silicon Image
2013-02-28 16:18:23    --------    d-----w-    C:\uninstall
2013-02-28 06:08:34    788760    ----a-w-    C:\Windows\System32\drivers\iusb3xhc.sys
2013-02-28 06:08:34    356120    ----a-w-    C:\Windows\System32\drivers\iusb3hub.sys
2013-02-28 06:08:34    16152    ----a-w-    C:\Windows\System32\drivers\iusb3hcs.sys
2013-02-18 13:33:28    --------    d-----w-    C:\Windows\System32\2C0A
2013-02-18 06:42:12    1510176    ----a-w-    C:\Windows\System32\nvir3dgenco6420162.dll
2013-02-18 06:42:10    448288    ----a-w-    C:\Windows\System32\drivers\nvstusb.sys
.
==================== Find3M  ====================
.
2013-03-15 16:31:13    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-15 16:31:13    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 14:48:24    138280    ----a-w-    C:\Windows\System32\drivers\bcbtums.sys
2013-03-07 14:48:23    615464    ----a-w-    C:\Windows\System32\drivers\btwampfl.sys
2013-02-22 08:24:48    39768    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-05 15:58:06    1212608    ----a-w-    C:\Windows\System32\veproshared64.dll
2013-02-05 15:56:00    1115328    ----a-w-    C:\Windows\SysWow64\veproshared32.dll
2013-01-17 00:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-12 02:30:38    859552    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-01-12 02:30:33    780192    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-29 08:40:27    6382008    ----a-w-    C:\Windows\System32\nvcpl.dll
2012-12-29 08:40:27    3455416    ----a-w-    C:\Windows\System32\nvsvc64.dll
2012-12-29 08:40:09    884152    ----a-w-    C:\Windows\System32\nvvsvc.exe
2012-12-29 08:40:09    63928    ----a-w-    C:\Windows\System32\nvshext.dll
2012-12-29 08:40:09    2558392    ----a-w-    C:\Windows\System32\nvsvcr.dll
2012-12-29 08:40:09    118712    ----a-w-    C:\Windows\System32\nvmctray.dll
2012-12-29 07:32:37    959976    ----a-w-    C:\Windows\System32\deployJava1.dll
2012-12-29 07:32:37    1081320    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2012-12-29 01:54:24    550328    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe
2012-12-21 16:20:40    2468520    ----a-w-    C:\Windows\SysWow64\BootMan.exe
2012-12-21 12:54:00    14920    ----a-w-    C:\Windows\SysWow64\epmntdrv.sys
2012-12-21 12:53:58    9800    ----a-w-    C:\Windows\System32\EuGdiDrv.sys
2012-12-21 12:53:58    9160    ----a-w-    C:\Windows\SysWow64\EuGdiDrv.sys
2012-12-21 12:53:58    87112    ----a-w-    C:\Windows\SysWow64\setupempdrv03.exe
2012-12-21 12:53:58    17480    ----a-w-    C:\Windows\System32\epmntdrv.sys
2012-12-21 12:53:58    100936    ----a-w-    C:\Windows\System32\setupempdrvx64.exe
2012-12-21 12:09:24    59440    ----a-w-    C:\Windows\System32\drivers\EpfwLWF.sys
2012-12-20 13:46:12    3376640    ----a-w-    C:\Windows\System32\BootMan.exe
2006-05-03 10:06:54    163328    --sha-r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 11:47:16    31232    --sha-r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 13:30:52    216064    --sha-r-    C:\Windows\SysWOW64\nbDX.dll
2010-01-06 22:00:00    107520    --sha-r-    C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 17:06:55.67 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 21 March 2013 - 08:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 22 March 2013 - 01:00 AM

Hi m0le,

 

At the moment I have a trial of Bitdefender Total Security 2013 installed and SuperAntispyware, which are both realtime scanning in the background and periodically scanning. They didn't find anything during the past few days between now and when I wrote my first post. I did not run any other scan or tool during this time.

 

Thank you!


Edited by Bas12345, 22 March 2013 - 01:02 AM.


#4 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 22 March 2013 - 01:01 AM

P.S. To avoid confusion, I had Bitdefender and SuperAntispyware already installed before my DDS run and first post.



#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 22 March 2013 - 07:53 PM

Have you got the Gmer log?
Posted Image
m0le is a proud member of UNITE

#6 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 23 March 2013 - 01:19 AM

I never had a chance to save the GMER logs, because it always crashes during a scan. In trying to produce a GMER log, I just now found out it consistently crashes in the "Devices" part of the scan. I managed to save a GMER log without scanning the "Devices" part, I've attached it. I've downloaded the newest gmer version from the gmer.net page. It lists a lot of things, but I don't have the expertise at all to see whether anything is wrong there. Thanks again!

Attached Files



#7 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 23 March 2013 - 02:09 PM

And here is GMER's "3rd party" scan, in case you need it.

 

I have run both GMER scans using default settings, except for the unchecked "devices" checkbox in the regular scan because of the consistent BSOD.

 

Thanks!

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 24 March 2013 - 07:20 PM

Nothing obvious from the Gmer log. Please run aswMBR
 
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#9 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 25 March 2013 - 04:53 AM

Thanks, here is the aswMBR log.

Attached Files



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 25 March 2013 - 08:28 PM

Both logs are clean. We might not be talking malware as the cause here but let's press on and attempt to find something here

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
  • If no log is generated that means nothing was found. Please let me know if this happens.

    If you think a log should have been generated then go to C:\Program Files\ESET\ESET Online Scanner\log.txt to find it.

Posted Image
m0le is a proud member of UNITE

#11 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 30 March 2013 - 03:01 AM

Thanks m0le, here's the ESET online scanner log.

 

ESET cleaned and quarantined an installer of FreeFileSync. Maybe it was infected, or maybe it is a false positive, I don't know. Yesterday, Superantispyware found an install exe of an nividia driver to be infected during real-time scanning. The exe was just sitting there, already for some weeks, I did not save, move, download, or start the exe.

 

Yesterday I remembered that apart from the crashes of GMER when I first tried to investigate this myself, also catchme gave a log. I ran catchme again and attached the log.

Attached Files



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 30 March 2013 - 05:55 PM

The Catchme log on its own is not enough here. Please rerun Gmer but uncheck Devices first


Posted Image
m0le is a proud member of UNITE

#13 Bas12345

Bas12345
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 04 April 2013 - 02:03 PM

Thanks. I ran the GMER scans again, with the version that became available 2013-04-04. 

 

GMER listed some explorer threads in its startup scan and also in the Thread section of the log. I don't know whether that's normal.

 

I decided to run GMER again after a fresh boot and then it didn't list those threads, neither in the startup scan nor in the log.  

 

I zipped and attached both sets of the logs.

 

(I edited this post to make it clearer.)

Attached Files


Edited by Bas12345, 05 April 2013 - 04:24 AM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:48 AM

Posted 05 April 2013 - 08:12 PM

For some reason I can't seem to extract these files from the zip. Please post just the last run of Gmer's log


Posted Image
m0le is a proud member of UNITE

#15 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 06 April 2013 - 07:02 PM

Hello Bas12345,

 

mOle has something to take care of, so I asked it I could step in with you here.

 

I was able to check your Gmer logs, but I am not sure what I am viewing. The first log showed possible rootkit activity, but the next logs did not (or only showed BitDefender functions).

 

I decided to run GMER again after a fresh boot

 

Not real sure what you meant by that. Why not post back with further clarification on these issues, so we can address whatever ails that system.


Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users