Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus Help

Unread postby Neil » July 16th, 2012, 3:22 pm

Hi
My computer recently got hit by a virus .I first came to know when i saw symbol flashing on my taskbar .After that when i restarted my computer .Suddently my firewall was disabled and Microsoft Security Essentials(old Antivirus) blocked too.I then bought bit defender and scanned my computer.It deleted all viruses except 3

Bit defender logs

1:File: C:\Windows\assembly\GAC_64\Desktop.ini Trojan.Sirefef.FY Infected (ignored, us)
2: c:\Windows\System32\smss.exe Trojan.Sirefef.FY Infected (ignored, us)
3: C:\Windows\assembly\GAC_32\Desktop.ini Trojan.Generic.7552386 Infected (ignored, us)

I tried every way to delete these files even tried booting in safe mode to delete but all in vain.


I then scanned my computer with malware bytes

First SCAN

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org


Database version: v2012.07.15.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Neil :: NEIL-PC [administrator]

16/07/2012 00:30:22
mbam-log-2012-07-16 (01-12-40).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390660
Time elapsed: 40 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.MP3TubeToolBar) -> No action taken.
HKLM\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> No action taken.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: w|‰F¦ç3L¿ûéÂâq‰B -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\Windows\system32\rundll32.exe C:\Users\Neil\AppData\Local\Temp\Rpcqt.dll,Sets -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 15
C:\Program Files (x86)\Mp3Tube Toolbar (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> No action taken.

Files Detected: 86
C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mp3Tube Toolbar\ffmpeg.exe (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mp3Tube Toolbar\uninstall.exe (Adware.MP3TubeToolBar) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mp3Tube Toolbar\ShowMsg.exe (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.js (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.xul (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupSearchMp3.css (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupWindow.css (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_hover.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_normal.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3PopUp.css (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest (Adware.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> No action taken.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_hpk.dat (Adware.Hotbar.RB) -> No action taken.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> No action taken.

(end)
I THEN REBOOTED IN SAFE MODE .THEN THESE ALL INFECTED FILES WERE IN QUARTINE FROM WHERE I DELETED
THEM.SORRY COULDNT GET THE 2ND LOG

IMPORTANT smss.exe and desktop.ini files are not detected by mal


THIS MY DDS SCAN LOGS


DDS (Ver_2011-08-26.01)

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_33
Run by Neil at 21:59:00 on 2012-07-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.1293 [GMT 3:00]
.
AV: avast! Internet Security *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Internet Security *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\System32\igfxtray.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\ProgramData\Zain e-GO\OnlineUpdate\ouc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe
C:\Program Files\Bitdefender\Bitdefender 2012\odslv.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Bitdefender\Bitdefender 2012\downloader.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Mobile Partner] C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{09458F37-365E-4F58-843D-7DCFE0C4B100} : NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{80A8F56A-F469-47E5-8294-BE04F73C6CF4} : NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71} : NameServer = 10.67.40.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CB7320FF-8640-4C87-B512-F635F8B01962} : NameServer = 83.136.58.187 83.136.56.53
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 avast! Antivirus;avast! Antivirus;"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" --> C:\Program Files\AVAST Software\Avast\AvastSvc.exe [?]
S2 avast! Firewall;avast! Firewall;"C:\Program Files\AVAST Software\Avast\afwServ.exe" --> C:\Program Files\AVAST Software\Avast\afwServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-17 2009704]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S2 Zain e-GO. RunOuc;Zain e-GO. OUC;C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-3-5 655712]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-15 21:27:06 -------- d-----w- C:\Users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 21:26:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 21:26:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 20:27:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-10 21:17:19 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-10 20:59:21 -------- d-----w- C:\ProgramData\Comodo
2012-07-10 20:59:13 -------- d-----w- C:\Program Files\COMODO
2012-07-10 20:59:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-10 20:59:08 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-09 19:50:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-09 19:29:48 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-07-09 09:38:51 -------- d-----w- C:\ProgramData\FrontLine Registry Cleaner
2012-07-09 09:38:47 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2012-07-09 08:47:56 -------- d-----w- C:\ProgramData\SecTaskMan
2012-07-09 08:47:52 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-07-08 21:08:44 -------- d-----w- C:\Windows\SysWow64\My Vaults
2012-07-08 20:30:12 329800 ------w- C:\Windows\System32\drivers\trufos.sys
2012-07-08 20:28:15 442088 ------w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-07-08 19:42:38 -------- d-----w- C:\ProgramData\bdch
2012-07-08 15:10:16 -------- d-sh--w- C:\found.000
2012-07-08 14:33:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-08 14:33:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-08 14:32:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-08 14:32:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-08 05:18:28 -------- d-----w- C:\Program Files\CCleaner
2012-07-07 21:20:53 398436 ----a-w- C:\ProgramData\1341694288.bdinstall.bin
2012-07-07 21:19:25 -------- d-----w- C:\ProgramData\BDLogging
2012-07-07 21:19:02 -------- d-----w- C:\Users\Neil\AppData\Roaming\Bitdefender
2012-07-07 21:18:56 -------- d-----w- C:\ProgramData\Bitdefender
2012-07-07 20:54:56 -------- d-----w- C:\Users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:53:08 -------- d-----w- C:\Program Files\Bitdefender
2012-07-07 20:51:19 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\DriverCure
2012-07-07 20:39:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-07 20:39:46 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-07-07 20:39:46 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-04 07:04:06 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-07-14 19:40:52 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-07-04 07:03:42 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-07 10:34:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 10:34:06 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-11 09:54:37 1891384 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-04-19 03:57:38 126912 ----a-w- C:\Windows\System32\drivers\scdemu.sys
.
============= FINISH: 22:00:00.05 ===============

YES I KNOW I POSTED A LOT PLS FORGIVE ME.I am obsessed with these 2 undeletable viruses and pls help me out as soon as posible .FORMATTING MY COMPUTER IS SOMETHING I REALLY DONT WANNA DO
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm
Advertisement
Register to Remove

Re: Virus Help

Unread postby maxi » July 17th, 2012, 4:58 am

Hello Neil,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Could you please post the Attach.txt log. If its not still on your desktop you may need to run DDS again to obtain it.

Could you also open Malwarebytes and click on the "logs" tab and see if the latest log is there. If so please post it.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 17th, 2012, 6:30 am

Hey Maxi

Thanks for reaching out

My latest malware bytes log

Malwarebytes Anti-Malware 1.62.0.1300
http://www.malwarebytes.org

Database version: v2012.07.15.10

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Neil :: NEIL-PC [administrator]

16/07/2012 00:30:22
mbam-log-2012-07-16 (00-30-22).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 390660
Time elapsed: 40 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33524C00-63FB-43DB-A6BF-0A4E14B24649} (Adware.Zwangi) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IspAssistant-Mp3Tube (Adware.MP3TubeToolBar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: w|‰F¦ç3L¿ûéÂâq‰B -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{46897C77-E7A6-4C33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Video Library (Trojan.Agent) -> Data: C:\Windows\system32\rundll32.exe C:\Users\Neil\AppData\Local\Temp\Rpcqt.dll,Sets -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 15
C:\Program Files (x86)\Mp3Tube Toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C} (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

Files Detected: 86
C:\Program Files (x86)\Mp3Tube Toolbar\mp3tubetb.dll (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mp3Tube Toolbar\ffmpeg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeSvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mp3Tube Toolbar\Mp3TubeVideoToMp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mp3Tube Toolbar\uninstall.exe (Adware.MP3TubeToolBar) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mp3Tube Toolbar\ShowMsg.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome.manifest (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\install.rdf (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\constants.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideo.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\convertvideodlg.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\events.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\savetomp3popup.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\tbcore.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\toolbar.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weather.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.js (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\content\weatherLoc.xul (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow-grey.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_partner.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\arrow_small.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\bg.jpg (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\feeditem.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\logo.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\news_refresh.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupSearchMp3.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\popupWindow.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_hover.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\SaveMp3_bg_normal.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\savetomp3PopUp.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\toolbar.css (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\arrow_big.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\btn_close.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\dailyhotdeals.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\divider.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\facebook.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\games.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\icon-RSS.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\news.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\plainbutton.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup-musicicon.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3popup.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\savemp3_disabled.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\saveyoutubevideos.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\screensaver.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\search.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbar-grey-250.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\searchbox.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\separator_line.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\shopping.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\watermark.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\buttons\youtube.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\chance_of_tstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\flurries.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\hazy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mist.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_cloudy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\mostly_sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\rain.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sleet.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\snow.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\storm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\sunny.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\Thumbs.db (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\thunderstorm.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\weatherbug.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\mp3tubetoolbar@mp3tubetoolbar.com\chrome\skin\weather\windy.png (Adware.Mp3Tube) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\chrome.manifest (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\install.rdf (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{6AA54174-C9E8-4B07-95A0-0FBC19CBE64C}\defaults\preferences\prefs.js (Adware.Zwangi) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_hpk.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.
C:\Users\Neil\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf_update.dat (Adware.Hotbar.RB) -> Quarantined and deleted successfully.

(end)


My dds attach .txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/10/2011 13:17:49
System Uptime: 17/07/2012 09:00:44 (4 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SV
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 109.563 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 58.486 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Angry Birds Rio
ASUS AI Recovery
ASUS FancyStart
ASUS K3 Series ScreenSaver
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
Atheros Client Installation Program
ATK Package
µTorrent
Bookworm Deluxe
Call of Duty: Black Ops
Camtasia Studio 7
COMODO GeekBuddy
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Driver Genius Professional Edition
ESET Online Scanner v3
Eusing Free Registry Cleaner
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
Hotspot Shield 2.53
Intel(R) Control Center
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 33
Jewel Quest 3
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Need for Speed The Run, âåðñèÿ 1.0
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nuance PDF Reader
NVIDIA PhysX
PowerISO
Prototype(TM)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
SeaTools for Windows
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Sonic Focus
SpeedyPC Pro
syncables desktop SE
TurboC++ 3.0.7.7c
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VLC media player 1.1.8
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
Wireless Console 3
World of Goo
Zain e-GO
.
==== Event Viewer Messages From Past Week ========
.
17/07/2012 13:18:11, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
17/07/2012 13:18:11, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
17/07/2012 13:17:20, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
17/07/2012 13:16:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
16/07/2012 15:15:03, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
16/07/2012 15:12:29, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Zain e-GO. OUC service to connect.
16/07/2012 15:12:29, Error: Service Control Manager [7000] - The Zain e-GO. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/07/2012 15:11:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
16/07/2012 15:11:50, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/07/2012 15:11:40, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
16/07/2012 15:11:33, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: Access is denied.
16/07/2012 15:11:33, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
16/07/2012 08:30:50, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/07/2012 08:30:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/07/2012 08:30:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/07/2012 08:30:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/07/2012 08:30:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/07/2012 08:30:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/07/2012 08:30:20, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi ATKWMIACPIIO avc3 bdfsfltr bdfwfpf BDVEDISK cmdGuard cmdHlp DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:29:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
16/07/2012 01:16:55, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
16/07/2012 01:16:55, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
14/07/2012 22:40:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffffa800fc6343f, 0xfffff880076dd928, 0xfffff880076dd190). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071412-42494-01.
13/07/2012 00:43:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006e91330, 0xfffffa8006e91610, 0xfffff80003b7d300). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071312-35131-01.
12/07/2012 02:27:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880057d8928, 0xfffff880057d8190). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071212-37892-01.
11/07/2012 22:17:13, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8003fedb60, 0xfffff80000ba2740). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071112-64366-01.
11/07/2012 00:13:49, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/07/2012 00:09:59, Error: Service Control Manager [7031] - The avast! Firewall service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/07/2012 00:09:52, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/07/2012 00:09:42, Error: Service Control Manager [7031] - The avast! Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/07/2012 00:09:31, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/07/2012 00:03:19, Error: Service Control Manager [7030] - The COMODO Internet Security Helper Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/07/2012 21:01:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2653956).
10/07/2012 21:01:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2532531).
10/07/2012 20:59:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update Rollup for ActiveX Killbits for Windows 7 for x64-based Systems (KB2695962).
10/07/2012 20:59:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2718704).
10/07/2012 20:59:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
10/07/2012 20:59:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2529073).
10/07/2012 20:59:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2387530).
10/07/2012 18:37:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ATKWMIACPIIO avc3 bdfsfltr BDVEDISK discache SCDEmu spldr Wanarpv6
10/07/2012 17:46:38, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2563227).
10/07/2012 17:46:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2658846).
10/07/2012 17:44:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656410).
10/07/2012 17:44:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2505438).
10/07/2012 17:44:23, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2515325).
10/07/2012 17:42:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2656372).
10/07/2012 17:42:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2604114).
10/07/2012 17:42:11, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2640148).
10/07/2012 17:42:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2547666).
10/07/2012 17:28:31, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2660075).
10/07/2012 17:28:24, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2511250).
10/07/2012 17:28:19, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2545698).
10/07/2012 17:28:09, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2676562).
10/07/2012 17:28:01, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2467023).
10/07/2012 17:27:49, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2522422).
10/07/2012 17:27:43, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2703157).
10/07/2012 17:24:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2603229).
10/07/2012 17:24:34, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2699988).
10/07/2012 17:24:07, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2667402).
10/07/2012 17:24:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2492386).
10/07/2012 17:23:29, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2484033).
10/07/2012 17:09:18, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2454826).
10/07/2012 17:08:57, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2541014).
10/07/2012 17:08:53, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB975496).
10/07/2012 17:08:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2709630).
10/07/2012 17:04:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2709715).
10/07/2012 17:04:12, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2709162).
10/07/2012 17:04:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2488113).
10/07/2012 16:57:21, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2685939).
10/07/2012 16:56:08, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2690533).
10/07/2012 16:56:04, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2699779).
10/07/2012 16:56:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2621440).
10/07/2012 16:54:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
10/07/2012 16:54:03, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 for x64-based Systems (KB2686830).
10/07/2012 16:53:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2659262).
10/07/2012 16:39:47, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB982018).
10/07/2012 16:26:51, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2688338).
10/07/2012 16:26:40, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2660649).
10/07/2012 06:31:25, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi ATKWMIACPIIO avc3 bdfwfpf BDVEDISK DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
.
==== End Of File ===========================

Please reply as fast as possible Since I do everything on my computer only :(
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 19th, 2012, 10:48 am

Hi Neil :)

I'm sorry to tell you that I have bad news for you. You are infected with a Rootkit called Zeroaccess, this infection can prove difficult to remove. We can attempt to fix it but depending on how much damage has already been done, you may have no other choice other than to reformat.You can read more below.

Rootkit

Your computer has multiple infections, including a Rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
How to backup your files in Windows XP
How to backup your files in Windows Vista/Windows 7

Should you have any questions please feel free to ask.

If you decide to continue please read the P2P warning below


Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    µTorrent

  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.



Please post fresh DDS logs if you have decided to continue
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 19th, 2012, 12:24 pm

Hey Maxi

I would like to continue if u could tell me I do have a more than 50 percent to get this infection out of my sytem.
I know it is not easy but i wouldnt wanna continue knowing that i dont stand a chance against removing it and i am just blindly shooting a arrow in the air.


DDS logs


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_33
Run by Neil at 19:14:04 on 2012-07-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.1481 [GMT 3:00]
.
AV: avast! Internet Security *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Internet Security *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\ProgramData\Zain e-GO\OnlineUpdate\ouc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
C:\Program Files\Bitdefender\Bitdefender 2012\odslv.exe
C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Mobile Partner] C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{09458F37-365E-4F58-843D-7DCFE0C4B100} : NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{80A8F56A-F469-47E5-8294-BE04F73C6CF4} : NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71} : NameServer = 10.66.72.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CB7320FF-8640-4C87-B512-F635F8B01962} : NameServer = 83.136.58.187 83.136.56.53
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\PROGRA~1\AVASTS~1\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
R1 BDVEDISK;BDVEDISK;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-17 2009704]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UPDATESRV;BitDefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-3-13 66096]
R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?]
R3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 avast! Antivirus;avast! Antivirus;"C:\Program Files\AVAST Software\Avast\AvastSvc.exe" --> C:\Program Files\AVAST Software\Avast\AvastSvc.exe [?]
S2 avast! Firewall;avast! Firewall;"C:\Program Files\AVAST Software\Avast\afwServ.exe" --> C:\Program Files\AVAST Software\Avast\afwServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S2 Zain e-GO. RunOuc;Zain e-GO. OUC;C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-3-5 655712]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-15 21:27:06 -------- d-----w- C:\Users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 21:26:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 21:26:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 20:27:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-10 21:17:19 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-10 20:59:21 -------- d-----w- C:\ProgramData\Comodo
2012-07-10 20:59:13 -------- d-----w- C:\Program Files\COMODO
2012-07-10 20:59:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-10 20:59:08 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-09 19:50:56 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-09 19:29:48 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-07-09 09:38:51 -------- d-----w- C:\ProgramData\FrontLine Registry Cleaner
2012-07-09 09:38:47 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2012-07-09 08:47:56 -------- d-----w- C:\ProgramData\SecTaskMan
2012-07-09 08:47:52 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-07-08 21:08:44 -------- d-----w- C:\Windows\SysWow64\My Vaults
2012-07-08 20:30:12 329800 ------w- C:\Windows\System32\drivers\trufos.sys
2012-07-08 20:28:15 442088 ------w- C:\Windows\System32\drivers\bdfsfltr.sys
2012-07-08 19:42:38 -------- d-----w- C:\ProgramData\bdch
2012-07-08 15:10:16 -------- d-sh--w- C:\found.000
2012-07-08 14:33:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-08 14:33:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-08 14:32:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-08 14:32:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-08 05:18:28 -------- d-----w- C:\Program Files\CCleaner
2012-07-07 21:20:53 398436 ----a-w- C:\ProgramData\1341694288.bdinstall.bin
2012-07-07 21:19:25 -------- d-----w- C:\ProgramData\BDLogging
2012-07-07 21:19:02 -------- d-----w- C:\Users\Neil\AppData\Roaming\Bitdefender
2012-07-07 21:18:56 -------- d-----w- C:\ProgramData\Bitdefender
2012-07-07 20:54:56 -------- d-----w- C:\Users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:53:08 -------- d-----w- C:\Program Files\Bitdefender
2012-07-07 20:51:19 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\DriverCure
2012-07-07 20:39:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-07 20:39:46 -------- d-----w- C:\Program Files (x86)\SpeedyPC Software
2012-07-07 20:39:46 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software
2012-07-04 07:04:06 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-07-14 19:40:52 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-07-04 07:03:42 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-07 10:34:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 10:34:06 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-11 09:54:37 1891384 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 19:15:12.46 ===============

Attach.txt

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/10/2011 13:17:49
System Uptime: 19/07/2012 16:29:18 (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SV
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 109.366 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 58.486 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Angry Birds Rio
ASUS AI Recovery
ASUS FancyStart
ASUS K3 Series ScreenSaver
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
Atheros Client Installation Program
ATK Package
Bookworm Deluxe
Call of Duty: Black Ops
Camtasia Studio 7
COMODO GeekBuddy
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Driver Genius Professional Edition
ESET Online Scanner v3
Eusing Free Registry Cleaner
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hotel Dash Suite Success
Hotspot Shield 2.53
Intel(R) Control Center
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 33
Jewel Quest 3
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Need for Speed The Run, âåðñèÿ 1.0
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nuance PDF Reader
NVIDIA PhysX
PowerISO
Prototype(TM)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
SeaTools for Windows
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Sonic Focus
SpeedyPC Pro
syncables desktop SE
TurboC++ 3.0.7.7c
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
VLC media player 1.1.8
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
Wireless Console 3
World of Goo
Zain e-GO
.
==== Event Viewer Messages From Past Week ========
.
19/07/2012 16:26:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
19/07/2012 16:23:01, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Zain e-GO. OUC service to connect.
19/07/2012 16:23:01, Error: Service Control Manager [7000] - The Zain e-GO. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/07/2012 16:22:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
19/07/2012 16:22:46, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/07/2012 16:22:41, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
19/07/2012 16:22:37, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: Access is denied.
19/07/2012 16:22:37, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
19/07/2012 12:14:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
19/07/2012 12:14:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
19/07/2012 12:14:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/07/2012 12:14:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
19/07/2012 12:14:17, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi ATKWMIACPIIO avc3 bdfsfltr BDVEDISK cmdGuard discache SCDEmu spldr Wanarpv6
19/07/2012 12:14:16, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
19/07/2012 12:10:29, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
19/07/2012 12:07:43, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
19/07/2012 12:07:43, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
18/07/2012 16:59:46, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
17/07/2012 21:19:29, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).
17/07/2012 21:15:59, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff8800c639928, 0xfffff8800c639190). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-31917-01.
17/07/2012 13:16:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
16/07/2012 08:30:50, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/07/2012 08:30:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/07/2012 08:30:20, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi ATKWMIACPIIO avc3 bdfsfltr bdfwfpf BDVEDISK cmdGuard cmdHlp DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:20, Error: Service Control Manager [7001] - The Hotspot Shield Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 08:30:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
16/07/2012 01:16:55, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
16/07/2012 01:16:55, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
14/07/2012 22:40:21, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0xfffffa800fc6343f, 0xfffff880076dd928, 0xfffff880076dd190). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071412-42494-01.
13/07/2012 00:43:00, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8006e91330, 0xfffffa8006e91610, 0xfffff80003b7d300). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071312-35131-01.
12/07/2012 02:27:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000000, 0xfffff880057d8928, 0xfffff880057d8190). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071212-37892-01.
.
==== End Of File ===========================


Something very important

I appreciate what you are doing Maxi whether I get rid of this infection or not


HEY I KNOW YOU NEED TIME BUT PLS REPLY FAST AS I DONT WANT THIS VIRUS TO DAMAGE MY PC ANYMORE
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 19th, 2012, 7:10 pm

Hi neil :) I honestly couldn't tell you what chance we have of fixing this but we can try but it may take some time. If you feel its not worth trying, thats ok, you have always the option to reformat.

Step 1
Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 2
Farbar Recovery Scanner Tool
    Download FRST64 to a USB flash drive.

  • Plug the USB drive into the infected machine.


    Boot your computer into Recovery Environment

  • Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
  • Select Repair your computer.
  • Select Language and click Next
  • Enter password (if necessary) and click OK, you should now see the screen below ...

Image


  • Select the Command Prompt option.
  • A command window will open.
    Type notepad then hit Enter.
    Notepad will open.
    Click File > Open then select Computer.
    Note down the drive letter for your USB Drive.
    Close Notepad.
  • Back in the command window ....
    Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
    FRST will start to run.
    When the tool opens click Yes to disclaimer.
    Press Scan button.
    When finished scanning it will make a log FRST.txt on the flash drive.
  • Close the command window.
  • Post me the FRST.txt log please.

Step 3
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator..." to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

In your next reply please include:
The FRST logfile.
The TDSSKiller log.
Any problems you had with my instructions.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 20th, 2012, 2:02 pm

Logs attached below

No Problems

[color=#80FF40][size=150]YES ONE MORE THING MY BITDEFENFER ONLINE SCANNER WHICH IS STILL ACTIVE KEEPS DETECTING VIRUSES IN WINDOWS INSTALLER FOLDER AND IT KEEPS DELETING THEM BUT THEY COME BACK ON RESTART AND NOWADAYS MY FIREFOX BROWSER KEEPS CRASHING AND I HAVE TO RESTART WINDOWS IT TO MAKE IT WORK AGAIN.
I HAVE INSTALLED COMODO FIREWALL FOR SAFETY SINCE I STILL USE INTERNET ON MY INFECTED PC SINCE I HAVE NO OTHER OPTION TO COME IN CONTACT WITH YOU. IT KEEPS DETECTING AN INCOMING CONNECTION FROM SYSTEM WHICH IT BLOCKS(200)


Scan result of Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 20-07-2012 19:36:40
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-09] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-09] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-09] (Intel Corporation)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()
HKLM\...\Run: [BDAgent] "C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe" [1067256 2012-03-22] (Bitdefender)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9569096 2012-03-11] (COMODO)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [371 2012-07-20] ()
HKLM-x32\...\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-18] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336952 2012-04-18] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [213304 2011-11-23] (COMODO)
HKLM-x32\...\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [184120 2011-11-23] (COMODO)
HKU\Neil\...\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-28] (Gemalto N.V.)
HKU\Neil\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17146504 2012-02-15] (Skype Technologies S.A.)
HKU\Neil\...\Run: [Mobile Partner] C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe [514048 2012-03-05] ()
HKU\Neil\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [222496 2009-05-05] (Acresso Corporation)
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-01-12] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll C:\Windows\system32\guard64.dll
Tcpip\..\Interfaces\{09458F37-365E-4F58-843D-7DCFE0C4B100}: [NameServer]83.136.58.187 83.136.56.53
Tcpip\..\Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{80A8F56A-F469-47E5-8294-BE04F73C6CF4}: [NameServer]83.136.58.187 83.136.56.53
Tcpip\..\Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71}: [NameServer]10.93.56.1
Tcpip\..\Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55}: [NameServer]8.26.56.26,156.154.70.22
Tcpip\..\Interfaces\{CB7320FF-8640-4C87-B512-F635F8B01962}: [NameServer]83.136.58.187 83.136.56.53
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()

==================== Services (Whitelisted) ======

2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros)
2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-14] (ASUS)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [42184 2011-02-23] (AVAST Software)
2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [121000 2011-02-23] (AVAST Software)
2 CLPSLS; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [1267000 2011-11-23] (COMODO)
2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2815496 2012-03-11] (COMODO)
2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [542552 2012-04-10] ()
3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [77520 2012-04-10] ()
2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [329544 2012-04-02] ()
2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [346976 2011-03-14] ()
3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2011-10-14] (BitDefender)
2 UPDATESRV; "C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe" /service [66096 2012-03-13] (Bitdefender)
2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe /service [1956616 2012-03-23] (Bitdefender)
2 Zain e-GO. RunOuc; C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe [655712 2012-03-05] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-02-23] (AVAST Software)
1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [127320 2011-02-23] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [64344 2011-02-23] (AVAST Software)
0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [253784 2011-02-23] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-02-23] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [505176 2011-02-23] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [280408 2011-02-23] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [53592 2011-02-23] (AVAST Software)
3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [36000 2011-03-13] (Atheros)
1 ATKWMIACPIIO; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17024 2010-07-26] (ASUS)
0 avc3; C:\Windows\System32\Drivers\avc3.sys [691896 2012-03-20] (BitDefender)
3 avchv; C:\Windows\System32\Drivers\avchv.sys [258736 2011-11-25] (BitDefender)
3 avckf; C:\Windows\System32\Drivers\avckf.sys [545064 2012-02-17] (BitDefender)
0 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [442088 2012-07-08] (BitDefender)
1 bdfwfpf; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
3 bdsandbox; C:\Windows\System32\Drivers\bdsandbox.sys [79952 2011-11-17] (BitDefender SRL)
1 BDVEDISK; C:\Windows\System32\Drivers\BDVEDISK.sys [103944 2010-01-19] (BitDefender)
3 BTATH_A2DP; C:\Windows\System32\Drivers\BTATH_A2DP.sys [298656 2011-03-13] (Atheros)
3 BTATH_BUS; C:\Windows\System32\Drivers\BTATH_BUS.sys [28832 2011-03-13] (Atheros)
3 BTATH_HCRP; C:\Windows\System32\Drivers\BTATH_HCRP.sys [201376 2011-03-13] (Atheros)
3 BTATH_LWFLT; C:\Windows\System32\Drivers\BTATH_LWFLT.sys [55456 2011-03-13] (Atheros)
3 BTATH_RCP; C:\Windows\System32\Drivers\BTATH_RCP.sys [154272 2011-03-13] (Atheros)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [280224 2011-03-13] (Atheros)
1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [577824 2012-03-11] (COMODO)
1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [43248 2012-03-11] (COMODO)
3 ewusbmbb; C:\Windows\System32\DRIVERS\ewusbwwan.sys [417280 2012-03-05] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-03-05] (Huawei Technologies Co., Ltd.)
3 huawei_enumerator; C:\Windows\System32\DRIVERS\ew_jubusenum.sys [87040 2012-03-05] (Huawei Technologies Co., Ltd.)
1 inspect; C:\Windows\System32\Drivers\inspect.sys [93200 2012-02-03] (COMODO)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
2 trufos; C:\Windows\System32\Drivers\trufos.sys [329800 2012-07-08] (BitDefender S.R.L.)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13832 2010-04-16] ()

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-20 08:31 - 2012-07-20 08:31 - 02136664 ____N (Kaspersky Lab ZAO) C:\Users\Neil\Desktop\tdsskiller.exe
2012-07-20 07:53 - 2012-07-20 08:22 - 00000112 ____A C:\Windows\setupact.log
2012-07-20 07:53 - 2012-07-20 07:53 - 00000000 ____A C:\Windows\setuperr.log
2012-07-19 00:55 - 2012-07-19 00:55 - 00000000 ____A C:\Users\Neil\Documents\bt.log
2012-07-18 11:46 - 2012-07-20 08:08 - 00000221 ____A C:\Windows\System32\checkdnsid.xml
2012-07-18 00:19 - 2012-07-18 00:20 - 00000048 ____N C:\Users\Neil\Desktop\Papers.txt
2012-07-16 10:55 - 2012-07-16 10:55 - 00607260 ____N (Swearware) C:\Users\Neil\Desktop\dds.scr
2012-07-15 13:27 - 2012-07-15 13:27 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 13:26 - 2012-07-15 13:26 - 00001115 ____N C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 13:26 - 2012-07-15 13:26 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-15 13:26 - 2012-07-15 13:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-15 13:26 - 2012-07-03 02:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-15 13:12 - 2012-07-15 13:12 - 10652120 ____N (Malwarebytes Corporation ) C:\Users\Neil\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-14 12:27 - 2012-07-14 12:27 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-13 08:59 - 2012-07-13 09:20 - 00000000 ____D C:\Users\Neil\Desktop\Jannat 2 - DVDRip - XviD - 1CDRip - [DDR]
2012-07-13 08:57 - 2012-07-13 08:57 - 00016620 ____N C:\Users\Neil\Desktop\D17A77B214382CF9A54B6665F300DDFB1B9F887D.torrent
2012-07-10 13:17 - 2012-07-12 14:46 - 00000000 ____D C:\Users\All Users\CPA_VA
2012-07-10 13:16 - 2012-07-10 13:16 - 00000000 ____D C:\Users\Public\Documents\COMODO
2012-07-10 12:59 - 2012-07-10 13:08 - 00000000 ____D C:\Users\All Users\Comodo
2012-07-10 12:59 - 2012-07-10 12:59 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-07-10 12:59 - 2012-07-10 12:59 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-07-10 12:59 - 2012-07-10 12:59 - 00001846 ____N C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-10 12:59 - 2012-07-10 12:59 - 00001047 ____N C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2012-07-10 12:59 - 2012-07-10 12:59 - 00000000 ____D C:\Program Files\COMODO
2012-07-10 12:46 - 2012-07-10 12:56 - 62855008 ____N (COMODO) C:\Users\Neil\Desktop\cfw_installer.exe
2012-07-10 12:24 - 2012-07-10 12:24 - 00000281 ____N C:\Users\Neil\Desktop\pinned.lnk
2012-07-09 19:44 - 2012-07-09 19:44 - 00000385 ____A C:\Users\Neil\AppData\Roaminguser_gensett.xml
2012-07-09 11:50 - 2012-07-09 11:50 - 00000000 ____D C:\Program Files (x86)\ESET
2012-07-09 11:29 - 2012-07-09 11:36 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-07-09 11:29 - 2012-07-09 11:29 - 00977171 ____N C:\Users\Neil\Desktop\EFRCSetup.exe
2012-07-09 11:29 - 2012-07-09 11:29 - 00001059 ____N C:\Users\Neil\Desktop\Eusing Free Registry Cleaner.lnk
2012-07-09 11:29 - 2012-07-09 11:29 - 00001059 ____A C:\Users\UpdatusUser\Desktop\Eusing Free Registry Cleaner.lnk
2012-07-09 01:38 - 2012-07-15 11:54 - 00000430 ____A C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Neil.job
2012-07-09 01:38 - 2012-07-09 02:04 - 00000000 ____D C:\Program Files (x86)\Frontline Registry Cleaner
2012-07-09 01:38 - 2012-07-09 01:38 - 00000000 ____D C:\Users\All Users\FrontLine Registry Cleaner
2012-07-09 00:56 - 2012-07-02 16:13 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-07-09 00:47 - 2012-07-09 02:06 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-07-09 00:47 - 2012-07-09 02:05 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2012-07-09 00:32 - 2011-02-17 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-07-09 00:32 - 2011-02-17 21:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-07-08 13:08 - 2012-07-08 13:08 - 00000000 ____D C:\Windows\SysWOW64\My Vaults
2012-07-08 12:57 - 2012-07-08 12:57 - 00001052 ____N C:\Users\Neil\Desktop\478CE86971D6EC4F729B7F8DCD5BDBDC4C927D0E.torrent
2012-07-08 12:30 - 2012-07-08 12:30 - 00329800 ____N (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2012-07-08 12:28 - 2012-07-08 12:28 - 00442088 ____N (BitDefender) C:\Windows\System32\Drivers\bdfsfltr.sys
2012-07-08 12:09 - 2012-07-08 12:09 - 00030856 ____A C:\Users\Neil\Documents\cc_20120708_230852.reg
2012-07-08 11:42 - 2012-07-08 11:42 - 00000000 ____D C:\Users\All Users\bdch
2012-07-08 07:10 - 2012-07-08 07:10 - 00000000 __SHD C:\found.000
2012-07-08 06:33 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-07-08 06:33 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-07-08 06:33 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-07-08 06:33 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-07-08 06:33 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-07-08 06:33 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-07-08 06:33 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-07-08 06:32 - 2012-06-02 04:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-07-08 06:32 - 2012-06-02 04:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-07-08 06:02 - 2012-07-08 06:02 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-07-07 21:19 - 2012-07-08 12:11 - 00001276 ____A C:\Users\Neil\Documents\cc_20120708_081945.reg
2012-07-07 21:18 - 2012-07-07 21:18 - 00000824 ____N C:\Users\Public\Desktop\CCleaner.lnk
2012-07-07 21:18 - 2012-07-07 21:18 - 00000000 ____D C:\Program Files\CCleaner
2012-07-07 13:23 - 2012-07-20 08:23 - 00000376 ____A C:\Users\Neil\AppData\Roamingprivacy.xml
2012-07-07 13:20 - 2012-07-07 13:20 - 00398436 ____A C:\Users\All Users\1341694288.bdinstall.bin
2012-07-07 13:19 - 2012-07-07 13:20 - 00004966 ____N C:\Users\Neil\Desktop\New Text Document.txt
2012-07-07 13:19 - 2012-07-07 13:19 - 00002098 ____N C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk
2012-07-07 13:19 - 2012-07-07 13:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-07-07 13:19 - 2012-07-07 13:19 - 00000000 ____D C:\Users\Neil\AppData\Roaming\Bitdefender
2012-07-07 13:19 - 2012-07-07 13:19 - 00000000 ____D C:\Users\All Users\BDLogging
2012-07-07 13:18 - 2012-07-07 13:19 - 00000000 ____D C:\Users\All Users\Bitdefender
2012-07-07 13:07 - 2012-07-07 13:08 - 04819616 ____N (SpeedyPC Software Inc.) C:\Users\Neil\Desktop\Repair_Tool(1).exe
2012-07-07 12:54 - 2012-07-07 12:54 - 00000000 ____D C:\Users\Neil\AppData\Roaming\QuickScan
2012-07-07 12:53 - 2012-07-07 12:53 - 00000000 ____D C:\Program Files\Bitdefender
2012-07-07 12:51 - 2012-07-07 12:51 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2012-07-07 12:40 - 2012-07-15 11:54 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-07 12:40 - 2012-07-07 12:40 - 00000000 ____D C:\Users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 12:40 - 2012-07-07 12:40 - 00000000 ____D C:\Users\Neil\AppData\Roaming\DriverCure
2012-07-07 12:39 - 2012-07-15 14:25 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-07 12:39 - 2012-07-15 11:54 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-07 12:39 - 2012-07-07 12:39 - 00001201 ____N C:\Users\Neil\Desktop\SpeedyPC Pro.lnk
2012-07-07 12:39 - 2012-07-07 12:39 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-07 12:39 - 2012-07-07 12:39 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
2012-07-07 12:31 - 2012-07-07 12:39 - 04819616 ____N (SpeedyPC Software Inc.) C:\Users\Neil\Desktop\Repair_Tool.exe
2012-07-07 12:20 - 2012-07-07 12:41 - 00000000 ____D C:\Users\Neil\Desktop\Bitdefender Antivirus Plus 2012 Build 15.0.27.312 Final [xk3nvel0xTPB]
2012-07-07 12:19 - 2012-07-07 12:19 - 00018266 ____N C:\Users\Neil\Desktop\[kat.ph]bitdefender.antivirus.plus.2012.build.15.0.27.312.final.torrent
2012-07-07 06:21 - 2012-07-07 06:22 - 00000000 ____D C:\Users\Neil\Desktop\Chemistry Notes
2012-07-04 12:59 - 2012-07-04 13:02 - 00001024 ____A C:\Users\All Users\sowdp88.dat
2012-07-04 12:59 - 2012-07-04 12:59 - 00000048 ____A C:\Windows\SysWOW64\pdfutil.ini
2012-07-04 12:56 - 2012-07-04 12:56 - 00000040 ____A C:\Windows\winDecrypt.INI
2012-07-04 12:43 - 2012-07-04 12:43 - 00000000 ____D C:\Users\Neil\Documents\Wondershare PDF Password Remover
2012-07-03 23:04 - 2012-07-03 23:03 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-03 23:04 - 2012-07-03 23:03 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-03 23:04 - 2012-07-03 23:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-03 23:04 - 2012-07-03 23:03 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-03 23:03 - 2012-07-03 23:03 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-29 12:12 - 2012-06-29 12:12 - 00028720 ____N C:\Users\Neil\Desktop\428A5014B4CAB78383A06A5BB042AD104C5A9344.torrent
2012-06-26 04:10 - 2012-06-26 04:10 - 00090038 ____N C:\Users\Neil\Desktop\books-i-should-refer-cbse-iit-jee-702648.html
2012-06-26 04:10 - 2012-06-26 04:10 - 00000000 ____D C:\Users\Neil\Desktop\books-i-should-refer-cbse-iit-jee-702648_files


============ 3 Months Modified Files ========================

2012-07-20 08:32 - 2011-05-16 12:56 - 01815056 ____A C:\Windows\WindowsUpdate.log
2012-07-20 08:31 - 2012-07-20 08:31 - 02136664 ____N (Kaspersky Lab ZAO) C:\Users\Neil\Desktop\tdsskiller.exe
2012-07-20 08:30 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-20 08:30 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-20 08:24 - 2011-01-12 09:19 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-20 08:23 - 2012-07-07 13:23 - 00000376 ____A C:\Users\Neil\AppData\Roamingprivacy.xml
2012-07-20 08:23 - 2011-05-16 13:30 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-07-20 08:23 - 2011-01-12 09:19 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-20 08:22 - 2012-07-20 07:53 - 00000112 ____A C:\Windows\setupact.log
2012-07-20 08:22 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-20 08:14 - 2009-07-13 21:13 - 00813692 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-20 08:08 - 2012-07-18 11:46 - 00000221 ____A C:\Windows\System32\checkdnsid.xml
2012-07-20 07:53 - 2012-07-20 07:53 - 00000000 ____A C:\Windows\setuperr.log
2012-07-19 00:55 - 2012-07-19 00:55 - 00000000 ____A C:\Users\Neil\Documents\bt.log
2012-07-18 00:20 - 2012-07-18 00:19 - 00000048 ____N C:\Users\Neil\Desktop\Papers.txt
2012-07-16 10:55 - 2012-07-16 10:55 - 00607260 ____N (Swearware) C:\Users\Neil\Desktop\dds.scr
2012-07-15 14:25 - 2012-07-07 12:39 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
2012-07-15 13:26 - 2012-07-15 13:26 - 00001115 ____N C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-15 13:12 - 2012-07-15 13:12 - 10652120 ____N (Malwarebytes Corporation ) C:\Users\Neil\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-15 11:54 - 2012-07-09 01:38 - 00000430 ____A C:\Windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Neil.job
2012-07-15 11:54 - 2012-07-07 12:40 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-15 11:54 - 2012-07-07 12:39 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
2012-07-13 08:57 - 2012-07-13 08:57 - 00016620 ____N C:\Users\Neil\Desktop\D17A77B214382CF9A54B6665F300DDFB1B9F887D.torrent
2012-07-10 13:16 - 2011-05-16 13:31 - 00002254 ____A C:\Windows\System32\AutoRunFilter.ini
2012-07-10 13:16 - 2011-05-16 13:31 - 00001429 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-10 13:15 - 2009-07-13 21:08 - 00032602 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-10 12:59 - 2012-07-10 12:59 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2012-07-10 12:59 - 2012-07-10 12:59 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-07-10 12:59 - 2012-07-10 12:59 - 00001846 ____N C:\Users\Public\Desktop\COMODO Firewall.lnk
2012-07-10 12:59 - 2012-07-10 12:59 - 00001047 ____N C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
2012-07-10 12:56 - 2012-07-10 12:46 - 62855008 ____N (COMODO) C:\Users\Neil\Desktop\cfw_installer.exe
2012-07-10 12:24 - 2012-07-10 12:24 - 00000281 ____N C:\Users\Neil\Desktop\pinned.lnk
2012-07-10 06:41 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2012-07-10 06:35 - 2011-10-08 09:49 - 00799236 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-09 19:44 - 2012-07-09 19:44 - 00000385 ____A C:\Users\Neil\AppData\Roaminguser_gensett.xml
2012-07-09 19:31 - 2009-07-13 20:45 - 00413120 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-09 11:29 - 2012-07-09 11:29 - 00977171 ____N C:\Users\Neil\Desktop\EFRCSetup.exe
2012-07-09 11:29 - 2012-07-09 11:29 - 00001059 ____N C:\Users\Neil\Desktop\Eusing Free Registry Cleaner.lnk
2012-07-09 11:29 - 2012-07-09 11:29 - 00001059 ____A C:\Users\UpdatusUser\Desktop\Eusing Free Registry Cleaner.lnk
2012-07-08 13:09 - 2011-10-08 02:19 - 00108728 ____A C:\Users\Neil\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-08 12:57 - 2012-07-08 12:57 - 00001052 ____N C:\Users\Neil\Desktop\478CE86971D6EC4F729B7F8DCD5BDBDC4C927D0E.torrent
2012-07-08 12:30 - 2012-07-08 12:30 - 00329800 ____N (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2012-07-08 12:28 - 2012-07-08 12:28 - 00442088 ____N (BitDefender) C:\Windows\System32\Drivers\bdfsfltr.sys
2012-07-08 12:11 - 2012-07-07 21:19 - 00001276 ____A C:\Users\Neil\Documents\cc_20120708_081945.reg
2012-07-08 12:09 - 2012-07-08 12:09 - 00030856 ____A C:\Users\Neil\Documents\cc_20120708_230852.reg
2012-07-08 06:02 - 2012-07-08 06:02 - 00000385 ____A C:\Windows\System32\user_gensett.xml
2012-07-07 21:18 - 2012-07-07 21:18 - 00000824 ____N C:\Users\Public\Desktop\CCleaner.lnk
2012-07-07 13:20 - 2012-07-07 13:20 - 00398436 ____A C:\Users\All Users\1341694288.bdinstall.bin
2012-07-07 13:20 - 2012-07-07 13:19 - 00004966 ____N C:\Users\Neil\Desktop\New Text Document.txt
2012-07-07 13:19 - 2012-07-07 13:19 - 00002098 ____N C:\Users\Public\Desktop\Bitdefender Antivirus Plus 2012.lnk
2012-07-07 13:19 - 2012-07-07 13:19 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2012-07-07 13:08 - 2012-07-07 13:07 - 04819616 ____N (SpeedyPC Software Inc.) C:\Users\Neil\Desktop\Repair_Tool(1).exe
2012-07-07 12:39 - 2012-07-07 12:39 - 00001201 ____N C:\Users\Neil\Desktop\SpeedyPC Pro.lnk
2012-07-07 12:39 - 2012-07-07 12:31 - 04819616 ____N (SpeedyPC Software Inc.) C:\Users\Neil\Desktop\Repair_Tool.exe
2012-07-07 12:19 - 2012-07-07 12:19 - 00018266 ____N C:\Users\Neil\Desktop\[kat.ph]bitdefender.antivirus.plus.2012.build.15.0.27.312.final.torrent
2012-07-07 12:07 - 2012-01-16 01:42 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 13:02 - 2012-07-04 12:59 - 00001024 ____A C:\Users\All Users\sowdp88.dat
2012-07-04 12:59 - 2012-07-04 12:59 - 00000048 ____A C:\Windows\SysWOW64\pdfutil.ini
2012-07-04 12:56 - 2012-07-04 12:56 - 00000040 ____A C:\Windows\winDecrypt.INI
2012-07-03 23:03 - 2012-07-03 23:04 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-07-03 23:03 - 2012-07-03 23:04 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-03 23:03 - 2012-07-03 23:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-03 23:03 - 2012-07-03 23:04 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-03 23:03 - 2012-03-09 06:54 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-07-03 02:46 - 2012-07-15 13:26 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 16:13 - 2012-07-09 00:56 - 57442464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-06-29 12:12 - 2012-06-29 12:12 - 00028720 ____N C:\Users\Neil\Desktop\428A5014B4CAB78383A06A5BB042AD104C5A9344.torrent
2012-06-26 04:10 - 2012-06-26 04:10 - 00090038 ____N C:\Users\Neil\Desktop\books-i-should-refer-cbse-iit-jee-702648.html
2012-06-07 02:34 - 2012-06-07 02:34 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-07 02:34 - 2012-03-12 04:46 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-03 12:28 - 2012-03-09 10:04 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-07-08 06:33 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-07-08 06:33 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-07-08 06:33 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-07-08 06:33 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-07-08 06:33 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-07-08 06:33 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-07-08 06:33 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 04:19 - 2012-07-08 06:32 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 04:15 - 2012-07-08 06:32 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-12 09:16 - 2012-05-12 09:16 - 00001013 ____N C:\Users\Public\Desktop\PowerISO.lnk
2012-05-12 06:42 - 2012-05-12 02:32 - 00002453 ____N C:\Users\Public\Desktop\SeaTools for Windows.lnk
2012-05-12 02:26 - 2012-05-12 02:26 - 00000000 ____A C:\Windows\SysWOW64\cd.dat
2012-05-11 01:54 - 2012-03-07 04:10 - 01891384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-02 03:28 - 2012-05-02 03:28 - 00130820 ____N C:\Users\Neil\Desktop\binkw32.zip
2012-04-28 10:33 - 2012-04-16 03:19 - 00000858 ____N C:\Users\Neil\Desktop\TeraCopy.lnk
2012-04-28 10:33 - 2012-01-16 02:23 - 00001632 ____N C:\Users\Neil\Desktop\Turbo C++.lnk


ZeroAccess:
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\@
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\L
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\L\00000004.@
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\L\1afb2d56
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\L\201d3dde
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\00000004.$
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\000000cb.@
C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\80000000.$

ZeroAccess:
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\@
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\L
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4007.85 MB
Available physical RAM: 3423.89 MB
Total Pagefile: 4006 MB
Available Pagefile: 3416.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:109.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:254.45 GB) (Free:58.49 GB) NTFS
4 Drive f: (NEIL) (Removable) (Total:0.49 GB) (Free:0.46 GB) FAT
5 Drive g: (Zain e-GO) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 502 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 25 GB 1024 KB
Partition 2 Primary 186 GB 25 GB
Partition 0 Extended 254 GB 211 GB
Partition 3 Logical 254 GB 211 GB

==================================================================================

Disk: 0
Partition 1
Type : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 186 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 254 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 502 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F NEIL FAT Removable 502 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned malware driver <===== ATTENTION!


==========================================================

Last Boot: 2012-07-17 21:50

======================= End Of Log ==========================
You do not have the required permissions to view the files attached to this post.
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

TTDS KILLER

Unread postby Neil » July 20th, 2012, 2:16 pm

TTDS part 2 attached and i split it into 2 because the size of the log is 264kb and i upload only 250 into this forum


I FIRST ACCIDENTALLY POSTED FIRST TTDS PART 2 THEN I POSTED THE FIRST PART OF THE LOG BELOW THIS SORRY FOR THE INCONVENIENCE


TTDS LOG PART 2


19:42:10.0289 6448 ============================================================
19:42:10.0289 6448 Scan finished
19:42:10.0289 6448 ============================================================
19:42:10.0305 6756 Detected object count: 2
19:42:10.0305 6756 Actual detected object count: 2
19:42:54.0141 6756 avast! Antivirus ( LockedFile.Multi.Generic ) - skipped by user
19:42:54.0141 6756 avast! Antivirus ( LockedFile.Multi.Generic ) - User select action: Skip
19:42:54.0141 6756 avast! Firewall ( LockedFile.Multi.Generic ) - skipped by user
19:42:54.0141 6756 avast! Firewall ( LockedFile.Multi.Generic ) - User select action: Skip
19:43:13.0688 6764 ============================================================
19:43:13.0688 6764 Scan started
19:43:13.0688 6764 Mode: Manual; TDLFS;
19:43:13.0688 6764 ============================================================
19:43:14.0015 6764 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:43:14.0015 6764 1394ohci - ok
19:43:14.0047 6764 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:43:14.0047 6764 ACPI - ok
19:43:14.0062 6764 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:43:14.0062 6764 AcpiPmi - ok
19:43:14.0140 6764 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:14.0140 6764 AdobeARMservice - ok
19:43:14.0203 6764 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:14.0203 6764 adp94xx - ok
19:43:14.0249 6764 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:43:14.0249 6764 adpahci - ok
19:43:14.0281 6764 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:43:14.0281 6764 adpu320 - ok
19:43:14.0327 6764 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:43:14.0327 6764 AeLookupSvc - ok
19:43:14.0374 6764 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
19:43:14.0374 6764 AFBAgent - ok
19:43:14.0421 6764 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:43:14.0437 6764 AFD - ok
19:43:14.0452 6764 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:43:14.0452 6764 agp440 - ok
19:43:14.0499 6764 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:43:14.0499 6764 ALG - ok
19:43:14.0515 6764 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:43:14.0515 6764 aliide - ok
19:43:14.0530 6764 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:43:14.0530 6764 amdide - ok
19:43:14.0530 6764 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:43:14.0546 6764 AmdK8 - ok
19:43:14.0546 6764 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:43:14.0546 6764 AmdPPM - ok
19:43:14.0577 6764 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
19:43:14.0577 6764 amdsata - ok
19:43:14.0593 6764 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:14.0593 6764 amdsbs - ok
19:43:14.0608 6764 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
19:43:14.0608 6764 amdxata - ok
19:43:14.0624 6764 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:43:14.0639 6764 AppID - ok
19:43:14.0655 6764 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:43:14.0655 6764 AppIDSvc - ok
19:43:14.0671 6764 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:43:14.0671 6764 Appinfo - ok
19:43:14.0702 6764 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:43:14.0702 6764 arc - ok
19:43:14.0733 6764 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:43:14.0733 6764 arcsas - ok
19:43:14.0842 6764 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:43:14.0842 6764 ASLDRService - ok
19:43:14.0858 6764 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:43:14.0858 6764 ASMMAP64 - ok
19:43:14.0983 6764 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:43:14.0983 6764 aspnet_state - ok
19:43:14.0998 6764 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
19:43:14.0998 6764 aswFsBlk - ok
19:43:15.0045 6764 aswFW (696b534c07065512317529318da79b80) C:\Windows\system32\drivers\aswFW.sys
19:43:15.0045 6764 aswFW - ok
19:43:15.0061 6764 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
19:43:15.0061 6764 aswMonFlt - ok
19:43:15.0092 6764 aswNdis2 (b977cb4b919e6d47009b608a4e733b43) C:\Windows\system32\drivers\aswNdis2.sys
19:43:15.0092 6764 aswNdis2 - ok
19:43:15.0123 6764 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
19:43:15.0123 6764 aswRdr - ok
19:43:15.0154 6764 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
19:43:15.0170 6764 aswSnx - ok
19:43:15.0217 6764 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
19:43:15.0217 6764 aswSP - ok
19:43:15.0248 6764 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
19:43:15.0248 6764 aswTdi - ok
19:43:15.0263 6764 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:15.0263 6764 AsyncMac - ok
19:43:15.0279 6764 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:43:15.0279 6764 atapi - ok
19:43:15.0310 6764 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
19:43:15.0310 6764 AthBTPort - ok
19:43:15.0373 6764 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:43:15.0373 6764 Atheros Bt&Wlan Coex Agent - ok
19:43:15.0388 6764 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:43:15.0388 6764 AtherosSvc - ok
19:43:15.0497 6764 athr (de8b9c3e0e09d918b394207f34ac16dd) C:\Windows\system32\DRIVERS\athrx.sys
19:43:15.0497 6764 athr - ok
19:43:15.0591 6764 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:43:15.0591 6764 ATKGFNEXSrv - ok
19:43:15.0622 6764 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:43:15.0622 6764 ATKWMIACPIIO - ok
19:43:16.0121 6764 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:43:16.0121 6764 AudioEndpointBuilder - ok
19:43:16.0121 6764 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:43:16.0137 6764 AudioSrv - ok
19:43:16.0184 6764 avast! Antivirus (2695e3e9497bf72abb44b5010ec5da16) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:43:16.0184 6764 Suspicious file (NoAccess): C:\Program Files\AVAST Software\Avast\AvastSvc.exe. md5: 2695e3e9497bf72abb44b5010ec5da16
19:43:16.0184 6764 avast! Antivirus ( LockedFile.Multi.Generic ) - warning
19:43:16.0184 6764 avast! Antivirus - detected LockedFile.Multi.Generic (1)
19:43:16.0199 6764 avast! Firewall (c439c2613175c9364a61da708551381c) C:\Program Files\AVAST Software\Avast\afwServ.exe
19:43:16.0199 6764 Suspicious file (NoAccess): C:\Program Files\AVAST Software\Avast\afwServ.exe. md5: c439c2613175c9364a61da708551381c
19:43:16.0199 6764 avast! Firewall ( LockedFile.Multi.Generic ) - warning
19:43:16.0199 6764 avast! Firewall - detected LockedFile.Multi.Generic (1)
19:43:16.0309 6764 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
19:43:16.0324 6764 avc3 - ok
19:43:16.0355 6764 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
19:43:16.0355 6764 avchv - ok
19:43:16.0387 6764 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
19:43:16.0387 6764 avckf - ok
19:43:16.0433 6764 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:43:16.0433 6764 AxInstSV - ok
19:43:16.0480 6764 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:43:16.0480 6764 b06bdrv - ok
19:43:16.0511 6764 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:16.0511 6764 b57nd60a - ok
19:43:16.0543 6764 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:43:16.0543 6764 BDESVC - ok
19:43:16.0699 6764 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
19:43:16.0699 6764 bdfsfltr - ok
19:43:16.0917 6764 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:43:16.0917 6764 bdfwfpf - ok
19:43:17.0026 6764 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
19:43:17.0026 6764 bdsandbox - ok
19:43:17.0104 6764 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
19:43:17.0104 6764 BDVEDISK - ok
19:43:17.0135 6764 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:43:17.0135 6764 Beep - ok
19:43:17.0182 6764 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:43:17.0198 6764 BFE - ok
19:43:17.0245 6764 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
19:43:17.0260 6764 BITS - ok
19:43:17.0338 6764 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:17.0338 6764 blbdrive - ok
19:43:17.0369 6764 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:43:17.0369 6764 bowser - ok
19:43:17.0385 6764 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:43:17.0385 6764 BrFiltLo - ok
19:43:17.0401 6764 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:43:17.0401 6764 BrFiltUp - ok
19:43:17.0432 6764 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:43:17.0432 6764 Browser - ok
19:43:17.0463 6764 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:43:17.0479 6764 Brserid - ok
19:43:17.0479 6764 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:17.0479 6764 BrSerWdm - ok
19:43:17.0525 6764 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:17.0525 6764 BrUsbMdm - ok
19:43:17.0525 6764 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:17.0525 6764 BrUsbSer - ok
19:43:17.0572 6764 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
19:43:17.0572 6764 BTATH_A2DP - ok
19:43:17.0603 6764 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
19:43:17.0603 6764 BTATH_BUS - ok
19:43:17.0635 6764 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:43:17.0635 6764 BTATH_HCRP - ok
19:43:17.0650 6764 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:43:17.0650 6764 BTATH_LWFLT - ok
19:43:17.0681 6764 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:43:17.0681 6764 BTATH_RCP - ok
19:43:17.0728 6764 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
19:43:17.0728 6764 BtFilter - ok
19:43:17.0759 6764 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:43:17.0759 6764 BthEnum - ok
19:43:17.0775 6764 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:43:17.0775 6764 BTHMODEM - ok
19:43:17.0791 6764 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:43:17.0791 6764 BthPan - ok
19:43:17.0947 6764 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
19:43:17.0962 6764 BTHPORT - ok
19:43:18.0025 6764 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:43:18.0025 6764 bthserv - ok
19:43:18.0056 6764 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
19:43:18.0056 6764 BTHUSB - ok
19:43:18.0071 6764 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:43:18.0071 6764 cdfs - ok
19:43:18.0103 6764 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:43:18.0103 6764 cdrom - ok
19:43:18.0118 6764 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:43:18.0118 6764 CertPropSvc - ok
19:43:18.0149 6764 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:43:18.0149 6764 circlass - ok
19:43:18.0181 6764 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:43:18.0181 6764 CLFS - ok
19:43:18.0399 6764 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
19:43:18.0415 6764 CLPSLS - ok
19:43:18.0524 6764 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:18.0524 6764 clr_optimization_v2.0.50727_32 - ok
19:43:18.0571 6764 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:18.0571 6764 clr_optimization_v2.0.50727_64 - ok
19:43:18.0633 6764 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:18.0633 6764 clr_optimization_v4.0.30319_32 - ok
19:43:18.0680 6764 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:18.0680 6764 clr_optimization_v4.0.30319_64 - ok
19:43:18.0758 6764 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:43:18.0758 6764 CmBatt - ok
19:43:18.0961 6764 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:43:18.0976 6764 cmdAgent - ok
19:43:19.0241 6764 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
19:43:19.0241 6764 cmdGuard - ok
19:43:19.0351 6764 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
19:43:19.0351 6764 cmdHlp - ok
19:43:19.0366 6764 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:43:19.0366 6764 cmdide - ok
19:43:19.0429 6764 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:43:19.0429 6764 CNG - ok
19:43:19.0444 6764 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:43:19.0444 6764 Compbatt - ok
19:43:19.0444 6764 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:43:19.0444 6764 CompositeBus - ok
19:43:19.0460 6764 COMSysApp - ok
19:43:19.0475 6764 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:43:19.0475 6764 crcdisk - ok
19:43:19.0507 6764 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:43:19.0507 6764 CryptSvc - ok
19:43:19.0553 6764 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:43:19.0553 6764 DcomLaunch - ok
19:43:19.0585 6764 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:43:19.0600 6764 defragsvc - ok
19:43:19.0631 6764 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:43:19.0631 6764 DfsC - ok
19:43:19.0663 6764 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:43:19.0663 6764 Dhcp - ok
19:43:19.0694 6764 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:43:19.0694 6764 discache - ok
19:43:19.0709 6764 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:43:19.0709 6764 Disk - ok
19:43:19.0756 6764 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:43:19.0756 6764 Dnscache - ok
19:43:19.0787 6764 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:43:19.0787 6764 dot3svc - ok
19:43:19.0819 6764 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:43:19.0819 6764 DPS - ok
19:43:19.0834 6764 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:43:19.0834 6764 drmkaud - ok
19:43:19.0897 6764 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
19:43:19.0912 6764 DXGKrnl - ok
19:43:19.0959 6764 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:43:19.0959 6764 EapHost - ok
19:43:20.0115 6764 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:43:20.0131 6764 ebdrv - ok
19:43:20.0224 6764 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:43:20.0224 6764 EFS - ok
19:43:20.0287 6764 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:43:20.0302 6764 ehRecvr - ok
19:43:20.0318 6764 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:43:20.0318 6764 ehSched - ok
19:43:20.0411 6764 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:43:20.0427 6764 elxstor - ok
19:43:20.0427 6764 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:43:20.0427 6764 ErrDev - ok
19:43:20.0474 6764 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
19:43:20.0474 6764 ETD - ok
19:43:20.0521 6764 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:43:20.0536 6764 EventSystem - ok
19:43:20.0583 6764 ewusbmbb (cb5b23e4fc7651371d4ee81f7b356786) C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:43:20.0583 6764 ewusbmbb - ok
19:43:20.0599 6764 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:43:20.0599 6764 ew_hwusbdev - ok
19:43:20.0630 6764 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:43:20.0645 6764 exfat - ok
19:43:20.0661 6764 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:43:20.0677 6764 fastfat - ok
19:43:20.0723 6764 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:43:20.0723 6764 Fax - ok
19:43:20.0739 6764 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:43:20.0739 6764 fdc - ok
19:43:20.0770 6764 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:43:20.0770 6764 fdPHost - ok
19:43:20.0786 6764 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:43:20.0786 6764 FDResPub - ok
19:43:20.0817 6764 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:43:20.0833 6764 FileInfo - ok
19:43:20.0833 6764 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:43:20.0848 6764 Filetrace - ok
19:43:20.0864 6764 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:43:20.0864 6764 flpydisk - ok
19:43:20.0895 6764 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:43:20.0895 6764 FltMgr - ok
19:43:20.0973 6764 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
19:43:20.0973 6764 FontCache - ok
19:43:21.0035 6764 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:21.0035 6764 FontCache3.0.0.0 - ok
19:43:21.0113 6764 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:43:21.0113 6764 FsDepends - ok
19:43:21.0129 6764 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:43:21.0129 6764 fssfltr - ok
19:43:21.0254 6764 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:43:21.0269 6764 fsssvc - ok
19:43:21.0363 6764 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:43:21.0379 6764 Fs_Rec - ok
19:43:21.0394 6764 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
19:43:21.0394 6764 fvevol - ok
19:43:21.0410 6764 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:43:21.0410 6764 gagp30kx - ok
19:43:21.0488 6764 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:43:21.0488 6764 gpsvc - ok
19:43:21.0566 6764 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:21.0566 6764 gupdate - ok
19:43:21.0597 6764 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:43:21.0597 6764 gusvc - ok
19:43:21.0613 6764 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:43:21.0613 6764 hcw85cir - ok
19:43:21.0644 6764 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:43:21.0644 6764 HdAudAddService - ok
19:43:21.0659 6764 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:43:21.0675 6764 HDAudBus - ok
19:43:21.0675 6764 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:43:21.0675 6764 HidBatt - ok
19:43:21.0691 6764 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:43:21.0691 6764 HidBth - ok
19:43:21.0706 6764 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:43:21.0706 6764 HidIr - ok
19:43:21.0737 6764 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:43:21.0737 6764 hidserv - ok
19:43:21.0753 6764 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:43:21.0753 6764 HidUsb - ok
19:43:21.0784 6764 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:43:21.0784 6764 hkmsvc - ok
19:43:21.0815 6764 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:43:21.0815 6764 HomeGroupListener - ok
19:43:21.0847 6764 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:43:21.0862 6764 HomeGroupProvider - ok
19:43:21.0878 6764 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:43:21.0878 6764 HpSAMD - ok
19:43:22.0003 6764 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
19:43:22.0003 6764 hshld - ok
19:43:22.0049 6764 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
19:43:22.0049 6764 HssDrv - ok
19:43:22.0096 6764 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
19:43:22.0096 6764 HssSrv - ok
19:43:22.0127 6764 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
19:43:22.0127 6764 HssTrayService - ok
19:43:22.0127 6764 HssWd - ok
19:43:22.0174 6764 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:43:22.0174 6764 HTTP - ok
19:43:22.0205 6764 huawei_enumerator (cce3db0ba3c615caa321eb1301532688) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:43:22.0205 6764 huawei_enumerator - ok
19:43:22.0237 6764 hwdatacard (ce93b8af848fe2aa44455a4769c1bc8a) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:43:22.0237 6764 hwdatacard - ok
19:43:22.0315 6764 HWDeviceService64.exe (e90da42b87d684debfb73b38a718a006) C:\ProgramData\DatacardService\HWDeviceService64.exe
19:43:22.0330 6764 HWDeviceService64.exe - ok
19:43:22.0346 6764 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:43:22.0346 6764 hwpolicy - ok
19:43:22.0361 6764 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:43:22.0361 6764 i8042prt - ok
19:43:22.0424 6764 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:43:22.0424 6764 iaStor - ok
19:43:22.0455 6764 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
19:43:22.0455 6764 iaStorV - ok
19:43:22.0564 6764 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:22.0580 6764 idsvc - ok
19:43:23.0204 6764 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:43:23.0251 6764 igfx - ok
19:43:23.0375 6764 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:43:23.0375 6764 iirsp - ok
19:43:23.0438 6764 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:43:23.0453 6764 IKEEXT - ok
19:43:23.0485 6764 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
19:43:23.0485 6764 inspect - ok
19:43:23.0625 6764 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
19:43:23.0625 6764 IntcAzAudAddService - ok
19:43:23.0765 6764 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:43:23.0765 6764 IntcDAud - ok
19:43:23.0797 6764 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:43:23.0797 6764 intelide - ok
19:43:23.0812 6764 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:43:23.0828 6764 intelppm - ok
19:43:23.0843 6764 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:43:23.0843 6764 IPBusEnum - ok
19:43:23.0875 6764 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:23.0875 6764 IpFilterDriver - ok
19:43:23.0875 6764 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:43:23.0890 6764 IPMIDRV - ok
19:43:23.0890 6764 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:43:23.0890 6764 IPNAT - ok
19:43:23.0906 6764 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:43:23.0906 6764 IRENUM - ok
19:43:23.0921 6764 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:43:23.0921 6764 isapnp - ok
19:43:23.0937 6764 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:43:23.0953 6764 iScsiPrt - ok
19:43:23.0968 6764 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:43:23.0968 6764 kbdclass - ok
19:43:23.0984 6764 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:43:23.0984 6764 kbdhid - ok
19:43:24.0031 6764 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:43:24.0031 6764 kbfiltr - ok
19:43:24.0046 6764 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:43:24.0062 6764 KeyIso - ok
19:43:24.0077 6764 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:43:24.0077 6764 KSecDD - ok
19:43:24.0109 6764 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:43:24.0109 6764 KSecPkg - ok
19:43:24.0124 6764 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:43:24.0140 6764 ksthunk - ok
19:43:24.0171 6764 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:43:24.0187 6764 KtmRm - ok
19:43:24.0218 6764 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
19:43:24.0218 6764 LanmanServer - ok
19:43:24.0265 6764 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:43:24.0265 6764 LanmanWorkstation - ok
19:43:24.0296 6764 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:43:24.0296 6764 lltdio - ok
19:43:24.0343 6764 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:43:24.0343 6764 lltdsvc - ok
19:43:24.0358 6764 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:43:24.0358 6764 lmhosts - ok
19:43:24.0389 6764 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:24.0389 6764 LSI_FC - ok
19:43:24.0421 6764 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:24.0421 6764 LSI_SAS - ok
19:43:24.0421 6764 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:24.0421 6764 LSI_SAS2 - ok
19:43:24.0436 6764 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:24.0436 6764 LSI_SCSI - ok
19:43:24.0467 6764 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:43:24.0467 6764 luafv - ok
19:43:24.0499 6764 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:43:24.0499 6764 Mcx2Svc - ok
19:43:24.0592 6764 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:43:24.0592 6764 MDM - ok
19:43:24.0623 6764 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:43:24.0623 6764 megasas - ok
19:43:24.0639 6764 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:24.0639 6764 MegaSR - ok
19:43:24.0670 6764 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
19:43:24.0670 6764 MEIx64 - ok
19:43:24.0701 6764 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:43:24.0701 6764 MMCSS - ok
19:43:24.0717 6764 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:43:24.0717 6764 Modem - ok
19:43:24.0733 6764 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:43:24.0733 6764 monitor - ok
19:43:24.0748 6764 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:43:24.0748 6764 mouclass - ok
19:43:24.0764 6764 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:43:24.0764 6764 mouhid - ok
19:43:24.0795 6764 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:43:24.0795 6764 mountmgr - ok
19:43:24.0811 6764 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:43:24.0811 6764 mpio - ok
19:43:24.0826 6764 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:43:24.0826 6764 mpsdrv - ok
19:43:24.0873 6764 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:43:24.0889 6764 MpsSvc - ok
19:43:24.0904 6764 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:43:24.0904 6764 MRxDAV - ok
19:43:24.0951 6764 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:24.0951 6764 mrxsmb - ok
19:43:24.0982 6764 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:24.0982 6764 mrxsmb10 - ok
19:43:25.0013 6764 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:25.0013 6764 mrxsmb20 - ok
19:43:25.0045 6764 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:43:25.0045 6764 msahci - ok
19:43:25.0060 6764 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:43:25.0076 6764 msdsm - ok
19:43:25.0107 6764 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:43:25.0107 6764 MSDTC - ok
19:43:25.0123 6764 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:43:25.0123 6764 Msfs - ok
19:43:25.0138 6764 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:43:25.0138 6764 mshidkmdf - ok
19:43:25.0154 6764 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:43:25.0154 6764 msisadrv - ok
19:43:25.0185 6764 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:43:25.0185 6764 MSiSCSI - ok
19:43:25.0185 6764 msiserver - ok
19:43:25.0201 6764 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:43:25.0201 6764 MSKSSRV - ok
19:43:25.0201 6764 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:25.0201 6764 MSPCLOCK - ok
19:43:25.0216 6764 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:43:25.0216 6764 MSPQM - ok
19:43:25.0247 6764 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:43:25.0247 6764 MsRPC - ok
19:43:25.0263 6764 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:43:25.0263 6764 mssmbios - ok
19:43:25.0279 6764 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:43:25.0279 6764 MSTEE - ok
19:43:25.0279 6764 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:25.0279 6764 MTConfig - ok
19:43:25.0294 6764 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:43:25.0294 6764 Mup - ok
19:43:25.0357 6764 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:43:25.0357 6764 napagent - ok
19:43:25.0388 6764 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:43:25.0388 6764 NativeWifiP - ok
19:43:25.0497 6764 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
19:43:25.0497 6764 NAUpdate - ok
19:43:25.0559 6764 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
19:43:25.0575 6764 NDIS - ok
19:43:25.0591 6764 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:25.0591 6764 NdisCap - ok
19:43:25.0606 6764 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:25.0606 6764 NdisTapi - ok
19:43:25.0637 6764 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:25.0637 6764 Ndisuio - ok
19:43:25.0653 6764 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:25.0669 6764 NdisWan - ok
19:43:25.0669 6764 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:43:25.0684 6764 NDProxy - ok
19:43:25.0684 6764 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:43:25.0684 6764 NetBIOS - ok
19:43:25.0715 6764 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:43:25.0715 6764 NetBT - ok
19:43:25.0731 6764 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:43:25.0747 6764 Netlogon - ok
19:43:25.0778 6764 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:43:25.0778 6764 Netman - ok
19:43:25.0871 6764 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:25.0871 6764 NetMsmqActivator - ok
19:43:25.0871 6764 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:25.0871 6764 NetPipeActivator - ok
19:43:25.0903 6764 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:43:25.0918 6764 netprofm - ok
19:43:25.0918 6764 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:25.0918 6764 NetTcpActivator - ok
19:43:25.0918 6764 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:43:25.0918 6764 NetTcpPortSharing - ok
19:43:25.0981 6764 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:25.0981 6764 nfrd960 - ok
19:43:26.0027 6764 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:43:26.0027 6764 NlaSvc - ok
19:43:26.0043 6764 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:43:26.0043 6764 Npfs - ok
19:43:26.0059 6764 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:43:26.0074 6764 nsi - ok
19:43:26.0074 6764 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:43:26.0074 6764 nsiproxy - ok
19:43:26.0168 6764 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
19:43:26.0168 6764 Ntfs - ok
19:43:26.0277 6764 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:43:26.0293 6764 Null - ok
19:43:26.0807 6764 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:43:26.0870 6764 nvlddmkm - ok
19:43:26.0963 6764 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:43:26.0963 6764 nvpciflt - ok
19:43:26.0995 6764 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
19:43:26.0995 6764 nvraid - ok
19:43:27.0010 6764 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
19:43:27.0010 6764 nvstor - ok
19:43:27.0073 6764 NVSvc (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe
19:43:27.0088 6764 NVSvc - ok
19:43:27.0213 6764 nvUpdatusService (4b7636c52a359ab0783b350a5fbdbb49) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:43:27.0229 6764 nvUpdatusService - ok
19:43:27.0353 6764 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:43:27.0353 6764 nv_agp - ok
19:43:27.0369 6764 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:43:27.0369 6764 ohci1394 - ok
19:43:27.0447 6764 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:43:27.0447 6764 ose - ok
19:43:27.0494 6764 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:43:27.0494 6764 p2pimsvc - ok
19:43:27.0541 6764 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:43:27.0556 6764 p2psvc - ok
19:43:27.0572 6764 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:43:27.0587 6764 Parport - ok
19:43:27.0603 6764 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:43:27.0603 6764 partmgr - ok
19:43:27.0634 6764 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:43:27.0634 6764 PcaSvc - ok
19:43:27.0665 6764 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:43:27.0665 6764 pci - ok
19:43:27.0681 6764 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:43:27.0681 6764 pciide - ok
19:43:27.0712 6764 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:43:27.0712 6764 pcmcia - ok
19:43:27.0728 6764 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:43:27.0728 6764 pcw - ok
19:43:27.0775 6764 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:43:27.0775 6764 PEAUTH - ok
19:43:27.0868 6764 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:43:27.0868 6764 PerfHost - ok
19:43:28.0009 6764 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:43:28.0009 6764 pla - ok
19:43:28.0071 6764 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:43:28.0071 6764 PlugPlay - ok
19:43:28.0087 6764 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:43:28.0087 6764 PNRPAutoReg - ok
19:43:28.0118 6764 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:43:28.0118 6764 PNRPsvc - ok
19:43:28.0180 6764 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:43:28.0180 6764 PolicyAgent - ok
19:43:28.0211 6764 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:43:28.0211 6764 Power - ok
19:43:28.0274 6764 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:43:28.0274 6764 PptpMiniport - ok
19:43:28.0305 6764 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:43:28.0305 6764 Processor - ok
19:43:28.0336 6764 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:43:28.0336 6764 ProfSvc - ok
19:43:28.0367 6764 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:43:28.0367 6764 ProtectedStorage - ok
19:43:28.0399 6764 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:43:28.0399 6764 Psched - ok
19:43:28.0492 6764 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:43:28.0508 6764 ql2300 - ok
19:43:28.0617 6764 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:43:28.0633 6764 ql40xx - ok
19:43:28.0664 6764 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:43:28.0664 6764 QWAVE - ok
19:43:28.0679 6764 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:43:28.0679 6764 QWAVEdrv - ok
19:43:28.0679 6764 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:43:28.0679 6764 RasAcd - ok
19:43:28.0711 6764 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:43:28.0711 6764 RasAgileVpn - ok
19:43:28.0757 6764 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:43:28.0757 6764 RasAuto - ok
19:43:28.0773 6764 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:43:28.0773 6764 Rasl2tp - ok
19:43:28.0820 6764 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:43:28.0820 6764 RasMan - ok
19:43:28.0851 6764 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:43:28.0851 6764 RasPppoe - ok
19:43:28.0867 6764 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:43:28.0867 6764 RasSstp - ok
19:43:28.0898 6764 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:43:28.0898 6764 rdbss - ok
19:43:28.0913 6764 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:43:28.0913 6764 rdpbus - ok
19:43:28.0929 6764 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:43:28.0929 6764 RDPCDD - ok
19:43:28.0945 6764 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:43:28.0945 6764 RDPENCDD - ok
19:43:28.0960 6764 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:43:28.0960 6764 RDPREFMP - ok
19:43:28.0991 6764 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:43:28.0991 6764 RDPWD - ok
19:43:29.0054 6764 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
19:43:29.0054 6764 rdyboost - ok
19:43:29.0085 6764 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:43:29.0085 6764 RemoteAccess - ok
19:43:29.0116 6764 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:43:29.0132 6764 RemoteRegistry - ok
19:43:29.0147 6764 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:43:29.0147 6764 RFCOMM - ok
19:43:29.0163 6764 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:43:29.0163 6764 RpcEptMapper - ok
19:43:29.0210 6764 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:43:29.0210 6764 RpcLocator - ok
19:43:29.0241 6764 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:43:29.0241 6764 RpcSs - ok
19:43:29.0288 6764 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:43:29.0288 6764 rspndr - ok
19:43:29.0319 6764 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
19:43:29.0335 6764 RSUSBVSTOR - ok
19:43:29.0366 6764 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:43:29.0366 6764 RTL8167 - ok
19:43:29.0397 6764 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:43:29.0397 6764 SamSs - ok
19:43:29.0413 6764 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:43:29.0413 6764 sbp2port - ok
19:43:29.0459 6764 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:43:29.0459 6764 SCardSvr - ok
19:43:29.0506 6764 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
19:43:29.0506 6764 SCDEmu - ok
19:43:29.0522 6764 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:43:29.0522 6764 scfilter - ok
19:43:29.0600 6764 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:43:29.0615 6764 Schedule - ok
19:43:29.0631 6764 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:43:29.0631 6764 SCPolicySvc - ok
19:43:29.0662 6764 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:43:29.0678 6764 SDRSVC - ok
19:43:29.0740 6764 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:43:29.0740 6764 secdrv - ok
19:43:29.0740 6764 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:43:29.0740 6764 seclogon - ok
19:43:29.0756 6764 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:43:29.0756 6764 SENS - ok
19:43:29.0771 6764 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:43:29.0787 6764 SensrSvc - ok
19:43:29.0803 6764 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:43:29.0803 6764 Serenum - ok
19:43:29.0834 6764 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:43:29.0834 6764 Serial - ok
19:43:29.0834 6764 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:43:29.0834 6764 sermouse - ok
19:43:29.0865 6764 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:43:29.0865 6764 SessionEnv - ok
19:43:29.0865 6764 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:43:29.0865 6764 sffdisk - ok
19:43:29.0881 6764 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:43:29.0881 6764 sffp_mmc - ok
19:43:29.0896 6764 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:43:29.0896 6764 sffp_sd - ok
19:43:29.0896 6764 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:43:29.0896 6764 sfloppy - ok
19:43:29.0927 6764 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:43:29.0927 6764 ShellHWDetection - ok
19:43:29.0943 6764 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:43:29.0943 6764 SiSGbeLH - ok
19:43:29.0959 6764 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:43:29.0959 6764 SiSRaid2 - ok
19:43:29.0990 6764 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:43:29.0990 6764 SiSRaid4 - ok
19:43:30.0052 6764 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:43:30.0052 6764 SkypeUpdate - ok
19:43:30.0068 6764 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:43:30.0068 6764 Smb - ok
19:43:30.0083 6764 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:43:30.0083 6764 SNMPTRAP - ok
19:43:30.0115 6764 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:43:30.0115 6764 spldr - ok
19:43:30.0161 6764 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:43:30.0161 6764 Spooler - ok
19:43:30.0333 6764 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:43:30.0349 6764 sppsvc - ok
19:43:30.0427 6764 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:43:30.0442 6764 sppuinotify - ok
19:43:30.0520 6764 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:43:30.0520 6764 srv - ok
19:43:30.0629 6764 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:43:30.0629 6764 srv2 - ok
19:43:30.0645 6764 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:43:30.0645 6764 srvnet - ok
19:43:30.0692 6764 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:43:30.0692 6764 SSDPSRV - ok
19:43:30.0707 6764 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:43:30.0707 6764 SstpSvc - ok
19:43:30.0739 6764 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:43:30.0739 6764 stexstor - ok
19:43:30.0785 6764 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:43:30.0785 6764 stisvc - ok
19:43:30.0817 6764 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:43:30.0817 6764 swenum - ok
19:43:30.0848 6764 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:43:30.0863 6764 swprv - ok
19:43:30.0957 6764 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:43:30.0973 6764 SysMain - ok
19:43:31.0051 6764 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:43:31.0051 6764 TabletInputService - ok
19:43:31.0113 6764 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
19:43:31.0113 6764 taphss - ok
19:43:31.0144 6764 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:43:31.0144 6764 TapiSrv - ok
19:43:31.0160 6764 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:43:31.0175 6764 TBS - ok
19:43:31.0269 6764 Tcpip (98c68f9b6381ad34fc3924dff2393278) C:\Windows\system32\drivers\tcpip.sys
19:43:31.0285 6764 Tcpip - ok
19:43:31.0534 6764 TCPIP6 (98c68f9b6381ad34fc3924dff2393278) C:\Windows\system32\DRIVERS\tcpip.sys
19:43:31.0550 6764 TCPIP6 - ok
19:43:31.0659 6764 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:43:31.0659 6764 tcpipreg - ok
19:43:31.0675 6764 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:43:31.0675 6764 TDPIPE - ok
19:43:31.0675 6764 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:43:31.0675 6764 TDTCP - ok
19:43:31.0706 6764 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:43:31.0706 6764 tdx - ok
19:43:31.0721 6764 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:43:31.0721 6764 TermDD - ok
19:43:31.0784 6764 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:43:31.0784 6764 TermService - ok
19:43:31.0815 6764 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:43:31.0815 6764 Themes - ok
19:43:31.0846 6764 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:43:31.0846 6764 THREADORDER - ok
19:43:31.0877 6764 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:43:31.0877 6764 TrkWks - ok
19:43:32.0002 6764 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
19:43:32.0002 6764 trufos - ok
19:43:32.0111 6764 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:43:32.0111 6764 TrustedInstaller - ok
19:43:32.0143 6764 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:43:32.0143 6764 tssecsrv - ok
19:43:32.0174 6764 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:43:32.0174 6764 tunnel - ok
19:43:32.0189 6764 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
19:43:32.0189 6764 TurboB - ok
19:43:32.0283 6764 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:43:32.0283 6764 TurboBoost - ok
19:43:32.0299 6764 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:43:32.0299 6764 uagp35 - ok
19:43:32.0345 6764 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:43:32.0361 6764 udfs - ok
19:43:32.0392 6764 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:43:32.0392 6764 UI0Detect - ok
19:43:32.0423 6764 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:43:32.0423 6764 uliagpkx - ok
19:43:32.0439 6764 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:43:32.0439 6764 umbus - ok
19:43:32.0439 6764 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:43:32.0439 6764 UmPass - ok
19:43:32.0533 6764 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
19:43:32.0548 6764 Update Server - ok
19:43:32.0673 6764 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
19:43:32.0673 6764 UPDATESRV - ok
19:43:32.0720 6764 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:43:32.0735 6764 upnphost - ok
19:43:32.0767 6764 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
19:43:32.0767 6764 usbccgp - ok
19:43:32.0782 6764 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:43:32.0798 6764 usbcir - ok
19:43:32.0813 6764 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
19:43:32.0813 6764 usbehci - ok
19:43:32.0860 6764 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
19:43:32.0860 6764 usbhub - ok
19:43:32.0876 6764 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:43:32.0876 6764 usbohci - ok
19:43:32.0876 6764 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:43:32.0891 6764 usbprint - ok
19:43:32.0907 6764 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:43:32.0907 6764 USBSTOR - ok
19:43:32.0923 6764 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:43:32.0923 6764 usbuhci - ok
19:43:32.0954 6764 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:43:32.0954 6764 usbvideo - ok
19:43:32.0985 6764 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:43:32.0985 6764 UxSms - ok
19:43:33.0016 6764 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:43:33.0016 6764 VaultSvc - ok
19:43:33.0016 6764 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:43:33.0032 6764 vdrvroot - ok
19:43:33.0063 6764 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:43:33.0063 6764 vds - ok
19:43:33.0094 6764 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:43:33.0094 6764 vga - ok
19:43:33.0110 6764 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:43:33.0110 6764 VgaSave - ok
19:43:33.0125 6764 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:43:33.0141 6764 vhdmp - ok
19:43:33.0157 6764 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:43:33.0157 6764 viaide - ok
19:43:33.0172 6764 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:43:33.0172 6764 volmgr - ok
19:43:33.0203 6764 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:43:33.0203 6764 volmgrx - ok
19:43:33.0235 6764 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:43:33.0235 6764 volsnap - ok
19:43:33.0266 6764 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:43:33.0266 6764 vsmraid - ok
19:43:33.0359 6764 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:43:33.0375 6764 VSS - ok
19:43:33.0484 6764 VSSERV - ok
19:43:33.0593 6764 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:43:33.0609 6764 vwifibus - ok
19:43:33.0625 6764 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:43:33.0625 6764 vwififlt - ok
19:43:33.0671 6764 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:43:33.0671 6764 W32Time - ok
19:43:33.0687 6764 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:43:33.0687 6764 WacomPen - ok
19:43:33.0718 6764 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:33.0718 6764 WANARP - ok
19:43:33.0718 6764 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:43:33.0718 6764 Wanarpv6 - ok
19:43:33.0796 6764 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:43:33.0812 6764 WatAdminSvc - ok
19:43:33.0905 6764 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:43:33.0921 6764 wbengine - ok
19:43:34.0015 6764 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:43:34.0015 6764 WbioSrvc - ok
19:43:34.0046 6764 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
19:43:34.0046 6764 wcncsvc - ok
19:43:34.0061 6764 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:43:34.0077 6764 WcsPlugInService - ok
19:43:34.0124 6764 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:43:34.0124 6764 Wd - ok
19:43:34.0155 6764 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:43:34.0171 6764 Wdf01000 - ok
19:43:34.0186 6764 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:43:34.0186 6764 WdiServiceHost - ok
19:43:34.0186 6764 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:43:34.0202 6764 WdiSystemHost - ok
19:43:34.0233 6764 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
19:43:34.0233 6764 WebClient - ok
19:43:34.0264 6764 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:43:34.0264 6764 Wecsvc - ok
19:43:34.0280 6764 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:43:34.0295 6764 wercplsupport - ok
19:43:34.0295 6764 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:43:34.0311 6764 WerSvc - ok
19:43:34.0373 6764 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:43:34.0373 6764 WfpLwf - ok
19:43:34.0405 6764 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:43:34.0405 6764 WimFltr - ok
19:43:34.0405 6764 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:43:34.0405 6764 WIMMount - ok
19:43:34.0420 6764 WinHttpAutoProxySvc - ok
19:43:34.0483 6764 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:43:34.0483 6764 Winmgmt - ok
19:43:34.0576 6764 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:43:34.0592 6764 WinRM - ok
19:43:34.0732 6764 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:43:34.0748 6764 Wlansvc - ok
19:43:34.0857 6764 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:43:34.0857 6764 wlcrasvc - ok
19:43:34.0982 6764 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:43:34.0997 6764 wlidsvc - ok
19:43:35.0122 6764 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:43:35.0122 6764 WmiAcpi - ok
19:43:35.0185 6764 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:43:35.0185 6764 wmiApSrv - ok
19:43:35.0231 6764 WMPNetworkSvc - ok
19:43:35.0263 6764 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:43:35.0263 6764 WPCSvc - ok
19:43:35.0278 6764 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:43:35.0278 6764 WPDBusEnum - ok
19:43:35.0294 6764 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:43:35.0294 6764 ws2ifsl - ok
19:43:35.0294 6764 WSearch - ok
19:43:35.0434 6764 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:43:35.0450 6764 wuauserv - ok
19:43:35.0575 6764 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:43:35.0575 6764 WudfPf - ok
19:43:35.0590 6764 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:43:35.0590 6764 WUDFRd - ok
19:43:35.0621 6764 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:43:35.0621 6764 wudfsvc - ok
19:43:35.0653 6764 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:43:35.0653 6764 WwanSvc - ok
19:43:35.0762 6764 Zain e-GO. RunOuc (625c98d60ad5ab1fccbd0e2c0ac0d905) C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe
19:43:35.0777 6764 Zain e-GO. RunOuc - ok
19:43:35.0840 6764 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:43:36.0214 6764 \Device\Harddisk0\DR0 - ok
19:43:36.0230 6764 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
19:43:37.0837 6764 \Device\Harddisk1\DR1 - ok
19:43:37.0852 6764 Boot (0x1200) (9d7a4ccc8d7f611b7f9205abd9283a4d) \Device\Harddisk0\DR0\Partition0
19:43:37.0852 6764 \Device\Harddisk0\DR0\Partition0 - ok
19:43:37.0868 6764 Boot (0x1200) (bc93550cf68f5e3b76cf385fb64d16bd) \Device\Harddisk0\DR0\Partition1
19:43:37.0868 6764 \Device\Harddisk0\DR0\Partition1 - ok
19:43:37.0883 6764 Boot (0x1200) (d5979da276538109cfb45eed90c49f77) \Device\Harddisk1\DR1\Partition0
19:43:37.0883 6764 \Device\Harddisk1\DR1\Partition0 - ok
19:43:37.0883 6764 ============================================================
19:43:37.0883 6764 Scan finished
19:43:37.0883 6764 ============================================================
19:43:37.0883 6744 Detected object count: 2
19:43:37.0883 6744 Actual detected object count: 2
19:43:42.0719 6744 avast! Antivirus ( LockedFile.Multi.Generic ) - skipped by user
19:43:42.0719 6744 avast! Antivirus ( LockedFile.Multi.Generic ) - User select action: Skip
19:43:42.0719 6744 avast! Firewall ( LockedFile.Multi.Generic ) - skipped by user
19:43:42.0719 6744 avast! Firewall ( LockedFile.Multi.Generic ) - User select action: Skip
19:43:46.0588 6420 Deinitialize success
You do not have the required permissions to view the files attached to this post.
Last edited by Neil on July 21st, 2012, 9:44 am, edited 2 times in total.
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

TTDS Killer

Unread postby Neil » July 20th, 2012, 2:18 pm

TTDS LOG PART 1


19:40:55.0968 6384 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:40:56.0031 6384 ============================================================
19:40:56.0031 6384 Current date / time: 2012/07/20 19:40:56.0031
19:40:56.0031 6384 SystemInfo:
19:40:56.0031 6384
19:40:56.0031 6384 OS Version: 6.1.7600 ServicePack: 0.0
19:40:56.0031 6384 Product type: Workstation
19:40:56.0031 6384 ComputerName: NEIL-PC
19:40:56.0031 6384 UserName: Neil
19:40:56.0031 6384 Windows directory: C:\Windows
19:40:56.0031 6384 System windows directory: C:\Windows
19:40:56.0031 6384 Running under WOW64
19:40:56.0031 6384 Processor architecture: Intel x64
19:40:56.0031 6384 Number of processors: 4
19:40:56.0031 6384 Page size: 0x1000
19:40:56.0031 6384 Boot type: Normal boot
19:40:56.0031 6384 ============================================================
19:40:56.0951 6384 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:40:56.0967 6384 Drive \Device\Harddisk1\DR1 - Size: 0x1F6FF000 (0.49 Gb), SectorSize: 0x200, Cylinders: 0x40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:40:56.0982 6384 ============================================================
19:40:56.0982 6384 \Device\Harddisk0\DR0:
19:40:56.0982 6384 MBR partitions:
19:40:56.0982 6384 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3200800, BlocksNum 0x1749B9A8
19:40:56.0998 6384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A69D000, BlocksNum 0x1FCE8800
19:40:56.0998 6384 \Device\Harddisk1\DR1:
19:40:56.0998 6384 MBR partitions:
19:40:56.0998 6384 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0xFB7B8
19:40:56.0998 6384 ============================================================
19:40:57.0029 6384 C: <-> \Device\Harddisk0\DR0\Partition0
19:40:57.0107 6384 D: <-> \Device\Harddisk0\DR0\Partition1
19:40:57.0107 6384 ============================================================
19:40:57.0107 6384 Initialize success
19:40:57.0107 6384 ============================================================
19:41:17.0372 6448 ============================================================
19:41:17.0372 6448 Scan started
19:41:17.0372 6448 Mode: Manual; TDLFS;
19:41:17.0372 6448 ============================================================
19:41:20.0819 6448 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:41:20.0850 6448 1394ohci - ok
19:41:21.0240 6448 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:41:21.0303 6448 ACPI - ok
19:41:21.0334 6448 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:41:21.0334 6448 AcpiPmi - ok
19:41:21.0786 6448 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:41:21.0802 6448 AdobeARMservice - ok
19:41:22.0348 6448 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:41:22.0410 6448 adp94xx - ok
19:41:23.0066 6448 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:41:23.0175 6448 adpahci - ok
19:41:23.0721 6448 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:41:23.0768 6448 adpu320 - ok
19:41:24.0002 6448 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:41:24.0002 6448 AeLookupSvc - ok
19:41:24.0345 6448 AFBAgent (69fd46fac0d9c4a8ecd522ac6a7481f5) C:\Windows\system32\FBAgent.exe
19:41:24.0360 6448 AFBAgent - ok
19:41:24.0423 6448 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:41:24.0626 6448 AFD - ok
19:41:24.0657 6448 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:41:24.0672 6448 agp440 - ok
19:41:24.0688 6448 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:41:24.0704 6448 ALG - ok
19:41:24.0719 6448 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:41:24.0719 6448 aliide - ok
19:41:24.0735 6448 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:41:24.0735 6448 amdide - ok
19:41:24.0750 6448 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:41:24.0750 6448 AmdK8 - ok
19:41:24.0766 6448 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:41:24.0797 6448 AmdPPM - ok
19:41:24.0813 6448 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys
19:41:24.0828 6448 amdsata - ok
19:41:24.0875 6448 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:41:24.0891 6448 amdsbs - ok
19:41:24.0922 6448 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys
19:41:24.0922 6448 amdxata - ok
19:41:24.0969 6448 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:41:25.0000 6448 AppID - ok
19:41:25.0016 6448 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:41:25.0031 6448 AppIDSvc - ok
19:41:25.0047 6448 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:41:25.0047 6448 Appinfo - ok
19:41:25.0062 6448 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:41:25.0078 6448 arc - ok
19:41:25.0109 6448 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:41:25.0140 6448 arcsas - ok
19:41:25.0234 6448 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
19:41:25.0234 6448 ASLDRService - ok
19:41:25.0265 6448 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:41:25.0265 6448 ASMMAP64 - ok
19:41:25.0608 6448 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:41:25.0671 6448 aspnet_state - ok
19:41:25.0702 6448 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
19:41:25.0702 6448 aswFsBlk - ok
19:41:25.0749 6448 aswFW (696b534c07065512317529318da79b80) C:\Windows\system32\drivers\aswFW.sys
19:41:25.0749 6448 aswFW - ok
19:41:26.0014 6448 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
19:41:26.0030 6448 aswMonFlt - ok
19:41:26.0248 6448 aswNdis2 (b977cb4b919e6d47009b608a4e733b43) C:\Windows\system32\drivers\aswNdis2.sys
19:41:26.0295 6448 aswNdis2 - ok
19:41:26.0310 6448 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
19:41:26.0310 6448 aswRdr - ok
19:41:26.0357 6448 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
19:41:26.0357 6448 aswSnx - ok
19:41:26.0420 6448 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
19:41:26.0420 6448 aswSP - ok
19:41:26.0482 6448 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
19:41:26.0482 6448 aswTdi - ok
19:41:26.0513 6448 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:26.0513 6448 AsyncMac - ok
19:41:26.0529 6448 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:41:26.0529 6448 atapi - ok
19:41:26.0560 6448 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
19:41:26.0560 6448 AthBTPort - ok
19:41:26.0747 6448 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
19:41:26.0810 6448 Atheros Bt&Wlan Coex Agent - ok
19:41:26.0856 6448 AtherosSvc (21753130331188c4b474e1d3b396e629) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
19:41:26.0856 6448 AtherosSvc - ok
19:41:27.0293 6448 athr (de8b9c3e0e09d918b394207f34ac16dd) C:\Windows\system32\DRIVERS\athrx.sys
19:41:27.0387 6448 athr - ok
19:41:27.0465 6448 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
19:41:27.0480 6448 ATKGFNEXSrv - ok
19:41:27.0527 6448 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:41:27.0527 6448 ATKWMIACPIIO - ok
19:41:27.0730 6448 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:41:27.0761 6448 AudioEndpointBuilder - ok
19:41:27.0761 6448 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:41:27.0761 6448 AudioSrv - ok
19:41:27.0886 6448 avast! Antivirus (2695e3e9497bf72abb44b5010ec5da16) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:41:27.0933 6448 Suspicious file (NoAccess): C:\Program Files\AVAST Software\Avast\AvastSvc.exe. md5: 2695e3e9497bf72abb44b5010ec5da16
19:41:27.0933 6448 avast! Antivirus ( LockedFile.Multi.Generic ) - warning
19:41:27.0933 6448 avast! Antivirus - detected LockedFile.Multi.Generic (1)
19:41:27.0980 6448 avast! Firewall (c439c2613175c9364a61da708551381c) C:\Program Files\AVAST Software\Avast\afwServ.exe
19:41:28.0120 6448 Suspicious file (NoAccess): C:\Program Files\AVAST Software\Avast\afwServ.exe. md5: c439c2613175c9364a61da708551381c
19:41:28.0120 6448 avast! Firewall ( LockedFile.Multi.Generic ) - warning
19:41:28.0120 6448 avast! Firewall - detected LockedFile.Multi.Generic (1)
19:41:30.0008 6448 avc3 (f57de310bf3bd9df0f7d301c1d7f5432) C:\Windows\system32\DRIVERS\avc3.sys
19:41:30.0054 6448 avc3 - ok
19:41:30.0694 6448 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys
19:41:30.0803 6448 avchv - ok
19:41:31.0178 6448 avckf (6dc4cca415bbf2fc629beb532aa0e6cd) C:\Windows\system32\DRIVERS\avckf.sys
19:41:31.0193 6448 avckf - ok
19:41:31.0224 6448 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:41:31.0224 6448 AxInstSV - ok
19:41:31.0271 6448 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:41:31.0302 6448 b06bdrv - ok
19:41:31.0318 6448 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:41:31.0334 6448 b57nd60a - ok
19:41:31.0490 6448 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:41:31.0661 6448 BDESVC - ok
19:41:32.0426 6448 bdfsfltr (ea195950fa5dd4a8f7bc00822213a363) C:\Windows\system32\DRIVERS\bdfsfltr.sys
19:41:32.0566 6448 bdfsfltr - ok
19:41:32.0816 6448 bdfwfpf (4ce4b0098fc315c237fa8867f07886c4) C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
19:41:32.0831 6448 bdfwfpf - ok
19:41:32.0956 6448 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys
19:41:32.0972 6448 bdsandbox - ok
19:41:33.0174 6448 BDVEDISK (b89deff4817b4cc6fc2bcd8f83b4e75d) C:\Windows\system32\DRIVERS\bdvedisk.sys
19:41:33.0190 6448 BDVEDISK - ok
19:41:33.0221 6448 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:41:33.0237 6448 Beep - ok
19:41:34.0079 6448 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:41:34.0142 6448 BFE - ok
19:41:34.0344 6448 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
19:41:34.0407 6448 BITS - ok
19:41:34.0765 6448 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:41:34.0776 6448 blbdrive - ok
19:41:34.0800 6448 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:41:34.0802 6448 bowser - ok
19:41:34.0821 6448 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:41:34.0825 6448 BrFiltLo - ok
19:41:34.0829 6448 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:41:34.0832 6448 BrFiltUp - ok
19:41:34.0870 6448 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:41:34.0874 6448 Browser - ok
19:41:34.0906 6448 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:41:34.0908 6448 Brserid - ok
19:41:34.0924 6448 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:41:34.0924 6448 BrSerWdm - ok
19:41:34.0940 6448 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:41:34.0940 6448 BrUsbMdm - ok
19:41:34.0940 6448 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:41:34.0940 6448 BrUsbSer - ok
19:41:34.0986 6448 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
19:41:35.0002 6448 BTATH_A2DP - ok
19:41:35.0033 6448 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
19:41:35.0033 6448 BTATH_BUS - ok
19:41:35.0049 6448 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
19:41:35.0064 6448 BTATH_HCRP - ok
19:41:35.0096 6448 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
19:41:35.0096 6448 BTATH_LWFLT - ok
19:41:35.0127 6448 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
19:41:35.0142 6448 BTATH_RCP - ok
19:41:35.0189 6448 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
19:41:35.0205 6448 BtFilter - ok
19:41:35.0236 6448 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
19:41:35.0236 6448 BthEnum - ok
19:41:35.0252 6448 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:41:35.0267 6448 BTHMODEM - ok
19:41:35.0267 6448 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:41:35.0283 6448 BthPan - ok
19:41:35.0314 6448 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
19:41:35.0345 6448 BTHPORT - ok
19:41:35.0361 6448 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:41:35.0361 6448 bthserv - ok
19:41:35.0376 6448 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
19:41:35.0392 6448 BTHUSB - ok
19:41:35.0408 6448 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:41:35.0408 6448 cdfs - ok
19:41:35.0423 6448 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:41:35.0439 6448 cdrom - ok
19:41:35.0439 6448 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:41:35.0454 6448 CertPropSvc - ok
19:41:35.0470 6448 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:41:35.0470 6448 circlass - ok
19:41:35.0501 6448 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:41:35.0517 6448 CLFS - ok
19:41:36.0047 6448 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
19:41:36.0125 6448 CLPSLS - ok
19:41:36.0281 6448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:36.0297 6448 clr_optimization_v2.0.50727_32 - ok
19:41:36.0344 6448 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:41:36.0359 6448 clr_optimization_v2.0.50727_64 - ok
19:41:36.0390 6448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:36.0484 6448 clr_optimization_v4.0.30319_32 - ok
19:41:36.0531 6448 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:41:36.0578 6448 clr_optimization_v4.0.30319_64 - ok
19:41:36.0765 6448 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:41:36.0765 6448 CmBatt - ok
19:41:36.0936 6448 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
19:41:37.0014 6448 cmdAgent - ok
19:41:37.0139 6448 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
19:41:37.0170 6448 cmdGuard - ok
19:41:37.0186 6448 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
19:41:37.0186 6448 cmdHlp - ok
19:41:37.0217 6448 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:41:37.0217 6448 cmdide - ok
19:41:37.0264 6448 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:41:37.0264 6448 CNG - ok
19:41:37.0295 6448 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:41:37.0295 6448 Compbatt - ok
19:41:37.0311 6448 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:41:37.0311 6448 CompositeBus - ok
19:41:37.0326 6448 COMSysApp - ok
19:41:37.0342 6448 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:41:37.0358 6448 crcdisk - ok
19:41:37.0389 6448 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:41:37.0389 6448 CryptSvc - ok
19:41:37.0436 6448 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:41:37.0451 6448 DcomLaunch - ok
19:41:37.0498 6448 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:41:37.0514 6448 defragsvc - ok
19:41:37.0545 6448 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:41:37.0560 6448 DfsC - ok
19:41:37.0701 6448 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:41:37.0716 6448 Dhcp - ok
19:41:37.0748 6448 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:41:37.0748 6448 discache - ok
19:41:37.0763 6448 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:41:37.0763 6448 Disk - ok
19:41:37.0810 6448 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:41:37.0810 6448 Dnscache - ok
19:41:37.0841 6448 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:41:37.0841 6448 dot3svc - ok
19:41:37.0872 6448 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:41:37.0872 6448 DPS - ok
19:41:37.0904 6448 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:41:37.0904 6448 drmkaud - ok
19:41:37.0950 6448 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
19:41:37.0950 6448 DXGKrnl - ok
19:41:37.0982 6448 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:41:37.0997 6448 EapHost - ok
19:41:38.0138 6448 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:41:38.0247 6448 ebdrv - ok
19:41:38.0356 6448 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:41:38.0356 6448 EFS - ok
19:41:38.0434 6448 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:41:38.0481 6448 ehRecvr - ok
19:41:38.0637 6448 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:41:38.0652 6448 ehSched - ok
19:41:38.0746 6448 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:41:38.0777 6448 elxstor - ok
19:41:38.0777 6448 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:41:38.0793 6448 ErrDev - ok
19:41:38.0808 6448 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
19:41:38.0824 6448 ETD - ok
19:41:38.0855 6448 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:41:38.0886 6448 EventSystem - ok
19:41:38.0933 6448 ewusbmbb (cb5b23e4fc7651371d4ee81f7b356786) C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:41:38.0949 6448 ewusbmbb - ok
19:41:38.0980 6448 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:41:38.0980 6448 ew_hwusbdev - ok
19:41:39.0011 6448 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:41:39.0027 6448 exfat - ok
19:41:39.0042 6448 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:41:39.0074 6448 fastfat - ok
19:41:39.0120 6448 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:41:39.0152 6448 Fax - ok
19:41:39.0152 6448 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:41:39.0167 6448 fdc - ok
19:41:39.0183 6448 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:41:39.0198 6448 fdPHost - ok
19:41:39.0198 6448 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:41:39.0214 6448 FDResPub - ok
19:41:39.0245 6448 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:41:39.0245 6448 FileInfo - ok
19:41:39.0292 6448 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:41:39.0308 6448 Filetrace - ok
19:41:39.0323 6448 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:39.0323 6448 flpydisk - ok
19:41:39.0354 6448 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:41:39.0370 6448 FltMgr - ok
19:41:39.0432 6448 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
19:41:39.0510 6448 FontCache - ok
19:41:39.0588 6448 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:41:39.0588 6448 FontCache3.0.0.0 - ok
19:41:39.0651 6448 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:41:39.0666 6448 FsDepends - ok
19:41:39.0698 6448 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:41:39.0698 6448 fssfltr - ok
19:41:39.0822 6448 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:41:39.0869 6448 fsssvc - ok
19:41:40.0150 6448 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:41:40.0150 6448 Fs_Rec - ok
19:41:40.0181 6448 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
19:41:40.0181 6448 fvevol - ok
19:41:40.0197 6448 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:41:40.0212 6448 gagp30kx - ok
19:41:40.0275 6448 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:41:40.0322 6448 gpsvc - ok
19:41:40.0400 6448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:41:40.0400 6448 gupdate - ok
19:41:40.0462 6448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:41:40.0478 6448 gusvc - ok
19:41:40.0509 6448 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:41:40.0509 6448 hcw85cir - ok
19:41:40.0540 6448 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:41:40.0571 6448 HdAudAddService - ok
19:41:40.0587 6448 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:40.0587 6448 HDAudBus - ok
19:41:40.0602 6448 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:40.0602 6448 HidBatt - ok
19:41:40.0634 6448 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:41:40.0634 6448 HidBth - ok
19:41:40.0649 6448 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:41:40.0649 6448 HidIr - ok
19:41:40.0680 6448 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
19:41:40.0680 6448 hidserv - ok
19:41:40.0696 6448 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:41:40.0696 6448 HidUsb - ok
19:41:40.0727 6448 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:41:40.0727 6448 hkmsvc - ok
19:41:40.0758 6448 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:41:40.0774 6448 HomeGroupListener - ok
19:41:40.0805 6448 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:41:40.0821 6448 HomeGroupProvider - ok
19:41:40.0852 6448 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:41:40.0852 6448 HpSAMD - ok
19:41:40.0977 6448 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
19:41:41.0024 6448 hshld - ok
19:41:41.0039 6448 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
19:41:41.0039 6448 HssDrv - ok
19:41:41.0070 6448 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
19:41:41.0102 6448 HssSrv - ok
19:41:41.0117 6448 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
19:41:41.0117 6448 HssTrayService - ok
19:41:41.0133 6448 HssWd - ok
19:41:41.0164 6448 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:41:41.0195 6448 HTTP - ok
19:41:41.0226 6448 huawei_enumerator (cce3db0ba3c615caa321eb1301532688) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:41:41.0226 6448 huawei_enumerator - ok
19:41:41.0258 6448 hwdatacard (ce93b8af848fe2aa44455a4769c1bc8a) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:41:41.0273 6448 hwdatacard - ok
19:41:41.0367 6448 HWDeviceService64.exe (e90da42b87d684debfb73b38a718a006) C:\ProgramData\DatacardService\HWDeviceService64.exe
19:41:41.0398 6448 HWDeviceService64.exe - ok
19:41:41.0414 6448 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:41:41.0414 6448 hwpolicy - ok
19:41:41.0445 6448 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:41:41.0445 6448 i8042prt - ok
19:41:41.0492 6448 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:41:41.0507 6448 iaStor - ok
19:41:41.0554 6448 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys
19:41:41.0585 6448 iaStorV - ok
19:41:41.0694 6448 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:41:41.0726 6448 idsvc - ok
19:41:42.0225 6448 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:41:42.0521 6448 igfx - ok
19:41:42.0802 6448 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:41:42.0802 6448 iirsp - ok
19:41:42.0864 6448 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:41:42.0896 6448 IKEEXT - ok
19:41:42.0927 6448 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
19:41:42.0942 6448 inspect - ok
19:41:43.0083 6448 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
19:41:43.0192 6448 IntcAzAudAddService - ok
19:41:43.0332 6448 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:41:43.0348 6448 IntcDAud - ok
19:41:43.0379 6448 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:41:43.0395 6448 intelide - ok
19:41:43.0410 6448 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:41:43.0410 6448 intelppm - ok
19:41:43.0442 6448 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:41:43.0442 6448 IPBusEnum - ok
19:41:43.0473 6448 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:41:43.0473 6448 IpFilterDriver - ok
19:41:43.0504 6448 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:41:43.0504 6448 IPMIDRV - ok
19:41:43.0520 6448 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:41:43.0520 6448 IPNAT - ok
19:41:43.0551 6448 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:41:43.0566 6448 IRENUM - ok
19:41:43.0566 6448 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:41:43.0566 6448 isapnp - ok
19:41:43.0598 6448 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:41:43.0629 6448 iScsiPrt - ok
19:41:43.0644 6448 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:41:43.0644 6448 kbdclass - ok
19:41:43.0660 6448 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:41:43.0676 6448 kbdhid - ok
19:41:43.0707 6448 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:41:43.0707 6448 kbfiltr - ok
19:41:43.0738 6448 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:41:43.0738 6448 KeyIso - ok
19:41:43.0754 6448 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:41:43.0754 6448 KSecDD - ok
19:41:43.0785 6448 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:41:43.0785 6448 KSecPkg - ok
19:41:43.0816 6448 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:41:43.0816 6448 ksthunk - ok
19:41:43.0863 6448 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:41:43.0878 6448 KtmRm - ok
19:41:43.0925 6448 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
19:41:43.0941 6448 LanmanServer - ok
19:41:43.0956 6448 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:41:43.0956 6448 LanmanWorkstation - ok
19:41:43.0988 6448 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:41:44.0003 6448 lltdio - ok
19:41:44.0034 6448 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:41:44.0050 6448 lltdsvc - ok
19:41:44.0066 6448 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:41:44.0066 6448 lmhosts - ok
19:41:44.0097 6448 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:41:44.0097 6448 LSI_FC - ok
19:41:44.0144 6448 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:41:44.0144 6448 LSI_SAS - ok
19:41:44.0159 6448 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:41:44.0159 6448 LSI_SAS2 - ok
19:41:44.0175 6448 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:41:44.0190 6448 LSI_SCSI - ok
19:41:44.0222 6448 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:41:44.0222 6448 luafv - ok
19:41:44.0253 6448 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:41:44.0268 6448 Mcx2Svc - ok
19:41:44.0362 6448 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
19:41:44.0378 6448 MDM - ok
19:41:44.0409 6448 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:41:44.0409 6448 megasas - ok
19:41:44.0456 6448 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:41:44.0471 6448 MegaSR - ok
19:41:44.0502 6448 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
19:41:44.0502 6448 MEIx64 - ok
19:41:44.0534 6448 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:41:44.0534 6448 MMCSS - ok
19:41:44.0549 6448 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:41:44.0549 6448 Modem - ok
19:41:44.0565 6448 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:41:44.0565 6448 monitor - ok
19:41:44.0580 6448 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:41:44.0580 6448 mouclass - ok
19:41:44.0596 6448 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:41:44.0596 6448 mouhid - ok
19:41:44.0612 6448 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:41:44.0612 6448 mountmgr - ok
19:41:44.0643 6448 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:41:44.0658 6448 mpio - ok
19:41:44.0674 6448 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:41:44.0674 6448 mpsdrv - ok
19:41:44.0736 6448 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:41:44.0768 6448 MpsSvc - ok
19:41:44.0799 6448 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:41:44.0799 6448 MRxDAV - ok
19:41:44.0846 6448 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:41:44.0846 6448 mrxsmb - ok
19:41:44.0877 6448 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:41:44.0892 6448 mrxsmb10 - ok
19:41:45.0017 6448 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:41:45.0033 6448 mrxsmb20 - ok
19:41:45.0095 6448 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:41:45.0095 6448 msahci - ok
19:41:45.0267 6448 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:41:45.0282 6448 msdsm - ok
19:41:45.0407 6448 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:41:45.0423 6448 MSDTC - ok
19:41:45.0470 6448 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:41:45.0470 6448 Msfs - ok
19:41:45.0485 6448 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:41:45.0501 6448 mshidkmdf - ok
19:41:45.0501 6448 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:41:45.0501 6448 msisadrv - ok
19:41:45.0532 6448 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:41:45.0548 6448 MSiSCSI - ok
19:41:45.0548 6448 msiserver - ok
19:41:45.0548 6448 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:41:45.0563 6448 MSKSSRV - ok
19:41:45.0563 6448 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:41:45.0563 6448 MSPCLOCK - ok
19:41:45.0563 6448 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:41:45.0563 6448 MSPQM - ok
19:41:45.0626 6448 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:41:45.0641 6448 MsRPC - ok
19:41:45.0672 6448 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:41:45.0672 6448 mssmbios - ok
19:41:45.0704 6448 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:41:45.0704 6448 MSTEE - ok
19:41:45.0719 6448 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:41:45.0719 6448 MTConfig - ok
19:41:45.0735 6448 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:41:45.0735 6448 Mup - ok
19:41:45.0860 6448 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:41:45.0891 6448 napagent - ok
19:41:46.0000 6448 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:41:46.0016 6448 NativeWifiP - ok
19:41:46.0172 6448 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
19:41:46.0172 6448 NAUpdate - ok
19:41:46.0265 6448 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
19:41:46.0281 6448 NDIS - ok
19:41:46.0343 6448 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:41:46.0343 6448 NdisCap - ok
19:41:46.0374 6448 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:41:46.0390 6448 NdisTapi - ok
19:41:46.0452 6448 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:41:46.0452 6448 Ndisuio - ok
19:41:46.0624 6448 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:41:46.0655 6448 NdisWan - ok
19:41:46.0749 6448 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:41:46.0842 6448 NDProxy - ok
19:41:46.0936 6448 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:41:46.0952 6448 NetBIOS - ok
19:41:47.0076 6448 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:41:47.0108 6448 NetBT - ok
19:41:47.0154 6448 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:41:47.0154 6448 Netlogon - ok
19:41:47.0435 6448 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:41:47.0451 6448 Netman - ok
19:41:47.0903 6448 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:47.0919 6448 NetMsmqActivator - ok
19:41:47.0934 6448 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:47.0934 6448 NetPipeActivator - ok
19:41:47.0997 6448 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:41:48.0028 6448 netprofm - ok
19:41:48.0028 6448 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:48.0028 6448 NetTcpActivator - ok
19:41:48.0028 6448 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:41:48.0028 6448 NetTcpPortSharing - ok
19:41:48.0122 6448 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:41:48.0122 6448 nfrd960 - ok
19:41:48.0168 6448 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:41:48.0184 6448 NlaSvc - ok
19:41:48.0200 6448 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:41:48.0215 6448 Npfs - ok
19:41:48.0231 6448 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:41:48.0231 6448 nsi - ok
19:41:48.0231 6448 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:41:48.0246 6448 nsiproxy - ok
19:41:48.0356 6448 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys
19:41:48.0387 6448 Ntfs - ok
19:41:48.0496 6448 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:41:48.0496 6448 Null - ok
19:41:53.0582 6448 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:41:53.0956 6448 nvlddmkm - ok
19:41:54.0408 6448 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:41:54.0424 6448 nvpciflt - ok
19:41:54.0518 6448 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys
19:41:54.0518 6448 nvraid - ok
19:41:54.0580 6448 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys
19:41:54.0611 6448 nvstor - ok
19:41:54.0752 6448 NVSvc (5a4af8ea634b4feeaf6f16bb1845715a) C:\Windows\system32\nvvsvc.exe
19:41:54.0798 6448 NVSvc - ok
19:41:55.0344 6448 nvUpdatusService (4b7636c52a359ab0783b350a5fbdbb49) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:41:55.0344 6448 nvUpdatusService - ok
19:41:55.0953 6448 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:41:55.0953 6448 nv_agp - ok
19:41:55.0984 6448 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:41:55.0984 6448 ohci1394 - ok
19:41:56.0140 6448 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:41:56.0156 6448 ose - ok
19:41:56.0234 6448 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:56.0265 6448 p2pimsvc - ok
19:41:56.0390 6448 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:41:56.0405 6448 p2psvc - ok
19:41:56.0468 6448 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:41:56.0483 6448 Parport - ok
19:41:56.0514 6448 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:41:56.0514 6448 partmgr - ok
19:41:56.0546 6448 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:41:56.0546 6448 PcaSvc - ok
19:41:56.0608 6448 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:41:56.0639 6448 pci - ok
19:41:56.0655 6448 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:41:56.0655 6448 pciide - ok
19:41:56.0717 6448 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:41:56.0748 6448 pcmcia - ok
19:41:56.0780 6448 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:41:56.0780 6448 pcw - ok
19:41:56.0811 6448 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:41:56.0842 6448 PEAUTH - ok
19:41:57.0029 6448 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:41:57.0045 6448 PerfHost - ok
19:41:57.0840 6448 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:41:57.0903 6448 pla - ok
19:41:57.0950 6448 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:41:57.0965 6448 PlugPlay - ok
19:41:57.0996 6448 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:41:58.0012 6448 PNRPAutoReg - ok
19:41:58.0043 6448 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:41:58.0043 6448 PNRPsvc - ok
19:41:58.0106 6448 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:41:58.0121 6448 PolicyAgent - ok
19:41:58.0215 6448 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:41:58.0246 6448 Power - ok
19:41:58.0449 6448 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:41:58.0480 6448 PptpMiniport - ok
19:41:58.0542 6448 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:41:58.0542 6448 Processor - ok
19:41:58.0589 6448 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:41:58.0589 6448 ProfSvc - ok
19:41:58.0620 6448 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:41:58.0620 6448 ProtectedStorage - ok
19:41:58.0652 6448 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:41:58.0652 6448 Psched - ok
19:41:58.0730 6448 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:41:58.0823 6448 ql2300 - ok
19:41:58.0948 6448 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:41:58.0948 6448 ql40xx - ok
19:41:58.0995 6448 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:41:59.0010 6448 QWAVE - ok
19:41:59.0042 6448 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:41:59.0042 6448 QWAVEdrv - ok
19:41:59.0042 6448 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:41:59.0042 6448 RasAcd - ok
19:41:59.0088 6448 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:41:59.0088 6448 RasAgileVpn - ok
19:41:59.0120 6448 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:41:59.0166 6448 RasAuto - ok
19:41:59.0182 6448 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:41:59.0182 6448 Rasl2tp - ok
19:41:59.0229 6448 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:41:59.0244 6448 RasMan - ok
19:41:59.0260 6448 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:41:59.0276 6448 RasPppoe - ok
19:41:59.0291 6448 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:41:59.0307 6448 RasSstp - ok
19:41:59.0338 6448 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:41:59.0354 6448 rdbss - ok
19:41:59.0385 6448 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:41:59.0385 6448 rdpbus - ok
19:41:59.0400 6448 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:41:59.0400 6448 RDPCDD - ok
19:41:59.0416 6448 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:41:59.0416 6448 RDPENCDD - ok
19:41:59.0432 6448 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:41:59.0432 6448 RDPREFMP - ok
19:41:59.0463 6448 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:41:59.0463 6448 RDPWD - ok
19:41:59.0494 6448 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
19:41:59.0510 6448 rdyboost - ok
19:41:59.0541 6448 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:41:59.0541 6448 RemoteAccess - ok
19:41:59.0572 6448 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:41:59.0603 6448 RemoteRegistry - ok
19:41:59.0619 6448 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:41:59.0634 6448 RFCOMM - ok
19:41:59.0681 6448 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:41:59.0697 6448 RpcEptMapper - ok
19:41:59.0728 6448 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:41:59.0728 6448 RpcLocator - ok
19:41:59.0759 6448 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:41:59.0775 6448 RpcSs - ok
19:41:59.0806 6448 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:41:59.0806 6448 rspndr - ok
19:41:59.0853 6448 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
19:41:59.0868 6448 RSUSBVSTOR - ok
19:41:59.0900 6448 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:41:59.0931 6448 RTL8167 - ok
19:41:59.0962 6448 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:41:59.0962 6448 SamSs - ok
19:41:59.0978 6448 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:41:59.0993 6448 sbp2port - ok
19:42:00.0024 6448 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:42:00.0056 6448 SCardSvr - ok
19:42:00.0087 6448 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\Windows\system32\drivers\SCDEmu.sys
19:42:00.0087 6448 SCDEmu - ok
19:42:00.0102 6448 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:42:00.0118 6448 scfilter - ok
19:42:00.0196 6448 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:42:00.0243 6448 Schedule - ok
19:42:00.0258 6448 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:42:00.0258 6448 SCPolicySvc - ok
19:42:00.0305 6448 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:42:00.0321 6448 SDRSVC - ok
19:42:00.0383 6448 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:42:00.0383 6448 secdrv - ok
19:42:00.0446 6448 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:42:00.0477 6448 seclogon - ok
19:42:00.0617 6448 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
19:42:00.0617 6448 SENS - ok
19:42:00.0680 6448 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:42:00.0711 6448 SensrSvc - ok
19:42:00.0726 6448 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:42:00.0726 6448 Serenum - ok
19:42:00.0758 6448 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:42:00.0758 6448 Serial - ok
19:42:00.0758 6448 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:42:00.0773 6448 sermouse - ok
19:42:00.0789 6448 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:42:00.0804 6448 SessionEnv - ok
19:42:00.0804 6448 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:42:00.0804 6448 sffdisk - ok
19:42:00.0820 6448 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:42:00.0820 6448 sffp_mmc - ok
19:42:00.0836 6448 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:42:00.0836 6448 sffp_sd - ok
19:42:00.0851 6448 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:42:00.0851 6448 sfloppy - ok
19:42:00.0882 6448 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:42:00.0914 6448 ShellHWDetection - ok
19:42:00.0929 6448 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:42:00.0929 6448 SiSGbeLH - ok
19:42:00.0945 6448 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:42:00.0945 6448 SiSRaid2 - ok
19:42:00.0960 6448 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:42:00.0976 6448 SiSRaid4 - ok
19:42:01.0038 6448 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:42:01.0038 6448 SkypeUpdate - ok
19:42:01.0054 6448 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:42:01.0070 6448 Smb - ok
19:42:01.0101 6448 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:42:01.0101 6448 SNMPTRAP - ok
19:42:01.0116 6448 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:42:01.0116 6448 spldr - ok
19:42:01.0148 6448 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:42:01.0163 6448 Spooler - ok
19:42:01.0335 6448 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:42:01.0350 6448 sppsvc - ok
19:42:01.0444 6448 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:42:01.0444 6448 sppuinotify - ok
19:42:01.0506 6448 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:42:01.0522 6448 srv - ok
19:42:01.0553 6448 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:42:01.0584 6448 srv2 - ok
19:42:01.0600 6448 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:42:01.0600 6448 srvnet - ok
19:42:01.0631 6448 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:42:01.0647 6448 SSDPSRV - ok
19:42:01.0662 6448 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:42:01.0678 6448 SstpSvc - ok
19:42:01.0694 6448 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:42:01.0694 6448 stexstor - ok
19:42:01.0740 6448 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:42:01.0772 6448 stisvc - ok
19:42:01.0787 6448 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:42:01.0787 6448 swenum - ok
19:42:01.0834 6448 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:42:01.0850 6448 swprv - ok
19:42:01.0943 6448 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:42:01.0990 6448 SysMain - ok
19:42:02.0068 6448 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:42:02.0084 6448 TabletInputService - ok
19:42:02.0130 6448 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
19:42:02.0146 6448 taphss - ok
19:42:02.0177 6448 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:42:02.0193 6448 TapiSrv - ok
19:42:02.0208 6448 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:42:02.0224 6448 TBS - ok
19:42:02.0318 6448 Tcpip (98c68f9b6381ad34fc3924dff2393278) C:\Windows\system32\drivers\tcpip.sys
19:42:02.0364 6448 Tcpip - ok
19:42:02.0630 6448 TCPIP6 (98c68f9b6381ad34fc3924dff2393278) C:\Windows\system32\DRIVERS\tcpip.sys
19:42:02.0645 6448 TCPIP6 - ok
19:42:02.0754 6448 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:42:02.0754 6448 tcpipreg - ok
19:42:02.0770 6448 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:42:02.0770 6448 TDPIPE - ok
19:42:02.0786 6448 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:42:02.0786 6448 TDTCP - ok
19:42:02.0801 6448 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:42:02.0817 6448 tdx - ok
19:42:02.0832 6448 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:42:02.0832 6448 TermDD - ok
19:42:02.0895 6448 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:42:02.0973 6448 TermService - ok
19:42:03.0004 6448 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:42:03.0004 6448 Themes - ok
19:42:03.0020 6448 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:42:03.0035 6448 THREADORDER - ok
19:42:03.0051 6448 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:42:03.0066 6448 TrkWks - ok
19:42:03.0191 6448 trufos (df219721ddffcbe03aa894b6b6742ba1) C:\Windows\system32\DRIVERS\trufos.sys
19:42:03.0207 6448 trufos - ok
19:42:03.0269 6448 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:42:03.0269 6448 TrustedInstaller - ok
19:42:03.0300 6448 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:03.0300 6448 tssecsrv - ok
19:42:03.0332 6448 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:42:03.0332 6448 tunnel - ok
19:42:03.0363 6448 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys
19:42:03.0363 6448 TurboB - ok
19:42:03.0425 6448 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
19:42:03.0441 6448 TurboBoost - ok
19:42:03.0441 6448 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:42:03.0456 6448 uagp35 - ok
19:42:03.0503 6448 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:42:03.0519 6448 udfs - ok
19:42:03.0550 6448 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:42:03.0550 6448 UI0Detect - ok
19:42:03.0581 6448 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:42:03.0581 6448 uliagpkx - ok
19:42:03.0612 6448 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:42:03.0612 6448 umbus - ok
19:42:03.0612 6448 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:42:03.0628 6448 UmPass - ok
19:42:03.0722 6448 Update Server (7de3f30967cf77bd1fc440c2b847629a) C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe
19:42:03.0737 6448 Update Server - ok
19:42:03.0862 6448 UPDATESRV (6fa5ffc3765c9c444d82faf1d46c1cae) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
19:42:03.0878 6448 UPDATESRV - ok
19:42:03.0924 6448 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:42:03.0940 6448 upnphost - ok
19:42:03.0971 6448 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:03.0987 6448 usbccgp - ok
19:42:04.0018 6448 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:42:04.0018 6448 usbcir - ok
19:42:04.0034 6448 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
19:42:04.0034 6448 usbehci - ok
19:42:04.0065 6448 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
19:42:04.0096 6448 usbhub - ok
19:42:04.0112 6448 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:42:04.0127 6448 usbohci - ok
19:42:04.0158 6448 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:42:04.0158 6448 usbprint - ok
19:42:04.0174 6448 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:04.0190 6448 USBSTOR - ok
19:42:04.0205 6448 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:04.0205 6448 usbuhci - ok
19:42:04.0236 6448 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:42:04.0252 6448 usbvideo - ok
19:42:04.0268 6448 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:42:04.0283 6448 UxSms - ok
19:42:04.0299 6448 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:42:04.0314 6448 VaultSvc - ok
19:42:04.0314 6448 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:42:04.0314 6448 vdrvroot - ok
19:42:04.0346 6448 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:42:04.0377 6448 vds - ok
19:42:04.0392 6448 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:04.0408 6448 vga - ok
19:42:04.0439 6448 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:42:04.0439 6448 VgaSave - ok
19:42:04.0470 6448 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:42:04.0502 6448 vhdmp - ok
19:42:04.0517 6448 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:42:04.0517 6448 viaide - ok
19:42:04.0548 6448 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:42:04.0548 6448 volmgr - ok
19:42:04.0580 6448 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:42:04.0595 6448 volmgrx - ok
19:42:04.0626 6448 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:42:04.0642 6448 volsnap - ok
19:42:04.0673 6448 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:42:04.0689 6448 vsmraid - ok
19:42:04.0782 6448 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:42:04.0814 6448 VSS - ok
19:42:04.0970 6448 VSSERV - ok
19:42:05.0079 6448 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:42:05.0079 6448 vwifibus - ok
19:42:05.0110 6448 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:42:05.0110 6448 vwififlt - ok
19:42:05.0157 6448 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:42:05.0172 6448 W32Time - ok
19:42:05.0204 6448 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:42:05.0204 6448 WacomPen - ok
19:42:05.0219 6448 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:05.0235 6448 WANARP - ok
19:42:05.0235 6448 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:42:05.0235 6448 Wanarpv6 - ok
19:42:05.0313 6448 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:42:05.0375 6448 WatAdminSvc - ok
19:42:05.0453 6448 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:42:05.0500 6448 wbengine - ok
19:42:05.0594 6448 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:42:05.0609 6448 WbioSrvc - ok
19:42:05.0640 6448 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
19:42:05.0672 6448 wcncsvc - ok
19:42:05.0687 6448 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:42:05.0703 6448 WcsPlugInService - ok
19:42:05.0765 6448 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:42:05.0765 6448 Wd - ok
19:42:05.0812 6448 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:42:05.0859 6448 Wdf01000 - ok
19:42:05.0874 6448 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:42:05.0874 6448 WdiServiceHost - ok
19:42:05.0890 6448 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:42:05.0890 6448 WdiSystemHost - ok
19:42:05.0921 6448 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
19:42:05.0952 6448 WebClient - ok
19:42:05.0984 6448 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:42:05.0999 6448 Wecsvc - ok
19:42:06.0015 6448 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:42:06.0015 6448 wercplsupport - ok
19:42:06.0030 6448 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:42:06.0046 6448 WerSvc - ok
19:42:06.0108 6448 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:42:06.0108 6448 WfpLwf - ok
19:42:06.0140 6448 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:42:06.0140 6448 WimFltr - ok
19:42:06.0155 6448 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:42:06.0155 6448 WIMMount - ok
19:42:06.0171 6448 WinHttpAutoProxySvc - ok
19:42:06.0233 6448 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:42:06.0249 6448 Winmgmt - ok
19:42:06.0342 6448 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:42:06.0436 6448 WinRM - ok
19:42:06.0545 6448 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:42:06.0592 6448 Wlansvc - ok
19:42:06.0654 6448 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:42:06.0654 6448 wlcrasvc - ok
19:42:06.0779 6448 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:42:06.0842 6448 wlidsvc - ok
19:42:06.0982 6448 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:42:06.0982 6448 WmiAcpi - ok
19:42:07.0029 6448 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:42:07.0044 6448 wmiApSrv - ok
19:42:07.0091 6448 WMPNetworkSvc - ok
19:42:07.0122 6448 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:42:07.0122 6448 WPCSvc - ok
19:42:07.0154 6448 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:42:07.0169 6448 WPDBusEnum - ok
19:42:07.0247 6448 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:42:07.0278 6448 ws2ifsl - ok
19:42:07.0278 6448 WSearch - ok
19:42:07.0403 6448 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
19:42:07.0466 6448 wuauserv - ok
19:42:07.0590 6448 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:42:07.0590 6448 WudfPf - ok
19:42:07.0622 6448 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:07.0622 6448 WUDFRd - ok
19:42:07.0653 6448 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:42:07.0653 6448 wudfsvc - ok
19:42:07.0684 6448 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:42:07.0700 6448 WwanSvc - ok
19:42:07.0856 6448 Zain e-GO. RunOuc (625c98d60ad5ab1fccbd0e2c0ac0d905) C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe
19:42:07.0887 6448 Zain e-GO. RunOuc - ok
19:42:07.0918 6448 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:42:08.0480 6448 \Device\Harddisk0\DR0 - ok
19:42:08.0480 6448 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
19:42:10.0227 6448 \Device\Harddisk1\DR1 - ok
19:42:10.0227 6448 Boot (0x1200) (9d7a4ccc8d7f611b7f9205abd9283a4d) \Device\Harddisk0\DR0\Partition0
19:42:10.0227 6448 \Device\Harddisk0\DR0\Partition0 - ok
19:42:10.0289 6448 Boot (0x1200) (bc93550cf68f5e3b76cf385fb64d16bd) \Device\Harddisk0\DR0\Partition1
19:42:10.0289 6448 \Device\Harddisk0\DR0\Partition1 - ok
19:42:10.0289 6448 Boot (0x1200) (d5979da276538109cfb45eed90c49f77) \Device\Harddisk1\DR1\Partition0
19:42:10.0289 6448 \Device\Harddisk1\DR1\Partition0 - ok
You do not have the required permissions to view the files attached to this post.
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 21st, 2012, 11:58 am

Hi neil :)
services.exe is infected and has to be replaced:
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.


In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 21st, 2012, 3:42 pm

Search.txt log


Farbar Recovery Scan Tool Version: 20-07-2012
Ran by SYSTEM at 2012-07-21 22:33:20
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
You do not have the required permissions to view the files attached to this post.
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 22nd, 2012, 8:13 am

Hi Neil :) Please Copy and Paste your replies from now on.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


Then
Download and Run ComboFix (by sUBs)
Download ComboFix from the link below and save it to your Desktop.
Link


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix.

  • You must run Combofix from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic below
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Right click on Combofix and choose Run as administrator to launch it, follow the prompts.
    Click on Yes, to continue scanning for malware.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


In your next reply please include:

The FRST log.
The ComboFix log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 22nd, 2012, 5:03 pm

Frst Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012
Ran by SYSTEM at 2012-07-22 22:51:03 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{c9ca9eb3-6dd8-8597-d375-41171a9dd199} moved successfully.
C:\Users\Neil\AppData\Local\{c9ca9eb3-6dd8-8597-d375-41171a9dd199} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Combofix Log

ComboFix 12-07-21.01 - Neil 22/07/2012 23:41:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.2484 [GMT 3:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicScan
c:\program files (x86)\BasicScan\uninstall.exe
c:\program files (x86)\Zain e-GO\Zain e-GO.exe
c:\programdata\1341694288.bdinstall.bin
c:\programdata\34620a8929cd0130f8e9917735b4bd43_c
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
D:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-21 03:36 . 2012-07-21 03:36 -------- d-----w- C:\FRST
2012-07-15 21:27 . 2012-07-15 21:27 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 21:26 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 20:27 . 2012-07-14 20:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-10 21:17 . 2012-07-12 22:46 -------- d-----w- c:\programdata\CPA_VA
2012-07-10 20:59 . 2012-07-10 21:08 -------- d-----w- c:\programdata\Comodo
2012-07-10 20:59 . 2012-07-10 20:59 -------- d-----w- c:\program files\COMODO
2012-07-10 20:59 . 2012-07-10 20:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-10 20:59 . 2012-07-10 20:59 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-09 19:50 . 2012-07-09 19:50 -------- d-----w- c:\program files (x86)\ESET
2012-07-09 19:29 . 2012-07-09 19:36 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-07-09 09:38 . 2012-07-09 09:38 -------- d-----w- c:\programdata\FrontLine Registry Cleaner
2012-07-09 09:38 . 2012-07-09 10:04 -------- d-----w- c:\program files (x86)\Frontline Registry Cleaner
2012-07-09 08:47 . 2012-07-22 20:33 -------- d-----w- c:\programdata\SecTaskMan
2012-07-09 08:47 . 2012-07-09 10:05 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-07-09 08:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-07-09 08:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-07-08 21:08 . 2012-07-08 21:08 -------- d-----w- c:\windows\SysWow64\My Vaults
2012-07-08 20:30 . 2012-07-08 20:30 329800 ------w- c:\windows\system32\drivers\trufos.sys
2012-07-08 20:28 . 2012-07-08 20:28 442088 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\programdata\bdch
2012-07-08 15:10 . 2012-07-08 15:10 -------- d-----w- C:\found.000
2012-07-08 14:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-08 14:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-08 14:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-08 14:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-08 14:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-08 14:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-08 14:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-08 14:32 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-08 14:32 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-08 05:18 . 2012-07-08 05:18 -------- d-----w- c:\program files\CCleaner
2012-07-07 21:19 . 2012-07-07 21:19 -------- d-----w- c:\programdata\BDLogging
2012-07-07 21:19 . 2012-07-07 21:19 -------- d-----w- c:\users\Neil\AppData\Roaming\Bitdefender
2012-07-07 21:18 . 2012-07-07 21:19 -------- d-----w- c:\programdata\Bitdefender
2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:53 . 2012-07-07 20:53 -------- d-----w- c:\program files\Bitdefender
2012-07-07 20:51 . 2012-07-07 20:51 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-07 20:40 . 2012-07-07 20:40 -------- d-----w- c:\users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 20:40 . 2012-07-07 20:40 -------- d-----w- c:\users\Neil\AppData\Roaming\DriverCure
2012-07-07 20:39 . 2012-07-07 20:39 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-07 20:39 . 2012-07-07 20:39 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-07-07 20:39 . 2012-07-07 20:39 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-07-04 07:04 . 2012-07-04 07:03 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-04 07:03 . 2012-07-04 07:03 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 20:48 . 2011-05-16 21:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-04 07:03 . 2012-03-09 14:54 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-07 10:34 . 2012-06-07 10:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-07 10:34 . 2012-03-12 12:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 20:28 . 2012-03-09 18:04 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-11 09:54 . 2012-03-07 12:10 1891384 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7601.17802] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[7] 2012-03-30 . 624C5B3AA4C99B3184BB922D9ECE3FF0 . 1895280 . . [6.1.7600.16986] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[7] 2012-03-30 . 885B202006EE17AE99B9FBCEC9AF88C9 . 1901424 . . [6.1.7601.21954] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[7] 2012-03-30 . 5EFD096DEF47F8B88EF591DA92143440 . 1877872 . . [6.1.7600.21178] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16889] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[7] 2011-09-29 . AC3E29880DB5659532A1AA3439304A43 . 1886064 . . [6.1.7600.21060] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[7] 2011-01-12 . 90A2D722CF64D911879D6C4A4F802A4D . 1896832 . . [6.1.7600.16610] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[7] 2011-01-12 . 542C6767C68C9D6AAACA59436B0D15C2 . 1889152 . . [6.1.7600.20733] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[7] 2010-11-20 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[7] 2010-04-09 . 7FC877A25796D8ADF539E64703FCA7E1 . 1898376 . . [6.1.7600.16569] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[7] 2010-04-09 . A9C0F786AC1F736891D05CE0A1D29DEB . 1892232 . . [6.1.7600.20687] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[-] 2012-05-11 . 98C68F9B6381AD34FC3924DFF2393278 . 1891384 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-5-17 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 Zain e-GO. RunOuc;Zain e-GO. OUC;c:\program files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-03-05 655712]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2012-02-17 545064]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 79952]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-03-05 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-03-05 417280]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [2011-10-14 466736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2012-03-20 691896]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 103504]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-22 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [2012-03-13 66096]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2011-11-25 258736]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-03-05 87040]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
2012-07-15 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-22 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-07-22 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2012-04-02 18:47 287048 ------w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-03-22 1067256]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{09458F37-365E-4F58-843D-7DCFE0C4B100}: NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{80A8F56A-F469-47E5-8294-BE04F73C6CF4}: NameServer = 83.136.58.187 83.136.56.53
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71}: NameServer = 10.93.56.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{CB7320FF-8640-4C87-B512-F635F8B01962}: NameServer = 83.136.58.187 83.136.56.53
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Mobile Partner - c:\program files (x86)\Zain e-GO\Zain e-GO.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3022402605-2101226938-1445187523-1001\Software\SecuROM\License information*]
"datasecu"=hex:25,9d,8a,71,5a,75,c4,97,e8,30,ea,a7,58,f4,84,2d,2b,22,b6,47,2a,
c9,a8,40,a0,32,96,09,7f,78,dd,cc,86,6e,9c,c3,42,d0,f3,05,c7,31,15,2a,37,f1,\
"rkeysecu"=hex:44,df,bd,07,ab,a6,ab,ad,a5,32,e3,b7,b3,c7,22,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\programdata\Zain e-GO\OnlineUpdate\ouc.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\Hotspot Shield\bin\openvpntray.exe
.
**************************************************************************
.
Completion time: 2012-07-22 23:54:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 20:54
.
Pre-Run: 116,687,609,856 bytes free
Post-Run: 116,373,217,280 bytes free
.
- - End Of File - - 74CFCD891A7BADF62CA7473760CC9DDE
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 23rd, 2012, 8:05 pm

Hi Neil :) That looks better.

I need you to uninstall some programs. We don't recommend the use of registry cleaners as they do little to help your computer and can possibly cause alot of harm.
Also your java is out of date, I will provide you with a a link for the latest version below.

Your logs show multiple Anti-virus programs, It is counter productive to have more than one installed. You need to decide which one you want to keep and remove the rest if present in your installed programs list.

SpeedyPC Pro
Eusing Free Registry Cleaner
Java Auto Updater
Java(TM) 6 Update 33

COMODO Internet Security
Avast
Bitdefender
Microsoft Security Essentials

You can download the latest java update from here, Just download to your desktop and follow the prompts to install.




Step 1
ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    ClearJavaCache:: 
    
    DeQuarantine::
    C:\Qoobox\Quarantine\c:\program files (x86)\Zain e-GO\Zain e-GO.exe
    C:\Qoobox\Quarantine\c:\programdata\1341694288.bdinstall.bin
    C:\Qoobox\Quarantine\c:\windows\msvcr71.dll 
    C:\Qoobox\Quarantine\c:\programdata\FullRemove.exe
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Step 2
Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste this file and path into the white box at the top:
c:\windows\system32\drivers\tcpip.sys

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image



In your next reply please include:
The ComboFix log.
The link to Virus Total.
How your computer is running now ?


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 24th, 2012, 3:24 am

Hey Maxi

My computer is like way better than before .It doesnt automatically show a million ads on its own.
My Firewall is back.But I will still be using comodo i guess.

I had a few problems with the last instructions like

1) Zain ego is my ISP.I use mobile broadband so it is my 3g usb modem software without which i cant use mobile broadband ie No internet.Combo fix did delete it since my 3g usb was not connected at that time .So i had to reinstall it.
So do i have to quarantine it!!!!. Please advice.

2) tcip.sys was not found on my system when i tried to upload it onto virus total
It said "File not found".

3)My comodo firewall keeps stopping a connection from "System". should i be worried. Pls advice
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 130 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware