Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS post for iLivid zeroaccess rootkit infection


  • This topic is locked This topic is locked
29 replies to this topic

#1 gnpleco

gnpleco

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 14 June 2012 - 09:05 PM

Hi, I posted about an infection with my computer, and "Broni" told me I was infected with zeroaccess rootkit or something. He told me I needed more help and advised me to do a "DDS" scan and post in as a new topic in this forum. The link to the description of the problem and my interactions with "Broni" are here:
http://www.bleepingcomputer.com/forums/topic456611.html

This is the DDS.txt file:.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19088
Run by Owner at 21:51:42 on 2012-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3963.2308 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Enabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehtray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
\\.\globalroot\systemroot\Installer\{c75d2e20-8295-c66c-e7db-dd1ad177b5eb}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{6CDA61DC-6312-447C-BCBC-6270408EB988} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun-x64: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\w0l72ql8.default\
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Picasa2\npPicasa2.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\system32\DRIVERS\thpdrv.sys --> C:\Windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\system32\DRIVERS\Thpevm.SYS --> C:\Windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 PSSDK42;PSSDK42;\??\C:\Windows\system32\Drivers\pssdk42.sys --> C:\Windows\system32\Drivers\pssdk42.sys [?]
R1 PSSDKLBF;PSSDKLBF;\??\C:\Windows\system32\Drivers\pssdklbf.sys --> C:\Windows\system32\Drivers\pssdklbf.sys [?]
R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-6-2 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-3 93184]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-29 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-06-11 02:19:55 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-06-04 02:44:42 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-04 02:44:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-31 02:29:33 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-05-31 02:06:19 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-19 04:02:01 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2012-05-19 04:01:24 -------- d-----w- C:\ProgramData\Cisco Systems
.
==================== Find3M ====================
.
2012-05-31 02:06:19 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 21:52:18.36 ===============


I have also attached the attach.txt file from DDS. I did not have any "CD emulation" programs and did not use GMER since I have a 64 bit Windows version running. Thank you again in advance for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 14 June 2012 - 11:47 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 June 2012 - 05:30 AM

Hi Gringo, nice to meet you and thank you for the prompt reply.

So I ran "SecurityCheck" and this is the log:

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x64 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Kaspersky Anti-Virus
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 11
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Flash Player 10.3.181.26 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.28) Firefox out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````


I also ran "Combofix", but the program either stalls at a certain point or gives me the following error message: "Error opening file for writing: C:\32788R22FWJFW\pev.3XE" There did not appear to be a generated log file.

I want to mention that prior to posting to bleeping computer, I did one thing: I read that perhaps my "host" file had been hijacked, so I deleted it after using a program called "Take Ownership" or something that allows you to access administrative files. After deleting it, I went to a Microsoft website to restore it as indicated by the poster of the solution. I'm not sure if that changes anything, but it did not appear to solve the error problems I have been getting.

In any case, my computer right now still has the following problems: Windows sidebar has an error on starting up, then closes. The error message "Windows host services has stopped working" also appears routinely, and sometimes when I am viewing webpages I get the "blue screen error" and have to restart the laptop.

Thanks again in advance for your help.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 17 June 2012 - 09:10 AM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 June 2012 - 06:11 PM

Hi Gringo, I tried "ComboFix" in safe mode and the program was able to start. However, it was trying to restore the "system32" something or other file but did not generate a log or restart the computer. I read in the program message that it should take 10 to 20 minutes, but after 40 minutes I just turned it off. I restarted the computer in normal mode and Windows sidebar started up OK. However, my Toshiba sidebar did not appear. Everything else appeared to be fine. So I decided to run "ComboFix" again in normal mode just to make sure nothing else was infected, and this time it was working on the "sysWoW64" or something file and also kept on running. So I once again shut down "ComboFix" and restarted the computer.

This time the Toshiba sidebar appears, but the Windows Sidebar does not and gives an error message.

Any suggestions as to what I should do?

Thank you for your attention.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 17 June 2012 - 06:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 June 2012 - 10:15 PM

Hi Gringo, hope you had a happy Father's Day.

Anyway, here is the logfile from "TDSSkiller":

22:53:09.0853 3456 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
22:53:10.0305 3456 ============================================================
22:53:10.0305 3456 Current date / time: 2012/06/17 22:53:10.0305
22:53:10.0305 3456 SystemInfo:
22:53:10.0305 3456
22:53:10.0305 3456 OS Version: 6.0.6001 ServicePack: 1.0
22:53:10.0305 3456 Product type: Workstation
22:53:10.0305 3456 ComputerName: OWNER-PC
22:53:10.0305 3456 UserName: Owner
22:53:10.0305 3456 Windows directory: C:\Windows
22:53:10.0305 3456 System windows directory: C:\Windows
22:53:10.0305 3456 Running under WOW64
22:53:10.0305 3456 Processor architecture: Intel x64
22:53:10.0305 3456 Number of processors: 2
22:53:10.0305 3456 Page size: 0x1000
22:53:10.0305 3456 Boot type: Normal boot
22:53:10.0305 3456 ============================================================
22:53:15.0812 3456 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:53:15.0827 3456 ============================================================
22:53:15.0827 3456 \Device\Harddisk0\DR0:
22:53:15.0827 3456 MBR partitions:
22:53:15.0827 3456 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23CC4000
22:53:15.0827 3456 ============================================================
22:53:15.0843 3456 C: <-> \Device\Harddisk0\DR0\Partition0
22:53:15.0843 3456 ============================================================
22:53:15.0843 3456 Initialize success
22:53:15.0843 3456 ============================================================
22:53:22.0270 3304 ============================================================
22:53:22.0270 3304 Scan started
22:53:22.0270 3304 Mode: Manual;
22:53:22.0270 3304 ============================================================
22:53:23.0315 3304 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
22:53:23.0315 3304 ACPI - ok
22:53:23.0409 3304 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:53:23.0409 3304 adp94xx - ok
22:53:23.0487 3304 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:53:23.0487 3304 adpahci - ok
22:53:23.0518 3304 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:53:23.0518 3304 adpu160m - ok
22:53:23.0565 3304 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:53:23.0565 3304 adpu320 - ok
22:53:23.0596 3304 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:53:23.0596 3304 AeLookupSvc - ok
22:53:23.0690 3304 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
22:53:23.0690 3304 AFD - ok
22:53:23.0737 3304 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
22:53:23.0737 3304 AgereModemAudio - ok
22:53:23.0846 3304 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
22:53:23.0846 3304 AgereSoftModem - ok
22:53:23.0908 3304 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:53:23.0908 3304 agp440 - ok
22:53:23.0924 3304 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:53:23.0939 3304 aic78xx - ok
22:53:23.0955 3304 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:53:23.0971 3304 ALG - ok
22:53:23.0986 3304 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:53:23.0986 3304 aliide - ok
22:53:24.0002 3304 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:53:24.0002 3304 amdide - ok
22:53:24.0033 3304 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:53:24.0049 3304 AmdK8 - ok
22:53:24.0095 3304 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:53:24.0095 3304 Appinfo - ok
22:53:24.0127 3304 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:53:24.0127 3304 arc - ok
22:53:24.0158 3304 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:53:24.0158 3304 arcsas - ok
22:53:24.0189 3304 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:53:24.0189 3304 AsyncMac - ok
22:53:24.0205 3304 atapi (b388797caab36d523840347cc6a39b96) C:\Windows\system32\drivers\atapi.sys
22:53:24.0205 3304 atapi - ok
22:53:24.0267 3304 AudioEndpointBuilder (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:53:24.0283 3304 AudioEndpointBuilder - ok
22:53:24.0283 3304 AudioSrv (2a54b6a48ab6d2166271b05e9469326e) C:\Windows\System32\Audiosrv.dll
22:53:24.0298 3304 AudioSrv - ok
22:53:24.0517 3304 AVP (16784221ea2556605ead8f09439ca638) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
22:53:24.0517 3304 AVP - ok
22:53:24.0595 3304 BFE (bc4737aaffa5964e4f8827c9b8c0eb8e) C:\Windows\System32\bfe.dll
22:53:24.0595 3304 BFE - ok
22:53:24.0719 3304 BITS (d896a0d43f8ab81ecb1fc6c24decfd58) C:\Windows\System32\qmgr.dll
22:53:24.0735 3304 BITS - ok
22:53:24.0797 3304 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:53:24.0797 3304 blbdrive - ok
22:53:24.0844 3304 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
22:53:24.0844 3304 bowser - ok
22:53:24.0875 3304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:53:24.0875 3304 BrFiltLo - ok
22:53:24.0907 3304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:53:24.0907 3304 BrFiltUp - ok
22:53:24.0953 3304 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:53:24.0953 3304 Browser - ok
22:53:25.0000 3304 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:53:25.0000 3304 Brserid - ok
22:53:25.0016 3304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:53:25.0016 3304 BrSerWdm - ok
22:53:25.0031 3304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:53:25.0031 3304 BrUsbMdm - ok
22:53:25.0141 3304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:53:25.0141 3304 BrUsbSer - ok
22:53:25.0312 3304 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:53:25.0312 3304 BTHMODEM - ok
22:53:25.0562 3304 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
22:53:25.0562 3304 camsvc - ok
22:53:25.0593 3304 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:53:25.0593 3304 cdfs - ok
22:53:25.0624 3304 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
22:53:25.0624 3304 cdrom - ok
22:53:25.0671 3304 CertPropSvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:53:25.0671 3304 CertPropSvc - ok
22:53:25.0687 3304 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:53:25.0687 3304 circlass - ok
22:53:25.0718 3304 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
22:53:25.0733 3304 CLFS - ok
22:53:25.0827 3304 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:53:25.0827 3304 clr_optimization_v2.0.50727_32 - ok
22:53:25.0889 3304 clr_optimization_v2.0.50727_64 (fa58b51ed71c9133e141164eaa7c54eb) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:53:25.0889 3304 clr_optimization_v2.0.50727_64 - ok
22:53:25.0921 3304 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:53:25.0936 3304 CmBatt - ok
22:53:25.0936 3304 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:53:25.0936 3304 cmdide - ok
22:53:25.0952 3304 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:53:25.0952 3304 Compbatt - ok
22:53:25.0952 3304 COMSysApp - ok
22:53:25.0999 3304 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
22:53:26.0014 3304 ConfigFree Gadget Service - ok
22:53:26.0030 3304 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:53:26.0030 3304 ConfigFree Service - ok
22:53:26.0061 3304 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:53:26.0061 3304 crcdisk - ok
22:53:26.0108 3304 CryptSvc (4374f784121d8b3bb466b03f5e5ebd33) C:\Windows\system32\cryptsvc.dll
22:53:26.0108 3304 CryptSvc - ok
22:53:26.0201 3304 DcomLaunch (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:53:26.0201 3304 DcomLaunch - ok
22:53:26.0373 3304 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
22:53:26.0373 3304 DfsC - ok
22:53:26.0607 3304 DFSR (1781f99840979ee7b126c9073c377fd0) C:\Windows\system32\DFSR.exe
22:53:26.0716 3304 DFSR - ok
22:53:26.0903 3304 Dhcp (fdaa0edfcfb70cd529589ad654651b40) C:\Windows\System32\dhcpcsvc.dll
22:53:26.0919 3304 Dhcp - ok
22:53:26.0981 3304 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
22:53:26.0981 3304 disk - ok
22:53:27.0044 3304 Dnscache (daf05293c1264e251d3a25e7e24b2ddf) C:\Windows\System32\dnsrslvr.dll
22:53:27.0044 3304 Dnscache - ok
22:53:27.0075 3304 dot3svc (cc661867677627f2911c2a4970dee0f1) C:\Windows\System32\dot3svc.dll
22:53:27.0091 3304 dot3svc - ok
22:53:27.0137 3304 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:53:27.0137 3304 DPS - ok
22:53:27.0169 3304 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:53:27.0169 3304 drmkaud - ok
22:53:27.0215 3304 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
22:53:27.0231 3304 DXGKrnl - ok
22:53:27.0262 3304 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:53:27.0262 3304 E1G60 - ok
22:53:27.0356 3304 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:53:27.0356 3304 EapHost - ok
22:53:27.0403 3304 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
22:53:27.0403 3304 Ecache - ok
22:53:27.0527 3304 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
22:53:27.0527 3304 ehRecvr - ok
22:53:27.0574 3304 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
22:53:27.0574 3304 ehSched - ok
22:53:27.0605 3304 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
22:53:27.0605 3304 ehstart - ok
22:53:27.0637 3304 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:53:27.0637 3304 elxstor - ok
22:53:27.0715 3304 EMDMgmt (e4eb76d0a8fc43db7f36302e1f33791f) C:\Windows\system32\emdmgmt.dll
22:53:27.0715 3304 EMDMgmt - ok
22:53:27.0777 3304 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:53:27.0777 3304 ErrDev - ok
22:53:27.0855 3304 EventSystem (6b1a97bf9fefbdc83f3c7c7d0f826c66) C:\Windows\system32\es.dll
22:53:27.0855 3304 EventSystem - ok
22:53:28.0089 3304 EvtEng (b43896e1de42639ba7ad4fd7988c01e5) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:53:28.0105 3304 EvtEng - ok
22:53:28.0276 3304 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
22:53:28.0292 3304 exfat - ok
22:53:28.0339 3304 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
22:53:28.0354 3304 fastfat - ok
22:53:28.0385 3304 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:53:28.0385 3304 fdc - ok
22:53:28.0401 3304 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:53:28.0401 3304 fdPHost - ok
22:53:28.0417 3304 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:53:28.0417 3304 FDResPub - ok
22:53:28.0448 3304 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:53:28.0448 3304 FileInfo - ok
22:53:28.0448 3304 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:53:28.0448 3304 Filetrace - ok
22:53:28.0463 3304 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:53:28.0463 3304 flpydisk - ok
22:53:28.0526 3304 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
22:53:28.0526 3304 FltMgr - ok
22:53:28.0588 3304 FontCache3.0.0.0 (73d0f1d32edae3dcc4e84468bf910add) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:53:28.0588 3304 FontCache3.0.0.0 - ok
22:53:28.0604 3304 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:53:28.0604 3304 Fs_Rec - ok
22:53:28.0619 3304 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
22:53:28.0635 3304 FwLnk - ok
22:53:28.0635 3304 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:53:28.0651 3304 gagp30kx - ok
22:53:28.0744 3304 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:53:28.0760 3304 GameConsoleService - ok
22:53:28.0853 3304 gpsvc (9e5b254d58232ec8921ec3c5a94c81ed) C:\Windows\System32\gpsvc.dll
22:53:28.0853 3304 gpsvc - ok
22:53:28.0978 3304 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:28.0978 3304 gupdate - ok
22:53:28.0994 3304 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:53:28.0994 3304 gupdatem - ok
22:53:29.0041 3304 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:53:29.0041 3304 gusvc - ok
22:53:29.0134 3304 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:53:29.0134 3304 HdAudAddService - ok
22:53:29.0181 3304 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:53:29.0181 3304 HDAudBus - ok
22:53:29.0197 3304 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:53:29.0197 3304 HidBth - ok
22:53:29.0228 3304 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:53:29.0228 3304 HidIr - ok
22:53:29.0243 3304 hidserv (0aa154538544e988429da2d5aa803a6c) C:\Windows\System32\hidserv.dll
22:53:29.0243 3304 hidserv - ok
22:53:29.0290 3304 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
22:53:29.0290 3304 HidUsb - ok
22:53:29.0306 3304 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:53:29.0306 3304 hkmsvc - ok
22:53:29.0337 3304 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:53:29.0337 3304 HpCISSs - ok
22:53:29.0399 3304 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:53:29.0399 3304 HSFHWAZL - ok
22:53:29.0524 3304 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:53:29.0524 3304 HSF_DPV - ok
22:53:29.0743 3304 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
22:53:29.0758 3304 HTTP - ok
22:53:29.0821 3304 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:53:29.0821 3304 i2omp - ok
22:53:29.0836 3304 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:53:29.0836 3304 i8042prt - ok
22:53:29.0899 3304 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
22:53:29.0899 3304 iaStor - ok
22:53:29.0961 3304 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:53:29.0961 3304 iaStorV - ok
22:53:30.0023 3304 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:53:30.0023 3304 IDriverT - ok
22:53:30.0148 3304 idsvc (76ea63cdb2d88dae7209691d089bef1d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:53:30.0148 3304 idsvc - ok
22:53:30.0679 3304 igfx (8b7de1ea805335b1361d459acb4ece18) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:53:30.0741 3304 igfx - ok
22:53:30.0881 3304 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:53:30.0881 3304 iirsp - ok
22:53:30.0944 3304 IKEEXT (3a3b232140c33376e134e7b61a0eaa44) C:\Windows\System32\ikeext.dll
22:53:30.0959 3304 IKEEXT - ok
22:53:31.0115 3304 IntcAzAudAddService (ce57d1a91272a35989837b868c8366df) C:\Windows\system32\drivers\RTKVHD64.sys
22:53:31.0131 3304 IntcAzAudAddService - ok
22:53:31.0303 3304 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
22:53:31.0303 3304 IntcHdmiAddService - ok
22:53:31.0318 3304 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:53:31.0318 3304 intelide - ok
22:53:31.0349 3304 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:53:31.0349 3304 intelppm - ok
22:53:31.0396 3304 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:53:31.0412 3304 IPBusEnum - ok
22:53:31.0427 3304 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:53:31.0427 3304 IpFilterDriver - ok
22:53:31.0474 3304 iphlpsvc (82efc3d6d161dd874f1203c5f60f623c) C:\Windows\System32\iphlpsvc.dll
22:53:31.0474 3304 iphlpsvc - ok
22:53:31.0474 3304 IpInIp - ok
22:53:31.0505 3304 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:53:31.0505 3304 IPMIDRV - ok
22:53:31.0505 3304 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:53:31.0505 3304 IPNAT - ok
22:53:31.0521 3304 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:53:31.0521 3304 IRENUM - ok
22:53:31.0568 3304 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:53:31.0568 3304 isapnp - ok
22:53:31.0583 3304 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
22:53:31.0583 3304 iScsiPrt - ok
22:53:31.0646 3304 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:53:31.0646 3304 iteatapi - ok
22:53:31.0693 3304 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:53:31.0708 3304 iteraid - ok
22:53:31.0724 3304 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:53:31.0724 3304 kbdclass - ok
22:53:31.0739 3304 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:53:31.0739 3304 kbdhid - ok
22:53:31.0786 3304 KeyIso (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:53:31.0786 3304 KeyIso - ok
22:53:31.0817 3304 kl1 (a93305fdfd1b09ce69e88e361c958e2a) C:\Windows\system32\DRIVERS\kl1.sys
22:53:31.0817 3304 kl1 - ok
22:53:31.0849 3304 KLBG (d931293c41a98ec2dda6a4dfea0d6729) C:\Windows\system32\DRIVERS\klbg.sys
22:53:31.0849 3304 KLBG - ok
22:53:31.0942 3304 KLIF (76721f931340ac0a698267dd03f8df0c) C:\Windows\system32\DRIVERS\klif.sys
22:53:31.0958 3304 KLIF - ok
22:53:31.0973 3304 KLIM6 (fc4e682786ab02bd0ab4e8a2318d89a6) C:\Windows\system32\DRIVERS\klim6.sys
22:53:31.0973 3304 KLIM6 - ok
22:53:32.0020 3304 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
22:53:32.0020 3304 KSecDD - ok
22:53:32.0051 3304 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:53:32.0051 3304 ksthunk - ok
22:53:32.0129 3304 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:53:32.0129 3304 KtmRm - ok
22:53:32.0176 3304 LanmanServer (3f27c9cdae606d74431e3ab39571a7f3) C:\Windows\System32\srvsvc.dll
22:53:32.0192 3304 LanmanServer - ok
22:53:32.0239 3304 LanmanWorkstation (6e25ffc6fead6544c6e9f1d23329570c) C:\Windows\System32\wkssvc.dll
22:53:32.0254 3304 LanmanWorkstation - ok
22:53:32.0317 3304 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:53:32.0317 3304 LightScribeService - ok
22:53:32.0332 3304 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:53:32.0332 3304 lltdio - ok
22:53:32.0379 3304 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:53:32.0395 3304 lltdsvc - ok
22:53:32.0410 3304 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:53:32.0410 3304 lmhosts - ok
22:53:32.0457 3304 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:53:32.0457 3304 LSI_FC - ok
22:53:32.0473 3304 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:53:32.0473 3304 LSI_SAS - ok
22:53:32.0488 3304 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:53:32.0488 3304 LSI_SCSI - ok
22:53:32.0504 3304 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:53:32.0504 3304 luafv - ok
22:53:32.0519 3304 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
22:53:32.0535 3304 Mcx2Svc - ok
22:53:32.0551 3304 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:53:32.0551 3304 megasas - ok
22:53:32.0613 3304 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:53:32.0613 3304 MegaSR - ok
22:53:32.0644 3304 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:53:32.0644 3304 MMCSS - ok
22:53:32.0660 3304 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:53:32.0660 3304 Modem - ok
22:53:32.0675 3304 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:53:32.0675 3304 monitor - ok
22:53:32.0691 3304 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:53:32.0691 3304 mouclass - ok
22:53:32.0722 3304 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:53:32.0722 3304 mouhid - ok
22:53:32.0738 3304 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:53:32.0738 3304 MountMgr - ok
22:53:32.0785 3304 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:53:32.0785 3304 mpio - ok
22:53:32.0800 3304 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:53:32.0800 3304 mpsdrv - ok
22:53:32.0816 3304 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:53:32.0816 3304 Mraid35x - ok
22:53:32.0831 3304 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
22:53:32.0847 3304 MRxDAV - ok
22:53:32.0894 3304 mrxsmb (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:53:32.0894 3304 mrxsmb - ok
22:53:32.0956 3304 mrxsmb10 (c3c8ad9591db473690a743b69de829f4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:53:32.0956 3304 mrxsmb10 - ok
22:53:32.0987 3304 mrxsmb20 (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:53:32.0987 3304 mrxsmb20 - ok
22:53:33.0003 3304 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
22:53:33.0003 3304 msahci - ok
22:53:33.0034 3304 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:53:33.0034 3304 msdsm - ok
22:53:33.0065 3304 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:53:33.0065 3304 MSDTC - ok
22:53:33.0097 3304 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:53:33.0097 3304 Msfs - ok
22:53:33.0128 3304 msisadrv (e7204a02a42fc331e9ca9d9521105b14) C:\Windows\system32\drivers\msisadrv.sys
22:53:33.0128 3304 msisadrv - ok
22:53:33.0159 3304 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:53:33.0175 3304 MSiSCSI - ok
22:53:33.0175 3304 msiserver - ok
22:53:33.0206 3304 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:53:33.0206 3304 MSKSSRV - ok
22:53:33.0221 3304 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:53:33.0221 3304 MSPCLOCK - ok
22:53:33.0237 3304 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:53:33.0237 3304 MSPQM - ok
22:53:33.0253 3304 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
22:53:33.0268 3304 MsRPC - ok
22:53:33.0284 3304 mssmbios (c68739cfa09401233c72b1047dbf0008) C:\Windows\system32\DRIVERS\mssmbios.sys
22:53:33.0284 3304 mssmbios - ok
22:53:33.0284 3304 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:53:33.0284 3304 MSTEE - ok
22:53:33.0315 3304 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
22:53:33.0315 3304 Mup - ok
22:53:33.0362 3304 napagent (c25022cdd18980846973b598900915f8) C:\Windows\system32\qagentRT.dll
22:53:33.0362 3304 napagent - ok
22:53:33.0409 3304 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
22:53:33.0409 3304 NativeWifiP - ok
22:53:33.0455 3304 NDIS (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
22:53:33.0471 3304 NDIS - ok
22:53:33.0487 3304 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:53:33.0487 3304 NdisTapi - ok
22:53:33.0502 3304 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:53:33.0502 3304 Ndisuio - ok
22:53:33.0533 3304 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
22:53:33.0533 3304 NdisWan - ok
22:53:33.0533 3304 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:53:33.0533 3304 NDProxy - ok
22:53:33.0565 3304 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:53:33.0565 3304 NetBIOS - ok
22:53:33.0580 3304 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
22:53:33.0580 3304 netbt - ok
22:53:33.0658 3304 Netlogon (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:53:33.0658 3304 Netlogon - ok
22:53:33.0705 3304 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:53:33.0705 3304 Netman - ok
22:53:33.0752 3304 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:53:33.0752 3304 netprofm - ok
22:53:33.0830 3304 NetTcpPortSharing (b84613b469b98e09f50a748c1d02e132) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:53:33.0830 3304 NetTcpPortSharing - ok
22:53:34.0126 3304 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
22:53:34.0173 3304 NETw5v64 - ok
22:53:34.0329 3304 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:53:34.0329 3304 nfrd960 - ok
22:53:34.0360 3304 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:53:34.0360 3304 NlaSvc - ok
22:53:34.0376 3304 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
22:53:34.0376 3304 Npfs - ok
22:53:34.0391 3304 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:53:34.0391 3304 nsi - ok
22:53:34.0407 3304 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:53:34.0407 3304 nsiproxy - ok
22:53:34.0516 3304 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
22:53:34.0547 3304 Ntfs - ok
22:53:34.0672 3304 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:53:34.0672 3304 Null - ok
22:53:34.0703 3304 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:53:34.0703 3304 nvraid - ok
22:53:34.0735 3304 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:53:34.0735 3304 nvstor - ok
22:53:34.0766 3304 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:53:34.0766 3304 nv_agp - ok
22:53:34.0766 3304 NwlnkFlt - ok
22:53:34.0781 3304 NwlnkFwd - ok
22:53:34.0906 3304 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:53:34.0906 3304 odserv - ok
22:53:34.0937 3304 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
22:53:34.0937 3304 ohci1394 - ok
22:53:34.0969 3304 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:53:34.0969 3304 ose - ok
22:53:35.0047 3304 p2pimsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:53:35.0062 3304 p2pimsvc - ok
22:53:35.0078 3304 p2psvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:53:35.0093 3304 p2psvc - ok
22:53:35.0109 3304 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:53:35.0109 3304 Parport - ok
22:53:35.0125 3304 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
22:53:35.0125 3304 partmgr - ok
22:53:35.0140 3304 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:53:35.0140 3304 PcaSvc - ok
22:53:35.0171 3304 pci (7a3dc4201208437d7d5c426789e92054) C:\Windows\system32\drivers\pci.sys
22:53:35.0171 3304 pci - ok
22:53:35.0171 3304 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
22:53:35.0171 3304 pciide - ok
22:53:35.0203 3304 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:53:35.0203 3304 pcmcia - ok
22:53:35.0265 3304 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:53:35.0281 3304 PEAUTH - ok
22:53:35.0343 3304 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:53:35.0343 3304 PerfHost - ok
22:53:35.0390 3304 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
22:53:35.0390 3304 PGEffect - ok
22:53:35.0499 3304 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:53:35.0530 3304 pla - ok
22:53:35.0561 3304 PlugPlay (5aaa0c5534b05ed49919fcd9dbd11a5b) C:\Windows\system32\umpnpmgr.dll
22:53:35.0561 3304 PlugPlay - ok
22:53:35.0639 3304 PNRPAutoReg (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:53:35.0639 3304 PNRPAutoReg - ok
22:53:35.0655 3304 PNRPsvc (430f35c5592d253f43a26b4f5a523dbf) C:\Windows\system32\p2psvc.dll
22:53:35.0655 3304 PNRPsvc - ok
22:53:35.0717 3304 Point64 (147938da9605668ec48b8419e819caf1) C:\Windows\system32\DRIVERS\point64k.sys
22:53:35.0717 3304 Point64 - ok
22:53:35.0764 3304 PolicyAgent (eef3688d5e9592cbbbed00de71dda1ef) C:\Windows\System32\ipsecsvc.dll
22:53:35.0780 3304 PolicyAgent - ok
22:53:35.0811 3304 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
22:53:35.0827 3304 PptpMiniport - ok
22:53:35.0827 3304 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:53:35.0827 3304 Processor - ok
22:53:35.0858 3304 ProfSvc (b21fe10dad3ab59e78df7aa3fbf41e70) C:\Windows\system32\profsvc.dll
22:53:35.0858 3304 ProfSvc - ok
22:53:35.0905 3304 ProtectedStorage (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:53:35.0905 3304 ProtectedStorage - ok
22:53:35.0936 3304 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
22:53:35.0936 3304 PSched - ok
22:53:35.0983 3304 PSSDK42 (cd33cb6fecf65520466f95ab89cc4af5) C:\Windows\system32\Drivers\pssdk42.sys
22:53:35.0983 3304 PSSDK42 - ok
22:53:36.0014 3304 PSSDKLBF (07a3500cf1c3325568d1b85683ce4517) C:\Windows\system32\Drivers\pssdklbf.sys
22:53:36.0014 3304 PSSDKLBF - ok
22:53:36.0123 3304 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:53:36.0139 3304 ql2300 - ok
22:53:36.0154 3304 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:53:36.0154 3304 ql40xx - ok
22:53:36.0201 3304 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:53:36.0217 3304 QWAVE - ok
22:53:36.0232 3304 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:53:36.0232 3304 QWAVEdrv - ok
22:53:36.0248 3304 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:53:36.0248 3304 RasAcd - ok
22:53:36.0279 3304 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:53:36.0279 3304 RasAuto - ok
22:53:36.0310 3304 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:53:36.0310 3304 Rasl2tp - ok
22:53:36.0341 3304 RasMan (2a63d46b01685fd4be9778ca3c231c2d) C:\Windows\System32\rasmans.dll
22:53:36.0341 3304 RasMan - ok
22:53:36.0357 3304 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
22:53:36.0357 3304 RasPppoe - ok
22:53:36.0388 3304 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
22:53:36.0388 3304 RasSstp - ok
22:53:36.0419 3304 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
22:53:36.0419 3304 rdbss - ok
22:53:36.0451 3304 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:53:36.0451 3304 RDPCDD - ok
22:53:36.0482 3304 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:53:36.0482 3304 rdpdr - ok
22:53:36.0497 3304 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:53:36.0497 3304 RDPENCDD - ok
22:53:36.0529 3304 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
22:53:36.0544 3304 RDPWD - ok
22:53:36.0685 3304 RegSrvc (02b918c898d017b428536ae77bcaab25) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:53:36.0700 3304 RegSrvc - ok
22:53:36.0731 3304 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:53:36.0731 3304 RemoteAccess - ok
22:53:36.0778 3304 RemoteRegistry (416c611369cbe49074b89cee2f83abef) C:\Windows\system32\regsvc.dll
22:53:36.0794 3304 RemoteRegistry - ok
22:53:36.0856 3304 rimspci (abf0d2eae54a7f071a54bd2828c982ca) C:\Windows\system32\DRIVERS\rimspe64.sys
22:53:36.0856 3304 rimspci - ok
22:53:36.0872 3304 rixdpcie (e8ed37d472eb5211c0a34fd63a3971e9) C:\Windows\system32\DRIVERS\rixdpe64.sys
22:53:36.0887 3304 rixdpcie - ok
22:53:36.0919 3304 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:53:36.0919 3304 RpcLocator - ok
22:53:36.0997 3304 RpcSs (52cdade8289ff21f1f2215ff51a5f36c) C:\Windows\system32\rpcss.dll
22:53:36.0997 3304 RpcSs - ok
22:53:37.0043 3304 RSELSVC - ok
22:53:37.0090 3304 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:53:37.0090 3304 rspndr - ok
22:53:37.0153 3304 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:53:37.0153 3304 RTL8169 - ok
22:53:37.0215 3304 SamSs (80f4593e92ff960e4763380d3168e498) C:\Windows\system32\lsass.exe
22:53:37.0215 3304 SamSs - ok
22:53:37.0231 3304 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:53:37.0231 3304 sbp2port - ok
22:53:37.0262 3304 SCardSvr (f024d560fea06f8b56d673849eb89ae6) C:\Windows\System32\SCardSvr.dll
22:53:37.0277 3304 SCardSvr - ok
22:53:37.0371 3304 Schedule (ce75d26e0a1106129f4d156851e298ed) C:\Windows\system32\schedsvc.dll
22:53:37.0387 3304 Schedule - ok
22:53:37.0418 3304 SCPolicySvc (edfffc8b6afb609bf33dbe0a900426b6) C:\Windows\System32\certprop.dll
22:53:37.0418 3304 SCPolicySvc - ok
22:53:37.0465 3304 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
22:53:37.0465 3304 sdbus - ok
22:53:37.0496 3304 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:53:37.0511 3304 SDRSVC - ok
22:53:37.0511 3304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:53:37.0527 3304 secdrv - ok
22:53:37.0543 3304 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:53:37.0543 3304 seclogon - ok
22:53:37.0558 3304 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
22:53:37.0558 3304 SENS - ok
22:53:37.0574 3304 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:53:37.0574 3304 Serenum - ok
22:53:37.0589 3304 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:53:37.0589 3304 Serial - ok
22:53:37.0605 3304 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:53:37.0605 3304 sermouse - ok
22:53:37.0636 3304 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:53:37.0652 3304 SessionEnv - ok
22:53:37.0652 3304 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:53:37.0652 3304 sffdisk - ok
22:53:37.0667 3304 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:53:37.0667 3304 sffp_mmc - ok
22:53:37.0683 3304 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:53:37.0683 3304 sffp_sd - ok
22:53:37.0683 3304 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:53:37.0699 3304 sfloppy - ok
22:53:37.0761 3304 ShellHWDetection (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\System32\shsvcs.dll
22:53:37.0761 3304 ShellHWDetection - ok
22:53:37.0808 3304 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:53:37.0808 3304 SiSRaid2 - ok
22:53:37.0823 3304 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:53:37.0823 3304 SiSRaid4 - ok
22:53:37.0948 3304 slsvc (a301d2cefb4747dfe0c24425dcbe0b78) C:\Windows\system32\SLsvc.exe
22:53:37.0979 3304 slsvc - ok
22:53:38.0089 3304 SLUINotify (f5ddf7c0af85eb72cb295171f8c3cb35) C:\Windows\system32\SLUINotify.dll
22:53:38.0089 3304 SLUINotify - ok
22:53:38.0135 3304 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
22:53:38.0135 3304 Smb - ok
22:53:38.0182 3304 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:53:38.0182 3304 SNMPTRAP - ok
22:53:38.0198 3304 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
22:53:38.0198 3304 spldr - ok
22:53:38.0260 3304 Spooler (92e6738d25c2123be9515c0eac0776cd) C:\Windows\System32\spoolsv.exe
22:53:38.0276 3304 Spooler - ok
22:53:38.0323 3304 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
22:53:38.0323 3304 srv - ok
22:53:38.0369 3304 srv2 (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
22:53:38.0369 3304 srv2 - ok
22:53:38.0401 3304 srvnet (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
22:53:38.0401 3304 srvnet - ok
22:53:38.0432 3304 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:53:38.0432 3304 SSDPSRV - ok
22:53:38.0479 3304 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:53:38.0494 3304 SstpSvc - ok
22:53:38.0557 3304 stisvc (f14f7d7d68a66777fb999d5d0f21138d) C:\Windows\System32\wiaservc.dll
22:53:38.0557 3304 stisvc - ok
22:53:38.0588 3304 swenum (409f0882afbb34832b24370c23c550b2) C:\Windows\system32\DRIVERS\swenum.sys
22:53:38.0588 3304 swenum - ok
22:53:38.0619 3304 swprv (da34d6eb4a3154c0bebaeb0a2483ef3e) C:\Windows\System32\swprv.dll
22:53:38.0635 3304 swprv - ok
22:53:38.0650 3304 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:53:38.0650 3304 Symc8xx - ok
22:53:38.0681 3304 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:53:38.0681 3304 Sym_hi - ok
22:53:38.0697 3304 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:53:38.0697 3304 Sym_u3 - ok
22:53:38.0744 3304 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
22:53:38.0744 3304 SynTP - ok
22:53:38.0806 3304 SysMain (bea0d5521ed21df8f6ffeed86daede7b) C:\Windows\system32\sysmain.dll
22:53:38.0822 3304 SysMain - ok
22:53:38.0853 3304 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:53:38.0853 3304 TabletInputService - ok
22:53:38.0869 3304 TapiSrv (52091001caf20ae84cf47023ee21b4bb) C:\Windows\System32\tapisrv.dll
22:53:38.0884 3304 TapiSrv - ok
22:53:38.0900 3304 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:53:38.0900 3304 TBS - ok
22:53:39.0071 3304 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
22:53:39.0087 3304 Tcpip - ok
22:53:39.0259 3304 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
22:53:39.0259 3304 Tcpip6 - ok
22:53:39.0368 3304 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
22:53:39.0368 3304 tcpipreg - ok
22:53:39.0383 3304 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:53:39.0383 3304 tdcmdpst - ok
22:53:39.0415 3304 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:53:39.0415 3304 TDPIPE - ok
22:53:39.0430 3304 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:53:39.0430 3304 TDTCP - ok
22:53:39.0446 3304 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
22:53:39.0446 3304 tdx - ok
22:53:39.0461 3304 TermDD (134507aa0b5a2acf57f657d2f956f4e1) C:\Windows\system32\DRIVERS\termdd.sys
22:53:39.0461 3304 TermDD - ok
22:53:39.0524 3304 TermService (f870a5589d6a94b426efb13689023946) C:\Windows\System32\termsrv.dll
22:53:39.0539 3304 TermService - ok
22:53:39.0602 3304 Themes (9235ec680d3db17464b39c7c7decb4dd) C:\Windows\system32\shsvcs.dll
22:53:39.0617 3304 Themes - ok
22:53:39.0649 3304 Thpdrv (e29a0c5c97615bffab138abe308733b4) C:\Windows\system32\DRIVERS\thpdrv.sys
22:53:39.0649 3304 Thpdrv - ok
22:53:39.0680 3304 Thpevm (d6704940a79831b4fa271d7a73d291d8) C:\Windows\system32\DRIVERS\Thpevm.SYS
22:53:39.0695 3304 Thpevm - ok
22:53:39.0742 3304 Thpsrv (8f0d1a0c9c25cc61e193c0c22422a9ea) C:\Windows\system32\ThpSrv.exe
22:53:39.0758 3304 Thpsrv - ok
22:53:39.0773 3304 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:53:39.0773 3304 THREADORDER - ok
22:53:39.0867 3304 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
22:53:39.0867 3304 TNaviSrv - ok
22:53:39.0914 3304 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
22:53:39.0914 3304 TODDSrv - ok
22:53:40.0007 3304 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:53:40.0007 3304 TosCoSrv - ok
22:53:40.0070 3304 TOSHIBA eco Utility Service (947b552af9371bb52ab1e8c184d1a3d0) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:53:40.0085 3304 TOSHIBA eco Utility Service - ok
22:53:40.0117 3304 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:53:40.0117 3304 TOSHIBA HDD SSD Alert Service - ok
22:53:40.0195 3304 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:53:40.0210 3304 tos_sps64 - ok
22:53:40.0241 3304 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:53:40.0241 3304 TrkWks - ok
22:53:40.0288 3304 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
22:53:40.0288 3304 TrustedInstaller - ok
22:53:40.0319 3304 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:53:40.0319 3304 tssecsrv - ok
22:53:40.0319 3304 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:53:40.0335 3304 tunmp - ok
22:53:40.0366 3304 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
22:53:40.0366 3304 tunnel - ok
22:53:40.0397 3304 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:53:40.0397 3304 TVALZ - ok
22:53:40.0413 3304 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:53:40.0413 3304 uagp35 - ok
22:53:40.0460 3304 udfs (93edd10512c981d8f5189e1c048a4280) C:\Windows\system32\DRIVERS\udfs.sys
22:53:40.0460 3304 udfs - ok
22:53:40.0507 3304 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:53:40.0522 3304 UI0Detect - ok
22:53:40.0538 3304 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:53:40.0538 3304 uliagpkx - ok
22:53:40.0569 3304 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:53:40.0569 3304 uliahci - ok
22:53:40.0585 3304 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:53:40.0585 3304 UlSata - ok
22:53:40.0616 3304 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:53:40.0616 3304 ulsata2 - ok
22:53:40.0631 3304 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:53:40.0631 3304 umbus - ok
22:53:40.0663 3304 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:53:40.0678 3304 upnphost - ok
22:53:40.0709 3304 usbccgp (94d2ca4ea9272bf1feeb3bc3c5d1bed8) C:\Windows\system32\DRIVERS\usbccgp.sys
22:53:40.0709 3304 usbccgp - ok
22:53:40.0725 3304 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:53:40.0725 3304 usbcir - ok
22:53:40.0756 3304 usbehci (87c446527105dde271ad51bd6058b5b3) C:\Windows\system32\DRIVERS\usbehci.sys
22:53:40.0756 3304 usbehci - ok
22:53:40.0787 3304 usbhub (9c3af1c9e3255726ff4d2e3913312431) C:\Windows\system32\DRIVERS\usbhub.sys
22:53:40.0787 3304 usbhub - ok
22:53:40.0819 3304 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:53:40.0819 3304 usbohci - ok
22:53:40.0819 3304 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
22:53:40.0819 3304 usbprint - ok
22:53:40.0834 3304 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:53:40.0850 3304 USBSTOR - ok
22:53:40.0850 3304 usbuhci (1953695eaca70b7b0061dd00fd3656f8) C:\Windows\system32\DRIVERS\usbuhci.sys
22:53:40.0850 3304 usbuhci - ok
22:53:40.0881 3304 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:53:40.0897 3304 usbvideo - ok
22:53:40.0912 3304 UxSms (9190f03c82547afa87367f1ceca88f3b) C:\Windows\System32\uxsms.dll
22:53:40.0928 3304 UxSms - ok
22:53:40.0959 3304 vds (c15a4a550cba7b9f1f68b72528e04ce1) C:\Windows\System32\vds.exe
22:53:40.0975 3304 vds - ok
22:53:40.0990 3304 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:53:40.0990 3304 vga - ok
22:53:41.0006 3304 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:53:41.0006 3304 VgaSave - ok
22:53:41.0021 3304 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:53:41.0021 3304 viaide - ok
22:53:41.0037 3304 volmgr (28b52d1f950b36e03819013d0b7514bc) C:\Windows\system32\drivers\volmgr.sys
22:53:41.0037 3304 volmgr - ok
22:53:41.0084 3304 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
22:53:41.0084 3304 volmgrx - ok
22:53:41.0115 3304 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
22:53:41.0115 3304 volsnap - ok
22:53:41.0131 3304 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:53:41.0146 3304 vsmraid - ok
22:53:41.0224 3304 VSS (186bd53f8a408ad20f5a056c05678629) C:\Windows\system32\vssvc.exe
22:53:41.0240 3304 VSS - ok
22:53:41.0349 3304 W32Time (ba29f34a61cb55c0dee29e787542edf4) C:\Windows\system32\w32time.dll
22:53:41.0365 3304 W32Time - ok
22:53:41.0396 3304 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:53:41.0411 3304 WacomPen - ok
22:53:41.0427 3304 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:41.0427 3304 Wanarp - ok
22:53:41.0427 3304 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
22:53:41.0427 3304 Wanarpv6 - ok
22:53:41.0474 3304 wcncsvc (055449247c490e24b968b44fe8a969eb) C:\Windows\System32\wcncsvc.dll
22:53:41.0474 3304 wcncsvc - ok
22:53:41.0489 3304 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:53:41.0505 3304 WcsPlugInService - ok
22:53:41.0505 3304 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:53:41.0505 3304 Wd - ok
22:53:41.0567 3304 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:53:41.0583 3304 Wdf01000 - ok
22:53:41.0599 3304 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:53:41.0614 3304 WdiServiceHost - ok
22:53:41.0614 3304 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:53:41.0614 3304 WdiSystemHost - ok
22:53:41.0645 3304 WebClient (3d4ab55f8178fd0cd3ca45cd0ec9cf5b) C:\Windows\System32\webclnt.dll
22:53:41.0645 3304 WebClient - ok
22:53:41.0708 3304 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:53:41.0723 3304 Wecsvc - ok
22:53:41.0755 3304 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:53:41.0755 3304 wercplsupport - ok
22:53:41.0786 3304 WerSvc (fc25242b3bcaf7e84d9184082274ae08) C:\Windows\System32\WerSvc.dll
22:53:41.0786 3304 WerSvc - ok
22:53:41.0879 3304 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:53:41.0879 3304 winachsf - ok
22:53:41.0926 3304 WinDefend - ok
22:53:41.0957 3304 WinHttpAutoProxySvc - ok
22:53:42.0020 3304 Winmgmt (ac98f38feab066a8f983d54ff3f4fd4c) C:\Windows\system32\wbem\WMIsvc.dll
22:53:42.0020 3304 Winmgmt - ok
22:53:42.0191 3304 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:53:42.0238 3304 WinRM - ok
22:53:42.0410 3304 Wlansvc (0a69955261c1b54206adc9beb89517de) C:\Windows\System32\wlansvc.dll
22:53:42.0425 3304 Wlansvc - ok
22:53:42.0457 3304 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:53:42.0457 3304 WmiAcpi - ok
22:53:42.0519 3304 wmiApSrv (d303322dd577c3deda1251ed2e7a496c) C:\Windows\system32\wbem\WmiApSrv.exe
22:53:42.0535 3304 wmiApSrv - ok
22:53:42.0581 3304 WMPNetworkSvc - ok
22:53:42.0613 3304 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:53:42.0628 3304 WPCSvc - ok
22:53:42.0644 3304 WPDBusEnum (a27c8f92d84e2ddc151978e4692c978e) C:\Windows\system32\wpdbusenum.dll
22:53:42.0659 3304 WPDBusEnum - ok
22:53:42.0691 3304 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
22:53:42.0691 3304 WpdUsb - ok
22:53:42.0722 3304 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:53:42.0722 3304 ws2ifsl - ok
22:53:42.0737 3304 wscsvc (cb8ea6d95949384925ccfca21cc6dfd8) C:\Windows\system32\wscsvc.dll
22:53:42.0737 3304 wscsvc - ok
22:53:42.0753 3304 WSearch - ok
22:53:42.0940 3304 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
22:53:42.0971 3304 wuauserv - ok
22:53:43.0127 3304 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:53:43.0127 3304 WUDFRd - ok
22:53:43.0159 3304 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:53:43.0159 3304 wudfsvc - ok
22:53:43.0190 3304 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:53:43.0408 3304 \Device\Harddisk0\DR0 - ok
22:53:43.0424 3304 Boot (0x1200) (65ce09c4a9ad15c295a24d27deabe678) \Device\Harddisk0\DR0\Partition0
22:53:43.0424 3304 \Device\Harddisk0\DR0\Partition0 - ok
22:53:43.0424 3304 ============================================================
22:53:43.0424 3304 Scan finished
22:53:43.0424 3304 ============================================================
22:53:43.0439 3740 Detected object count: 0
22:53:43.0439 3740 Actual detected object count: 0
22:56:59.0493 4708 Deinitialize success


And here is the logfile from "aswMBR":


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 22:57:04
-----------------------------
22:57:04.391 OS Version: Windows x64 6.0.6001 Service Pack 1
22:57:04.391 Number of processors: 2 586 0x170A
22:57:04.391 ComputerName: OWNER-PC UserName: Owner
22:57:10.943 Initialize success
22:58:12.228 AVAST engine defs: 12061700
23:00:00.835 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:00:00.835 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
23:00:00.866 Disk 0 MBR read successfully
23:00:00.866 Disk 0 MBR scan
23:00:00.866 Disk 0 Windows VISTA default MBR code
23:00:00.882 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:00:00.913 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293256 MB offset 3074048
23:00:00.944 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10488 MB offset 603662336
23:00:00.991 Disk 0 scanning C:\Windows\system32\drivers
23:00:10.055 Service scanning
23:00:29.742 Modules scanning
23:00:29.742 Disk 0 trace - called modules:
23:00:29.804 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
23:00:30.319 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006c05060]
23:00:30.319 3 CLASSPNP.SYS[fffffa6000fd2b3a] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80058df250]
23:00:30.335 5 thpdrv.sys[fffffa60013dac8d] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80053c6050]
23:00:32.909 AVAST engine scan C:\Windows
23:00:36.824 AVAST engine scan C:\Windows\system32
23:03:57.362 AVAST engine scan C:\Windows\system32\drivers
23:04:17.205 AVAST engine scan C:\Users\Owner
23:04:18.048 File: C:\Users\Owner\AppData\Local\f0590083\U\800000cb.@ **INFECTED** Win32:Malware-gen
23:04:18.126 File: C:\Users\Owner\AppData\Local\f0590083\U\800000cf.@ **INFECTED** Win32:Malware-gen
23:07:24.109 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
23:07:24.125 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"


Thanks again for your prompt replies.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 17 June 2012 - 10:36 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 19 June 2012 - 11:53 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 20 June 2012 - 08:56 PM

Sorry Gringo, I'm on it now, busy the past few days. Thank you for your prompt replies.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 20 June 2012 - 09:30 PM

No problem
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 20 June 2012 - 09:38 PM

Hi Gringo, I ran the "Farbar System Recovery Tool," but when it got to "C:\Windows\System32\winlogon.exe" it gives an error message:

"Autoit Error" -- Line 5661 (File "F:\FRST64.exe) and then it closes. I checked the flashdrive and no logfile was generated.

What should I do next?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 20 June 2012 - 09:53 PM

can you redownload the tool and try once more please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gnpleco

gnpleco
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 20 June 2012 - 10:11 PM

Hi Gringo, I tried again and the same result occurred. I did download the "Farbar Tool" using the infected computer though, does this make a difference?

I also noticed on the "aswMBR log" that there were some infections, could these be the problem?

23:04:18.048 File: C:\Users\Owner\AppData\Local\f0590083\U\800000cb.@ **INFECTED** Win32:Malware-gen
23:04:18.126 File: C:\Users\Owner\AppData\Local\f0590083\U\800000cf.@ **INFECTED** Win32:Malware-gen

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:44 AM

Posted 20 June 2012 - 10:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users