Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smart HDD - removal guide unsuccessful, TDSS, Google Redirects


  • This topic is locked This topic is locked
25 replies to this topic

#1 j0e00

j0e00

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 17 April 2012 - 03:02 AM

Windows 7 infected with Smart HDD (malware impersonating a broken hard drive and trying to take my $).
Used the Bleepingcomputer Removal Guide. Ran RKill, then TDSS Killer, then MBAM.
I think the Smart HDD activity is gone, but I am now getting Google Redirects and aggressive popups. I am also getting authentic-looking "Adobe Flash Player 11.2 Installer" popup windows every few minutes that stay in front of all other windows and the toolbar.
Did not run Unhide.exe because it seems malware problem is still active.
Please help! This sucks! Thanks in advance!


.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by joe at 0:44:07 on 2012-04-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2817 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\TEMP\FP_AX_CAB_INSTALLER.exe
C:\Windows\TEMP\{B61F2119-C574-49E2-BCE2-9F17F4F3414D}\InstallFlashPlayer.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173610108607p0418v105w4671v27n
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173610108607p0418v105w4671v27n
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173610108607p0418v105w4671v27n
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [JavaSoft] RUNDLL32.EXE C:\Users\joe\AppData\Local\JavaSoft\dvkkadxd.dll,DoControlShell
uRun: [bdefbbdaedfdct] "C:\ProgramData\bdefbbdaedfdct.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [bdefbbdaedfdct] "C:\ProgramData\bdefbbdaedfdct.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{8DF20E62-8D88-4DE8-A56A-68E2790470BA} : DhcpNameServer = 192.168.10.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\q4lfwq3p.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-5 136176]
S2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-3-31 243232]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-5 136176]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-17 05:18:14 -------- d-----w- C:\Users\joe\AppData\Roaming\Malwarebytes
2012-04-17 05:18:11 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-17 05:18:11 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-17 05:18:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-17 05:14:53 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-04-17 05:11:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 23:00:13 -------- d-----we C:\Windows\system64
2012-04-15 23:00:09 90112 ----a-w- C:\ProgramData\bdefbbdaedfdct.exe
2012-04-01 01:23:36 -------- d--h--w- C:\Users\joe\AppData\Local\JavaSoft
2012-03-21 02:07:58 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 02:07:58 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
.
==================== Find3M ====================
.
2012-02-22 05:33:05 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10:42 279656 ---h--w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 0:44:39.58 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 17 April 2012 - 03:21 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 17 April 2012 - 01:09 PM

Gracias Gringo!

Two quick questions before I start:


1) Because of the Smart HDD problem, all of my files are still hidden. I did not run Unhide.exe because the spyware problem is still present. So, I have not been able to back up my files.

Is it worth trying to run Unhide.exe and backing up what I can now, or should I go ahead with Security Check and Combofix and wait until later to unhide the files?

2) I was unable to activate the Firewall - seemed to be blocked by the malware. Will this be a problem?


Thank you,
-Joe

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 17 April 2012 - 02:30 PM

hello

about unhide - you can do it now and if you need to do it later you can do it again - it will not hurt to do more than once


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 April 2012 - 01:49 AM

Hi -

Ran unhide and everything seemed to come out OK.

Just ran Security Check. Log is below. Will do Combofix next.

- Joe

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#6 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 19 April 2012 - 02:19 AM

Ran Combofix. Log is below.

All seems well so far.

Combofix restarted me out of safe mode, and when I tried to access the internet I got the "Illegal operation attempted on a registery key that has been marked for deletion" message. Restarted into Safe Mode (just to be safe), and everything seemed to work. Tried to go to a bunch of sites and google, and did not get any redirects. (Prior to running combofix, I was still getting them).

Crap! I just realized that when I restarted I lost the COmbofix Log. Sorry for being such an idiot.

Should i run Combofix again to get a new log, or is that information simply lost?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 19 April 2012 - 08:29 AM

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\ComboFix.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 20 April 2012 - 09:35 AM

Thanks!

One more thing I noticed - Firefox is very slow to open. IE is nice and quick, but Firefox takes 20-30 seconds.

Here is the Combofix log:


ComboFix 12-04-19.01 - joe 04/18/2012 23:55:03.1.3 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2876 [GMT -7:00]
Running from: c:\users\joe\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\bdefbbdaedfdct.exe
c:\programdata\s7MDhbxPqkYhNG
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
c:\windows\SysWow64\config\systemprofile\AppData\Roaming\Adobe\sp.Dll
c:\windows\TEMP\{2FB981EC-197A-4B78-A92E-3919ADDDD6CF}\InstallFlashPlayer.exe
c:\windows\TEMP\{567F7AD5-2BCF-475E-BD4F-F65F5288A8BA}\fpb.tmp
c:\windows\TEMP\{71DA4763-A41A-407F-AF07-AF1D93C78F40}\fpb.tmp
c:\windows\TEMP\{8F056244-D416-4A77-B898-9C12812590C2}\InstallFlashPlayer.exe
c:\windows\TEMP\{9BA19C4F-A0A4-4201-B28E-9CC6AE98109A}\fpb.tmp
c:\windows\TEMP\{BCCDFCEF-81FA-4BEF-A6B8-D09E0BD4EAF5}\InstallFlashPlayer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-17 05:18 . 2012-04-17 05:18 -------- d-----w- c:\users\joe\AppData\Roaming\Malwarebytes
2012-04-17 05:18 . 2012-04-17 05:18 -------- d-----w- c:\programdata\Malwarebytes
2012-04-17 05:18 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-17 05:18 . 2012-04-17 05:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-17 05:11 . 2012-04-17 06:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-01 01:23 . 2012-04-01 01:23 -------- d-----w- c:\users\joe\AppData\Local\JavaSoft
2012-03-21 02:07 . 2012-03-21 02:07 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 02:07 . 2012-03-21 02:07 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 05:33 . 2011-05-19 03:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 13:10 . 2010-10-02 22:14 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JavaSoft"="c:\users\joe\AppData\Local\JavaSoft\dvkkadxd.dll" [2012-04-01 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-07-12 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 00:52]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-06 00:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"combofix"="c:\combofix\CF25020.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sddmi2
umwdf
sysdown
lxcc_device
SE2Cbus
{d31a0762-0ceb-444e-acff-b049a1f6fe91}
IJPLMSVC
JL2005C
oracleorahomehttpserver
LPCFilter
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_x3400&r=173610108607p0418v105w4671v27n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\joe\AppData\Roaming\Mozilla\Firefox\Profiles\q4lfwq3p.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Wow6432Node-HKCU-Run-bdefbbdaedfdct - c:\programdata\bdefbbdaedfdct.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-bdefbbdaedfdct - c:\programdata\bdefbbdaedfdct.exe
SafeBoot-53439065.sys
Toolbar-Locked - (no file)
HKLM-Run-mwlDaemon - c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
AddRemove-dBpoweramp Batch Ripper - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp CD Writer - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp FLAC Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-04-19 00:01:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-19 07:01
.
Pre-Run: 404,890,021,888 bytes free
Post-Run: 405,109,895,168 bytes free
.
- - End Of File - - 80860A5936975122F23B7CA216FACE92

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 20 April 2012 - 01:06 PM

Hello


Uninstall firefox and reinstall it.


I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 23 April 2012 - 12:05 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 23 April 2012 - 12:10 AM

Hi Thanks for following up... sorry for being slow.

Have been away from the computer for the weekend so have not had a chance to run the next scans.

Will be back there Tuesday morning and will get them done then and send the logs.

Thanks very much for all your help!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 23 April 2012 - 12:12 AM

no problem and I will check back with you if I have not heard from you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 April 2012 - 12:12 PM

Below is the log from TDSSkiller. No objects were found in the scan. (I had already run this one previously, based on the initial instructions for the removal of Smart HDD.)




10:09:30.0801 1568 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
10:09:31.0194 1568 ============================================================
10:09:31.0194 1568 Current date / time: 2012/04/24 10:09:31.0194
10:09:31.0194 1568 SystemInfo:
10:09:31.0194 1568
10:09:31.0194 1568 OS Version: 6.1.7601 ServicePack: 1.0
10:09:31.0194 1568 Product type: Workstation
10:09:31.0194 1568 ComputerName: JOECOMPUTER
10:09:31.0194 1568 UserName: joe
10:09:31.0194 1568 Windows directory: C:\Windows
10:09:31.0194 1568 System windows directory: C:\Windows
10:09:31.0194 1568 Running under WOW64
10:09:31.0194 1568 Processor architecture: Intel x64
10:09:31.0194 1568 Number of processors: 3
10:09:31.0194 1568 Page size: 0x1000
10:09:31.0194 1568 Boot type: Safe boot with network
10:09:31.0194 1568 ============================================================
10:09:32.0066 1568 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:09:32.0073 1568 ============================================================
10:09:32.0073 1568 \Device\Harddisk0\DR0:
10:09:32.0073 1568 MBR partitions:
10:09:32.0073 1568 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B58800, BlocksNum 0x32000
10:09:32.0073 1568 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B8A800, BlocksNum 0x387FB030
10:09:32.0073 1568 ============================================================
10:09:32.0101 1568 C: <-> \Device\Harddisk0\DR0\Partition1
10:09:32.0101 1568 ============================================================
10:09:32.0101 1568 Initialize success
10:09:32.0101 1568 ============================================================
10:09:36.0678 0896 ============================================================
10:09:36.0678 0896 Scan started
10:09:36.0678 0896 Mode: Manual;
10:09:36.0678 0896 ============================================================
10:09:37.0289 0896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:09:37.0293 0896 1394ohci - ok
10:09:37.0334 0896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:09:37.0337 0896 ACPI - ok
10:09:37.0347 0896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:09:37.0348 0896 AcpiPmi - ok
10:09:37.0450 0896 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:09:37.0452 0896 AdobeARMservice - ok
10:09:37.0587 0896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:09:37.0600 0896 adp94xx - ok
10:09:37.0615 0896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:09:37.0618 0896 adpahci - ok
10:09:37.0627 0896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:09:37.0629 0896 adpu320 - ok
10:09:37.0660 0896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:09:37.0666 0896 AeLookupSvc - ok
10:09:37.0730 0896 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
10:09:37.0737 0896 AFD - ok
10:09:37.0757 0896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:09:37.0758 0896 agp440 - ok
10:09:37.0775 0896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:09:37.0776 0896 ALG - ok
10:09:37.0786 0896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:09:37.0786 0896 aliide - ok
10:09:37.0805 0896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:09:37.0806 0896 amdide - ok
10:09:37.0820 0896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:09:37.0821 0896 AmdK8 - ok
10:09:37.0837 0896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:09:37.0838 0896 AmdPPM - ok
10:09:37.0866 0896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:09:37.0867 0896 amdsata - ok
10:09:37.0898 0896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:09:37.0900 0896 amdsbs - ok
10:09:37.0912 0896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:09:37.0913 0896 amdxata - ok
10:09:37.0943 0896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:09:37.0944 0896 AppID - ok
10:09:37.0962 0896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:09:37.0963 0896 AppIDSvc - ok
10:09:37.0994 0896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:09:37.0995 0896 Appinfo - ok
10:09:38.0029 0896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:09:38.0030 0896 arc - ok
10:09:38.0036 0896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:09:38.0038 0896 arcsas - ok
10:09:38.0069 0896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:09:38.0070 0896 AsyncMac - ok
10:09:38.0100 0896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:09:38.0100 0896 atapi - ok
10:09:38.0152 0896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:09:38.0165 0896 AudioEndpointBuilder - ok
10:09:38.0172 0896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:09:38.0175 0896 AudioSrv - ok
10:09:38.0212 0896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:09:38.0223 0896 AxInstSV - ok
10:09:38.0250 0896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:09:38.0260 0896 b06bdrv - ok
10:09:38.0309 0896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:09:38.0312 0896 b57nd60a - ok
10:09:38.0348 0896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:09:38.0349 0896 BDESVC - ok
10:09:38.0367 0896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:09:38.0367 0896 Beep - ok
10:09:38.0428 0896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:09:38.0460 0896 BITS - ok
10:09:38.0469 0896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:09:38.0470 0896 blbdrive - ok
10:09:38.0508 0896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:09:38.0509 0896 bowser - ok
10:09:38.0513 0896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:09:38.0514 0896 BrFiltLo - ok
10:09:38.0520 0896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:09:38.0521 0896 BrFiltUp - ok
10:09:38.0545 0896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:09:38.0546 0896 BridgeMP - ok
10:09:38.0579 0896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:09:38.0581 0896 Browser - ok
10:09:38.0593 0896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:09:38.0596 0896 Brserid - ok
10:09:38.0612 0896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:09:38.0613 0896 BrSerWdm - ok
10:09:38.0616 0896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:09:38.0617 0896 BrUsbMdm - ok
10:09:38.0621 0896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:09:38.0621 0896 BrUsbSer - ok
10:09:38.0627 0896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:09:38.0629 0896 BTHMODEM - ok
10:09:38.0674 0896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:09:38.0675 0896 bthserv - ok
10:09:38.0707 0896 catchme - ok
10:09:38.0723 0896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:09:38.0725 0896 cdfs - ok
10:09:38.0766 0896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:09:38.0768 0896 cdrom - ok
10:09:38.0804 0896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:09:38.0805 0896 CertPropSvc - ok
10:09:38.0809 0896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:09:38.0810 0896 circlass - ok
10:09:38.0842 0896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:09:38.0846 0896 CLFS - ok
10:09:38.0899 0896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:09:38.0902 0896 clr_optimization_v2.0.50727_32 - ok
10:09:38.0927 0896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:09:38.0930 0896 clr_optimization_v2.0.50727_64 - ok
10:09:38.0992 0896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:09:39.0013 0896 clr_optimization_v4.0.30319_32 - ok
10:09:39.0030 0896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:09:39.0034 0896 clr_optimization_v4.0.30319_64 - ok
10:09:39.0039 0896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:09:39.0040 0896 CmBatt - ok
10:09:39.0052 0896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:09:39.0052 0896 cmdide - ok
10:09:39.0097 0896 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:09:39.0107 0896 CNG - ok
10:09:39.0144 0896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:09:39.0145 0896 Compbatt - ok
10:09:39.0189 0896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:09:39.0190 0896 CompositeBus - ok
10:09:39.0204 0896 COMSysApp - ok
10:09:39.0209 0896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:09:39.0210 0896 crcdisk - ok
10:09:39.0244 0896 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:09:39.0246 0896 CryptSvc - ok
10:09:39.0274 0896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:09:39.0287 0896 DcomLaunch - ok
10:09:39.0323 0896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:09:39.0326 0896 defragsvc - ok
10:09:39.0356 0896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:09:39.0358 0896 DfsC - ok
10:09:39.0401 0896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:09:39.0404 0896 Dhcp - ok
10:09:39.0413 0896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:09:39.0414 0896 discache - ok
10:09:39.0425 0896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:09:39.0426 0896 Disk - ok
10:09:39.0463 0896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:09:39.0465 0896 Dnscache - ok
10:09:39.0503 0896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:09:39.0506 0896 dot3svc - ok
10:09:39.0537 0896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:09:39.0540 0896 DPS - ok
10:09:39.0564 0896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:09:39.0565 0896 drmkaud - ok
10:09:39.0625 0896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:09:39.0637 0896 DXGKrnl - ok
10:09:39.0656 0896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:09:39.0658 0896 EapHost - ok
10:09:39.0780 0896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:09:39.0830 0896 ebdrv - ok
10:09:39.0911 0896 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
10:09:39.0914 0896 EFS - ok
10:09:39.0976 0896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:09:39.0988 0896 ehRecvr - ok
10:09:40.0021 0896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:09:40.0023 0896 ehSched - ok
10:09:40.0084 0896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:09:40.0090 0896 elxstor - ok
10:09:40.0111 0896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:09:40.0111 0896 ErrDev - ok
10:09:40.0145 0896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:09:40.0157 0896 EventSystem - ok
10:09:40.0173 0896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:09:40.0175 0896 exfat - ok
10:09:40.0197 0896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:09:40.0199 0896 fastfat - ok
10:09:40.0268 0896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:09:40.0280 0896 Fax - ok
10:09:40.0297 0896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:09:40.0298 0896 fdc - ok
10:09:40.0309 0896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:09:40.0310 0896 fdPHost - ok
10:09:40.0323 0896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:09:40.0324 0896 FDResPub - ok
10:09:40.0339 0896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:09:40.0340 0896 FileInfo - ok
10:09:40.0357 0896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:09:40.0358 0896 Filetrace - ok
10:09:40.0372 0896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:09:40.0373 0896 flpydisk - ok
10:09:40.0404 0896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:09:40.0407 0896 FltMgr - ok
10:09:40.0471 0896 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
10:09:40.0483 0896 FontCache - ok
10:09:40.0546 0896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:09:40.0547 0896 FontCache3.0.0.0 - ok
10:09:40.0654 0896 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
10:09:40.0669 0896 ForceWare Intelligent Application Manager (IAM) - ok
10:09:40.0714 0896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:09:40.0715 0896 FsDepends - ok
10:09:40.0727 0896 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:09:40.0727 0896 Fs_Rec - ok
10:09:40.0774 0896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:09:40.0776 0896 fvevol - ok
10:09:40.0811 0896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:09:40.0813 0896 gagp30kx - ok
10:09:40.0867 0896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:09:40.0900 0896 gpsvc - ok
10:09:40.0999 0896 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
10:09:41.0015 0896 Greg_Service - ok
10:09:41.0108 0896 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:09:41.0109 0896 gupdate - ok
10:09:41.0128 0896 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:09:41.0129 0896 gupdatem - ok
10:09:41.0236 0896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:09:41.0237 0896 hcw85cir - ok
10:09:41.0292 0896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:09:41.0296 0896 HdAudAddService - ok
10:09:41.0327 0896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:09:41.0329 0896 HDAudBus - ok
10:09:41.0344 0896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:09:41.0344 0896 HidBatt - ok
10:09:41.0353 0896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:09:41.0354 0896 HidBth - ok
10:09:41.0359 0896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:09:41.0360 0896 HidIr - ok
10:09:41.0379 0896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:09:41.0380 0896 hidserv - ok
10:09:41.0421 0896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:09:41.0422 0896 HidUsb - ok
10:09:41.0456 0896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:09:41.0458 0896 hkmsvc - ok
10:09:41.0492 0896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:09:41.0495 0896 HomeGroupListener - ok
10:09:41.0527 0896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:09:41.0530 0896 HomeGroupProvider - ok
10:09:41.0556 0896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:09:41.0557 0896 HpSAMD - ok
10:09:41.0622 0896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:09:41.0629 0896 HTTP - ok
10:09:41.0661 0896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:09:41.0662 0896 hwpolicy - ok
10:09:41.0691 0896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:09:41.0693 0896 i8042prt - ok
10:09:41.0745 0896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:09:41.0749 0896 iaStorV - ok
10:09:41.0827 0896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:09:41.0836 0896 idsvc - ok
10:09:41.0855 0896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:09:41.0856 0896 iirsp - ok
10:09:41.0913 0896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:09:41.0922 0896 IKEEXT - ok
10:09:42.0021 0896 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys
10:09:42.0037 0896 IntcAzAudAddService - ok
10:09:42.0121 0896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:09:42.0122 0896 intelide - ok
10:09:42.0138 0896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:09:42.0139 0896 intelppm - ok
10:09:42.0162 0896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:09:42.0164 0896 IPBusEnum - ok
10:09:42.0200 0896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:09:42.0201 0896 IpFilterDriver - ok
10:09:42.0256 0896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:09:42.0263 0896 iphlpsvc - ok
10:09:42.0274 0896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:09:42.0275 0896 IPMIDRV - ok
10:09:42.0286 0896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:09:42.0288 0896 IPNAT - ok
10:09:42.0311 0896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:09:42.0312 0896 IRENUM - ok
10:09:42.0319 0896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:09:42.0320 0896 isapnp - ok
10:09:42.0342 0896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:09:42.0345 0896 iScsiPrt - ok
10:09:42.0368 0896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:09:42.0369 0896 kbdclass - ok
10:09:42.0381 0896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:09:42.0382 0896 kbdhid - ok
10:09:42.0402 0896 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:09:42.0403 0896 KeyIso - ok
10:09:42.0413 0896 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:09:42.0415 0896 KSecDD - ok
10:09:42.0444 0896 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:09:42.0446 0896 KSecPkg - ok
10:09:42.0457 0896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:09:42.0458 0896 ksthunk - ok
10:09:42.0497 0896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:09:42.0502 0896 KtmRm - ok
10:09:42.0534 0896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:09:42.0537 0896 LanmanServer - ok
10:09:42.0638 0896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:09:42.0650 0896 LanmanWorkstation - ok
10:09:42.0690 0896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:09:42.0691 0896 lltdio - ok
10:09:42.0722 0896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:09:42.0726 0896 lltdsvc - ok
10:09:42.0737 0896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:09:42.0738 0896 lmhosts - ok
10:09:42.0774 0896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:09:42.0776 0896 LSI_FC - ok
10:09:42.0811 0896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:09:42.0812 0896 LSI_SAS - ok
10:09:42.0817 0896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:09:42.0818 0896 LSI_SAS2 - ok
10:09:42.0836 0896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:09:42.0838 0896 LSI_SCSI - ok
10:09:42.0861 0896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:09:42.0862 0896 luafv - ok
10:09:42.0889 0896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:09:42.0890 0896 Mcx2Svc - ok
10:09:42.0894 0896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:09:42.0895 0896 megasas - ok
10:09:42.0918 0896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:09:42.0921 0896 MegaSR - ok
10:09:42.0965 0896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:09:42.0967 0896 MMCSS - ok
10:09:42.0973 0896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:09:42.0973 0896 Modem - ok
10:09:43.0005 0896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:09:43.0006 0896 monitor - ok
10:09:43.0039 0896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:09:43.0039 0896 mouclass - ok
10:09:43.0045 0896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:09:43.0046 0896 mouhid - ok
10:09:43.0073 0896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:09:43.0074 0896 mountmgr - ok
10:09:43.0100 0896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:09:43.0102 0896 mpio - ok
10:09:43.0120 0896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:09:43.0122 0896 mpsdrv - ok
10:09:43.0154 0896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:09:43.0156 0896 MRxDAV - ok
10:09:43.0195 0896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:09:43.0197 0896 mrxsmb - ok
10:09:43.0236 0896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:09:43.0239 0896 mrxsmb10 - ok
10:09:43.0258 0896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:09:43.0259 0896 mrxsmb20 - ok
10:09:43.0280 0896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:09:43.0281 0896 msahci - ok
10:09:43.0337 0896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:09:43.0394 0896 msdsm - ok
10:09:43.0420 0896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:09:43.0423 0896 MSDTC - ok
10:09:43.0430 0896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:09:43.0431 0896 Msfs - ok
10:09:43.0443 0896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:09:43.0444 0896 mshidkmdf - ok
10:09:43.0452 0896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:09:43.0453 0896 msisadrv - ok
10:09:43.0494 0896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:09:43.0496 0896 MSiSCSI - ok
10:09:43.0498 0896 msiserver - ok
10:09:43.0521 0896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:09:43.0522 0896 MSKSSRV - ok
10:09:43.0547 0896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:09:43.0547 0896 MSPCLOCK - ok
10:09:43.0563 0896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:09:43.0563 0896 MSPQM - ok
10:09:43.0607 0896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:09:43.0610 0896 MsRPC - ok
10:09:43.0647 0896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:09:43.0647 0896 mssmbios - ok
10:09:43.0655 0896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:09:43.0656 0896 MSTEE - ok
10:09:43.0668 0896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:09:43.0668 0896 MTConfig - ok
10:09:43.0697 0896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:09:43.0698 0896 Mup - ok
10:09:43.0742 0896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:09:43.0751 0896 napagent - ok
10:09:43.0794 0896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:09:43.0797 0896 NativeWifiP - ok
10:09:43.0856 0896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:09:43.0865 0896 NDIS - ok
10:09:43.0892 0896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:09:43.0893 0896 NdisCap - ok
10:09:43.0910 0896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:09:43.0911 0896 NdisTapi - ok
10:09:43.0947 0896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:09:43.0948 0896 Ndisuio - ok
10:09:43.0978 0896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:09:43.0980 0896 NdisWan - ok
10:09:44.0014 0896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:09:44.0015 0896 NDProxy - ok
10:09:44.0126 0896 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:09:44.0140 0896 Nero BackItUp Scheduler 4.0 - ok
10:09:44.0158 0896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:09:44.0159 0896 NetBIOS - ok
10:09:44.0196 0896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:09:44.0199 0896 NetBT - ok
10:09:44.0211 0896 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:09:44.0211 0896 Netlogon - ok
10:09:44.0290 0896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:09:44.0305 0896 Netman - ok
10:09:44.0333 0896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:09:44.0342 0896 netprofm - ok
10:09:44.0402 0896 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:44.0403 0896 NetTcpPortSharing - ok
10:09:44.0441 0896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:09:44.0442 0896 nfrd960 - ok
10:09:44.0485 0896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:09:44.0489 0896 NlaSvc - ok
10:09:44.0498 0896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:09:44.0499 0896 Npfs - ok
10:09:44.0506 0896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:09:44.0507 0896 nsi - ok
10:09:44.0512 0896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:09:44.0513 0896 nsiproxy - ok
10:09:44.0598 0896 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
10:09:44.0600 0896 nSvcIp - ok
10:09:44.0688 0896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:09:44.0708 0896 Ntfs - ok
10:09:44.0774 0896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:09:44.0775 0896 Null - ok
10:09:44.0803 0896 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
10:09:44.0816 0896 NVENETFD - ok
10:09:44.0856 0896 NVHDA (181e7fe39211e04128a30708906627d8) C:\Windows\system32\drivers\nvhda64v.sys
10:09:44.0857 0896 NVHDA - ok
10:09:45.0233 0896 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:45.0412 0896 nvlddmkm - ok
10:09:45.0549 0896 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
10:09:45.0551 0896 NVNET - ok
10:09:45.0593 0896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:09:45.0595 0896 nvraid - ok
10:09:45.0627 0896 nvsmu (afde3015bb8d76e26bec3b287c5443a0) C:\Windows\system32\DRIVERS\nvsmu.sys
10:09:45.0627 0896 nvsmu - ok
10:09:45.0664 0896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:09:45.0667 0896 nvstor - ok
10:09:45.0679 0896 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
10:09:45.0681 0896 nvstor64 - ok
10:09:45.0712 0896 nvsvc (43bc8151893ae6afe42e149d663c2221) C:\Windows\system32\nvvsvc.exe
10:09:45.0718 0896 nvsvc - ok
10:09:45.0745 0896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:09:45.0746 0896 nv_agp - ok
10:09:45.0766 0896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:09:45.0767 0896 ohci1394 - ok
10:09:45.0834 0896 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:45.0835 0896 ose - ok
10:09:45.0875 0896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:09:45.0878 0896 p2pimsvc - ok
10:09:45.0912 0896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:09:45.0921 0896 p2psvc - ok
10:09:45.0949 0896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:09:45.0950 0896 Parport - ok
10:09:45.0975 0896 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:09:45.0976 0896 partmgr - ok
10:09:45.0993 0896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:09:45.0996 0896 PcaSvc - ok
10:09:46.0012 0896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:09:46.0014 0896 pci - ok
10:09:46.0025 0896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:09:46.0026 0896 pciide - ok
10:09:46.0044 0896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:09:46.0046 0896 pcmcia - ok
10:09:46.0061 0896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:09:46.0062 0896 pcw - ok
10:09:46.0103 0896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:09:46.0115 0896 PEAUTH - ok
10:09:46.0173 0896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:09:46.0188 0896 PerfHost - ok
10:09:46.0265 0896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:09:46.0278 0896 pla - ok
10:09:46.0326 0896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:09:46.0337 0896 PlugPlay - ok
10:09:46.0358 0896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:09:46.0359 0896 PNRPAutoReg - ok
10:09:46.0383 0896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:09:46.0385 0896 PNRPsvc - ok
10:09:46.0417 0896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:09:46.0424 0896 PolicyAgent - ok
10:09:46.0451 0896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:09:46.0454 0896 Power - ok
10:09:46.0518 0896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:09:46.0520 0896 PptpMiniport - ok
10:09:46.0540 0896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:09:46.0541 0896 Processor - ok
10:09:46.0557 0896 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:09:46.0559 0896 ProfSvc - ok
10:09:46.0577 0896 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:09:46.0578 0896 ProtectedStorage - ok
10:09:46.0622 0896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:09:46.0623 0896 Psched - ok
10:09:46.0700 0896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:09:46.0716 0896 ql2300 - ok
10:09:46.0784 0896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:09:46.0785 0896 ql40xx - ok
10:09:46.0811 0896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:09:46.0814 0896 QWAVE - ok
10:09:46.0828 0896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:09:46.0829 0896 QWAVEdrv - ok
10:09:46.0832 0896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:09:46.0833 0896 RasAcd - ok
10:09:46.0872 0896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:46.0873 0896 RasAgileVpn - ok
10:09:46.0889 0896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:09:46.0892 0896 RasAuto - ok
10:09:46.0924 0896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:46.0926 0896 Rasl2tp - ok
10:09:46.0960 0896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:09:46.0966 0896 RasMan - ok
10:09:46.0995 0896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:46.0996 0896 RasPppoe - ok
10:09:47.0028 0896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:09:47.0030 0896 RasSstp - ok
10:09:47.0064 0896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:09:47.0068 0896 rdbss - ok
10:09:47.0083 0896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:47.0084 0896 rdpbus - ok
10:09:47.0098 0896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:47.0099 0896 RDPCDD - ok
10:09:47.0132 0896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:09:47.0132 0896 RDPENCDD - ok
10:09:47.0144 0896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:09:47.0145 0896 RDPREFMP - ok
10:09:47.0178 0896 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:09:47.0180 0896 RDPWD - ok
10:09:47.0215 0896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:09:47.0218 0896 rdyboost - ok
10:09:47.0256 0896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:09:47.0258 0896 RemoteAccess - ok
10:09:47.0272 0896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:09:47.0274 0896 RemoteRegistry - ok
10:09:47.0288 0896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:09:47.0290 0896 RpcEptMapper - ok
10:09:47.0304 0896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:09:47.0305 0896 RpcLocator - ok
10:09:47.0357 0896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:09:47.0361 0896 RpcSs - ok
10:09:47.0386 0896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:09:47.0388 0896 rspndr - ok
10:09:47.0403 0896 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:09:47.0404 0896 SamSs - ok
10:09:47.0423 0896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:09:47.0425 0896 sbp2port - ok
10:09:47.0444 0896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:09:47.0447 0896 SCardSvr - ok
10:09:47.0472 0896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:09:47.0473 0896 scfilter - ok
10:09:47.0538 0896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:09:47.0549 0896 Schedule - ok
10:09:47.0578 0896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:09:47.0579 0896 SCPolicySvc - ok
10:09:47.0604 0896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:09:47.0607 0896 SDRSVC - ok
10:09:47.0635 0896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:09:47.0636 0896 secdrv - ok
10:09:47.0659 0896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:09:47.0660 0896 seclogon - ok
10:09:47.0688 0896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:09:47.0690 0896 SENS - ok
10:09:47.0703 0896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:09:47.0704 0896 SensrSvc - ok
10:09:47.0736 0896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:09:47.0737 0896 Serenum - ok
10:09:47.0743 0896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:09:47.0745 0896 Serial - ok
10:09:47.0756 0896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:09:47.0757 0896 sermouse - ok
10:09:47.0789 0896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:09:47.0791 0896 SessionEnv - ok
10:09:47.0821 0896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:09:47.0822 0896 sffdisk - ok
10:09:47.0834 0896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:09:47.0834 0896 sffp_mmc - ok
10:09:47.0844 0896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:09:47.0845 0896 sffp_sd - ok
10:09:47.0863 0896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:09:47.0864 0896 sfloppy - ok
10:09:47.0902 0896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:09:47.0906 0896 SharedAccess - ok
10:09:47.0944 0896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:09:47.0948 0896 ShellHWDetection - ok
10:09:47.0962 0896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:09:47.0964 0896 SiSRaid2 - ok
10:09:47.0969 0896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:09:47.0970 0896 SiSRaid4 - ok
10:09:47.0978 0896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:09:47.0980 0896 Smb - ok
10:09:47.0997 0896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:09:47.0999 0896 SNMPTRAP - ok
10:09:48.0009 0896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:09:48.0010 0896 spldr - ok
10:09:48.0064 0896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:09:48.0071 0896 Spooler - ok
10:09:48.0212 0896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:09:48.0259 0896 sppsvc - ok
10:09:48.0331 0896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:09:48.0333 0896 sppuinotify - ok
10:09:48.0391 0896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:09:48.0401 0896 srv - ok
10:09:48.0424 0896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:09:48.0436 0896 srv2 - ok
10:09:48.0475 0896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:09:48.0477 0896 srvnet - ok
10:09:48.0517 0896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:09:48.0520 0896 SSDPSRV - ok
10:09:48.0535 0896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:09:48.0537 0896 SstpSvc - ok
10:09:48.0558 0896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:09:48.0559 0896 stexstor - ok
10:09:48.0612 0896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:09:48.0619 0896 stisvc - ok
10:09:48.0633 0896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:09:48.0633 0896 swenum - ok
10:09:48.0662 0896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:09:48.0669 0896 swprv - ok
10:09:48.0753 0896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:09:48.0770 0896 SysMain - ok
10:09:48.0863 0896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:09:48.0865 0896 TabletInputService - ok
10:09:48.0903 0896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:09:48.0907 0896 TapiSrv - ok
10:09:48.0920 0896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:09:48.0922 0896 TBS - ok
10:09:49.0037 0896 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
10:09:49.0057 0896 Tcpip - ok
10:09:49.0178 0896 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
10:09:49.0187 0896 TCPIP6 - ok
10:09:49.0234 0896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:09:49.0236 0896 tcpipreg - ok
10:09:49.0264 0896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:09:49.0265 0896 TDPIPE - ok
10:09:49.0279 0896 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:09:49.0280 0896 TDTCP - ok
10:09:49.0310 0896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:09:49.0312 0896 tdx - ok
10:09:49.0327 0896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:09:49.0328 0896 TermDD - ok
10:09:49.0375 0896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:09:49.0387 0896 TermService - ok
10:09:49.0411 0896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:09:49.0412 0896 Themes - ok
10:09:49.0431 0896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:09:49.0432 0896 THREADORDER - ok
10:09:49.0449 0896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:09:49.0452 0896 TrkWks - ok
10:09:49.0504 0896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:09:49.0506 0896 TrustedInstaller - ok
10:09:49.0533 0896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:49.0534 0896 tssecsrv - ok
10:09:49.0581 0896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:09:49.0582 0896 TsUsbFlt - ok
10:09:49.0622 0896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:09:49.0624 0896 tunnel - ok
10:09:49.0629 0896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:09:49.0630 0896 uagp35 - ok
10:09:49.0668 0896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:09:49.0671 0896 udfs - ok
10:09:49.0690 0896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:09:49.0692 0896 UI0Detect - ok
10:09:49.0703 0896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:09:49.0705 0896 uliagpkx - ok
10:09:49.0728 0896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:09:49.0729 0896 umbus - ok
10:09:49.0743 0896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:09:49.0744 0896 UmPass - ok
10:09:49.0814 0896 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:09:49.0817 0896 Updater Service - ok
10:09:49.0842 0896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:09:49.0846 0896 upnphost - ok
10:09:49.0890 0896 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:09:49.0892 0896 usbaudio - ok
10:09:49.0924 0896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:49.0925 0896 usbccgp - ok
10:09:49.0960 0896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:09:49.0962 0896 usbcir - ok
10:09:49.0982 0896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:09:49.0983 0896 usbehci - ok
10:09:50.0005 0896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:09:50.0009 0896 usbhub - ok
10:09:50.0025 0896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:09:50.0025 0896 usbohci - ok
10:09:50.0051 0896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:09:50.0051 0896 usbprint - ok
10:09:50.0095 0896 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:09:50.0096 0896 usbscan - ok
10:09:50.0126 0896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:09:50.0127 0896 USBSTOR - ok
10:09:50.0142 0896 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:09:50.0143 0896 usbuhci - ok
10:09:50.0155 0896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:09:50.0156 0896 UxSms - ok
10:09:50.0168 0896 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:09:50.0169 0896 VaultSvc - ok
10:09:50.0177 0896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:09:50.0178 0896 vdrvroot - ok
10:09:50.0220 0896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:09:50.0226 0896 vds - ok
10:09:50.0246 0896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:50.0247 0896 vga - ok
10:09:50.0259 0896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:09:50.0260 0896 VgaSave - ok
10:09:50.0280 0896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:09:50.0282 0896 vhdmp - ok
10:09:50.0307 0896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:09:50.0307 0896 viaide - ok
10:09:50.0322 0896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:09:50.0323 0896 volmgr - ok
10:09:50.0361 0896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:09:50.0364 0896 volmgrx - ok
10:09:50.0388 0896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:09:50.0391 0896 volsnap - ok
10:09:50.0419 0896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:09:50.0421 0896 vsmraid - ok
10:09:50.0509 0896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:09:50.0525 0896 VSS - ok
10:09:50.0615 0896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:09:50.0616 0896 vwifibus - ok
10:09:50.0659 0896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:09:50.0670 0896 W32Time - ok
10:09:50.0675 0896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:09:50.0676 0896 WacomPen - ok
10:09:50.0718 0896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:09:50.0719 0896 WANARP - ok
10:09:50.0734 0896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:09:50.0734 0896 Wanarpv6 - ok
10:09:50.0814 0896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:50.0828 0896 WatAdminSvc - ok
10:09:50.0910 0896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:09:50.0924 0896 wbengine - ok
10:09:50.0970 0896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:09:50.0973 0896 WbioSrvc - ok
10:09:51.0017 0896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:09:51.0022 0896 wcncsvc - ok
10:09:51.0036 0896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:09:51.0037 0896 WcsPlugInService - ok
10:09:51.0042 0896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:09:51.0043 0896 Wd - ok
10:09:51.0081 0896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:09:51.0094 0896 Wdf01000 - ok
10:09:51.0114 0896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:09:51.0116 0896 WdiServiceHost - ok
10:09:51.0119 0896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:09:51.0120 0896 WdiSystemHost - ok
10:09:51.0155 0896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:09:51.0159 0896 WebClient - ok
10:09:51.0181 0896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:09:51.0184 0896 Wecsvc - ok
10:09:51.0203 0896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:09:51.0205 0896 wercplsupport - ok
10:09:51.0231 0896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:09:51.0233 0896 WerSvc - ok
10:09:51.0266 0896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:51.0267 0896 WfpLwf - ok
10:09:51.0272 0896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:09:51.0272 0896 WIMMount - ok
10:09:51.0325 0896 WinDefend - ok
10:09:51.0332 0896 WinHttpAutoProxySvc - ok
10:09:51.0376 0896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:09:51.0379 0896 Winmgmt - ok
10:09:51.0480 0896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:09:51.0513 0896 WinRM - ok
10:09:51.0620 0896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:09:51.0621 0896 WinUsb - ok
10:09:51.0666 0896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:09:51.0689 0896 Wlansvc - ok
10:09:51.0730 0896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:09:51.0731 0896 WmiAcpi - ok
10:09:51.0754 0896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:09:51.0756 0896 wmiApSrv - ok
10:09:51.0783 0896 WMPNetworkSvc - ok
10:09:51.0811 0896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:09:51.0812 0896 WPCSvc - ok
10:09:51.0848 0896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:09:51.0850 0896 WPDBusEnum - ok
10:09:51.0873 0896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:09:51.0874 0896 ws2ifsl - ok
10:09:51.0907 0896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:09:51.0909 0896 wscsvc - ok
10:09:51.0912 0896 WSearch - ok
10:09:52.0021 0896 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:09:52.0056 0896 wuauserv - ok
10:09:52.0155 0896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:09:52.0156 0896 WudfPf - ok
10:09:52.0172 0896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:52.0175 0896 WUDFRd - ok
10:09:52.0205 0896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:09:52.0207 0896 wudfsvc - ok
10:09:52.0228 0896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:09:52.0231 0896 WwanSvc - ok
10:09:52.0265 0896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:09:52.0326 0896 \Device\Harddisk0\DR0 - ok
10:09:52.0330 0896 Boot (0x1200) (2b73b44cd2ef0d9b534db59edf0e41c7) \Device\Harddisk0\DR0\Partition0
10:09:52.0331 0896 \Device\Harddisk0\DR0\Partition0 - ok
10:09:52.0340 0896 Boot (0x1200) (42bc36d9312432fb5b97902a2e2aa3d3) \Device\Harddisk0\DR0\Partition1
10:09:52.0341 0896 \Device\Harddisk0\DR0\Partition1 - ok
10:09:52.0341 0896 ============================================================
10:09:52.0341 0896 Scan finished
10:09:52.0341 0896 ============================================================
10:09:52.0349 1460 Detected object count: 0
10:09:52.0350 1460 Actual detected object count: 0

#14 j0e00

j0e00
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 April 2012 - 12:18 PM

aswMBR found a bunch of stuff. Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-24 10:12:58
-----------------------------
10:12:58.803 OS Version: Windows x64 6.1.7601 Service Pack 1
10:12:58.803 Number of processors: 3 586 0x502
10:12:58.803 ComputerName: JOECOMPUTER UserName: joe
10:12:59.400 Initialize success
10:13:37.657 AVAST engine defs: 12042400
10:13:57.245 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
10:13:57.247 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
10:13:57.277 Disk 0 MBR read successfully
10:13:57.279 Disk 0 MBR scan
10:13:57.282 Disk 0 Windows 7 default MBR code
10:13:57.322 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14000 MB offset 2048
10:13:57.359 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 28674048
10:13:57.373 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 462838 MB offset 28878848
10:13:57.386 Disk 0 scanning C:\Windows\system32\drivers
10:14:03.600 Service scanning
10:14:16.473 Modules scanning
10:14:16.479 Disk 0 trace - called modules:
10:14:16.489 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
10:14:16.493 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041c0060]
10:14:16.497 3 CLASSPNP.SYS[fffff8800197e43f] -> nt!IofCallDriver -> [0xfffffa80040637a0]
10:14:16.502 5 ACPI.sys[fffff88000ed47a1] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80040639c0]
10:14:17.433 AVAST engine scan C:\Windows
10:14:19.935 AVAST engine scan C:\Windows\system32
10:14:22.258 File: C:\Windows\system32\atiavaiw.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:14:24.699 File: C:\Windows\system32\bthmodem.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:14:24.851 File: C:\Windows\system32\btwrchid.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:14:34.325 File: C:\Windows\system32\ehstart.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:14:38.243 File: C:\Windows\system32\hidbatt.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:14:41.924 File: C:\Windows\system32\JGOGO.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:15:04.986 File: C:\Windows\system32\pdlnecfg.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:15:09.569 File: C:\Windows\system32\RDID1007.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:15:22.270 File: C:\Windows\system32\unlockerdriver5.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:15:24.002 File: C:\Windows\system32\viaagp.dll **INFECTED** Win64:ZAccess-E [Rtk]
10:16:17.178 File: C:\Windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
10:16:17.227 File: C:\Windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
10:16:17.719 AVAST engine scan C:\Windows\system32\drivers
10:16:24.868 AVAST engine scan C:\Users\joe
10:16:25.756 File: C:\Users\joe\AppData\Local\JavaSoft\dvkkadxd.dll **INFECTED** Win32:Malware-gen
10:17:56.631 Disk 0 MBR has been saved successfully to "C:\Users\joe\Desktop\MBR.dat"
10:17:56.637 The log file has been saved successfully to "C:\Users\joe\Desktop\aswMBR.txt"

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:58 AM

Posted 26 April 2012 - 11:29 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Windows\assembly\temp\U

File::
C:\Windows\system32\atiavaiw.dll
C:\Windows\system32\bthmodem.dll
C:\Windows\system32\btwrchid.dll
C:\Windows\system32\ehstart.dll
C:\Windows\system32\hidbatt.dll
C:\Windows\system32\JGOGO.dll
C:\Windows\system32\pdlnecfg.dll
C:\Windows\system32\RDID1007.dll
C:\Windows\system32\unlockerdriver5.dll
C:\Windows\system32\viaagp.dll
C:\Users\joe\AppData\Local\JavaSoft\dvkkadxd.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users