Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirect, ping.exe using high % of cpu, ping attempting to download trojans


  • This topic is locked This topic is locked
52 replies to this topic

#1 Ashac

Ashac

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 07 November 2011 - 09:11 PM

Hi,
I posted in 'Am I infected' and was told to run the diagnostic program DDS and post files here.

I have malware that redirects the browser to a number of places I don't want to go nor where i typed. Places like *topsearches6*. It happens on both Firefox and IE. I have Windows 7.
I have Kaspersky installed now as well as Malwarebytes. Neither can find the issues and fix them. I've run Kaspersky's TDSSKiller. It found 2 medium risks, which I deleted, but it didn't help.

When i look at Task Manager, I can often see ping.exe running at up to 90% of cpu.

Kaspersky just informed me that "C:\windows\syswow64\ping.exe downloading object hxxp://domain1for8.in/?site=8 containing Trojan program" Detected: Trojan-Downloader.JS.Iframe.com
I get a lot of these types of messages from Kaspersky.

When I look at Kaspersky report, it shows ping accessing bad places every 2 seconds or so.

Another symptom, perhaps of a different virus/malware was it hid many of my files and almost all of my programs like Paint, MSOffice, etc.. I've since then unhidden all my files and they seem to be working fine.


Thanks for any help,
Andrew


Here is the DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Emily at 20:52:00 on 2011-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1969 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\HPSIsvc.exe
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Extreme Networks\Sentriant AG Agent\NACAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Extreme Networks\Sentriant AG Agent\NACAgentNotifier.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files (x86)\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\windows\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\explorer.exe
C:\windows\explorer.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NWEReboot]
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [NACAgentNotifier] C:\Program Files (x86)\Extreme Networks\Sentriant AG Agent\NACAgentNotifier.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Emily\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
LSP: mswsock.dll
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2E19DC78-8F73-46D7-B054-A977AF4D077C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2E19DC78-8F73-46D7-B054-A977AF4D077C}\3457272797 : DhcpNameServer = 192.168.1.60 192.168.19.8
TCP: Interfaces\{AFD774D2-D509-42A9-8FF2-D651D833CBD0} : DhcpNameServer = 192.168.60.32
TCP: Interfaces\{B8260434-980A-4C5A-A555-016B4C976AC1} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NWEReboot]
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [NACAgentNotifier] C:\Program Files (x86)\Extreme Networks\Sentriant AG Agent\NACAgentNotifier.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~2\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Emily\AppData\Roaming\Mozilla\Firefox\Profiles\ohd3pvrd.default\
FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru\components\ffvkplugin.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Anti-Banner: KavAntiBanner@kaspersky.ru_bak - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru_bak - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r [?]
R2 HPSIService;HP SI Service;C:\windows\system32\HPSIsvc.exe --> C:\windows\system32\HPSIsvc.exe [?]
R2 HsfXAudioService;HsfXAudioService;C:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-10 366152]
R2 NACAgent;Sentriant™ AG Agent;C:\Program Files (x86)\Extreme Networks\Sentriant AG Agent\NACAgent.exe [2010-9-17 87984]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-7-22 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-7-22 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\windows\system32\DRIVERS\CAXHWAZL.sys --> C:\windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-22 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 HP8207_8307;HP-HP8207_8307;C:\windows\system32\DRIVERS\HP8207_8307.sys --> C:\windows\system32\DRIVERS\HP8207_8307.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
S3 mvusbews;USB EWS Device;C:\windows\system32\Drivers\mvusbews.sys --> C:\windows\system32\Drivers\mvusbews.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-07 04:58:23 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA2016-79EE-427F-94B5-D135115663C9}\offreg.dll
2011-11-07 04:58:20 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D6CA2016-79EE-427F-94B5-D135115663C9}\mpengine.dll
2011-11-02 11:30:45 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-02 02:05:23 -------- d-----w- C:\Program Files\iTunes
2011-11-02 02:05:23 -------- d-----w- C:\Program Files\iPod
2011-11-02 02:05:23 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-02 02:01:52 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-02 02:01:51 -------- d-----w- C:\Program Files\Bonjour
2011-10-29 15:44:45 -------- d-----w- C:\ComboFix
2011-10-29 15:44:14 4276337 ------r- C:\ComboFix.exe
2011-10-29 13:18:45 3138048 ----a-w- C:\windows\System32\win32k.sys
2011-10-29 13:16:15 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-10-29 13:16:15 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-10-29 13:16:14 861696 ----a-w- C:\windows\System32\oleaut32.dll
2011-10-29 13:16:14 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-10-29 13:13:46 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-10-29 13:13:45 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-10-29 13:13:45 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-10-29 13:13:44 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-10-29 03:40:24 -------- d-----w- C:\$RECYCLE.BIN
2011-10-29 02:55:31 98816 ----a-w- C:\windows\sed.exe
2011-10-29 02:55:31 518144 ----a-w- C:\windows\SWREG.exe
2011-10-29 02:55:31 256000 ----a-w- C:\windows\PEV.exe
2011-10-29 02:55:31 208896 ----a-w- C:\windows\MBR.exe
2011-10-29 02:17:01 -------- dc----w- C:\Users\Emily\AppData\Local\MigWiz
2011-10-29 01:03:12 -------- d-----w- C:\Program Files (x86)\zabkat
2011-10-24 18:29:02 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29:02 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2011-10-13 10:46:59 89088 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2011-10-13 02:35:12 -------- d-----w- C:\windows\System32\SPReview
2011-10-13 02:32:40 -------- d-----w- C:\windows\System32\EventProviders
2011-10-13 00:17:48 109240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak\components\abhelperxpcom.dll
2011-10-13 00:17:43 150200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak\components\kavlinkfilter.dll
2011-10-10 23:49:50 -------- d-----w- C:\Users\Emily\AppData\Roaming\Malwarebytes
2011-10-10 23:49:42 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-10 23:49:38 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-10-10 23:49:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-10 15:09:40 4550304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-10-10 06:06:58 743352 ----a-w- C:\windows\System32\PerfStringBackup.TMP
.
==================== Find3M ====================
.
2011-10-13 10:46:59 222208 ----a-w- C:\windows\System32\msls31.dll
2011-10-13 02:51:14 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-10-13 02:51:13 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-08-31 03:05:32 96104 ----a-w- C:\windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\windows\System32\dnssd.dll
2011-08-31 03:05:32 61288 ----a-w- C:\windows\System32\jdns_sd.dll
2011-08-31 03:05:32 212840 ----a-w- C:\windows\System32\dnssdX.dll
2011-08-31 03:05:04 83816 ----a-w- C:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\windows\SysWow64\dnssd.dll
2011-08-31 03:05:04 50536 ----a-w- C:\windows\SysWow64\jdns_sd.dll
2011-08-31 03:05:04 178536 ----a-w- C:\windows\SysWow64\dnssdX.dll
.
============= FINISH: 20:53:40.53 ===============

Attached Files


Edited by Orange Blossom, 07 November 2011 - 11:48 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 10 November 2011 - 01:05 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 11 November 2011 - 11:33 PM

Thanks for your assistance.

I ran combofix last night. One unusual thing happened while it was running. Early on in the dos box it said:
The system cannot find message text for message number 0x8 in .... or System. (I missed a segment of the message).

Here is the log:

ComboFix 11-11-10.03 - Emily 11/10/2011 20:19:42.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2037 [GMT -5:00]
Running from: C:\Users\Emily\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\00000002.@
C:\windows\assembly\tmp\U\00000004.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\80000004.@
C:\windows\assembly\tmp\U\80000032.@
C:\windows\assembly\tmp\U\80000064.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\system32\Thumbs.db

---- Previous Run -------

C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\00000002.@
C:\windows\assembly\tmp\U\00000004.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\80000004.@
C:\windows\assembly\tmp\U\80000032.@
C:\windows\assembly\tmp\U\80000064.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@


Here's what happened...
At first, it looked like it helped. Using Firefox, i could go to Google.com and do a search and it wasn't redirected, but there was still some unusual behavior, it sometimes would go directly to the link in the google search and sometimes the following would happen: I would get a blank page and it would say server wasn't found. I know this wasn't true, because i typed the same link into another computer and it came up fine. I noticed that the network icon had a warning flag. When I clicked the network icon, it show that it was connected to my wireless home network, but in the description above the network bars, it said "unidentified network no internet access".
If i disconnect and reconnect to the network, it worked, and went to the link in question. I went through this cycle a few times (google search, click link, get server not found, disconnect from network, reconnect, then it works).

A hopeful sign was when I ran taskmgr, I could see that ping.exe was not running at all.

I shut the computer down for the night. When I did that I noticed that Windows automatic update was in the process of installing 1 update, but there was nothing I could do about it at that point. I didn't want to press and hold the power button, because I thought that might do harm.

Tonight 11/11, I turned it on. Still no ping.exe, so that was a good sign. I tried Google search and I noticed on bottom of browser it said looking up a server that was not anything like the link target, indicating it was being redirected. I decided to try internet explorer. Very 1st google search (a search that worked previous night in Firefox), I clicked a link and it went off to redirect land: hxxp://clickscour.com/jump1/ ..... Next thing I know ping.exe is running again as user System, and attempting to download bad stuff according to the Kaspersky report and warning boxes. So i'm still definitely infected.

Thanks again for any help you might be able to provide.

-Andrew

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 November 2011 - 11:39 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 12 November 2011 - 12:55 PM

Hi Gringo,
Thanks for your help.
Downloaded and ran tdsskiller. It reported no problems. Here's the log:

Regards,
Andrew

12:51:46.0805 6132 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
12:51:46.0961 6132 ============================================================
12:51:46.0961 6132 Current date / time: 2011/11/12 12:51:46.0961
12:51:46.0961 6132 SystemInfo:
12:51:46.0961 6132
12:51:46.0961 6132 OS Version: 6.1.7601 ServicePack: 1.0
12:51:46.0961 6132 Product type: Workstation
12:51:46.0961 6132 ComputerName: EMILY-PC
12:51:46.0961 6132 UserName: Emily
12:51:46.0961 6132 Windows directory: C:\windows
12:51:46.0961 6132 System windows directory: C:\windows
12:51:46.0961 6132 Running under WOW64
12:51:46.0961 6132 Processor architecture: Intel x64
12:51:46.0961 6132 Number of processors: 2
12:51:46.0961 6132 Page size: 0x1000
12:51:46.0961 6132 Boot type: Normal boot
12:51:46.0961 6132 ============================================================
12:51:48.0505 6132 Initialize success
12:51:52.0343 5716 ============================================================
12:51:52.0343 5716 Scan started
12:51:52.0343 5716 Mode: Manual;
12:51:52.0343 5716 ============================================================
12:51:56.0087 5716 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
12:51:56.0087 5716 1394ohci - ok
12:51:56.0149 5716 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
12:51:56.0149 5716 ACPI - ok
12:51:56.0259 5716 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
12:51:56.0274 5716 AcpiPmi - ok
12:51:56.0337 5716 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
12:51:56.0352 5716 adp94xx - ok
12:51:56.0446 5716 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
12:51:56.0446 5716 adpahci - ok
12:51:56.0477 5716 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
12:51:56.0477 5716 adpu320 - ok
12:51:56.0602 5716 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
12:51:56.0617 5716 AFD - ok
12:51:56.0711 5716 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
12:51:56.0727 5716 agp440 - ok
12:51:56.0820 5716 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
12:51:56.0883 5716 aliide - ok
12:51:56.0961 5716 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
12:51:56.0961 5716 amdide - ok
12:51:57.0039 5716 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
12:51:57.0039 5716 AmdK8 - ok
12:51:57.0351 5716 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
12:51:57.0553 5716 amdkmdag - ok
12:51:57.0663 5716 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
12:51:57.0678 5716 amdkmdap - ok
12:51:57.0709 5716 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
12:51:57.0725 5716 AmdPPM - ok
12:51:57.0834 5716 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
12:51:57.0850 5716 amdsata - ok
12:51:57.0897 5716 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
12:51:57.0897 5716 amdsbs - ok
12:51:57.0990 5716 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
12:51:58.0006 5716 amdxata - ok
12:51:58.0053 5716 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
12:51:58.0068 5716 AppID - ok
12:51:58.0193 5716 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
12:51:58.0240 5716 arc - ok
12:51:58.0255 5716 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
12:51:58.0255 5716 arcsas - ok
12:51:58.0287 5716 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:51:58.0302 5716 AsyncMac - ok
12:51:58.0333 5716 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
12:51:58.0333 5716 atapi - ok
12:51:58.0474 5716 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
12:51:58.0474 5716 AtiPcie - ok
12:51:58.0630 5716 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
12:51:58.0645 5716 b06bdrv - ok
12:51:58.0739 5716 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:51:58.0755 5716 b57nd60a - ok
12:51:58.0801 5716 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:51:58.0801 5716 Beep - ok
12:51:58.0926 5716 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:51:58.0926 5716 blbdrive - ok
12:51:58.0989 5716 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
12:51:58.0989 5716 bowser - ok
12:51:59.0082 5716 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
12:51:59.0082 5716 BrFiltLo - ok
12:51:59.0098 5716 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
12:51:59.0098 5716 BrFiltUp - ok
12:51:59.0129 5716 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
12:51:59.0129 5716 Brserid - ok
12:51:59.0145 5716 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:51:59.0145 5716 BrSerWdm - ok
12:51:59.0160 5716 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:51:59.0160 5716 BrUsbMdm - ok
12:51:59.0176 5716 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
12:51:59.0176 5716 BrUsbSer - ok
12:51:59.0207 5716 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
12:51:59.0207 5716 BTHMODEM - ok
12:51:59.0380 5716 catchme - ok
12:51:59.0489 5716 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\windows\system32\DRIVERS\CAXHWAZL.sys
12:51:59.0489 5716 CAXHWAZL - ok
12:51:59.0551 5716 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:51:59.0551 5716 cdfs - ok
12:51:59.0614 5716 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
12:51:59.0614 5716 cdrom - ok
12:51:59.0723 5716 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
12:51:59.0723 5716 circlass - ok
12:51:59.0754 5716 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:51:59.0754 5716 CLFS - ok
12:51:59.0879 5716 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:51:59.0894 5716 CmBatt - ok
12:51:59.0941 5716 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
12:51:59.0941 5716 cmdide - ok
12:51:59.0988 5716 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
12:52:00.0004 5716 CNG - ok
12:52:00.0113 5716 CnxtHdAudService (e10c47a06efdcd635940b6849f3654b4) C:\windows\system32\drivers\CHDRT64.sys
12:52:00.0128 5716 CnxtHdAudService - ok
12:52:00.0222 5716 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
12:52:00.0222 5716 Compbatt - ok
12:52:00.0284 5716 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
12:52:00.0284 5716 CompositeBus - ok
12:52:00.0378 5716 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
12:52:00.0394 5716 crcdisk - ok
12:52:00.0487 5716 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
12:52:00.0503 5716 DfsC - ok
12:52:00.0596 5716 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:52:00.0612 5716 discache - ok
12:52:00.0674 5716 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
12:52:00.0674 5716 Disk - ok
12:52:00.0799 5716 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:52:00.0815 5716 drmkaud - ok
12:52:00.0893 5716 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
12:52:00.0924 5716 DXGKrnl - ok
12:52:01.0283 5716 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
12:52:01.0376 5716 ebdrv - ok
12:52:01.0673 5716 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
12:52:01.0673 5716 elxstor - ok
12:52:01.0735 5716 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
12:52:01.0735 5716 ErrDev - ok
12:52:01.0813 5716 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:52:01.0813 5716 exfat - ok
12:52:01.0876 5716 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:52:01.0876 5716 fastfat - ok
12:52:01.0907 5716 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
12:52:01.0922 5716 fdc - ok
12:52:02.0000 5716 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:52:02.0016 5716 FileInfo - ok
12:52:02.0063 5716 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:52:02.0063 5716 Filetrace - ok
12:52:02.0094 5716 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
12:52:02.0110 5716 flpydisk - ok
12:52:02.0219 5716 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
12:52:02.0234 5716 FltMgr - ok
12:52:02.0297 5716 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:52:02.0297 5716 FsDepends - ok
12:52:02.0312 5716 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
12:52:02.0328 5716 Fs_Rec - ok
12:52:02.0406 5716 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
12:52:02.0406 5716 fvevol - ok
12:52:02.0468 5716 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
12:52:02.0468 5716 gagp30kx - ok
12:52:02.0531 5716 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:52:02.0531 5716 GEARAspiWDM - ok
12:52:02.0671 5716 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:52:02.0671 5716 hcw85cir - ok
12:52:02.0749 5716 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
12:52:02.0749 5716 HdAudAddService - ok
12:52:02.0890 5716 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
12:52:02.0890 5716 HDAudBus - ok
12:52:02.0936 5716 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
12:52:02.0936 5716 HidBatt - ok
12:52:02.0952 5716 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
12:52:02.0952 5716 HidBth - ok
12:52:02.0952 5716 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
12:52:02.0968 5716 HidIr - ok
12:52:03.0092 5716 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
12:52:03.0092 5716 HidUsb - ok
12:52:03.0155 5716 HP8207_8307 (3015b37029ad15c67ebca5053c422f90) C:\windows\system32\DRIVERS\HP8207_8307.sys
12:52:03.0155 5716 HP8207_8307 - ok
12:52:03.0248 5716 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
12:52:03.0248 5716 HpSAMD - ok
12:52:03.0358 5716 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\windows\system32\DRIVERS\CAX_DPV.sys
12:52:03.0389 5716 HSF_DPV - ok
12:52:03.0482 5716 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
12:52:03.0498 5716 HTTP - ok
12:52:03.0576 5716 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
12:52:03.0592 5716 hwpolicy - ok
12:52:03.0623 5716 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
12:52:03.0638 5716 i8042prt - ok
12:52:03.0748 5716 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
12:52:03.0763 5716 iaStorV - ok
12:52:03.0857 5716 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
12:52:03.0872 5716 iirsp - ok
12:52:03.0966 5716 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
12:52:03.0966 5716 intelide - ok
12:52:03.0997 5716 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:52:03.0997 5716 intelppm - ok
12:52:04.0044 5716 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:52:04.0044 5716 IpFilterDriver - ok
12:52:04.0091 5716 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
12:52:04.0091 5716 IPMIDRV - ok
12:52:04.0184 5716 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:52:04.0200 5716 IPNAT - ok
12:52:04.0309 5716 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:52:04.0309 5716 IRENUM - ok
12:52:04.0356 5716 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
12:52:04.0356 5716 isapnp - ok
12:52:04.0418 5716 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
12:52:04.0465 5716 iScsiPrt - ok
12:52:04.0559 5716 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
12:52:04.0559 5716 kbdclass - ok
12:52:04.0637 5716 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
12:52:04.0637 5716 kbdhid - ok
12:52:05.0011 5716 kl1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys
12:52:05.0011 5716 kl1 - ok
12:52:05.0089 5716 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys
12:52:05.0105 5716 kl2 - ok
12:52:05.0230 5716 KLIF (c1786c2f8de0f62e076f7ef8dea4e87a) C:\windows\system32\DRIVERS\klif.sys
12:52:05.0245 5716 KLIF - ok
12:52:05.0354 5716 KLIM6 (2a64b3a9eed93a2e96537b67c079fc96) C:\windows\system32\DRIVERS\klim6.sys
12:52:05.0354 5716 KLIM6 - ok
12:52:05.0401 5716 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
12:52:05.0401 5716 klmouflt - ok
12:52:05.0480 5716 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
12:52:05.0496 5716 KSecDD - ok
12:52:05.0558 5716 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
12:52:05.0558 5716 KSecPkg - ok
12:52:05.0652 5716 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:52:05.0699 5716 ksthunk - ok
12:52:05.0777 5716 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
12:52:05.0808 5716 L1C - ok
12:52:05.0917 5716 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:52:05.0948 5716 lltdio - ok
12:52:05.0995 5716 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
12:52:06.0042 5716 LSI_FC - ok
12:52:06.0089 5716 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
12:52:06.0089 5716 LSI_SAS - ok
12:52:06.0104 5716 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
12:52:06.0104 5716 LSI_SAS2 - ok
12:52:06.0120 5716 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
12:52:06.0120 5716 LSI_SCSI - ok
12:52:06.0151 5716 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:52:06.0151 5716 luafv - ok
12:52:06.0276 5716 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
12:52:06.0276 5716 MBAMProtector - ok
12:52:06.0323 5716 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\windows\system32\DRIVERS\mdmxsdk.sys
12:52:06.0323 5716 mdmxsdk - ok
12:52:06.0354 5716 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
12:52:06.0369 5716 megasas - ok
12:52:06.0464 5716 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
12:52:06.0480 5716 MegaSR - ok
12:52:06.0526 5716 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:52:06.0526 5716 Modem - ok
12:52:06.0948 5716 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:52:06.0963 5716 monitor - ok
12:52:07.0260 5716 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
12:52:07.0260 5716 mouclass - ok
12:52:07.0369 5716 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:52:07.0369 5716 mouhid - ok
12:52:07.0400 5716 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
12:52:07.0400 5716 mountmgr - ok
12:52:07.0462 5716 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
12:52:07.0462 5716 mpio - ok
12:52:07.0525 5716 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:52:07.0540 5716 mpsdrv - ok
12:52:07.0572 5716 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
12:52:07.0587 5716 MRxDAV - ok
12:52:07.0634 5716 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
12:52:07.0634 5716 mrxsmb - ok
12:52:07.0696 5716 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:52:07.0696 5716 mrxsmb10 - ok
12:52:07.0712 5716 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:52:07.0728 5716 mrxsmb20 - ok
12:52:07.0774 5716 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
12:52:07.0790 5716 msahci - ok
12:52:07.0852 5716 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
12:52:07.0852 5716 msdsm - ok
12:52:07.0915 5716 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:52:07.0915 5716 Msfs - ok
12:52:08.0024 5716 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:52:08.0024 5716 mshidkmdf - ok
12:52:08.0118 5716 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
12:52:08.0133 5716 msisadrv - ok
12:52:08.0227 5716 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:52:08.0242 5716 MSKSSRV - ok
12:52:08.0274 5716 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:52:08.0274 5716 MSPCLOCK - ok
12:52:08.0289 5716 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:52:08.0305 5716 MSPQM - ok
12:52:08.0398 5716 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
12:52:08.0414 5716 MsRPC - ok
12:52:08.0476 5716 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
12:52:08.0476 5716 mssmbios - ok
12:52:08.0586 5716 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:52:08.0586 5716 MSTEE - ok
12:52:08.0601 5716 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
12:52:08.0601 5716 MTConfig - ok
12:52:08.0632 5716 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:52:08.0632 5716 Mup - ok
12:52:08.0664 5716 mvusbews (d2e148790a9111feb60257fb43a5c2ed) C:\windows\system32\Drivers\mvusbews.sys
12:52:08.0679 5716 mvusbews - ok
12:52:08.0851 5716 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:52:08.0851 5716 NativeWifiP - ok
12:52:08.0929 5716 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
12:52:08.0929 5716 NDIS - ok
12:52:09.0038 5716 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:52:09.0054 5716 NdisCap - ok
12:52:09.0085 5716 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:52:09.0100 5716 NdisTapi - ok
12:52:09.0132 5716 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
12:52:09.0163 5716 Ndisuio - ok
12:52:09.0272 5716 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
12:52:09.0288 5716 NdisWan - ok
12:52:09.0334 5716 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
12:52:09.0350 5716 NDProxy - ok
12:52:09.0412 5716 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:52:09.0428 5716 NetBIOS - ok
12:52:09.0490 5716 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
12:52:09.0506 5716 NetBT - ok
12:52:09.0615 5716 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
12:52:09.0631 5716 nfrd960 - ok
12:52:09.0678 5716 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:52:09.0693 5716 Npfs - ok
12:52:09.0740 5716 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:52:09.0740 5716 nsiproxy - ok
12:52:09.0818 5716 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
12:52:09.0834 5716 Ntfs - ok
12:52:09.0912 5716 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:52:09.0912 5716 Null - ok
12:52:09.0974 5716 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
12:52:09.0974 5716 nvraid - ok
12:52:10.0083 5716 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
12:52:10.0099 5716 nvstor - ok
12:52:10.0146 5716 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
12:52:10.0146 5716 nv_agp - ok
12:52:10.0192 5716 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
12:52:10.0192 5716 ohci1394 - ok
12:52:10.0317 5716 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
12:52:10.0317 5716 Parport - ok
12:52:10.0364 5716 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
12:52:10.0380 5716 partmgr - ok
12:52:10.0504 5716 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
12:52:10.0504 5716 pci - ok
12:52:10.0552 5716 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
12:52:10.0552 5716 pciide - ok
12:52:10.0615 5716 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
12:52:10.0615 5716 pcmcia - ok
12:52:10.0802 5716 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:52:10.0817 5716 pcw - ok
12:52:11.0239 5716 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:52:11.0285 5716 PEAUTH - ok
12:52:11.0473 5716 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
12:52:11.0488 5716 PGEffect - ok
12:52:12.0020 5716 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
12:52:12.0082 5716 PptpMiniport - ok
12:52:12.0254 5716 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
12:52:12.0269 5716 Processor - ok
12:52:13.0689 5716 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
12:52:13.0689 5716 Psched - ok
12:52:13.0954 5716 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
12:52:13.0970 5716 QIOMem - ok
12:52:14.0048 5716 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
12:52:14.0110 5716 ql2300 - ok
12:52:14.0297 5716 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
12:52:14.0313 5716 ql40xx - ok
12:52:14.0391 5716 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:52:14.0407 5716 QWAVEdrv - ok
12:52:14.0422 5716 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:52:14.0453 5716 RasAcd - ok
12:52:14.0500 5716 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:52:14.0516 5716 RasAgileVpn - ok
12:52:14.0656 5716 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
12:52:14.0672 5716 Rasl2tp - ok
12:52:14.0797 5716 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:52:14.0812 5716 RasPppoe - ok
12:52:14.0875 5716 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:52:15.0046 5716 RasSstp - ok
12:52:15.0124 5716 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
12:52:15.0171 5716 rdbss - ok
12:52:15.0218 5716 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
12:52:15.0280 5716 rdpbus - ok
12:52:15.0343 5716 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:52:15.0343 5716 RDPCDD - ok
12:52:15.0405 5716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:52:15.0405 5716 RDPENCDD - ok
12:52:15.0436 5716 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:52:15.0436 5716 RDPREFMP - ok
12:52:15.0483 5716 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
12:52:15.0514 5716 RDPWD - ok
12:52:15.0982 5716 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
12:52:16.0029 5716 rdyboost - ok
12:52:16.0388 5716 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:52:16.0403 5716 rspndr - ok
12:52:16.0544 5716 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
12:52:16.0591 5716 RSUSBSTOR - ok
12:52:16.0637 5716 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
12:52:16.0653 5716 rtl8192se - ok
12:52:16.0887 5716 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
12:52:16.0918 5716 sbp2port - ok
12:52:17.0433 5716 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
12:52:17.0449 5716 scfilter - ok
12:52:17.0558 5716 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:52:17.0573 5716 secdrv - ok
12:52:17.0589 5716 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
12:52:17.0605 5716 Serenum - ok
12:52:17.0605 5716 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
12:52:17.0620 5716 Serial - ok
12:52:17.0667 5716 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
12:52:17.0667 5716 sermouse - ok
12:52:17.0714 5716 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
12:52:17.0714 5716 sffdisk - ok
12:52:17.0807 5716 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
12:52:17.0807 5716 sffp_mmc - ok
12:52:17.0823 5716 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
12:52:17.0839 5716 sffp_sd - ok
12:52:17.0870 5716 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
12:52:17.0901 5716 sfloppy - ok
12:52:17.0979 5716 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
12:52:18.0010 5716 SiSRaid2 - ok
12:52:18.0010 5716 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
12:52:18.0026 5716 SiSRaid4 - ok
12:52:18.0026 5716 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:52:18.0041 5716 Smb - ok
12:52:18.0104 5716 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:52:18.0119 5716 spldr - ok
12:52:18.0197 5716 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
12:52:18.0197 5716 srv - ok
12:52:18.0291 5716 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
12:52:18.0307 5716 srv2 - ok
12:52:18.0369 5716 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
12:52:18.0369 5716 SrvHsfHDA - ok
12:52:18.0494 5716 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
12:52:18.0509 5716 SrvHsfV92 - ok
12:52:18.0681 5716 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
12:52:18.0697 5716 SrvHsfWinac - ok
12:52:19.0009 5716 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
12:52:19.0040 5716 srvnet - ok
12:52:19.0399 5716 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
12:52:19.0414 5716 stexstor - ok
12:52:19.0601 5716 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
12:52:19.0712 5716 swenum - ok
12:52:19.0836 5716 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
12:52:19.0868 5716 SynTP - ok
12:52:19.0961 5716 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
12:52:19.0992 5716 Tcpip - ok
12:52:20.0117 5716 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
12:52:20.0133 5716 TCPIP6 - ok
12:52:20.0242 5716 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
12:52:20.0242 5716 tcpipreg - ok
12:52:20.0289 5716 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
12:52:20.0304 5716 tdcmdpst - ok
12:52:20.0398 5716 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:52:20.0414 5716 TDPIPE - ok
12:52:20.0429 5716 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
12:52:20.0429 5716 TDTCP - ok
12:52:20.0476 5716 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
12:52:20.0476 5716 tdx - ok
12:52:20.0585 5716 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
12:52:20.0585 5716 TermDD - ok
12:52:21.0147 5716 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
12:52:21.0209 5716 tssecsrv - ok
12:52:21.0459 5716 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
12:52:21.0474 5716 TsUsbFlt - ok
12:52:21.0568 5716 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
12:52:21.0584 5716 tunnel - ok
12:52:21.0630 5716 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:52:21.0646 5716 TVALZ - ok
12:52:21.0927 5716 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
12:52:21.0974 5716 TVALZFL - ok
12:52:22.0332 5716 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
12:52:22.0348 5716 uagp35 - ok
12:52:22.0956 5716 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
12:52:23.0003 5716 udfs - ok
12:52:23.0424 5716 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
12:52:23.0456 5716 uliagpkx - ok
12:52:24.0048 5716 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
12:52:24.0142 5716 umbus - ok
12:52:24.0392 5716 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
12:52:24.0454 5716 UmPass - ok
12:52:24.0532 5716 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
12:52:24.0563 5716 usbccgp - ok
12:52:25.0204 5716 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
12:52:25.0204 5716 usbcir - ok
12:52:25.0407 5716 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
12:52:25.0453 5716 usbehci - ok
12:52:25.0625 5716 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
12:52:25.0703 5716 usbhub - ok
12:52:25.0828 5716 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
12:52:25.0890 5716 usbohci - ok
12:52:26.0015 5716 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
12:52:26.0140 5716 usbprint - ok
12:52:26.0187 5716 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:52:26.0218 5716 usbscan - ok
12:52:26.0343 5716 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
12:52:26.0374 5716 USBSTOR - ok
12:52:26.0389 5716 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
12:52:26.0405 5716 usbuhci - ok
12:52:26.0514 5716 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
12:52:26.0514 5716 usbvideo - ok
12:52:26.0608 5716 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
12:52:26.0623 5716 vdrvroot - ok
12:52:26.0733 5716 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:52:26.0764 5716 vga - ok
12:52:26.0904 5716 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:52:26.0951 5716 VgaSave - ok
12:52:27.0138 5716 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
12:52:27.0154 5716 vhdmp - ok
12:52:27.0591 5716 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
12:52:27.0591 5716 viaide - ok
12:52:27.0622 5716 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
12:52:27.0622 5716 volmgr - ok
12:52:27.0669 5716 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
12:52:27.0669 5716 volmgrx - ok
12:52:27.0793 5716 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
12:52:27.0793 5716 volsnap - ok
12:52:27.0856 5716 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
12:52:27.0856 5716 vsmraid - ok
12:52:27.0918 5716 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:52:27.0918 5716 vwifibus - ok
12:52:27.0949 5716 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:52:27.0949 5716 vwififlt - ok
12:52:28.0043 5716 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:52:28.0043 5716 vwifimp - ok
12:52:28.0183 5716 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
12:52:28.0183 5716 WacomPen - ok
12:52:28.0339 5716 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:52:28.0371 5716 WANARP - ok
12:52:28.0417 5716 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:52:28.0417 5716 Wanarpv6 - ok
12:52:28.0558 5716 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
12:52:28.0558 5716 Wd - ok
12:52:28.0620 5716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:52:28.0620 5716 Wdf01000 - ok
12:52:28.0807 5716 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:52:28.0823 5716 WfpLwf - ok
12:52:28.0948 5716 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:52:28.0963 5716 WIMMount - ok
12:52:29.0104 5716 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\windows\system32\DRIVERS\CAX_CNXT.sys
12:52:29.0119 5716 winachsf - ok
12:52:29.0275 5716 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
12:52:29.0291 5716 WinUsb - ok
12:52:29.0353 5716 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
12:52:29.0353 5716 WmiAcpi - ok
12:52:29.0416 5716 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:52:29.0603 5716 ws2ifsl - ok
12:52:29.0775 5716 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
12:52:29.0790 5716 WudfPf - ok
12:52:30.0024 5716 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
12:52:30.0055 5716 WUDFRd - ok
12:52:30.0118 5716 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\windows\system32\DRIVERS\XAudio64.sys
12:52:30.0149 5716 XAudio - ok
12:52:30.0196 5716 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:52:30.0211 5716 \Device\Harddisk0\DR0 - ok
12:52:30.0227 5716 Boot (0x1200) (dd76684b3133cbdee8075f0f14238df3) \Device\Harddisk0\DR0\Partition0
12:52:30.0227 5716 \Device\Harddisk0\DR0\Partition0 - ok
12:52:30.0227 5716 ============================================================
12:52:30.0227 5716 Scan finished
12:52:30.0227 5716 ============================================================
12:52:30.0243 5708 Detected object count: 0
12:52:30.0243 5708 Actual detected object count: 0

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 November 2011 - 01:05 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 12 November 2011 - 01:57 PM

Hi Gringo,
I booted in to Safe mode, and ran combofix. Here's the log:
Thanks,
Andrew

ComboFix 11-11-10.03 - Emily 11/12/2011 13:41:48.4.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.2681 [GMT -5:00]
Running from: C:\Users\Emily\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\00000002.@
C:\windows\assembly\tmp\U\00000004.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\80000004.@
C:\windows\assembly\tmp\U\80000032.@
C:\windows\assembly\tmp\U\80000064.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\system32\Thumbs.db

---- Previous Run -------

C:\windows\assembly\tmp\U
C:\windows\assembly\tmp\U\00000001.@
C:\windows\assembly\tmp\U\00000002.@
C:\windows\assembly\tmp\U\00000004.@
C:\windows\assembly\tmp\U\000000c0.@
C:\windows\assembly\tmp\U\000000cb.@
C:\windows\assembly\tmp\U\000000cf.@
C:\windows\assembly\tmp\U\80000000.@
C:\windows\assembly\tmp\U\80000004.@
C:\windows\assembly\tmp\U\80000032.@
C:\windows\assembly\tmp\U\80000064.@
C:\windows\assembly\tmp\U\800000c0.@
C:\windows\assembly\tmp\U\800000cb.@
C:\windows\assembly\tmp\U\800000cf.@
C:\windows\system32\Thumbs.db

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 November 2011 - 02:16 PM

Hello

you have been giving me only the top portion of the report I need to see the whole report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 12 November 2011 - 02:52 PM

That is the whole report. There is no more. I do control-A to select all. That last report has text down to line 46. last line with text: C:\windows\system32\Thumbs.db
I'm taking this from file called: c:\combofix\combofix.txt. Is there any other log?

-Andrew

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 November 2011 - 03:06 PM

I want you to run once more (it can be in safe mode) don't touch anything untill the report pops up on its own



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 12 November 2011 - 03:40 PM

I didn't run it a 2nd time yet, but I thought I'd tell you. The last time the report does not popup. Combofix stops. I waited and nothing else happened, so I retrieved the log myself.
Is it a problem that the log does not popup? How long should i wait after it completes?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 12 November 2011 - 04:05 PM

just in case give it 20 30 min


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ashac

Ashac
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:24 AM

Posted 14 November 2011 - 08:32 PM

Hi Gringo,
Just wanted to let you know that I can't rerun combofix until Wed night, 11/16. My daughter took the computer away with her, it's her laptop. She won't install anything in the meantime - she understands what we're doing.
Regards,
Andrew

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 14 November 2011 - 08:45 PM

ok thanks for letting me know


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:24 AM

Posted 18 November 2011 - 12:01 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users