Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirect problem


  • This topic is locked This topic is locked
9 replies to this topic

#1 copperhead4750

copperhead4750

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 22 June 2012 - 12:34 AM

Hi,

I have a computer running Windows 7 Home Premium and need some help fixing the browser redirect. The computer was recently infected with the "Data Recovery" virus but I believe I have taken care of that. The browser redirect problem has not been solved.

Security Check's checkup.txt:

Results of screen317's Security Check version 0.99.42
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Webroot AntiVirus with Spy Sweeper
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 17
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Webroot Security current plugins\antimalware\AEI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````


DDS's DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Toshiba at 0:10:11 on 2012-06-22
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1528 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\REGSVR32.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [qGNjpV.exe] C:\Users\Toshiba\AppData\Local\Temp\qGNjpV.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ajIlqwSkbUSE.exe] "C:\ProgramData\ajIlqwSkbUSE.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{04D06F77-FDE1-423F-BBC4-77C6FD062899} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B2C05C83-BFA8-4716-B199-EDA88854E6BD} : DhcpNameServer = 168.94.0.15 168.94.0.14
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
BHO-X64: Babylon IE plugin - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ajIlqwSkbUSE.exe] "C:\ProgramData\ajIlqwSkbUSE.exe"
IE-X64: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
Hosts: 149.5.18.173 www.google-analytics.com.
Hosts: 149.5.18.173 ad-emea.doubleclick.net.
Hosts: 149.5.18.173 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 ssfmonm;ssfmonm;C:\windows\system32\DRIVERS\ssfmonm.sys --> C:\windows\system32\DRIVERS\ssfmonm.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-17 2320920]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2010-9-30 3888696]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-1-13 3275112]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-8-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-22 04:59:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95349E39-A035-41D1-AA3E-0742BFD7D22C}\offreg.dll
2012-06-22 04:28:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 02:29:42 -------- d-----w- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
2012-06-22 02:29:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-22 02:29:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-22 02:20:33 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{95349E39-A035-41D1-AA3E-0742BFD7D22C}\mpengine.dll
2012-06-19 01:06:26 252552 ----a-w- C:\ProgramData\NUJv1UxhS00mu6_virus.exe
2012-06-19 00:29:33 346760 ----a-w- C:\ProgramData\ajIlqwSkbUSE_virus.exe
2012-06-13 03:34:34 -------- d-----w- C:\Program Files\iPod
2012-06-13 03:34:33 -------- d-----w- C:\Program Files\iTunes
2012-06-13 03:34:33 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:20 3144192 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 10:52:22 5505392 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32:43 208896 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:50:40 204800 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:34:38 76288 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:34:37 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:28:32 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:59:45 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:59:45 1460224 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 05:59:45 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 04:47:04 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:47:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-24 04:47:03 1156608 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-07 12:18:36 3213824 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:34:37 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-03-30 11:09:53 1895280 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 0:17:38.87 ===============


DDS's Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2010 5:50:35 PM
System Uptime: 6/21/2012 11:35:46 PM (1 hours ago)
.
Motherboard: Intel Corp. | | Base Board Product Name
Processor: Intel® Pentium® CPU P6100 @ 2.00GHz | CPU | 1999/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 246.841 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP346: 5/14/2012 9:43:50 PM - Windows Update
RP348: 5/15/2012 11:34:18 PM - Windows Update
RP350: 5/18/2012 8:37:04 AM - Windows Update
RP352: 5/22/2012 11:28:26 AM - Windows Update
RP354: 5/26/2012 4:29:34 PM - Windows Update
RP356: 5/29/2012 11:36:08 AM - Windows Update
RP358: 6/1/2012 11:41:19 AM - Windows Update
RP360: 6/5/2012 11:58:27 PM - Windows Update
RP362: 6/9/2012 11:44:00 AM - Windows Update
RP364: 6/10/2012 11:10:38 AM - Windows Update
RP366: 6/12/2012 10:18:07 PM - Windows Update
RP368: 6/13/2012 11:48:17 AM - Windows Update
RP370: 6/15/2012 11:29:42 AM - Windows Update
RP372: 6/18/2012 8:38:09 PM - Windows Defender Checkpoint
RP374: 6/21/2012 9:19:17 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 149.5.18.173 www.google-analytics.com.
Hosts: 149.5.18.173 ad-emea.doubleclick.net.
Hosts: 149.5.18.173 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Babylon
Best Buy pc app
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
FLVTube Player
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java™ 6 Update 17
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Webroot Software
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 11:38:14 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/21/2012 11:24:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
6/21/2012 10:37:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 10:37:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 10:37:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 10:37:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
6/21/2012 10:37:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/17/2012 9:28:16 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000119 (0x0000000000000001, 0x000000000001bc1a, 0x000000000001bcae, 0x000000000001bcac). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 061712-19921-01.
6/17/2012 5:03:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
6/17/2012 4:33:30 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication\HomeGroup/743aa7df91e3b93c39a4eb09a9ee032e32b49e6d.HomeGroupClassifier_HomeGroup_Invitation_ID failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
.
==== End Of File ===========================


Thanks,

CopperHead4750

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 22 June 2012 - 01:57 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 copperhead4750

copperhead4750
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 22 June 2012 - 03:10 PM

For Security Check log, see first post.

As for combofix, it seems to hang at Stage_48. I've disabled the Webroot virus protection, but combofix still gives a warning message saying it's active. It's been stuck on stage 48 for 2 to 3 hours.

Should I wait longer, or should I uninstall Webroot and restart combofix?

Edit:

It completed -- it just took a while. Restarted. The browser redirect still exists. Here is the combofix log:

ComboFix 12-06-21.03 - Toshiba 06/22/2012 13:04:40.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2934.1176 [GMT -5:00]
Running from: c:\users\Toshiba\Desktop\New folder\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Blinkx
c:\program files (x86)\Blinkx\blinkx.ico
c:\program files (x86)\Blinkx\lang.dll
c:\program files (x86)\Blinkx\templates\beat.ico
c:\program files (x86)\Blinkx\templates\index.html
c:\program files (x86)\Blinkx\templates\noflash.html
c:\program files (x86)\Blinkx\templates\offline.html
c:\program files (x86)\Blinkx\templates\offline.swf
c:\program files (x86)\Blinkx\templates\uninstall.exe
c:\programdata\.wtav
c:\programdata\ajIlqwSkbUSE_virus.exe
c:\programdata\NUJv1UxhS00mu6
c:\programdata\NUJv1UxhS00mu6_virus.exe
c:\users\Toshiba\AppData\Local\Temp\qGNjpV.exe
c:\users\Toshiba\AppData\Roaming\5ABE.C00
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 23:38 . 2012-06-22 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 04:28 . 2012-06-22 04:28 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 02:29 . 2012-06-22 02:29 -------- d-----w- c:\users\Toshiba\AppData\Roaming\Malwarebytes
2012-06-22 02:29 . 2012-06-22 02:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 02:29 . 2012-06-22 02:29 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 02:20 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{95349E39-A035-41D1-AA3E-0742BFD7D22C}\mpengine.dll
2012-06-13 03:34 . 2012-06-13 03:34 -------- d-----w- c:\program files\iPod
2012-06-13 03:34 . 2012-06-13 03:35 -------- d-----w- c:\program files\iTunes
2012-06-13 03:34 . 2012-06-13 03:35 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 11:09 . 2012-05-09 04:30 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2011-01-14 1392784]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2010-04-11 3740088]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 WRConsumerService;Webroot Client Service;c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-01-14 3275112]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
axsnmsvc

.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ajIlqwSkbUSE.exe - c:\programdata\ajIlqwSkbUSE.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
.
**************************************************************************
.
Completion time: 2012-06-22 19:02:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-23 00:02
.
Pre-Run: 264,929,882,112 bytes free
Post-Run: 264,957,218,816 bytes free
.
- - End Of File - - CFFB6368E3C1985B22C1EF07663235A3

Edited by copperhead4750, 22 June 2012 - 07:16 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 22 June 2012 - 07:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 copperhead4750

copperhead4750
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:00 AM

Posted 22 June 2012 - 09:02 PM

After uninstalling webroot, I was able to run tdsskiller.exe. It detected Rootkit.Boot.SST.a on physical drive: \Device\Harddisk0\DR0. When I try to cure it a message pops up that says,

"Cant cure MBR Write standard boot code?
If you have installed custom bootloader (eg Acronis, Grub, Lilo),
you will need to reinstall them after the treatment."

Is is safe to click "Yes"? (I believe the computer has a stock OS from the manufacturer.)

EDIT:

I clicked yes, restarted the computer. It didn't screw up anything. I ran aswMBR.exe and it found some stuff -- I clicked "Fix", computer restarted automatically and went through CHKDSK. It booted fine after that.

The browser redirect seems to have been fixed. Here are the logs:

TDSSkiller log:

21:12:27.0937 3100 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:12:28.0421 3100 ============================================================
21:12:28.0421 3100 Current date / time: 2012/06/22 21:12:28.0421
21:12:28.0421 3100 SystemInfo:
21:12:28.0421 3100
21:12:28.0421 3100 OS Version: 6.1.7600 ServicePack: 0.0
21:12:28.0421 3100 Product type: Workstation
21:12:28.0421 3100 ComputerName: TOSHIBA-SATELLI
21:12:28.0421 3100 UserName: Toshiba
21:12:28.0421 3100 Windows directory: C:\windows
21:12:28.0421 3100 System windows directory: C:\windows
21:12:28.0421 3100 Running under WOW64
21:12:28.0421 3100 Processor architecture: Intel x64
21:12:28.0421 3100 Number of processors: 2
21:12:28.0421 3100 Page size: 0x1000
21:12:28.0421 3100 Boot type: Normal boot
21:12:28.0421 3100 ============================================================
21:12:29.0248 3100 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:12:29.0248 3100 ============================================================
21:12:29.0248 3100 \Device\Harddisk0\DR0:
21:12:29.0248 3100 MBR partitions:
21:12:29.0248 3100 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23C9C800
21:12:29.0248 3100 ============================================================
21:12:29.0263 3100 C: <-> \Device\Harddisk0\DR0\Partition0
21:12:29.0263 3100 ============================================================
21:12:29.0263 3100 Initialize success
21:12:29.0263 3100 ============================================================
21:12:33.0319 3896 ============================================================
21:12:33.0319 3896 Scan started
21:12:33.0319 3896 Mode: Manual;
21:12:33.0319 3896 ============================================================
21:12:34.0833 3896 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
21:12:34.0833 3896 1394ohci - ok
21:12:34.0895 3896 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
21:12:34.0895 3896 ACPI - ok
21:12:34.0942 3896 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
21:12:34.0942 3896 AcpiPmi - ok
21:12:34.0989 3896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:12:34.0989 3896 adp94xx - ok
21:12:35.0020 3896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:12:35.0020 3896 adpahci - ok
21:12:35.0051 3896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:12:35.0067 3896 adpu320 - ok
21:12:35.0082 3896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:12:35.0082 3896 AeLookupSvc - ok
21:12:35.0145 3896 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
21:12:35.0145 3896 AFD - ok
21:12:35.0191 3896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
21:12:35.0191 3896 agp440 - ok
21:12:35.0223 3896 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:12:35.0223 3896 ALG - ok
21:12:35.0238 3896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
21:12:35.0238 3896 aliide - ok
21:12:35.0254 3896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
21:12:35.0254 3896 amdide - ok
21:12:35.0269 3896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:12:35.0269 3896 AmdK8 - ok
21:12:35.0285 3896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:12:35.0285 3896 AmdPPM - ok
21:12:35.0332 3896 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
21:12:35.0332 3896 amdsata - ok
21:12:35.0363 3896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:12:35.0363 3896 amdsbs - ok
21:12:35.0379 3896 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
21:12:35.0379 3896 amdxata - ok
21:12:35.0394 3896 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
21:12:35.0410 3896 AppID - ok
21:12:35.0457 3896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:12:35.0457 3896 AppIDSvc - ok
21:12:35.0488 3896 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
21:12:35.0503 3896 Appinfo - ok
21:12:35.0628 3896 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:12:35.0628 3896 Apple Mobile Device - ok
21:12:35.0675 3896 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:12:35.0675 3896 arc - ok
21:12:35.0706 3896 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:12:35.0706 3896 arcsas - ok
21:12:35.0737 3896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:12:35.0737 3896 AsyncMac - ok
21:12:35.0753 3896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
21:12:35.0753 3896 atapi - ok
21:12:35.0831 3896 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
21:12:35.0847 3896 AudioEndpointBuilder - ok
21:12:35.0847 3896 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
21:12:35.0847 3896 AudioSrv - ok
21:12:35.0878 3896 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
21:12:35.0878 3896 AxInstSV - ok
21:12:35.0940 3896 axsnmsvc (c87dc350211647db750e291a91579a31) C:\windows\system32\gazozwma.dll
21:12:35.0940 3896 axsnmsvc - ok
21:12:36.0003 3896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:12:36.0003 3896 b06bdrv - ok
21:12:36.0049 3896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:12:36.0049 3896 b57nd60a - ok
21:12:36.0096 3896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:12:36.0096 3896 BDESVC - ok
21:12:36.0112 3896 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:12:36.0112 3896 Beep - ok
21:12:36.0190 3896 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
21:12:36.0205 3896 BFE - ok
21:12:36.0283 3896 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
21:12:36.0283 3896 BITS - ok
21:12:36.0346 3896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:12:36.0346 3896 blbdrive - ok
21:12:36.0439 3896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:12:36.0455 3896 Bonjour Service - ok
21:12:36.0486 3896 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
21:12:36.0502 3896 bowser - ok
21:12:36.0533 3896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:12:36.0533 3896 BrFiltLo - ok
21:12:36.0549 3896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:12:36.0549 3896 BrFiltUp - ok
21:12:36.0580 3896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:12:36.0580 3896 BridgeMP - ok
21:12:36.0627 3896 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
21:12:36.0627 3896 Browser - ok
21:12:36.0658 3896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:12:36.0673 3896 Brserid - ok
21:12:36.0689 3896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:12:36.0689 3896 BrSerWdm - ok
21:12:36.0705 3896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:12:36.0705 3896 BrUsbMdm - ok
21:12:36.0705 3896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:12:36.0720 3896 BrUsbSer - ok
21:12:36.0720 3896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:12:36.0736 3896 BTHMODEM - ok
21:12:36.0767 3896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:12:36.0767 3896 bthserv - ok
21:12:36.0798 3896 catchme - ok
21:12:36.0829 3896 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:12:36.0829 3896 cdfs - ok
21:12:36.0861 3896 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
21:12:36.0861 3896 cdrom - ok
21:12:36.0892 3896 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
21:12:36.0892 3896 CertPropSvc - ok
21:12:36.0923 3896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:12:36.0923 3896 circlass - ok
21:12:36.0954 3896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:12:36.0954 3896 CLFS - ok
21:12:37.0032 3896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:12:37.0032 3896 clr_optimization_v2.0.50727_32 - ok
21:12:37.0063 3896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:12:37.0079 3896 clr_optimization_v2.0.50727_64 - ok
21:12:37.0141 3896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:12:37.0157 3896 clr_optimization_v4.0.30319_32 - ok
21:12:37.0188 3896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:12:37.0188 3896 clr_optimization_v4.0.30319_64 - ok
21:12:37.0204 3896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:12:37.0204 3896 CmBatt - ok
21:12:37.0235 3896 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
21:12:37.0235 3896 cmdide - ok
21:12:37.0282 3896 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
21:12:37.0282 3896 CNG - ok
21:12:37.0375 3896 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
21:12:37.0375 3896 CnxtHdAudService - ok
21:12:37.0407 3896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:12:37.0407 3896 Compbatt - ok
21:12:37.0407 3896 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
21:12:37.0407 3896 CompositeBus - ok
21:12:37.0422 3896 COMSysApp - ok
21:12:37.0453 3896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:12:37.0453 3896 crcdisk - ok
21:12:37.0500 3896 CryptSvc (f02786b66375292e58c8777082d4396d) C:\windows\system32\cryptsvc.dll
21:12:37.0500 3896 CryptSvc - ok
21:12:37.0531 3896 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
21:12:37.0547 3896 DcomLaunch - ok
21:12:37.0578 3896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:12:37.0578 3896 defragsvc - ok
21:12:37.0609 3896 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
21:12:37.0609 3896 DfsC - ok
21:12:37.0625 3896 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
21:12:37.0641 3896 Dhcp - ok
21:12:37.0672 3896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:12:37.0672 3896 discache - ok
21:12:37.0703 3896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:12:37.0703 3896 Disk - ok
21:12:37.0734 3896 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
21:12:37.0734 3896 Dnscache - ok
21:12:37.0781 3896 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
21:12:37.0797 3896 dot3svc - ok
21:12:37.0828 3896 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
21:12:37.0828 3896 DPS - ok
21:12:37.0859 3896 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:12:37.0859 3896 drmkaud - ok
21:12:37.0937 3896 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
21:12:37.0953 3896 DXGKrnl - ok
21:12:37.0968 3896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:12:37.0968 3896 EapHost - ok
21:12:38.0171 3896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:12:38.0202 3896 ebdrv - ok
21:12:38.0311 3896 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
21:12:38.0311 3896 EFS - ok
21:12:38.0389 3896 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
21:12:38.0389 3896 ehRecvr - ok
21:12:38.0436 3896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:12:38.0436 3896 ehSched - ok
21:12:38.0514 3896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:12:38.0530 3896 elxstor - ok
21:12:38.0545 3896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
21:12:38.0545 3896 ErrDev - ok
21:12:38.0592 3896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:12:38.0592 3896 EventSystem - ok
21:12:38.0623 3896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:12:38.0623 3896 exfat - ok
21:12:38.0655 3896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:12:38.0655 3896 fastfat - ok
21:12:38.0702 3896 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
21:12:38.0717 3896 Fax - ok
21:12:38.0733 3896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:12:38.0733 3896 fdc - ok
21:12:38.0764 3896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:12:38.0764 3896 fdPHost - ok
21:12:38.0780 3896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:12:38.0780 3896 FDResPub - ok
21:12:38.0811 3896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:12:38.0811 3896 FileInfo - ok
21:12:38.0826 3896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:12:38.0826 3896 Filetrace - ok
21:12:38.0826 3896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:12:38.0826 3896 flpydisk - ok
21:12:38.0842 3896 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
21:12:38.0842 3896 FltMgr - ok
21:12:38.0936 3896 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
21:12:38.0951 3896 FontCache - ok
21:12:38.0982 3896 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:12:38.0982 3896 FontCache3.0.0.0 - ok
21:12:39.0014 3896 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:12:39.0014 3896 FsDepends - ok
21:12:39.0060 3896 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
21:12:39.0060 3896 Fs_Rec - ok
21:12:39.0092 3896 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
21:12:39.0092 3896 fvevol - ok
21:12:39.0123 3896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:12:39.0123 3896 gagp30kx - ok
21:12:39.0154 3896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:12:39.0154 3896 GEARAspiWDM - ok
21:12:39.0216 3896 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
21:12:39.0232 3896 gpsvc - ok
21:12:39.0263 3896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:12:39.0263 3896 hcw85cir - ok
21:12:39.0294 3896 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
21:12:39.0294 3896 HdAudAddService - ok
21:12:39.0310 3896 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:12:39.0310 3896 HDAudBus - ok
21:12:39.0341 3896 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
21:12:39.0341 3896 HECIx64 - ok
21:12:39.0357 3896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:12:39.0357 3896 HidBatt - ok
21:12:39.0372 3896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:12:39.0372 3896 HidBth - ok
21:12:39.0419 3896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:12:39.0419 3896 HidIr - ok
21:12:39.0435 3896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:12:39.0435 3896 hidserv - ok
21:12:39.0466 3896 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
21:12:39.0466 3896 HidUsb - ok
21:12:39.0482 3896 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
21:12:39.0497 3896 hkmsvc - ok
21:12:39.0528 3896 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
21:12:39.0528 3896 HomeGroupListener - ok
21:12:39.0560 3896 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
21:12:39.0560 3896 HomeGroupProvider - ok
21:12:39.0591 3896 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
21:12:39.0591 3896 HpSAMD - ok
21:12:39.0653 3896 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
21:12:39.0653 3896 HTTP - ok
21:12:39.0669 3896 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
21:12:39.0669 3896 hwpolicy - ok
21:12:39.0684 3896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:12:39.0684 3896 i8042prt - ok
21:12:39.0747 3896 iaStor (5e60dd5f090ab4a563c7204c289c4650) C:\windows\system32\DRIVERS\iaStor.sys
21:12:39.0747 3896 iaStor - ok
21:12:39.0825 3896 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
21:12:39.0840 3896 iaStorV - ok
21:12:39.0918 3896 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:12:39.0918 3896 IDriverT - ok
21:12:40.0074 3896 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:12:40.0090 3896 idsvc - ok
21:12:40.0886 3896 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
21:12:41.0088 3896 igfx - ok
21:12:41.0213 3896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:12:41.0213 3896 iirsp - ok
21:12:41.0276 3896 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
21:12:41.0291 3896 IKEEXT - ok
21:12:41.0338 3896 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
21:12:41.0338 3896 Impcd - ok
21:12:41.0369 3896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
21:12:41.0369 3896 intelide - ok
21:12:41.0385 3896 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:12:41.0385 3896 intelppm - ok
21:12:41.0416 3896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:12:41.0416 3896 IPBusEnum - ok
21:12:41.0432 3896 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:12:41.0432 3896 IpFilterDriver - ok
21:12:41.0478 3896 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
21:12:41.0494 3896 iphlpsvc - ok
21:12:41.0494 3896 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
21:12:41.0494 3896 IPMIDRV - ok
21:12:41.0510 3896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:12:41.0510 3896 IPNAT - ok
21:12:41.0681 3896 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
21:12:41.0697 3896 iPod Service - ok
21:12:41.0728 3896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:12:41.0728 3896 IRENUM - ok
21:12:41.0759 3896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
21:12:41.0759 3896 isapnp - ok
21:12:41.0775 3896 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
21:12:41.0790 3896 iScsiPrt - ok
21:12:41.0822 3896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:12:41.0822 3896 kbdclass - ok
21:12:41.0853 3896 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
21:12:41.0868 3896 kbdhid - ok
21:12:41.0900 3896 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
21:12:41.0900 3896 KeyIso - ok
21:12:41.0915 3896 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
21:12:41.0915 3896 KSecDD - ok
21:12:41.0946 3896 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
21:12:41.0946 3896 KSecPkg - ok
21:12:41.0978 3896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:12:41.0978 3896 ksthunk - ok
21:12:42.0009 3896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:12:42.0024 3896 KtmRm - ok
21:12:42.0071 3896 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
21:12:42.0071 3896 L1C - ok
21:12:42.0102 3896 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
21:12:42.0102 3896 LanmanServer - ok
21:12:42.0134 3896 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
21:12:42.0134 3896 LanmanWorkstation - ok
21:12:42.0180 3896 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:12:42.0180 3896 lltdio - ok
21:12:42.0212 3896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:12:42.0227 3896 lltdsvc - ok
21:12:42.0243 3896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:12:42.0243 3896 lmhosts - ok
21:12:42.0336 3896 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:12:42.0336 3896 LMS - ok
21:12:42.0368 3896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:12:42.0383 3896 LSI_FC - ok
21:12:42.0414 3896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:12:42.0414 3896 LSI_SAS - ok
21:12:42.0430 3896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:12:42.0430 3896 LSI_SAS2 - ok
21:12:42.0430 3896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:12:42.0430 3896 LSI_SCSI - ok
21:12:42.0461 3896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:12:42.0461 3896 luafv - ok
21:12:42.0492 3896 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
21:12:42.0492 3896 Mcx2Svc - ok
21:12:42.0508 3896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:12:42.0508 3896 megasas - ok
21:12:42.0539 3896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:12:42.0539 3896 MegaSR - ok
21:12:42.0555 3896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:12:42.0570 3896 MMCSS - ok
21:12:42.0586 3896 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:12:42.0586 3896 Modem - ok
21:12:42.0602 3896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:12:42.0602 3896 monitor - ok
21:12:42.0617 3896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:12:42.0617 3896 mouclass - ok
21:12:42.0648 3896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:12:42.0648 3896 mouhid - ok
21:12:42.0680 3896 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
21:12:42.0680 3896 mountmgr - ok
21:12:42.0695 3896 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
21:12:42.0695 3896 mpio - ok
21:12:42.0711 3896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:12:42.0711 3896 mpsdrv - ok
21:12:42.0773 3896 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
21:12:42.0789 3896 MpsSvc - ok
21:12:42.0804 3896 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
21:12:42.0804 3896 MRxDAV - ok
21:12:42.0851 3896 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
21:12:42.0851 3896 mrxsmb - ok
21:12:42.0882 3896 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:12:42.0898 3896 mrxsmb10 - ok
21:12:42.0914 3896 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:12:42.0914 3896 mrxsmb20 - ok
21:12:42.0929 3896 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
21:12:42.0929 3896 msahci - ok
21:12:42.0945 3896 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
21:12:42.0945 3896 msdsm - ok
21:12:42.0976 3896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:12:42.0976 3896 MSDTC - ok
21:12:42.0992 3896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:12:42.0992 3896 Msfs - ok
21:12:43.0023 3896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:12:43.0023 3896 mshidkmdf - ok
21:12:43.0038 3896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
21:12:43.0038 3896 msisadrv - ok
21:12:43.0070 3896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:12:43.0085 3896 MSiSCSI - ok
21:12:43.0085 3896 msiserver - ok
21:12:43.0116 3896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:12:43.0116 3896 MSKSSRV - ok
21:12:43.0132 3896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:12:43.0132 3896 MSPCLOCK - ok
21:12:43.0132 3896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:12:43.0132 3896 MSPQM - ok
21:12:43.0163 3896 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
21:12:43.0163 3896 MsRPC - ok
21:12:43.0194 3896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:12:43.0194 3896 mssmbios - ok
21:12:43.0210 3896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:12:43.0210 3896 MSTEE - ok
21:12:43.0226 3896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:12:43.0226 3896 MTConfig - ok
21:12:43.0241 3896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:12:43.0241 3896 Mup - ok
21:12:43.0272 3896 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
21:12:43.0288 3896 napagent - ok
21:12:43.0335 3896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:12:43.0335 3896 NativeWifiP - ok
21:12:43.0397 3896 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
21:12:43.0413 3896 NDIS - ok
21:12:43.0428 3896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:12:43.0428 3896 NdisCap - ok
21:12:43.0444 3896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:12:43.0460 3896 NdisTapi - ok
21:12:43.0475 3896 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
21:12:43.0475 3896 Ndisuio - ok
21:12:43.0491 3896 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
21:12:43.0491 3896 NdisWan - ok
21:12:43.0506 3896 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
21:12:43.0506 3896 NDProxy - ok
21:12:43.0522 3896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:12:43.0522 3896 NetBIOS - ok
21:12:43.0538 3896 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
21:12:43.0538 3896 NetBT - ok
21:12:43.0553 3896 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
21:12:43.0569 3896 Netlogon - ok
21:12:43.0600 3896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:12:43.0600 3896 Netman - ok
21:12:43.0631 3896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:12:43.0647 3896 netprofm - ok
21:12:43.0694 3896 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:12:43.0694 3896 NetTcpPortSharing - ok
21:12:43.0740 3896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:12:43.0740 3896 nfrd960 - ok
21:12:43.0772 3896 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
21:12:43.0772 3896 NlaSvc - ok
21:12:43.0818 3896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:12:43.0818 3896 Npfs - ok
21:12:43.0834 3896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:12:43.0834 3896 nsi - ok
21:12:43.0850 3896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:12:43.0850 3896 nsiproxy - ok
21:12:43.0959 3896 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
21:12:43.0974 3896 Ntfs - ok
21:12:44.0084 3896 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:12:44.0084 3896 Null - ok
21:12:44.0115 3896 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
21:12:44.0130 3896 nvraid - ok
21:12:44.0146 3896 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
21:12:44.0146 3896 nvstor - ok
21:12:44.0177 3896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
21:12:44.0177 3896 nv_agp - ok
21:12:44.0177 3896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
21:12:44.0193 3896 ohci1394 - ok
21:12:44.0240 3896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:12:44.0240 3896 p2pimsvc - ok
21:12:44.0286 3896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:12:44.0286 3896 p2psvc - ok
21:12:44.0302 3896 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:12:44.0318 3896 Parport - ok
21:12:44.0349 3896 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
21:12:44.0349 3896 partmgr - ok
21:12:44.0364 3896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:12:44.0364 3896 PcaSvc - ok
21:12:44.0396 3896 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
21:12:44.0396 3896 pci - ok
21:12:44.0411 3896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:12:44.0411 3896 pciide - ok
21:12:44.0427 3896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:12:44.0427 3896 pcmcia - ok
21:12:44.0442 3896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:12:44.0442 3896 pcw - ok
21:12:44.0489 3896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:12:44.0489 3896 PEAUTH - ok
21:12:44.0552 3896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:12:44.0567 3896 PerfHost - ok
21:12:44.0598 3896 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
21:12:44.0598 3896 PGEffect - ok
21:12:44.0708 3896 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
21:12:44.0723 3896 pla - ok
21:12:45.0066 3896 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
21:12:45.0082 3896 PlugPlay - ok
21:12:45.0113 3896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:12:45.0129 3896 PNRPAutoReg - ok
21:12:45.0347 3896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:12:45.0347 3896 PNRPsvc - ok
21:12:45.0441 3896 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
21:12:45.0472 3896 PolicyAgent - ok
21:12:45.0644 3896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:12:45.0644 3896 Power - ok
21:12:45.0831 3896 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
21:12:45.0846 3896 PptpMiniport - ok
21:12:45.0909 3896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:12:45.0909 3896 Processor - ok
21:12:46.0080 3896 ProfSvc (97293447431311c06703368ad0f6c4be) C:\windows\system32\profsvc.dll
21:12:46.0112 3896 ProfSvc - ok
21:12:46.0143 3896 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
21:12:46.0143 3896 ProtectedStorage - ok
21:12:46.0205 3896 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
21:12:46.0221 3896 Psched - ok
21:12:46.0299 3896 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:12:46.0314 3896 QIOMem - ok
21:12:47.0032 3896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:12:47.0063 3896 ql2300 - ok
21:12:47.0469 3896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:12:47.0484 3896 ql40xx - ok
21:12:47.0562 3896 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:12:47.0578 3896 QWAVE - ok
21:12:47.0609 3896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:12:47.0609 3896 QWAVEdrv - ok
21:12:47.0656 3896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:12:47.0656 3896 RasAcd - ok
21:12:47.0718 3896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:12:47.0718 3896 RasAgileVpn - ok
21:12:47.0812 3896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:12:47.0812 3896 RasAuto - ok
21:12:47.0937 3896 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
21:12:47.0952 3896 Rasl2tp - ok
21:12:48.0046 3896 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
21:12:48.0077 3896 RasMan - ok
21:12:48.0140 3896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:12:48.0140 3896 RasPppoe - ok
21:12:48.0155 3896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:12:48.0155 3896 RasSstp - ok
21:12:48.0218 3896 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
21:12:48.0233 3896 rdbss - ok
21:12:48.0342 3896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:12:48.0342 3896 rdpbus - ok
21:12:48.0374 3896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:12:48.0374 3896 RDPCDD - ok
21:12:48.0420 3896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:12:48.0436 3896 RDPENCDD - ok
21:12:48.0452 3896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:12:48.0452 3896 RDPREFMP - ok
21:12:48.0530 3896 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\windows\system32\drivers\RDPWD.sys
21:12:48.0530 3896 RDPWD - ok
21:12:48.0654 3896 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
21:12:48.0654 3896 rdyboost - ok
21:12:48.0873 3896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:12:48.0873 3896 RemoteAccess - ok
21:12:48.0935 3896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:12:48.0935 3896 RemoteRegistry - ok
21:12:48.0998 3896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:12:49.0013 3896 RpcEptMapper - ok
21:12:49.0060 3896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:12:49.0060 3896 RpcLocator - ok
21:12:49.0497 3896 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
21:12:49.0497 3896 RpcSs - ok
21:12:49.0590 3896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:12:49.0606 3896 rspndr - ok
21:12:49.0731 3896 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
21:12:49.0731 3896 RSUSBSTOR - ok
21:12:50.0292 3896 rtl8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\windows\system32\DRIVERS\rtl8192Ce.sys
21:12:50.0292 3896 rtl8192Ce - ok
21:12:50.0308 3896 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
21:12:50.0324 3896 SamSs - ok
21:12:50.0339 3896 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
21:12:50.0355 3896 sbp2port - ok
21:12:50.0402 3896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:12:50.0417 3896 SCardSvr - ok
21:12:50.0417 3896 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
21:12:50.0417 3896 scfilter - ok
21:12:50.0542 3896 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
21:12:50.0573 3896 Schedule - ok
21:12:50.0620 3896 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
21:12:50.0620 3896 SCPolicySvc - ok
21:12:50.0636 3896 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
21:12:50.0651 3896 SDRSVC - ok
21:12:50.0729 3896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:12:50.0729 3896 secdrv - ok
21:12:50.0745 3896 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
21:12:50.0745 3896 seclogon - ok
21:12:50.0807 3896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:12:50.0807 3896 SENS - ok
21:12:50.0854 3896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:12:50.0854 3896 SensrSvc - ok
21:12:50.0885 3896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:12:50.0901 3896 Serenum - ok
21:12:50.0916 3896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:12:50.0916 3896 Serial - ok
21:12:50.0963 3896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:12:50.0963 3896 sermouse - ok
21:12:50.0994 3896 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
21:12:50.0994 3896 SessionEnv - ok
21:12:51.0026 3896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
21:12:51.0026 3896 sffdisk - ok
21:12:51.0041 3896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
21:12:51.0041 3896 sffp_mmc - ok
21:12:51.0041 3896 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
21:12:51.0041 3896 sffp_sd - ok
21:12:51.0057 3896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:12:51.0057 3896 sfloppy - ok
21:12:51.0150 3896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:12:51.0150 3896 SharedAccess - ok
21:12:51.0197 3896 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
21:12:51.0197 3896 ShellHWDetection - ok
21:12:51.0228 3896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:12:51.0228 3896 SiSRaid2 - ok
21:12:51.0244 3896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:12:51.0244 3896 SiSRaid4 - ok
21:12:51.0275 3896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:12:51.0275 3896 Smb - ok
21:12:51.0291 3896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:12:51.0291 3896 SNMPTRAP - ok
21:12:51.0306 3896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:12:51.0306 3896 spldr - ok
21:12:51.0384 3896 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
21:12:51.0384 3896 Spooler - ok
21:12:51.0603 3896 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
21:12:51.0650 3896 sppsvc - ok
21:12:51.0743 3896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:12:51.0743 3896 sppuinotify - ok
21:12:51.0852 3896 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
21:12:51.0852 3896 srv - ok
21:12:51.0884 3896 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
21:12:51.0884 3896 srv2 - ok
21:12:51.0977 3896 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:12:51.0977 3896 SrvHsfHDA - ok
21:12:52.0118 3896 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:12:52.0133 3896 SrvHsfV92 - ok
21:12:52.0289 3896 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:12:52.0289 3896 SrvHsfWinac - ok
21:12:52.0320 3896 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
21:12:52.0336 3896 srvnet - ok
21:12:52.0367 3896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:12:52.0367 3896 SSDPSRV - ok
21:12:52.0383 3896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:12:52.0383 3896 SstpSvc - ok
21:12:52.0414 3896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:12:52.0414 3896 stexstor - ok
21:12:52.0586 3896 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
21:12:52.0617 3896 stisvc - ok
21:12:52.0664 3896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:12:52.0664 3896 swenum - ok
21:12:52.0726 3896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:12:52.0742 3896 swprv - ok
21:12:52.0866 3896 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
21:12:52.0866 3896 SynTP - ok
21:12:53.0444 3896 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
21:12:53.0475 3896 SysMain - ok
21:12:53.0568 3896 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
21:12:53.0568 3896 TabletInputService - ok
21:12:53.0584 3896 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
21:12:53.0600 3896 TapiSrv - ok
21:12:53.0600 3896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:12:53.0615 3896 TBS - ok
21:12:53.0787 3896 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
21:12:53.0834 3896 Tcpip - ok
21:12:54.0177 3896 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
21:12:54.0192 3896 TCPIP6 - ok
21:12:54.0302 3896 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
21:12:54.0302 3896 tcpipreg - ok
21:12:54.0364 3896 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:12:54.0364 3896 tdcmdpst - ok
21:12:54.0380 3896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:12:54.0380 3896 TDPIPE - ok
21:12:54.0411 3896 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
21:12:54.0426 3896 TDTCP - ok
21:12:54.0442 3896 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
21:12:54.0442 3896 tdx - ok
21:12:54.0473 3896 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
21:12:54.0473 3896 TermDD - ok
21:12:54.0536 3896 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
21:12:54.0536 3896 TermService - ok
21:12:54.0551 3896 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:12:54.0551 3896 Themes - ok
21:12:54.0567 3896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:12:54.0567 3896 THREADORDER - ok
21:12:54.0645 3896 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:12:54.0645 3896 TMachInfo - ok
21:12:54.0676 3896 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
21:12:54.0676 3896 TODDSrv - ok
21:12:54.0754 3896 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:12:54.0754 3896 TosCoSrv - ok
21:12:54.0801 3896 TOSHIBA eco Utility Service (bae96ad126f4eed4d361b092ba2e61fe) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:12:54.0816 3896 TOSHIBA eco Utility Service - ok
21:12:54.0879 3896 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:12:54.0879 3896 TOSHIBA HDD SSD Alert Service - ok
21:12:55.0082 3896 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:12:55.0128 3896 TPCHSrv - ok
21:12:55.0300 3896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:12:55.0316 3896 TrkWks - ok
21:12:55.0425 3896 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
21:12:55.0425 3896 TrustedInstaller - ok
21:12:55.0503 3896 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
21:12:55.0503 3896 tssecsrv - ok
21:12:55.0565 3896 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
21:12:55.0581 3896 tunnel - ok
21:12:55.0612 3896 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:12:55.0612 3896 TVALZ - ok
21:12:55.0643 3896 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:12:55.0643 3896 TVALZFL - ok
21:12:55.0659 3896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:12:55.0659 3896 uagp35 - ok
21:12:55.0721 3896 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
21:12:55.0721 3896 udfs - ok
21:12:55.0768 3896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:12:55.0768 3896 UI0Detect - ok
21:12:55.0830 3896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
21:12:55.0830 3896 uliagpkx - ok
21:12:55.0908 3896 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
21:12:55.0924 3896 umbus - ok
21:12:55.0924 3896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:12:55.0940 3896 UmPass - ok
21:12:56.0423 3896 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:12:56.0486 3896 UNS - ok
21:12:56.0595 3896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:12:56.0610 3896 upnphost - ok
21:12:56.0657 3896 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
21:12:56.0673 3896 USBAAPL64 - ok
21:12:56.0688 3896 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
21:12:56.0688 3896 usbccgp - ok
21:12:56.0720 3896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
21:12:56.0735 3896 usbcir - ok
21:12:56.0751 3896 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
21:12:56.0751 3896 usbehci - ok
21:12:56.0782 3896 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
21:12:56.0782 3896 usbhub - ok
21:12:56.0798 3896 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
21:12:56.0798 3896 usbohci - ok
21:12:56.0813 3896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:12:56.0813 3896 usbprint - ok
21:12:56.0844 3896 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:12:56.0844 3896 usbscan - ok
21:12:56.0876 3896 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:12:56.0876 3896 USBSTOR - ok
21:12:56.0891 3896 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
21:12:56.0891 3896 usbuhci - ok
21:12:56.0938 3896 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
21:12:56.0954 3896 usbvideo - ok
21:12:56.0969 3896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:12:56.0969 3896 UxSms - ok
21:12:57.0000 3896 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
21:12:57.0000 3896 VaultSvc - ok
21:12:57.0016 3896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
21:12:57.0016 3896 vdrvroot - ok
21:12:57.0063 3896 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
21:12:57.0063 3896 vds - ok
21:12:57.0078 3896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:12:57.0094 3896 vga - ok
21:12:57.0110 3896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:12:57.0110 3896 VgaSave - ok
21:12:57.0125 3896 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
21:12:57.0141 3896 vhdmp - ok
21:12:57.0141 3896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
21:12:57.0141 3896 viaide - ok
21:12:57.0172 3896 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
21:12:57.0172 3896 volmgr - ok
21:12:57.0203 3896 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
21:12:57.0203 3896 volmgrx - ok
21:12:57.0234 3896 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
21:12:57.0234 3896 volsnap - ok
21:12:57.0250 3896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:12:57.0250 3896 vsmraid - ok
21:12:57.0406 3896 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
21:12:57.0422 3896 VSS - ok
21:12:57.0593 3896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:12:57.0609 3896 vwifibus - ok
21:12:57.0624 3896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:12:57.0624 3896 vwififlt - ok
21:12:57.0687 3896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:12:57.0687 3896 W32Time - ok
21:12:57.0734 3896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:12:57.0734 3896 WacomPen - ok
21:12:57.0765 3896 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:12:57.0765 3896 WANARP - ok
21:12:57.0765 3896 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
21:12:57.0765 3896 Wanarpv6 - ok
21:12:57.0968 3896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:12:58.0014 3896 WatAdminSvc - ok
21:12:58.0108 3896 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
21:12:58.0139 3896 wbengine - ok
21:12:58.0280 3896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:12:58.0295 3896 WbioSrvc - ok
21:12:58.0342 3896 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
21:12:58.0342 3896 wcncsvc - ok
21:12:58.0358 3896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:12:58.0373 3896 WcsPlugInService - ok
21:12:58.0436 3896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:12:58.0436 3896 Wd - ok
21:12:58.0482 3896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:12:58.0482 3896 Wdf01000 - ok
21:12:58.0514 3896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:12:58.0514 3896 WdiServiceHost - ok
21:12:58.0529 3896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:12:58.0529 3896 WdiSystemHost - ok
21:12:58.0560 3896 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
21:12:58.0560 3896 WebClient - ok
21:12:58.0592 3896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:12:58.0592 3896 Wecsvc - ok
21:12:58.0607 3896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:12:58.0607 3896 wercplsupport - ok
21:12:58.0638 3896 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:12:58.0638 3896 WerSvc - ok
21:12:58.0701 3896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:12:58.0701 3896 WfpLwf - ok
21:12:58.0716 3896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:12:58.0716 3896 WIMMount - ok
21:12:58.0732 3896 WinDefend - ok
21:12:58.0748 3896 WinHttpAutoProxySvc - ok
21:12:58.0810 3896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:12:58.0810 3896 Winmgmt - ok
21:12:58.0935 3896 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
21:12:58.0966 3896 WinRM - ok
21:12:59.0075 3896 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
21:12:59.0075 3896 WinUsb - ok
21:12:59.0153 3896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:12:59.0169 3896 Wlansvc - ok
21:12:59.0200 3896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:12:59.0200 3896 WmiAcpi - ok
21:12:59.0247 3896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:12:59.0247 3896 wmiApSrv - ok
21:12:59.0278 3896 WMPNetworkSvc - ok
21:12:59.0309 3896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:12:59.0309 3896 WPCSvc - ok
21:12:59.0325 3896 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
21:12:59.0325 3896 WPDBusEnum - ok
21:12:59.0340 3896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:12:59.0340 3896 ws2ifsl - ok
21:12:59.0372 3896 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
21:12:59.0372 3896 wscsvc - ok
21:12:59.0372 3896 WSearch - ok
21:12:59.0528 3896 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
21:12:59.0559 3896 wuauserv - ok
21:12:59.0668 3896 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
21:12:59.0668 3896 WudfPf - ok
21:12:59.0699 3896 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
21:12:59.0699 3896 WUDFRd - ok
21:12:59.0730 3896 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
21:12:59.0730 3896 wudfsvc - ok
21:12:59.0762 3896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:12:59.0762 3896 WwanSvc - ok
21:12:59.0777 3896 MBR (0x1B8) (d7a7c9205bebb7d6f7cea6dc292b698b) \Device\Harddisk0\DR0
21:12:59.0808 3896 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
21:12:59.0808 3896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
21:12:59.0840 3896 Boot (0x1200) (699bee59c9d2b66cd984bb76c3920804) \Device\Harddisk0\DR0\Partition0
21:12:59.0840 3896 \Device\Harddisk0\DR0\Partition0 - ok
21:12:59.0855 3896 ============================================================
21:12:59.0855 3896 Scan finished
21:12:59.0855 3896 ============================================================
21:12:59.0855 0604 Detected object count: 1
21:12:59.0855 0604 Actual detected object count: 1
21:14:26.0462 0604 \Device\Harddisk0\DR0\# - copied to quarantine
21:14:26.0462 0604 \Device\Harddisk0\DR0 - copied to quarantine
21:14:26.0552 0604 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
21:14:26.0552 0604 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
21:14:26.0552 0604 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
21:14:26.0552 0604 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
21:14:26.0562 0604 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:14:26.0602 0604 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:14:26.0612 0604 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:14:26.0612 0604 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:14:26.0612 0604 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
21:14:26.0612 0604 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
21:14:26.0622 0604 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
21:14:26.0622 0604 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
21:14:26.0632 0604 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
21:14:26.0693 0604 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
21:14:26.0756 0604 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
21:14:26.0834 0604 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
21:14:26.0927 0604 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
21:14:26.0990 0604 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
21:14:27.0988 0604 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
21:14:28.0035 0604 \Device\Harddisk0\DR0 - processing error
01:31:16.0875 0604 \Device\Harddisk0\DR0 - will be restored on reboot
01:31:17.0015 0604 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
01:31:26.0456 3272 Deinitialize success



aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-23 01:36:09
-----------------------------
01:36:09.146 OS Version: Windows x64 6.1.7600
01:36:09.146 Number of processors: 2 586 0x2505
01:36:09.146 ComputerName: TOSHIBA-SATELLI UserName: Toshiba
01:36:09.832 Initialize success
01:36:58.381 AVAST engine defs: 12062201
01:37:06.274 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
01:37:06.274 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
01:37:06.274 Disk 0 MBR read successfully
01:37:06.290 Disk 0 MBR scan
01:37:06.290 Disk 0 Windows XP default MBR code
01:37:06.290 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
01:37:06.306 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 293177 MB offset 3074048
01:37:06.352 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10567 MB offset 603500544
01:37:06.384 Disk 0 scanning C:\windows\system32\drivers
01:37:14.886 Service scanning
01:37:18.333 Service axsnmsvc C:\windows\system32\gazozwma.dll **INFECTED** Win32:Malware-gen
01:37:40.048 Modules scanning
01:37:40.048 Disk 0 trace - called modules:
01:37:40.594 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
01:37:40.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800330e060]
01:37:40.610 3 CLASSPNP.SYS[fffff88001b0643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031ab050]
01:37:42.139 AVAST engine scan C:\windows
01:37:44.510 AVAST engine scan C:\windows\system32
01:38:03.027 File: C:\windows\system32\gazozwma.dll **INFECTED** Win32:Malware-gen
01:39:24.397 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:39:26.035 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
01:41:05.516 File: C:\windows\assembly\tmp\80000000.sys **INFECTED** Win32:Malware-gen
01:41:05.548 File: C:\windows\assembly\tmp\800000c0.sys **INFECTED** Win32:Sirefef-PL [Rtk]
01:41:09.401 AVAST engine scan C:\windows\system32\drivers
01:41:26.951 AVAST engine scan C:\Users\Toshiba
01:43:33.140 AVAST engine scan C:\ProgramData
01:43:55.994 Scan finished successfully
01:51:53.767 Disk 0 MBR has been saved successfully to "E:\VirusRemoval\New folder\MBR.dat"
01:51:53.783 The log file has been saved successfully to "E:\VirusRemoval\New folder\Attach.txt"
01:52:06.818 Disk 0 MBR has been saved successfully to "E:\VirusRemoval\New folder\MBR.dat"
01:52:06.834 The log file has been saved successfully to "E:\VirusRemoval\New folder\aswMBR.txt"

EDIT 2:

I installed Avast! Antivirus Free. It detected a virus which I moved to the vault. It asked me if I wanted to do a boot scan. I said yes. Computer restarted, Avast scanned before windows loaded. It detected quite a bit of files that were infected with Win32:Sirefef-PL [Rtk] and win32:Downloader-MIN [Trj]. I moved them to the chest, but then it says, "File C:\Windows\erdnt\Hiv-backup\SOFTWARE is infected by win32:Downloader-MIN [Trj]". It says "File is in windows folder, are you sure?" (referring to whether or not the file should be moved to the "chest")

Should I move this file to the Chest? Or would it do more harm than good?

Edited by copperhead4750, 23 June 2012 - 02:54 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 23 June 2012 - 07:47 AM

Greetings

I need you to rerun these again, I need you to follow the instructions listed - I know you are in a hurry to get the computer back to normal but doing thing that are not in the instructions(like clicking "fix" when nowhere in the instructions it says to click "fix") can get the computer in a very bad state

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 26 June 2012 - 12:20 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 26 June 2012 - 12:20 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 29 June 2012 - 08:39 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:00 AM

Posted 01 July 2012 - 11:30 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users