Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojans keep coming back


  • Please log in to reply
16 replies to this topic

#1 ctjester15

ctjester15

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 March 2012 - 10:29 PM

Hello all, I seem to have malware or viruses that I cannot get rid of. I am running Windows 7 currently on my computer. The problem I am experiencing is that fake virus protection programs will run on my computer and cause my computer to blue screen (not sure of the message but will consciously look if it happens again and post here). It also sometimes just goes straight to the blue screen. I run malwarebytes and spybot on my computer and they always eliminate a lot of trojans (trojanproxy.agent, trojan.fakealert, trojan.agent, trojan.agent.gma, rogue.fakeHDD). I also noticed that some are the svchost.exe that I see other people have mentioned. So I remove all of these and they all seem to come back. I also have restored my computer back to previous points when I get so bogged down by error messages that I cant even get to the malware removal tools. Thanks.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 23 March 2012 - 10:41 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 25 March 2012 - 10:33 PM

Farbar Service Scanner Version: 01-03-2012
Ran by Jonathan (administrator) on 25-03-2012 at 22:57:34
Running from "C:\Users\Jonathan\Desktop\Virus Tools"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 04:04] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 31
Java™ SE Development Kit 6 Update 21
Out of date Java installed!
Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
Mozilla Firefox (3.6.27) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Jonathan Desktop Virus Tools SecurityCheck.exe
``````````End of Log````````````

MiniToolBox by Farbar Version: 18-01-2012
Ran by Jonathan (administrator) on 25-03-2012 at 22:58:40
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



87.229.126.81 www.bing.com


========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/25/2012 10:02:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc0000005
Fault offset: 0x001d9686
Faulting process id: 0x18bc
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 09:42:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc00000fd
Fault offset: 0x002b85ba
Faulting process id: 0x188c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 07:37:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xf0e5b367
Faulting process id: 0x14c8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 02:07:31 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc00000fd
Fault offset: 0x002b85b9
Faulting process id: 0x166c
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 01:53:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: Flash11g.ocx, version: 11.1.102.63, time stamp: 0x4f4c398c
Exception code: 0xc0000005
Fault offset: 0x00195185
Faulting process id: 0x1188
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 01:13:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc00000fd
Fault offset: 0x00419ddd
Faulting process id: 0x12f0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 01:05:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x2d0ba166
Faulting process id: 0x1618
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 00:11:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc00000fd
Fault offset: 0x002b9a58
Faulting process id: 0xcb4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 10:47:17 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc00000fd
Fault offset: 0x002b9a47
Faulting process id: 0xfd8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/25/2012 09:49:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c5
Faulting module name: MSHTML.dll, version: 9.0.8112.16441, time stamp: 0x4ee81830
Exception code: 0xc0000005
Fault offset: 0x004c3731
Faulting process id: 0x13b8
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3


System errors:
=============
Error: (03/25/2012 09:37:38 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/25/2012 09:37:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (03/25/2012 06:40:31 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/25/2012 06:40:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (03/25/2012 02:08:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

Error: (03/25/2012 01:28:01 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/25/2012 01:28:01 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x80070005

Error: (03/25/2012 01:27:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP

Error: (03/25/2012 01:27:04 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (03/25/2012 01:27:04 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
4Media iPod to PC Transfer (Version: 4.2.1.0526)
7-Zip 4.57
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.63)
Adobe Reader 9.1 (Version: 9.1.0)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
AIM 7
Android SDK Tools (Version: 0.7)
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Bejeweled 2 Deluxe (Version: 2.2.0.82)
Blackhawk Striker 2 (Version: 2.2.0.82)
Bonjour (Version: 2.0.5.0)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.6.0.12)
Canon Internet Library for ZoomBrowser EX (Version: 1.6.2.7)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4)
Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9)
Canon Utilities CameraWindow (Version: 7.1.0.2)
Canon Utilities CameraWindow DC (Version: 7.1.0.7)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16)
Canon Utilities MyCamera (Version: 6.4.0.5)
Canon Utilities MyCamera DC (Version: 7.0.1.8)
Canon Utilities PhotoStitch (Version: 3.1.21.45)
Canon Utilities RemoteCapture DC (Version: 3.0.1.8)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9)
Canon Utilities ZoomBrowser EX (Version: 6.1.1.21)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Light (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Common (Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Vista (Version: 2009.0729.2238.38827)
Catalyst Control Center InstallProxy (Version: 2009.0729.2238.38827)
Catalyst Control Center Localization All (Version: 2009.0729.2238.38827)
ccc-core-static (Version: 2009.0729.2238.38827)
ccc-utility64 (Version: 2009.0729.2238.38827)
CCC Help Chinese Standard (Version: 2009.0729.2237.38827)
CCC Help Chinese Traditional (Version: 2009.0729.2237.38827)
CCC Help Czech (Version: 2009.0729.2237.38827)
CCC Help Danish (Version: 2009.0729.2237.38827)
CCC Help Dutch (Version: 2009.0729.2237.38827)
CCC Help English (Version: 2009.0729.2237.38827)
CCC Help Finnish (Version: 2009.0729.2237.38827)
CCC Help French (Version: 2009.0729.2237.38827)
CCC Help German (Version: 2009.0729.2237.38827)
CCC Help Greek (Version: 2009.0729.2237.38827)
CCC Help Hungarian (Version: 2009.0729.2237.38827)
CCC Help Italian (Version: 2009.0729.2237.38827)
CCC Help Japanese (Version: 2009.0729.2237.38827)
CCC Help Korean (Version: 2009.0729.2237.38827)
CCC Help Norwegian (Version: 2009.0729.2237.38827)
CCC Help Polish (Version: 2009.0729.2237.38827)
CCC Help Portuguese (Version: 2009.0729.2237.38827)
CCC Help Russian (Version: 2009.0729.2237.38827)
CCC Help Spanish (Version: 2009.0729.2237.38827)
CCC Help Swedish (Version: 2009.0729.2237.38827)
CCC Help Thai (Version: 2009.0729.2237.38827)
CCC Help Turkish (Version: 2009.0729.2237.38827)
Citrix XenApp Web Plugin (Version: 11.0.0.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Download Updater (AOL LLC)
Driver Mender (Version: 8.0.1)
Dropbox (Version: 1.1.45)
DVD Catalyst 4.0.2.7 (Version: 4.0.2.7)
Faerie Solitaire (Version: 2.2.0.82)
FATE Undiscovered Realms (Version: 2.2.0.82)
Flixster Collections (Version: 1.0.73)
Google Talk Plugin (Version: 2.8.5.6620)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
IHA_MessageCenter (Version: 1.6.0)
InterVideo FilterSDK for Panasonic
iSkysoft DRM Removal(Build 1.0.5.1)
iSyncr (Version: 1.4.3)
iTunes (Version: 10.3.1.55)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ SE Development Kit 6 Update 21 (Version: 1.6.0.210)
Junk Mail filter update (Version: 14.0.8089.726)
Label@Once 1.0 (Version: 1.0)
LSI V92 MOH Application
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Monopoly (Version: 2.2.0.82)
MotionSD STUDIO 1.3E
MotoHelper 2.0.49 Driver (Version: 2.0.49)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Move Media Player
Mozilla Firefox (3.6.27) (Version: 3.6.27 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Oasis (Version: 1.0.0)
Mystery P.I. - The Vegas Heist (Version: 2.2.0.82)
NetZero Launcher (Version: 2.01)
Norton Internet Security (Version: 17.0.0.136)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlaySAFE (Version: 1.0.8)
Polar Bowler (Version: 2.2.0.82)
Pop-Up Stopper Free Edition (Version: 3.1.1014)
Quickbooks Financial Center (Version: 2.02)
QuickTime (Version: 7.69.80.9)
Realtek Ethernet Controller Driver (Version: 1.00.0008)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Scrabble Plus (Version: 2.2.0.82)
Skype Launcher (Version: 2.01)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
Spybot - Search & Destroy (Version: 1.6.2)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.7.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.0.64)
TOSHIBA Hardware Setup (Version: 2.00.11)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.0)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01)
TOSHIBA Media Controller (Version: 1.0.65)
Toshiba Online Backup (Version: 1.2.0.38)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Software Modem (Version: 2.2.97)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 2.00.09)
TOSHIBA Value Added Package (Version: 1.2.26.64)
TOSHIBA Web Camera Application (Version: 1.1.1.4)
ToshibaRegistration (Version: 1.0.3)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Download Manager (Version: 15)
Virtual Families (Version: 2.2.0.82)
Virtual Villagers - The Secret City (Version: 2.2.0.82)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VoiceOver Kit (Version: 1.40.128.0)
VRWriter4 (Version: 4.3)
Vz In Home Agent (Version: 8.03.41)
WD SmartWare (Version: 1.2.0.8)
WildTangent Games (Version: 1.0.0.80)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Yahoo! Software Update

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 3836.17 MB
Available physical RAM: 1304.98 MB
Total Pagefile: 7670.48 MB
Available Pagefile: 4479.33 MB
Total Virtual: 4095.88 MB
Available Virtual: 3954.27 MB

========================= Partitions: =====================================

1 Drive c: (TI105736W0B) (Fixed) (Total:287.61 GB) (Free:178.43 GB) NTFS

========================= Users: ========================================

User accounts for \\JONATHAN-PC

Administrator Guest Jonathan


**** End of log ****

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.24.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan :: JONATHAN-PC [administrator]

3/25/2012 11:00:19 PM
mbam-log-2012-03-25 (23-00-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215991
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 7128 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

#4 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 25 March 2012 - 10:34 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 23:26:14
-----------------------------
23:26:14.905 OS Version: Windows x64 6.1.7600
23:26:14.905 Number of processors: 2 586 0x602
23:26:14.905 ComputerName: JONATHAN-PC UserName: Jonathan
23:26:16.317 Initialize success
23:27:01.222 AVAST engine defs: 12032501
23:27:28.648 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:27:28.653 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020M Size: 305245MB BusType: 11
23:27:28.658 Device \Driver\atapi -> MajorFunction fffffa80048185c4
23:27:28.683 Disk 0 MBR read successfully
23:27:28.688 Disk 0 MBR scan
23:27:28.698 Disk 0 MBR:Pihar-C [Rtk]
23:27:28.703 Disk 0 TDL4@MBR code has been found
23:27:28.713 Disk 0 MBR hidden
23:27:28.728 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:27:28.743 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294514 MB offset 3074048
23:27:28.778 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9230 MB offset 606238720
23:27:28.793 Disk 0 MBR [TDL4] **ROOTKIT**
23:27:28.803 Disk 0 trace - called modules:
23:27:28.813 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80048185c4]<<
23:27:28.823 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042c3530]
23:27:28.828 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80042d1520]
23:27:28.838 5 ACPI.sys[fffff88000f97781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80042cd680]
23:27:28.843 \Driver\atapi[0xfffffa80046e2540] -> IRP_MJ_CREATE -> 0xfffffa80048185c4
23:27:31.910 AVAST engine scan C:\windows
23:27:34.735 AVAST engine scan C:\windows\system32
23:31:37.351 AVAST engine scan C:\windows\system32\drivers
23:31:53.915 AVAST engine scan C:\Users\Jonathan
23:33:53.658 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan\Desktop\Virus Tools\MBR.dat"
23:33:53.663 The log file has been saved successfully to "C:\Users\Jonathan\Desktop\Virus Tools\aswMBR.txt"


Thanks for the help!

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 25 March 2012 - 11:07 PM

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 26 March 2012 - 09:07 PM

21:59:46.0783 4976 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
21:59:47.0053 4976 ============================================================
21:59:47.0053 4976 Current date / time: 2012/03/26 21:59:47.0053
21:59:47.0053 4976 SystemInfo:
21:59:47.0053 4976
21:59:47.0053 4976 OS Version: 6.1.7600 ServicePack: 0.0
21:59:47.0053 4976 Product type: Workstation
21:59:47.0053 4976 ComputerName: JONATHAN-PC
21:59:47.0073 4976 UserName: Jonathan
21:59:47.0073 4976 Windows directory: C:\windows
21:59:47.0073 4976 System windows directory: C:\windows
21:59:47.0073 4976 Running under WOW64
21:59:47.0073 4976 Processor architecture: Intel x64
21:59:47.0073 4976 Number of processors: 2
21:59:47.0073 4976 Page size: 0x1000
21:59:47.0073 4976 Boot type: Normal boot
21:59:47.0073 4976 ============================================================
21:59:48.0693 4976 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:59:48.0703 4976 \Device\Harddisk0\DR0:
21:59:48.0703 4976 MBR used
21:59:48.0703 4976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F39000
21:59:48.0733 4976 Initialize success
21:59:48.0733 4976 ============================================================
21:59:50.0963 4104 ============================================================
21:59:50.0963 4104 Scan started
21:59:50.0963 4104 Mode: Manual;
21:59:50.0963 4104 ============================================================
21:59:52.0933 4104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
21:59:52.0933 4104 1394ohci - ok
21:59:53.0103 4104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
21:59:53.0103 4104 ACPI - ok
21:59:53.0223 4104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
21:59:53.0223 4104 AcpiPmi - ok
21:59:53.0583 4104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:59:53.0633 4104 adp94xx - ok
21:59:53.0803 4104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:59:53.0813 4104 adpahci - ok
21:59:53.0953 4104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:59:53.0953 4104 adpu320 - ok
21:59:54.0073 4104 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:59:54.0073 4104 AeLookupSvc - ok
21:59:54.0213 4104 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
21:59:54.0223 4104 AFD - ok
21:59:54.0333 4104 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
21:59:54.0343 4104 AgereModemAudio - ok
21:59:54.0503 4104 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys
21:59:54.0513 4104 AgereSoftModem - ok
21:59:54.0653 4104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
21:59:54.0653 4104 agp440 - ok
21:59:54.0763 4104 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:59:54.0763 4104 ALG - ok
21:59:54.0933 4104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
21:59:54.0953 4104 aliide - ok
21:59:55.0073 4104 AMD External Events Utility (98a2774d3f18c107874c8c1163ebe484) C:\windows\system32\atiesrxx.exe
21:59:55.0073 4104 AMD External Events Utility - ok
21:59:55.0193 4104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
21:59:55.0193 4104 amdide - ok
21:59:55.0323 4104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:59:55.0333 4104 AmdK8 - ok
21:59:55.0553 4104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:59:55.0553 4104 AmdPPM - ok
21:59:55.0653 4104 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
21:59:55.0653 4104 amdsata - ok
21:59:55.0663 4104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:59:55.0673 4104 amdsbs - ok
21:59:55.0683 4104 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
21:59:55.0683 4104 amdxata - ok
21:59:55.0783 4104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
21:59:55.0783 4104 AppID - ok
21:59:55.0863 4104 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:59:55.0863 4104 AppIDSvc - ok
21:59:55.0983 4104 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
21:59:55.0983 4104 Appinfo - ok
21:59:56.0353 4104 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:59:56.0353 4104 Apple Mobile Device - ok
21:59:56.0503 4104 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:59:56.0503 4104 arc - ok
21:59:56.0623 4104 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:59:56.0623 4104 arcsas - ok
21:59:56.0753 4104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:59:56.0753 4104 AsyncMac - ok
21:59:56.0853 4104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
21:59:56.0853 4104 atapi - ok
21:59:57.0013 4104 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
21:59:57.0023 4104 athr - ok
21:59:57.0283 4104 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys
21:59:57.0413 4104 atikmdag - ok
21:59:57.0573 4104 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
21:59:57.0573 4104 AtiPcie - ok
21:59:57.0693 4104 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
21:59:57.0703 4104 AudioEndpointBuilder - ok
21:59:57.0713 4104 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
21:59:57.0723 4104 AudioSrv - ok
21:59:57.0833 4104 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
21:59:57.0833 4104 AxInstSV - ok
21:59:57.0983 4104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:59:57.0983 4104 b06bdrv - ok
21:59:58.0123 4104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:59:58.0123 4104 b57nd60a - ok
21:59:58.0233 4104 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:59:58.0243 4104 BDESVC - ok
21:59:58.0383 4104 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:59:58.0383 4104 Beep - ok
21:59:58.0513 4104 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
21:59:58.0523 4104 BFE - ok
21:59:58.0643 4104 bgsvcgen (bac8633905235fa57fab768c636d3963) C:\Windows\SysWOW64\bgsvcgen.exe
21:59:58.0643 4104 bgsvcgen - ok
21:59:58.0793 4104 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
21:59:58.0803 4104 BITS - ok
21:59:58.0943 4104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:59:58.0943 4104 blbdrive - ok
21:59:59.0043 4104 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:59:59.0043 4104 Bonjour Service - ok
21:59:59.0203 4104 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
21:59:59.0203 4104 bowser - ok
21:59:59.0323 4104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:59:59.0323 4104 BrFiltLo - ok
21:59:59.0373 4104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:59:59.0373 4104 BrFiltUp - ok
21:59:59.0593 4104 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:59:59.0593 4104 BridgeMP - ok
21:59:59.0673 4104 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
21:59:59.0683 4104 Browser - ok
21:59:59.0803 4104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:59:59.0803 4104 Brserid - ok
21:59:59.0913 4104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:59:59.0913 4104 BrSerWdm - ok
22:00:00.0033 4104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:00:00.0033 4104 BrUsbMdm - ok
22:00:00.0193 4104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:00:00.0193 4104 BrUsbSer - ok
22:00:00.0353 4104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:00:00.0353 4104 BTHMODEM - ok
22:00:00.0453 4104 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:00:00.0453 4104 bthserv - ok
22:00:00.0623 4104 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS
22:00:00.0623 4104 BVRPMPR5a64 - ok
22:00:00.0673 4104 catchme - ok
22:00:00.0803 4104 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:00:00.0813 4104 cdfs - ok
22:00:00.0933 4104 cdrbsdrv - ok
22:00:01.0073 4104 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
22:00:01.0073 4104 cdrom - ok
22:00:01.0173 4104 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
22:00:01.0173 4104 CertPropSvc - ok
22:00:01.0603 4104 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
22:00:01.0603 4104 cfWiMAXService - ok
22:00:01.0893 4104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
22:00:01.0893 4104 circlass - ok
22:00:02.0083 4104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:00:02.0083 4104 CLFS - ok
22:00:02.0173 4104 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:00:02.0173 4104 clr_optimization_v2.0.50727_32 - ok
22:00:02.0243 4104 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:00:02.0243 4104 clr_optimization_v2.0.50727_64 - ok
22:00:02.0463 4104 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:00:02.0483 4104 clr_optimization_v4.0.30319_32 - ok
22:00:02.0643 4104 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:00:02.0653 4104 clr_optimization_v4.0.30319_64 - ok
22:00:02.0793 4104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:00:02.0793 4104 CmBatt - ok
22:00:02.0903 4104 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
22:00:02.0903 4104 cmdide - ok
22:00:03.0033 4104 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
22:00:03.0043 4104 CNG - ok
22:00:03.0173 4104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
22:00:03.0173 4104 Compbatt - ok
22:00:03.0293 4104 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
22:00:03.0293 4104 CompositeBus - ok
22:00:03.0363 4104 COMSysApp - ok
22:00:03.0463 4104 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
22:00:03.0463 4104 ConfigFree Gadget Service - ok
22:00:03.0503 4104 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:00:03.0503 4104 ConfigFree Service - ok
22:00:03.0683 4104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
22:00:03.0683 4104 crcdisk - ok
22:00:03.0803 4104 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
22:00:03.0803 4104 CryptSvc - ok
22:00:03.0933 4104 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
22:00:03.0943 4104 DcomLaunch - ok
22:00:04.0043 4104 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:00:04.0043 4104 defragsvc - ok
22:00:04.0193 4104 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
22:00:04.0203 4104 DfsC - ok
22:00:04.0283 4104 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
22:00:04.0293 4104 Dhcp - ok
22:00:04.0383 4104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:00:04.0383 4104 discache - ok
22:00:04.0513 4104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
22:00:04.0523 4104 Disk - ok
22:00:04.0623 4104 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
22:00:04.0623 4104 Dnscache - ok
22:00:04.0723 4104 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
22:00:04.0723 4104 dot3svc - ok
22:00:04.0813 4104 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
22:00:04.0813 4104 DPS - ok
22:00:04.0963 4104 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:00:04.0963 4104 drmkaud - ok
22:00:05.0323 4104 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
22:00:05.0333 4104 DXGKrnl - ok
22:00:05.0513 4104 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:00:05.0513 4104 EapHost - ok
22:00:05.0728 4104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
22:00:05.0813 4104 ebdrv - ok
22:00:05.0910 4104 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
22:00:05.0910 4104 EFS - ok
22:00:06.0025 4104 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
22:00:06.0033 4104 ehRecvr - ok
22:00:06.0090 4104 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:00:06.0093 4104 ehSched - ok
22:00:06.0233 4104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
22:00:06.0239 4104 elxstor - ok
22:00:06.0353 4104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
22:00:06.0354 4104 ErrDev - ok
22:00:06.0479 4104 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:00:06.0484 4104 EventSystem - ok
22:00:06.0604 4104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:00:06.0609 4104 exfat - ok
22:00:06.0963 4104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:00:06.0963 4104 fastfat - ok
22:00:07.0083 4104 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
22:00:07.0083 4104 Fax - ok
22:00:07.0193 4104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
22:00:07.0203 4104 fdc - ok
22:00:07.0293 4104 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:00:07.0293 4104 fdPHost - ok
22:00:07.0393 4104 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:00:07.0393 4104 FDResPub - ok
22:00:07.0523 4104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:00:07.0523 4104 FileInfo - ok
22:00:07.0543 4104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:00:07.0553 4104 Filetrace - ok
22:00:07.0643 4104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
22:00:07.0643 4104 flpydisk - ok
22:00:07.0803 4104 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
22:00:07.0813 4104 FltMgr - ok
22:00:07.0943 4104 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
22:00:07.0963 4104 FontCache - ok
22:00:08.0033 4104 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:00:08.0033 4104 FontCache3.0.0.0 - ok
22:00:08.0113 4104 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:00:08.0113 4104 FsDepends - ok
22:00:08.0233 4104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
22:00:08.0233 4104 Fs_Rec - ok
22:00:08.0393 4104 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
22:00:08.0393 4104 fvevol - ok
22:00:08.0523 4104 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
22:00:08.0523 4104 FwLnk - ok
22:00:08.0643 4104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
22:00:08.0643 4104 gagp30kx - ok
22:00:08.0783 4104 GameConsoleService (4fbccbdd99a75c9efbc90392cf32af61) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:00:08.0793 4104 GameConsoleService - ok
22:00:08.0903 4104 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
22:00:08.0903 4104 GEARAspiWDM - ok
22:00:08.0963 4104 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
22:00:08.0973 4104 gpsvc - ok
22:00:09.0133 4104 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:09.0143 4104 gupdate - ok
22:00:09.0193 4104 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:00:09.0193 4104 gupdatem - ok
22:00:09.0333 4104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:00:09.0333 4104 hcw85cir - ok
22:00:09.0473 4104 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
22:00:09.0483 4104 HdAudAddService - ok
22:00:09.0623 4104 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:00:09.0623 4104 HDAudBus - ok
22:00:09.0743 4104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
22:00:09.0743 4104 HidBatt - ok
22:00:09.0863 4104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
22:00:09.0863 4104 HidBth - ok
22:00:09.0993 4104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
22:00:09.0993 4104 HidIr - ok
22:00:10.0103 4104 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:00:10.0103 4104 hidserv - ok
22:00:10.0253 4104 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
22:00:10.0253 4104 HidUsb - ok
22:00:10.0513 4104 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
22:00:10.0513 4104 hkmsvc - ok
22:00:10.0593 4104 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
22:00:10.0603 4104 HomeGroupListener - ok
22:00:10.0683 4104 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
22:00:10.0683 4104 HomeGroupProvider - ok
22:00:10.0833 4104 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
22:00:10.0833 4104 HpSAMD - ok
22:00:10.0983 4104 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
22:00:10.0983 4104 HTTP - ok
22:00:11.0113 4104 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
22:00:11.0113 4104 hwpolicy - ok
22:00:11.0253 4104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:00:11.0273 4104 i8042prt - ok
22:00:11.0433 4104 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
22:00:11.0443 4104 iaStorV - ok
22:00:11.0563 4104 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:00:11.0573 4104 idsvc - ok
22:00:11.0723 4104 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
22:00:11.0723 4104 IHA_MessageCenter - ok
22:00:11.0863 4104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
22:00:11.0873 4104 iirsp - ok
22:00:12.0313 4104 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
22:00:12.0323 4104 IKEEXT - ok
22:00:12.0523 4104 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
22:00:12.0823 4104 IntcAzAudAddService - ok
22:00:12.0953 4104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
22:00:12.0953 4104 intelide - ok
22:00:13.0093 4104 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:00:13.0093 4104 intelppm - ok
22:00:13.0183 4104 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:00:13.0183 4104 IPBusEnum - ok
22:00:13.0303 4104 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:00:13.0303 4104 IpFilterDriver - ok
22:00:13.0393 4104 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
22:00:13.0403 4104 iphlpsvc - ok
22:00:13.0523 4104 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
22:00:13.0523 4104 IPMIDRV - ok
22:00:13.0663 4104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:00:13.0663 4104 IPNAT - ok
22:00:13.0803 4104 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe
22:00:13.0803 4104 iPod Service - ok
22:00:13.0953 4104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:00:13.0953 4104 IRENUM - ok
22:00:14.0053 4104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
22:00:14.0063 4104 isapnp - ok
22:00:14.0173 4104 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
22:00:14.0173 4104 iScsiPrt - ok
22:00:14.0313 4104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:00:14.0313 4104 kbdclass - ok
22:00:14.0433 4104 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
22:00:14.0443 4104 kbdhid - ok
22:00:14.0543 4104 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
22:00:14.0543 4104 KeyIso - ok
22:00:14.0643 4104 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
22:00:14.0643 4104 KSecDD - ok
22:00:14.0763 4104 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
22:00:14.0763 4104 KSecPkg - ok
22:00:14.0903 4104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:00:14.0903 4104 ksthunk - ok
22:00:15.0013 4104 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:00:15.0013 4104 KtmRm - ok
22:00:15.0153 4104 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
22:00:15.0153 4104 LanmanServer - ok
22:00:15.0283 4104 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
22:00:15.0293 4104 LanmanWorkstation - ok
22:00:15.0423 4104 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\windows\system32\DRIVERS\Lbd.sys
22:00:15.0433 4104 Lbd - ok
22:00:15.0643 4104 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:00:15.0643 4104 lltdio - ok
22:00:15.0743 4104 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:00:15.0763 4104 lltdsvc - ok
22:00:15.0843 4104 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:00:15.0843 4104 lmhosts - ok
22:00:15.0993 4104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
22:00:16.0003 4104 LSI_FC - ok
22:00:16.0143 4104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
22:00:16.0143 4104 LSI_SAS - ok
22:00:16.0293 4104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:00:16.0293 4104 LSI_SAS2 - ok
22:00:16.0428 4104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:00:16.0429 4104 LSI_SCSI - ok
22:00:16.0563 4104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:00:16.0564 4104 luafv - ok
22:00:16.0636 4104 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
22:00:16.0639 4104 Mcx2Svc - ok
22:00:16.0728 4104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
22:00:16.0729 4104 megasas - ok
22:00:16.0933 4104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
22:00:16.0936 4104 MegaSR - ok
22:00:17.0050 4104 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:00:17.0053 4104 MMCSS - ok
22:00:17.0181 4104 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:00:17.0181 4104 Modem - ok
22:00:17.0598 4104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:00:17.0599 4104 monitor - ok
22:00:17.0740 4104 motandroidusb (d69f1e9a944a5f46a494af901ed41118) C:\windows\system32\Drivers\motoandroid.sys
22:00:17.0740 4104 motandroidusb - ok
22:00:17.0880 4104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:00:17.0880 4104 mouclass - ok
22:00:18.0020 4104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:00:18.0020 4104 mouhid - ok
22:00:18.0070 4104 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
22:00:18.0070 4104 mountmgr - ok
22:00:18.0180 4104 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
22:00:18.0180 4104 mpio - ok
22:00:18.0350 4104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:00:18.0360 4104 mpsdrv - ok
22:00:18.0450 4104 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
22:00:18.0460 4104 MpsSvc - ok
22:00:18.0580 4104 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
22:00:18.0580 4104 MRxDAV - ok
22:00:18.0720 4104 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
22:00:18.0720 4104 mrxsmb - ok
22:00:18.0880 4104 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:00:18.0880 4104 mrxsmb10 - ok
22:00:19.0020 4104 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:00:19.0020 4104 mrxsmb20 - ok
22:00:19.0060 4104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
22:00:19.0060 4104 msahci - ok
22:00:19.0160 4104 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
22:00:19.0160 4104 msdsm - ok
22:00:19.0250 4104 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:00:19.0250 4104 MSDTC - ok
22:00:19.0410 4104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:00:19.0410 4104 Msfs - ok
22:00:19.0540 4104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:00:19.0540 4104 mshidkmdf - ok
22:00:19.0650 4104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
22:00:19.0650 4104 msisadrv - ok
22:00:19.0750 4104 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:00:19.0750 4104 MSiSCSI - ok
22:00:19.0820 4104 msiserver - ok
22:00:19.0950 4104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:00:19.0950 4104 MSKSSRV - ok
22:00:20.0090 4104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:00:20.0090 4104 MSPCLOCK - ok
22:00:20.0210 4104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:00:20.0210 4104 MSPQM - ok
22:00:20.0340 4104 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
22:00:20.0340 4104 MsRPC - ok
22:00:20.0450 4104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:00:20.0450 4104 mssmbios - ok
22:00:20.0570 4104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:00:20.0570 4104 MSTEE - ok
22:00:20.0680 4104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
22:00:20.0680 4104 MTConfig - ok
22:00:20.0840 4104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:00:20.0840 4104 Mup - ok
22:00:20.0930 4104 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
22:00:20.0940 4104 napagent - ok
22:00:21.0100 4104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:00:21.0100 4104 NativeWifiP - ok
22:00:21.0220 4104 NAVENG - ok
22:00:21.0230 4104 NAVEX15 - ok
22:00:21.0390 4104 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
22:00:21.0400 4104 NDIS - ok
22:00:21.0560 4104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:00:21.0560 4104 NdisCap - ok
22:00:21.0680 4104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:00:21.0680 4104 NdisTapi - ok
22:00:21.0810 4104 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
22:00:21.0820 4104 Ndisuio - ok
22:00:21.0920 4104 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
22:00:21.0930 4104 NdisWan - ok
22:00:22.0040 4104 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
22:00:22.0040 4104 NDProxy - ok
22:00:22.0180 4104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:00:22.0180 4104 NetBIOS - ok
22:00:22.0290 4104 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
22:00:22.0290 4104 NetBT - ok
22:00:22.0380 4104 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
22:00:22.0390 4104 Netlogon - ok
22:00:22.0530 4104 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:00:22.0530 4104 Netman - ok
22:00:22.0560 4104 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:00:22.0570 4104 netprofm - ok
22:00:23.0110 4104 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:00:23.0120 4104 NetTcpPortSharing - ok
22:00:23.0250 4104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
22:00:23.0250 4104 nfrd960 - ok
22:00:23.0420 4104 NIS (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
22:00:23.0420 4104 NIS - ok
22:00:23.0530 4104 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
22:00:23.0560 4104 NlaSvc - ok
22:00:23.0630 4104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:00:23.0630 4104 Npfs - ok
22:00:23.0710 4104 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:00:23.0710 4104 nsi - ok
22:00:23.0830 4104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:00:23.0830 4104 nsiproxy - ok
22:00:24.0030 4104 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
22:00:24.0040 4104 Ntfs - ok
22:00:24.0170 4104 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:00:24.0180 4104 Null - ok
22:00:24.0280 4104 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
22:00:24.0280 4104 nvraid - ok
22:00:24.0410 4104 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
22:00:24.0410 4104 nvstor - ok
22:00:24.0560 4104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
22:00:24.0560 4104 nv_agp - ok
22:00:24.0710 4104 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:00:24.0720 4104 odserv - ok
22:00:24.0830 4104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
22:00:24.0830 4104 ohci1394 - ok
22:00:24.0940 4104 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:00:24.0940 4104 ose - ok
22:00:25.0030 4104 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:00:25.0030 4104 p2pimsvc - ok
22:00:25.0120 4104 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:00:25.0130 4104 p2psvc - ok
22:00:25.0210 4104 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
22:00:25.0210 4104 Parport - ok
22:00:25.0320 4104 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
22:00:25.0330 4104 partmgr - ok
22:00:25.0400 4104 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:00:25.0410 4104 PcaSvc - ok
22:00:25.0510 4104 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
22:00:25.0510 4104 pci - ok
22:00:25.0660 4104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:00:25.0660 4104 pciide - ok
22:00:25.0790 4104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
22:00:25.0790 4104 pcmcia - ok
22:00:25.0840 4104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:00:25.0840 4104 pcw - ok
22:00:25.0960 4104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:00:25.0960 4104 PEAUTH - ok
22:00:26.0040 4104 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:00:26.0040 4104 PerfHost - ok
22:00:26.0160 4104 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
22:00:26.0160 4104 PGEffect - ok
22:00:26.0290 4104 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
22:00:26.0300 4104 pla - ok
22:00:26.0430 4104 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
22:00:26.0440 4104 PlugPlay - ok
22:00:26.0520 4104 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:00:26.0520 4104 PNRPAutoReg - ok
22:00:26.0620 4104 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:00:26.0620 4104 PNRPsvc - ok
22:00:26.0720 4104 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
22:00:26.0730 4104 PolicyAgent - ok
22:00:26.0870 4104 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:00:26.0880 4104 Power - ok
22:00:27.0030 4104 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
22:00:27.0030 4104 PptpMiniport - ok
22:00:27.0160 4104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
22:00:27.0160 4104 Processor - ok
22:00:27.0270 4104 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
22:00:27.0270 4104 ProfSvc - ok
22:00:27.0360 4104 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
22:00:27.0360 4104 ProtectedStorage - ok
22:00:27.0540 4104 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
22:00:27.0540 4104 Psched - ok
22:00:27.0690 4104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
22:00:27.0710 4104 ql2300 - ok
22:00:27.0830 4104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
22:00:27.0830 4104 ql40xx - ok
22:00:27.0910 4104 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:00:27.0920 4104 QWAVE - ok
22:00:28.0030 4104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:00:28.0030 4104 QWAVEdrv - ok
22:00:28.0410 4104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:00:28.0410 4104 RasAcd - ok
22:00:28.0540 4104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:00:28.0540 4104 RasAgileVpn - ok
22:00:28.0620 4104 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:00:28.0620 4104 RasAuto - ok
22:00:28.0770 4104 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
22:00:28.0780 4104 Rasl2tp - ok
22:00:28.0880 4104 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
22:00:28.0880 4104 RasMan - ok
22:00:29.0040 4104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:00:29.0040 4104 RasPppoe - ok
22:00:29.0190 4104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:00:29.0200 4104 RasSstp - ok
22:00:29.0340 4104 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
22:00:29.0340 4104 rdbss - ok
22:00:29.0450 4104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:00:29.0450 4104 rdpbus - ok
22:00:29.0560 4104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:00:29.0560 4104 RDPCDD - ok
22:00:29.0590 4104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:00:29.0590 4104 RDPENCDD - ok
22:00:29.0690 4104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:00:29.0690 4104 RDPREFMP - ok
22:00:29.0800 4104 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
22:00:29.0810 4104 RDPWD - ok
22:00:29.0960 4104 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
22:00:29.0970 4104 rdyboost - ok
22:00:30.0050 4104 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:00:30.0050 4104 RemoteAccess - ok
22:00:30.0150 4104 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:00:30.0170 4104 RemoteRegistry - ok
22:00:30.0330 4104 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:00:30.0330 4104 RpcEptMapper - ok
22:00:30.0410 4104 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:00:30.0410 4104 RpcLocator - ok
22:00:30.0570 4104 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
22:00:30.0580 4104 RpcSs - ok
22:00:30.0640 4104 RSELSVC - ok
22:00:30.0790 4104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:00:30.0790 4104 rspndr - ok
22:00:30.0900 4104 RSUSBSTOR - ok
22:00:31.0030 4104 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys
22:00:31.0040 4104 RTL8167 - ok
22:00:31.0210 4104 rtl8192se (7cd14bf5b42931fb80bee5d3e6ba7089) C:\windows\system32\DRIVERS\rtl8192se.sys
22:00:31.0220 4104 rtl8192se - ok
22:00:31.0330 4104 RtsUIR - ok
22:00:31.0430 4104 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
22:00:31.0430 4104 SamSs - ok
22:00:31.0530 4104 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
22:00:31.0530 4104 sbp2port - ok
22:00:31.0720 4104 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
22:00:31.0730 4104 SBSDWSCService - ok
22:00:31.0830 4104 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:00:31.0840 4104 SCardSvr - ok
22:00:31.0910 4104 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
22:00:31.0910 4104 scfilter - ok
22:00:32.0020 4104 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
22:00:32.0040 4104 Schedule - ok
22:00:32.0150 4104 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
22:00:32.0150 4104 SCPolicySvc - ok
22:00:32.0230 4104 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
22:00:32.0240 4104 SDRSVC - ok
22:00:32.0360 4104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:00:32.0360 4104 secdrv - ok
22:00:32.0440 4104 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
22:00:32.0440 4104 seclogon - ok
22:00:32.0500 4104 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
22:00:32.0510 4104 SENS - ok
22:00:32.0630 4104 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:00:32.0630 4104 SensrSvc - ok
22:00:32.0730 4104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
22:00:32.0730 4104 Serenum - ok
22:00:32.0870 4104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
22:00:32.0870 4104 Serial - ok
22:00:33.0010 4104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
22:00:33.0010 4104 sermouse - ok
22:00:33.0250 4104 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
22:00:33.0260 4104 SessionEnv - ok
22:00:33.0950 4104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
22:00:33.0950 4104 sffdisk - ok
22:00:34.0070 4104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
22:00:34.0070 4104 sffp_mmc - ok
22:00:34.0180 4104 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
22:00:34.0190 4104 sffp_sd - ok
22:00:34.0320 4104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
22:00:34.0320 4104 sfloppy - ok
22:00:34.0410 4104 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:00:34.0420 4104 SharedAccess - ok
22:00:34.0480 4104 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
22:00:34.0490 4104 ShellHWDetection - ok
22:00:34.0620 4104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:00:34.0620 4104 SiSRaid2 - ok
22:00:34.0730 4104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
22:00:34.0730 4104 SiSRaid4 - ok
22:00:34.0860 4104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:00:34.0860 4104 Smb - ok
22:00:34.0970 4104 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:00:34.0970 4104 SNMPTRAP - ok
22:00:35.0050 4104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:00:35.0050 4104 spldr - ok
22:00:35.0170 4104 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
22:00:35.0180 4104 Spooler - ok
22:00:35.0350 4104 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
22:00:35.0410 4104 sppsvc - ok
22:00:35.0510 4104 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:00:35.0510 4104 sppuinotify - ok
22:00:35.0610 4104 sprtsvc_verizondm - ok
22:00:35.0760 4104 SRTSP (56979a80f6f9df788a8bfcc1603da40d) C:\windows\system32\drivers\NISx64\1100000.088\SRTSP64.SYS
22:00:35.0770 4104 SRTSP - ok
22:00:35.0930 4104 SRTSPX (3c3d82bb245ad1cb00ed48cb2f4ab385) C:\windows\system32\drivers\NISx64\1100000.088\SRTSPX64.SYS
22:00:35.0930 4104 SRTSPX - ok
22:00:36.0090 4104 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
22:00:36.0100 4104 srv - ok
22:00:36.0220 4104 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
22:00:36.0230 4104 srv2 - ok
22:00:36.0340 4104 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
22:00:36.0340 4104 srvnet - ok
22:00:36.0430 4104 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:00:36.0440 4104 SSDPSRV - ok
22:00:36.0520 4104 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:00:36.0530 4104 SstpSvc - ok
22:00:36.0600 4104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
22:00:36.0600 4104 stexstor - ok
22:00:36.0700 4104 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
22:00:36.0710 4104 stisvc - ok
22:00:36.0830 4104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:00:36.0830 4104 swenum - ok
22:00:36.0920 4104 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:00:36.0930 4104 swprv - ok
22:00:37.0510 4104 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
22:00:37.0510 4104 SynTP - ok
22:00:37.0860 4104 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
22:00:37.0880 4104 SysMain - ok
22:00:37.0980 4104 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
22:00:37.0990 4104 TabletInputService - ok
22:00:38.0030 4104 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
22:00:38.0040 4104 TapiSrv - ok
22:00:38.0130 4104 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:00:38.0130 4104 TBS - ok
22:00:38.0300 4104 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
22:00:38.0320 4104 Tcpip - ok
22:00:38.0500 4104 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
22:00:38.0510 4104 TCPIP6 - ok
22:00:38.0640 4104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
22:00:38.0640 4104 tcpipreg - ok
22:00:38.0750 4104 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:00:38.0750 4104 tdcmdpst - ok
22:00:38.0870 4104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:00:38.0870 4104 TDPIPE - ok
22:00:39.0220 4104 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
22:00:39.0220 4104 TDTCP - ok
22:00:39.0370 4104 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
22:00:39.0370 4104 tdx - ok
22:00:39.0480 4104 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
22:00:39.0490 4104 TermDD - ok
22:00:39.0620 4104 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
22:00:39.0620 4104 TermService - ok
22:00:39.0710 4104 tgsrvc_verizondm - ok
22:00:39.0790 4104 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:00:39.0790 4104 Themes - ok
22:00:39.0870 4104 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:00:39.0870 4104 THREADORDER - ok
22:00:40.0040 4104 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:00:40.0040 4104 TMachInfo - ok
22:00:40.0140 4104 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
22:00:40.0140 4104 TODDSrv - ok
22:00:40.0240 4104 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:00:40.0250 4104 TosCoSrv - ok
22:00:40.0320 4104 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:00:40.0320 4104 TOSHIBA eco Utility Service - ok
22:00:40.0430 4104 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:00:40.0430 4104 TOSHIBA HDD SSD Alert Service - ok
22:00:40.0570 4104 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:00:40.0580 4104 tos_sps64 - ok
22:00:40.0710 4104 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:00:40.0720 4104 TPCHSrv - ok
22:00:40.0820 4104 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:00:40.0820 4104 TrkWks - ok
22:00:40.0900 4104 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
22:00:40.0900 4104 TrustedInstaller - ok
22:00:41.0000 4104 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
22:00:41.0000 4104 tssecsrv - ok
22:00:41.0140 4104 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
22:00:41.0140 4104 tunnel - ok
22:00:41.0240 4104 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:00:41.0240 4104 TVALZ - ok
22:00:41.0360 4104 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:00:41.0360 4104 TVALZFL - ok
22:00:41.0370 4104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
22:00:41.0370 4104 uagp35 - ok
22:00:41.0440 4104 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
22:00:41.0450 4104 udfs - ok
22:00:41.0560 4104 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:00:41.0560 4104 UI0Detect - ok
22:00:41.0690 4104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
22:00:41.0700 4104 uliagpkx - ok
22:00:41.0820 4104 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
22:00:41.0820 4104 umbus - ok
22:00:41.0930 4104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
22:00:41.0930 4104 UmPass - ok
22:00:42.0010 4104 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:00:42.0020 4104 upnphost - ok
22:00:42.0160 4104 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
22:00:42.0160 4104 USBAAPL64 - ok
22:00:42.0280 4104 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
22:00:42.0280 4104 usbccgp - ok
22:00:42.0360 4104 USBCCID - ok
22:00:42.0410 4104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
22:00:42.0410 4104 usbcir - ok
22:00:42.0520 4104 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
22:00:42.0530 4104 usbehci - ok
22:00:42.0690 4104 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
22:00:42.0690 4104 usbhub - ok
22:00:42.0810 4104 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\DRIVERS\usbohci.sys
22:00:42.0810 4104 usbohci - ok
22:00:42.0920 4104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
22:00:42.0930 4104 usbprint - ok
22:00:43.0050 4104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
22:00:43.0050 4104 usbscan - ok
22:00:43.0160 4104 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:00:43.0160 4104 USBSTOR - ok
22:00:43.0270 4104 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
22:00:43.0270 4104 usbuhci - ok
22:00:43.0400 4104 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
22:00:43.0400 4104 usbvideo - ok
22:00:43.0500 4104 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:00:43.0500 4104 UxSms - ok
22:00:43.0580 4104 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
22:00:43.0580 4104 VaultSvc - ok
22:00:43.0730 4104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
22:00:43.0740 4104 vdrvroot - ok
22:00:43.0850 4104 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
22:00:43.0860 4104 vds - ok
22:00:44.0000 4104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:00:44.0000 4104 vga - ok
22:00:44.0110 4104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:00:44.0110 4104 VgaSave - ok
22:00:44.0590 4104 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
22:00:44.0590 4104 vhdmp - ok
22:00:44.0720 4104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
22:00:44.0730 4104 viaide - ok
22:00:44.0840 4104 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
22:00:44.0840 4104 volmgr - ok
22:00:44.0960 4104 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
22:00:44.0960 4104 volmgrx - ok
22:00:45.0060 4104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
22:00:45.0070 4104 volsnap - ok
22:00:45.0210 4104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
22:00:45.0220 4104 vsmraid - ok
22:00:45.0340 4104 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
22:00:45.0360 4104 VSS - ok
22:00:45.0510 4104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:00:45.0520 4104 vwifibus - ok
22:00:45.0670 4104 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:00:45.0680 4104 vwififlt - ok
22:00:45.0820 4104 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:00:45.0820 4104 vwifimp - ok
22:00:45.0920 4104 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:00:45.0930 4104 W32Time - ok
22:00:46.0040 4104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
22:00:46.0050 4104 WacomPen - ok
22:00:46.0190 4104 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:00:46.0190 4104 WANARP - ok
22:00:46.0210 4104 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
22:00:46.0210 4104 Wanarpv6 - ok
22:00:46.0350 4104 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:00:46.0370 4104 WatAdminSvc - ok
22:00:46.0520 4104 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
22:00:46.0540 4104 wbengine - ok
22:00:46.0650 4104 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:00:46.0650 4104 WbioSrvc - ok
22:00:46.0700 4104 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
22:00:46.0700 4104 wcncsvc - ok
22:00:46.0780 4104 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:00:46.0780 4104 WcsPlugInService - ok
22:00:46.0860 4104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
22:00:46.0860 4104 Wd - ok
22:00:46.0980 4104 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
22:00:46.0980 4104 WDC_SAM - ok
22:00:47.0090 4104 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
22:00:47.0090 4104 WDDMService - ok
22:00:47.0240 4104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:00:47.0240 4104 Wdf01000 - ok
22:00:47.0330 4104 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:00:47.0350 4104 WdiServiceHost - ok
22:00:47.0380 4104 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:00:47.0380 4104 WdiSystemHost - ok
22:00:47.0550 4104 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
22:00:47.0550 4104 WDSmartWareBackgroundService - ok
22:00:47.0700 4104 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
22:00:47.0710 4104 WebClient - ok
22:00:47.0810 4104 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:00:47.0810 4104 Wecsvc - ok
22:00:47.0850 4104 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:00:47.0850 4104 wercplsupport - ok
22:00:47.0880 4104 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:00:47.0880 4104 WerSvc - ok
22:00:48.0050 4104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:00:48.0060 4104 WfpLwf - ok
22:00:48.0170 4104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:00:48.0170 4104 WIMMount - ok
22:00:48.0240 4104 WinDefend - ok
22:00:48.0250 4104 WinHttpAutoProxySvc - ok
22:00:48.0350 4104 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:00:48.0350 4104 Winmgmt - ok
22:00:48.0480 4104 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
22:00:48.0500 4104 WinRM - ok
22:00:48.0690 4104 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
22:00:48.0690 4104 WinUsb - ok
22:00:48.0820 4104 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:00:48.0830 4104 Wlansvc - ok
22:00:48.0960 4104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:00:48.0960 4104 WmiAcpi - ok
22:00:49.0070 4104 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:00:49.0070 4104 wmiApSrv - ok
22:00:49.0120 4104 WMPNetworkSvc - ok
22:00:49.0180 4104 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:00:49.0190 4104 WPCSvc - ok
22:00:49.0290 4104 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
22:00:49.0290 4104 WPDBusEnum - ok
22:00:49.0410 4104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:00:49.0410 4104 ws2ifsl - ok
22:00:49.0550 4104 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(1).sys
22:00:49.0740 4104 WsAudio_DeviceS(1) - ok
22:00:49.0980 4104 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(2).sys
22:00:49.0980 4104 WsAudio_DeviceS(2) - ok
22:00:50.0130 4104 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(3).sys
22:00:50.0130 4104 WsAudio_DeviceS(3) - ok
22:00:50.0260 4104 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(4).sys
22:00:50.0260 4104 WsAudio_DeviceS(4) - ok
22:00:50.0390 4104 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(5).sys
22:00:50.0390 4104 WsAudio_DeviceS(5) - ok
22:00:50.0530 4104 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
22:00:50.0540 4104 wscsvc - ok
22:00:50.0600 4104 WSearch - ok
22:00:50.0680 4104 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
22:00:50.0710 4104 wuauserv - ok
22:00:50.0840 4104 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
22:00:50.0840 4104 WudfPf - ok
22:00:51.0000 4104 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
22:00:51.0000 4104 WUDFRd - ok
22:00:51.0070 4104 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
22:00:51.0080 4104 wudfsvc - ok
22:00:51.0150 4104 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:00:51.0150 4104 WwanSvc - ok
22:00:51.0310 4104 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
22:00:51.0320 4104 YahooAUService - ok
22:00:51.0370 4104 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
22:00:51.0430 4104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
22:00:51.0430 4104 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
22:00:51.0440 4104 Boot (0x1200) (0c8f079051bcb1fc17e864377f69aa07) \Device\Harddisk0\DR0\Partition0
22:00:51.0440 4104 \Device\Harddisk0\DR0\Partition0 - ok
22:00:51.0450 4104 ============================================================
22:00:51.0450 4104 Scan finished
22:00:51.0450 4104 ============================================================
22:00:51.0460 5424 Detected object count: 1
22:00:51.0460 5424 Actual detected object count: 1
22:01:03.0860 5424 \Device\Harddisk0\DR0\# - copied to quarantine
22:01:03.0860 5424 \Device\Harddisk0\DR0 - copied to quarantine
22:01:03.0930 5424 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:01:03.0930 5424 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
22:01:03.0970 5424 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
22:01:03.0980 5424 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
22:01:04.0020 5424 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
22:01:04.0020 5424 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
22:01:04.0020 5424 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
22:01:04.0020 5424 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
22:01:04.0030 5424 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
22:01:04.0030 5424 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
22:01:04.0050 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
22:01:04.0050 5424 \Device\Harddisk0\DR0 - ok
22:01:04.0400 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
22:01:34.0463 5368 Deinitialize success

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 26 March 2012 - 09:20 PM

Good :)

Post new aswMBR log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 26 March 2012 - 10:21 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-26 23:13:53
-----------------------------
23:13:53.018 OS Version: Windows x64 6.1.7600
23:13:53.018 Number of processors: 2 586 0x602
23:13:53.018 ComputerName: JONATHAN-PC UserName: Jonathan
23:13:54.141 Initialize success
23:14:02.331 AVAST engine defs: 12032501
23:14:06.839 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:14:06.839 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020M Size: 305245MB BusType: 11
23:14:06.871 Disk 0 MBR read successfully
23:14:06.871 Disk 0 MBR scan
23:14:06.871 Disk 0 Windows VISTA default MBR code
23:14:06.871 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:14:06.886 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294514 MB offset 3074048
23:14:06.933 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9230 MB offset 606238720
23:14:06.980 Disk 0 scanning C:\windows\system32\drivers
23:14:17.198 Service scanning
23:15:02.672 Modules scanning
23:15:02.688 Disk 0 trace - called modules:
23:15:02.688
23:15:04.591 AVAST engine scan C:\windows
23:15:07.882 AVAST engine scan C:\windows\system32
23:18:55.574 AVAST engine scan C:\windows\system32\drivers
23:19:07.882 AVAST engine scan C:\Users\Jonathan
23:20:43.916 Disk 0 MBR has been saved successfully to "C:\Users\Jonathan\Desktop\Virus Tools\MBR.dat"
23:20:43.916 The log file has been saved successfully to "C:\Users\Jonathan\Desktop\Virus Tools\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 26 March 2012 - 10:26 PM

Very well.

Update MBAM, run "Quick scan" and post new log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 27 March 2012 - 08:49 PM

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.27.08

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Jonathan :: JONATHAN-PC [administrator]

3/27/2012 9:42:44 PM
mbam-log-2012-03-27 (21-42-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216062
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\System32\config\systemprofile\AppData\Roaming\kock\kock\oexuquj.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\temp\nsh39F5.tmp\oexuquj.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\temp\nsh39F5.tmp\vubjh.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 27 March 2012 - 09:37 PM

Very good :)

How is computer doing?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 28 March 2012 - 06:59 AM

got a lot of them, see below

C:\ProgramData\Microsoft\Windows\DRM\6B21.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\6B22.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\C24A.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\C24B.tmp Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric10.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric12.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric13.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric14.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric15.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric16.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric17.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric18.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric19.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric20.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric9.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud16.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud28.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\e69qmeq1.default\extensions\{543961df-8d28-41ff-a847-db2cdd338fe1}\chrome\xulcache.jar.vir JS/Agent.NDO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AC trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\26.03.2012_21.59.47\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\1bd3e0d3-1aa8eb03 multiple threats deleted - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\548af199-77849cb3 a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\12d86b5c-5135b405 Java/Exploit.CVE-2011-3544.AU trojan deleted - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\7386bdc-3363c4bc Java/Exploit.CVE-2011-3544.AC trojan deleted - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4e927325-6760511b a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Jonathan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\26f16d2b-3c0b81f8 Java/Exploit.CVE-2011-3544.AM trojan deleted - quarantined
C:\Users\Jonathan\Desktop\SuperOneClickv1.9.5-ShortFuse.zip multiple threats deleted - quarantined
C:\Users\Jonathan\Desktop\SuperOneClickv1.9.5-ShortFuse\Exploits\GingerBreak Android/Exploit.Lotoor.AF trojan cleaned by deleting - quarantined
C:\Users\Jonathan\Desktop\SuperOneClickv1.9.5-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\ketnhcv.exe a variant of Win32/Kryptik.ACID trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\lqtju.exe a variant of Win32/Kryptik.ACNS trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\lzltujvph.exe a variant of Win32/Kryptik.ACID trojan cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\32193d13-496c7457 Java/Agent.EI trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\a177060-79b2d5db multiple threats deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\43844565-3c23b68f Java/Exploit.CVE-2011-3544.BC trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\16010027-7df153c4 a variant of Java/TrojanDownloader.Agent.AD trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\5433af6f-2d54fbc1 Java/Exploit.CVE-2011-3544.AU trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\2a129132-7594dec0 a variant of Java/Exploit.CVE-2011-3544.AV trojan deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Roaming\01008\01008\nnafru.dll a variant of Win32/Kryptik.ADGH trojan cleaned by deleting - quarantined
C:\Windows\temp\jar_cache7712730264108077245.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\Windows\temp\jar_cache8250766148162613901.tmp a variant of Java/TrojanDownloader.Agent.NDR trojan deleted - quarantined
C:\Windows\temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BF trojan cleaned by deleting - quarantined

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 28 March 2012 - 06:32 PM

You didn't say:

How is computer doing?


Uninstall Java™ SE Development Kit 6 Update 21

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/04/27/download-the-latest-adobe-flash-for-firefox-and-ie-without-any-extras/

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 ctjester15

ctjester15
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 28 March 2012 - 09:23 PM

Seems to be going pretty well. Havent had any flare-ups in a few days or so. Thanks for all the help.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:51 PM

Posted 28 March 2012 - 09:27 PM

Good news :)

Complete what I posted in my previous reply.

Then...

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users