Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with Rootkit AccessZero


  • This topic is locked This topic is locked
11 replies to this topic

#1 hooyman04

hooyman04

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 12 July 2012 - 12:10 PM

Link to previously started topic: http://www.bleepingcomputer.com/forums/topic460224.html/page__view__findpost__p__2760015__fromsearch__1

Windows 7, Service Pack 1
Intel Core 2 Duo 2.20GHz
4GB RAM
64 bit OS

Basically was told I was infected with the ZeroAccess Rootkit.

Avg had the following messages:

File name: c:\Windows\System32\services.exe

Threat name: Trojan horse Dropper.Generic_c.MMI

File name: c:\Windows\assembly\GAC_64\Desktop.ini

Threat name: Trojan horse Generic28.ANIC


Ran Anti-Malware per Broni

Below are the logs I was told to publish after running dds :
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Tony Hooyman at 11:59:09 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2172 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\VistaSwitcher\vswitch64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Tony Hooyman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Tony Hooyman\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14196
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch64.exe" /startup
uRun: [EPSON NX125 NX127 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGGA.EXE /FU "C:\windows\TEMP\E_SA7EA.tmp" /EF "HKCU"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Tony Hooyman\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Spotify Web Helper] "C:\Users\Tony Hooyman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\TONYHO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tony Hooyman\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - C:\Program Files (x86)\Evernote\Evernote3\enbar.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436} : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\2375942554931353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\32775616275616775637F6D65697F6577796C6C6D69637375737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\4454D405E4544575F425B4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\642494F5355727675696C6C616E63656F5439373F563 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\84961212 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FE6CC25A-E52B-4D00-8078-3005D9679436}\D696373797375736B6372616C6C637 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tony Hooyman\AppData\Roaming\Mozilla\Firefox\Profiles\u8nntmso.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - thechive.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B7c437570-5600-47ae-b938-4e99b960e912%7D&mid=c2e07c5a66add552fc4b77083314219e-64ee8ed9f03220567f9846a27dfb237902e95ea5&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-05-14%2013%3A14%3A53&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Tony Hooyman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tony Hooyman\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-11 913792]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2010-8-2 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2010-8-2 128512]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\windows\system32\DRIVERS\LEqdUsb.Sys --> C:\windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\windows\system32\DRIVERS\LHidEqd.Sys --> C:\windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-9-14 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-24 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-10 250056]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-25 135664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1402272]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17440]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-3-31 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\system32\DRIVERS\ssadbus.sys --> C:\windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\system32\DRIVERS\ssadmdfl.sys --> C:\windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\system32\DRIVERS\ssadmdm.sys --> C:\windows\system32\DRIVERS\ssadmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-12 13:07:30 -------- d-----w- C:\Users\Tony Hooyman\AppData\Roaming\Malwarebytes
2012-07-12 13:06:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-12 13:06:41 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-12 13:06:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-11 08:06:29 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 06:18:29 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-07-11 06:18:29 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-07-11 06:18:29 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-07-11 06:18:29 340992 ----a-w- C:\windows\System32\schannel.dll
2012-07-11 06:18:29 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-07-11 06:18:29 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-07-11 06:18:29 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-07-11 06:18:29 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-07-11 06:18:29 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-07-11 05:09:15 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-07-11 05:09:13 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-07-11 05:09:12 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-07-11 05:09:08 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2012-07-11 05:09:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2012-07-11 05:09:08 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-07-11 00:08:46 -------- d-----w- C:\Users\Tony Hooyman\AppData\Local\Macromedia
2012-07-10 23:14:20 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-05 21:26:10 -------- d-----w- C:\windows\System32\SPReview
2012-06-22 15:37:11 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 15:36:36 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 15:36:02 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 15:36:02 186752 ----a-w- C:\windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-12 06:00:22 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-05 21:36:37 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-07-05 21:36:36 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-23 00:41:50 18960 ----a-w- C:\windows\System32\drivers\LNonPnP.sys
2012-04-20 03:45:41 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-04-19 09:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
.
============= FINISH: 12:02:38.70 ===============


Thanks!

Edited by hooyman04, 12 July 2012 - 05:01 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 13 July 2012 - 12:28 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hooyman04

hooyman04
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 13 July 2012 - 01:50 PM

results of checkup:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Watch Live! Anti-Virus
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.62.0.1300
Wise Disk Cleaner 4.82
Wise Registry Cleaner 4 Free 4.84
JavaFX 2.1.0
Java™ 6 Update 30
Java™ 7 Update 4
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 hooyman04

hooyman04
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 13 July 2012 - 01:59 PM

I have run combofix a few times according to your directions, and it runs, but then shuts down and doesnt produce any logs. I caught a quick glimpse of a screen that flashed something about 'incompatible os'

however, everything seems to be running smoothly.. the google redirects are gone, and I havent seen any notifications from avg recently but still have avg notifications

Edited by hooyman04, 13 July 2012 - 03:41 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 13 July 2012 - 02:58 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Edited by gringo_pr, 13 July 2012 - 03:16 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 13 July 2012 - 03:16 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 hooyman04

hooyman04
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 13 July 2012 - 03:55 PM

Results of tdsskiller:

15:48:31.0446 4160 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:48:32.0388 4160 ============================================================
15:48:32.0388 4160 Current date / time: 2012/07/13 15:48:32.0388
15:48:32.0388 4160 SystemInfo:
15:48:32.0388 4160
15:48:32.0389 4160 OS Version: 6.1.7601 ServicePack: 1.0
15:48:32.0389 4160 Product type: Workstation
15:48:32.0389 4160 ComputerName: TONYHOOYMAN
15:48:32.0389 4160 UserName: Tony Hooyman
15:48:32.0389 4160 Windows directory: C:\windows
15:48:32.0389 4160 System windows directory: C:\windows
15:48:32.0389 4160 Running under WOW64
15:48:32.0389 4160 Processor architecture: Intel x64
15:48:32.0389 4160 Number of processors: 2
15:48:32.0389 4160 Page size: 0x1000
15:48:32.0389 4160 Boot type: Normal boot
15:48:32.0389 4160 ============================================================
15:48:32.0840 4160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:48:32.0845 4160 Drive \Device\Harddisk1\DR1 - Size: 0x79AE1200 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:48:32.0847 4160 ============================================================
15:48:32.0847 4160 \Device\Harddisk0\DR0:
15:48:32.0847 4160 MBR partitions:
15:48:32.0847 4160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B3B800
15:48:32.0847 4160 \Device\Harddisk1\DR1:
15:48:32.0848 4160 MBR partitions:
15:48:32.0848 4160 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0xF7, BlocksNum 0x3CD709
15:48:32.0848 4160 ============================================================
15:48:32.0880 4160 C: <-> \Device\Harddisk0\DR0\Partition0
15:48:32.0880 4160 ============================================================
15:48:32.0880 4160 Initialize success
15:48:32.0881 4160 ============================================================
15:48:35.0052 2380 ============================================================
15:48:35.0052 2380 Scan started
15:48:35.0052 2380 Mode: Manual;
15:48:35.0052 2380 ============================================================
15:48:38.0084 2380 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:48:38.0088 2380 1394ohci - ok
15:48:38.0197 2380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:48:38.0202 2380 ACPI - ok
15:48:38.0278 2380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:48:38.0279 2380 AcpiPmi - ok
15:48:38.0735 2380 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:48:38.0753 2380 AdobeFlashPlayerUpdateSvc - ok
15:48:38.0990 2380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
15:48:39.0024 2380 adp94xx - ok
15:48:39.0086 2380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
15:48:39.0091 2380 adpahci - ok
15:48:39.0160 2380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
15:48:39.0164 2380 adpu320 - ok
15:48:39.0367 2380 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
15:48:39.0373 2380 AdvancedSystemCareService5 - ok
15:48:39.0407 2380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:48:39.0408 2380 AeLookupSvc - ok
15:48:39.0481 2380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:48:39.0487 2380 AFD - ok
15:48:39.0547 2380 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
15:48:39.0563 2380 AgereSoftModem - ok
15:48:39.0628 2380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:48:39.0630 2380 agp440 - ok
15:48:39.0672 2380 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:48:39.0674 2380 ALG - ok
15:48:39.0743 2380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:48:39.0744 2380 aliide - ok
15:48:39.0752 2380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:48:39.0754 2380 amdide - ok
15:48:39.0795 2380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
15:48:39.0797 2380 AmdK8 - ok
15:48:39.0814 2380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
15:48:39.0815 2380 AmdPPM - ok
15:48:39.0878 2380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:48:39.0880 2380 amdsata - ok
15:48:39.0919 2380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
15:48:39.0922 2380 amdsbs - ok
15:48:39.0945 2380 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:48:39.0946 2380 amdxata - ok
15:48:40.0016 2380 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:48:40.0018 2380 AppID - ok
15:48:40.0044 2380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:48:40.0046 2380 AppIDSvc - ok
15:48:40.0116 2380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:48:40.0117 2380 Appinfo - ok
15:48:40.0188 2380 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:48:40.0190 2380 Apple Mobile Device - ok
15:48:40.0262 2380 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
15:48:40.0265 2380 arc - ok
15:48:40.0274 2380 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
15:48:40.0276 2380 arcsas - ok
15:48:40.0309 2380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:48:40.0310 2380 AsyncMac - ok
15:48:40.0373 2380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:48:40.0374 2380 atapi - ok
15:48:40.0492 2380 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
15:48:40.0507 2380 athr - ok
15:48:40.0651 2380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:48:40.0658 2380 AudioEndpointBuilder - ok
15:48:40.0667 2380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:48:40.0671 2380 AudioSrv - ok
15:48:41.0061 2380 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
15:48:41.0177 2380 AVGIDSAgent - ok
15:48:41.0328 2380 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
15:48:41.0331 2380 AVGIDSDriver - ok
15:48:41.0410 2380 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
15:48:41.0412 2380 AVGIDSFilter - ok
15:48:41.0498 2380 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
15:48:41.0500 2380 AVGIDSHA - ok
15:48:41.0579 2380 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
15:48:41.0584 2380 Avgldx64 - ok
15:48:41.0652 2380 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
15:48:41.0661 2380 Avgmfx64 - ok
15:48:41.0742 2380 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
15:48:41.0743 2380 Avgrkx64 - ok
15:48:41.0820 2380 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
15:48:41.0825 2380 Avgtdia - ok
15:48:41.0977 2380 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
15:48:41.0979 2380 avgwd - ok
15:48:42.0060 2380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:48:42.0062 2380 AxInstSV - ok
15:48:42.0105 2380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
15:48:42.0111 2380 b06bdrv - ok
15:48:42.0142 2380 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:48:42.0146 2380 b57nd60a - ok
15:48:42.0177 2380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:48:42.0179 2380 BDESVC - ok
15:48:42.0209 2380 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:48:42.0210 2380 Beep - ok
15:48:42.0365 2380 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:48:42.0374 2380 BFE - ok
15:48:42.0423 2380 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
15:48:42.0445 2380 BITS - ok
15:48:42.0499 2380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:48:42.0501 2380 blbdrive - ok
15:48:42.0649 2380 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
15:48:42.0653 2380 Bonjour Service - ok
15:48:42.0710 2380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:48:42.0711 2380 bowser - ok
15:48:42.0748 2380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:48:42.0749 2380 BrFiltLo - ok
15:48:42.0768 2380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:48:42.0769 2380 BrFiltUp - ok
15:48:42.0786 2380 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
15:48:42.0787 2380 BridgeMP - ok
15:48:42.0866 2380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:48:42.0868 2380 Browser - ok
15:48:42.0903 2380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:48:42.0907 2380 Brserid - ok
15:48:42.0950 2380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:48:42.0952 2380 BrSerWdm - ok
15:48:42.0956 2380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:48:42.0960 2380 BrUsbMdm - ok
15:48:42.0982 2380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:48:42.0983 2380 BrUsbSer - ok
15:48:43.0053 2380 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
15:48:43.0054 2380 BthEnum - ok
15:48:43.0099 2380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
15:48:43.0100 2380 BTHMODEM - ok
15:48:43.0136 2380 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
15:48:43.0138 2380 BthPan - ok
15:48:43.0249 2380 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
15:48:43.0258 2380 BTHPORT - ok
15:48:43.0310 2380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:48:43.0312 2380 bthserv - ok
15:48:43.0352 2380 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
15:48:43.0355 2380 BTHUSB - ok
15:48:43.0381 2380 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:48:43.0383 2380 cdfs - ok
15:48:43.0450 2380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
15:48:43.0456 2380 cdrom - ok
15:48:43.0516 2380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:48:43.0518 2380 CertPropSvc - ok
15:48:43.0620 2380 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
15:48:43.0636 2380 cfWiMAXService - ok
15:48:43.0681 2380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
15:48:43.0683 2380 circlass - ok
15:48:43.0723 2380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:48:43.0728 2380 CLFS - ok
15:48:43.0792 2380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:48:43.0795 2380 clr_optimization_v2.0.50727_32 - ok
15:48:43.0852 2380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:48:43.0855 2380 clr_optimization_v2.0.50727_64 - ok
15:48:43.0982 2380 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:48:43.0985 2380 clr_optimization_v4.0.30319_32 - ok
15:48:44.0011 2380 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:48:44.0015 2380 clr_optimization_v4.0.30319_64 - ok
15:48:44.0043 2380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:48:44.0045 2380 CmBatt - ok
15:48:44.0094 2380 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:48:44.0095 2380 cmdide - ok
15:48:44.0158 2380 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
15:48:44.0164 2380 CNG - ok
15:48:44.0210 2380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
15:48:44.0212 2380 Compbatt - ok
15:48:44.0269 2380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
15:48:44.0273 2380 CompositeBus - ok
15:48:44.0286 2380 COMSysApp - ok
15:48:44.0396 2380 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
15:48:44.0397 2380 ConfigFree Gadget Service - ok
15:48:44.0441 2380 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
15:48:44.0442 2380 ConfigFree Service - ok
15:48:44.0468 2380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
15:48:44.0471 2380 crcdisk - ok
15:48:44.0558 2380 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
15:48:44.0573 2380 CryptSvc - ok
15:48:44.0669 2380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:48:44.0677 2380 DcomLaunch - ok
15:48:44.0724 2380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:48:44.0730 2380 defragsvc - ok
15:48:44.0798 2380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:48:44.0801 2380 DfsC - ok
15:48:44.0898 2380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:48:44.0903 2380 Dhcp - ok
15:48:44.0935 2380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:48:44.0937 2380 discache - ok
15:48:44.0967 2380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
15:48:44.0969 2380 Disk - ok
15:48:45.0044 2380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:48:45.0048 2380 Dnscache - ok
15:48:45.0117 2380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:48:45.0121 2380 dot3svc - ok
15:48:45.0185 2380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:48:45.0188 2380 DPS - ok
15:48:45.0220 2380 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:48:45.0221 2380 drmkaud - ok
15:48:45.0331 2380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:48:45.0343 2380 DXGKrnl - ok
15:48:45.0382 2380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:48:45.0384 2380 EapHost - ok
15:48:45.0524 2380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
15:48:45.0599 2380 ebdrv - ok
15:48:45.0736 2380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:48:45.0738 2380 EFS - ok
15:48:45.0841 2380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:48:45.0851 2380 ehRecvr - ok
15:48:45.0883 2380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:48:45.0885 2380 ehSched - ok
15:48:45.0966 2380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
15:48:45.0973 2380 elxstor - ok
15:48:46.0078 2380 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
15:48:46.0080 2380 EPSON_EB_RPCV4_04 - ok
15:48:46.0100 2380 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
15:48:46.0102 2380 EPSON_PM_RPCV4_04 - ok
15:48:46.0158 2380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:48:46.0159 2380 ErrDev - ok
15:48:46.0208 2380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:48:46.0214 2380 EventSystem - ok
15:48:46.0251 2380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:48:46.0257 2380 exfat - ok
15:48:46.0292 2380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:48:46.0297 2380 fastfat - ok
15:48:46.0407 2380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:48:46.0416 2380 Fax - ok
15:48:46.0462 2380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
15:48:46.0464 2380 fdc - ok
15:48:46.0521 2380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:48:46.0523 2380 fdPHost - ok
15:48:46.0533 2380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:48:46.0534 2380 FDResPub - ok
15:48:46.0554 2380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:48:46.0556 2380 FileInfo - ok
15:48:46.0580 2380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:48:46.0581 2380 Filetrace - ok
15:48:46.0632 2380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
15:48:46.0634 2380 flpydisk - ok
15:48:46.0700 2380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:48:46.0705 2380 FltMgr - ok
15:48:46.0799 2380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:48:46.0812 2380 FontCache - ok
15:48:46.0913 2380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:48:46.0915 2380 FontCache3.0.0.0 - ok
15:48:46.0963 2380 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:48:46.0964 2380 FsDepends - ok
15:48:47.0047 2380 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
15:48:47.0049 2380 fssfltr - ok
15:48:47.0220 2380 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:48:47.0237 2380 fsssvc - ok
15:48:47.0375 2380 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
15:48:47.0377 2380 Fs_Rec - ok
15:48:47.0458 2380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:48:47.0462 2380 fvevol - ok
15:48:47.0492 2380 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
15:48:47.0497 2380 FwLnk - ok
15:48:47.0555 2380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
15:48:47.0561 2380 gagp30kx - ok
15:48:47.0583 2380 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:48:47.0584 2380 GEARAspiWDM - ok
15:48:47.0661 2380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:48:47.0670 2380 gpsvc - ok
15:48:47.0806 2380 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:47.0809 2380 gupdate - ok
15:48:47.0835 2380 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:48:47.0838 2380 gupdatem - ok
15:48:47.0879 2380 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:48:47.0882 2380 gusvc - ok
15:48:47.0923 2380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:48:47.0925 2380 hcw85cir - ok
15:48:48.0012 2380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:48:48.0017 2380 HdAudAddService - ok
15:48:48.0063 2380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
15:48:48.0072 2380 HDAudBus - ok
15:48:48.0110 2380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
15:48:48.0116 2380 HidBatt - ok
15:48:48.0134 2380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
15:48:48.0137 2380 HidBth - ok
15:48:48.0149 2380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
15:48:48.0151 2380 HidIr - ok
15:48:48.0177 2380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
15:48:48.0179 2380 hidserv - ok
15:48:48.0262 2380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
15:48:48.0299 2380 HidUsb - ok
15:48:48.0360 2380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:48:48.0363 2380 hkmsvc - ok
15:48:48.0452 2380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:48:48.0456 2380 HomeGroupListener - ok
15:48:48.0526 2380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:48:48.0530 2380 HomeGroupProvider - ok
15:48:48.0600 2380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:48:48.0602 2380 HpSAMD - ok
15:48:48.0749 2380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:48:48.0759 2380 HTTP - ok
15:48:48.0818 2380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:48:48.0819 2380 hwpolicy - ok
15:48:48.0877 2380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
15:48:48.0880 2380 i8042prt - ok
15:48:48.0930 2380 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
15:48:48.0933 2380 iaStor - ok
15:48:49.0034 2380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:48:49.0040 2380 iaStorV - ok
15:48:49.0185 2380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:48:49.0195 2380 idsvc - ok
15:48:49.0781 2380 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
15:48:49.0927 2380 igfx - ok
15:48:50.0049 2380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
15:48:50.0051 2380 iirsp - ok
15:48:50.0155 2380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:48:50.0165 2380 IKEEXT - ok
15:48:50.0177 2380 InCDfs - ok
15:48:50.0183 2380 InCDPass - ok
15:48:50.0193 2380 InCDrec - ok
15:48:50.0429 2380 InCDsrv (34b460c0a5fd59e3cb1f4339af2d8b67) C:\Program Files (x86)\Ahead\InCD\InCDsrv.exe
15:48:50.0446 2380 InCDsrv - ok
15:48:50.0660 2380 IntcAzAudAddService (3edd3ce185da3e6aaec22adcfd7b1d54) C:\windows\system32\drivers\RTKVHD64.sys
15:48:50.0728 2380 IntcAzAudAddService - ok
15:48:50.0868 2380 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\windows\system32\drivers\IntcHdmi.sys
15:48:50.0871 2380 IntcHdmiAddService - ok
15:48:50.0923 2380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:48:50.0924 2380 intelide - ok
15:48:50.0966 2380 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:48:50.0968 2380 intelppm - ok
15:48:51.0149 2380 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:48:51.0150 2380 IntuitUpdateServiceV4 - ok
15:48:51.0182 2380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:48:51.0186 2380 IPBusEnum - ok
15:48:51.0255 2380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:48:51.0256 2380 IpFilterDriver - ok
15:48:51.0301 2380 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:48:51.0309 2380 iphlpsvc - ok
15:48:51.0360 2380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:48:51.0362 2380 IPMIDRV - ok
15:48:51.0415 2380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:48:51.0417 2380 IPNAT - ok
15:48:51.0511 2380 iPod Service (3151d878bb16307ef2cf4cda2463d15e) C:\Program Files\iPod\bin\iPodService.exe
15:48:51.0523 2380 iPod Service - ok
15:48:51.0561 2380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:48:51.0563 2380 IRENUM - ok
15:48:51.0626 2380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:48:51.0627 2380 isapnp - ok
15:48:51.0654 2380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:48:51.0659 2380 iScsiPrt - ok
15:48:51.0685 2380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
15:48:51.0783 2380 kbdclass - ok
15:48:51.0864 2380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
15:48:51.0865 2380 kbdhid - ok
15:48:51.0925 2380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:48:51.0927 2380 KeyIso - ok
15:48:51.0982 2380 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
15:48:51.0984 2380 KSecDD - ok
15:48:52.0044 2380 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
15:48:52.0047 2380 KSecPkg - ok
15:48:52.0073 2380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:48:52.0075 2380 ksthunk - ok
15:48:52.0124 2380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:48:52.0131 2380 KtmRm - ok
15:48:52.0208 2380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
15:48:52.0213 2380 LanmanServer - ok
15:48:52.0267 2380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:48:52.0272 2380 LanmanWorkstation - ok
15:48:52.0431 2380 Lavasoft Ad-Aware Service (55e25e368e8403402785813e2a6bbc74) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
15:48:52.0448 2380 Lavasoft Ad-Aware Service - ok
15:48:52.0568 2380 Lavasoft Kernexplorer (ad134c8802355be1b24606fca8a4a50d) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
15:48:52.0572 2380 Lavasoft Kernexplorer - ok
15:48:52.0738 2380 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\windows\system32\DRIVERS\Lbd.sys
15:48:52.0741 2380 Lbd - ok
15:48:52.0936 2380 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:48:52.0943 2380 LBTServ - ok
15:48:53.0036 2380 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\windows\system32\DRIVERS\LEqdUsb.Sys
15:48:53.0037 2380 LEqdUsb - ok
15:48:53.0089 2380 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\windows\system32\DRIVERS\LHidEqd.Sys
15:48:53.0091 2380 LHidEqd - ok
15:48:53.0158 2380 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\windows\system32\DRIVERS\LHidFilt.Sys
15:48:53.0175 2380 LHidFilt - ok
15:48:53.0211 2380 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:48:53.0213 2380 lltdio - ok
15:48:53.0277 2380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:48:53.0282 2380 lltdsvc - ok
15:48:53.0307 2380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:48:53.0309 2380 lmhosts - ok
15:48:53.0351 2380 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\windows\system32\DRIVERS\LMouFilt.Sys
15:48:53.0353 2380 LMouFilt - ok
15:48:53.0379 2380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
15:48:53.0381 2380 LSI_FC - ok
15:48:53.0426 2380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
15:48:53.0428 2380 LSI_SAS - ok
15:48:53.0454 2380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:48:53.0455 2380 LSI_SAS2 - ok
15:48:53.0463 2380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:48:53.0465 2380 LSI_SCSI - ok
15:48:53.0487 2380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:48:53.0489 2380 luafv - ok
15:48:53.0538 2380 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
15:48:53.0539 2380 MBAMProtector - ok
15:48:53.0724 2380 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:48:53.0732 2380 MBAMService - ok
15:48:53.0773 2380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:48:53.0778 2380 Mcx2Svc - ok
15:48:53.0812 2380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
15:48:53.0814 2380 megasas - ok
15:48:53.0862 2380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
15:48:53.0868 2380 MegaSR - ok
15:48:53.0949 2380 Microsoft SharePoint Workspace Audit Service - ok
15:48:53.0977 2380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:48:53.0980 2380 MMCSS - ok
15:48:54.0015 2380 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:48:54.0017 2380 Modem - ok
15:48:54.0046 2380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:48:54.0048 2380 monitor - ok
15:48:54.0116 2380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
15:48:54.0118 2380 mouclass - ok
15:48:54.0149 2380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:48:54.0151 2380 mouhid - ok
15:48:54.0210 2380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:48:54.0214 2380 mountmgr - ok
15:48:54.0308 2380 MozillaMaintenance (5debe0107bc42ebb6fc32fc98df7e3ad) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:48:54.0310 2380 MozillaMaintenance - ok
15:48:54.0387 2380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:48:54.0389 2380 mpio - ok
15:48:54.0430 2380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:48:54.0432 2380 mpsdrv - ok
15:48:54.0482 2380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:48:54.0484 2380 MRxDAV - ok
15:48:54.0547 2380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:48:54.0550 2380 mrxsmb - ok
15:48:54.0635 2380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:48:54.0639 2380 mrxsmb10 - ok
15:48:54.0701 2380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:48:54.0703 2380 mrxsmb20 - ok
15:48:54.0750 2380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:48:54.0752 2380 msahci - ok
15:48:54.0780 2380 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:48:54.0782 2380 msdsm - ok
15:48:54.0843 2380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:48:54.0848 2380 MSDTC - ok
15:48:54.0899 2380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:48:54.0901 2380 Msfs - ok
15:48:54.0910 2380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:48:54.0912 2380 mshidkmdf - ok
15:48:54.0961 2380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:48:54.0962 2380 msisadrv - ok
15:48:55.0009 2380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:48:55.0013 2380 MSiSCSI - ok
15:48:55.0024 2380 msiserver - ok
15:48:55.0063 2380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:48:55.0064 2380 MSKSSRV - ok
15:48:55.0078 2380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:48:55.0079 2380 MSPCLOCK - ok
15:48:55.0096 2380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:48:55.0097 2380 MSPQM - ok
15:48:55.0159 2380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:48:55.0164 2380 MsRPC - ok
15:48:55.0222 2380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
15:48:55.0223 2380 mssmbios - ok
15:48:55.0287 2380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:48:55.0289 2380 MSTEE - ok
15:48:55.0302 2380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
15:48:55.0303 2380 MTConfig - ok
15:48:55.0329 2380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:48:55.0331 2380 Mup - ok
15:48:55.0398 2380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:48:55.0405 2380 napagent - ok
15:48:55.0447 2380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:48:55.0452 2380 NativeWifiP - ok
15:48:55.0565 2380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
15:48:55.0576 2380 NDIS - ok
15:48:55.0608 2380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:48:55.0609 2380 NdisCap - ok
15:48:55.0633 2380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:48:55.0634 2380 NdisTapi - ok
15:48:55.0697 2380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:48:55.0699 2380 Ndisuio - ok
15:48:55.0754 2380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:48:55.0757 2380 NdisWan - ok
15:48:55.0823 2380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:48:55.0825 2380 NDProxy - ok
15:48:55.0877 2380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:48:55.0881 2380 NetBIOS - ok
15:48:55.0934 2380 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:48:55.0938 2380 NetBT - ok
15:48:55.0992 2380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:48:55.0993 2380 Netlogon - ok
15:48:56.0032 2380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:48:56.0038 2380 Netman - ok
15:48:56.0068 2380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:48:56.0077 2380 netprofm - ok
15:48:56.0143 2380 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:48:56.0147 2380 NetTcpPortSharing - ok
15:48:56.0183 2380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
15:48:56.0185 2380 nfrd960 - ok
15:48:56.0278 2380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:48:56.0283 2380 NlaSvc - ok
15:48:56.0302 2380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:48:56.0304 2380 Npfs - ok
15:48:56.0324 2380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:48:56.0327 2380 nsi - ok
15:48:56.0362 2380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:48:56.0363 2380 nsiproxy - ok
15:48:56.0564 2380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:48:56.0585 2380 Ntfs - ok
15:48:56.0696 2380 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:48:56.0697 2380 Null - ok
15:48:56.0750 2380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:48:56.0753 2380 nvraid - ok
15:48:56.0780 2380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:48:56.0782 2380 nvstor - ok
15:48:56.0824 2380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:48:56.0826 2380 nv_agp - ok
15:48:56.0881 2380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:48:56.0883 2380 ohci1394 - ok
15:48:56.0961 2380 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:48:56.0963 2380 ose - ok
15:48:57.0217 2380 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:48:57.0318 2380 osppsvc - ok
15:48:57.0432 2380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:48:57.0437 2380 p2pimsvc - ok
15:48:57.0483 2380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:48:57.0489 2380 p2psvc - ok
15:48:57.0527 2380 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
15:48:57.0529 2380 Parport - ok
15:48:57.0583 2380 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
15:48:57.0592 2380 partmgr - ok
15:48:57.0626 2380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:48:57.0630 2380 PcaSvc - ok
15:48:57.0692 2380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:48:57.0695 2380 pci - ok
15:48:57.0713 2380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:48:57.0715 2380 pciide - ok
15:48:57.0741 2380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
15:48:57.0744 2380 pcmcia - ok
15:48:57.0784 2380 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\windows\system32\Drivers\pcouffin.sys
15:48:57.0786 2380 pcouffin - ok
15:48:57.0799 2380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:48:57.0801 2380 pcw - ok
15:48:57.0840 2380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:48:57.0848 2380 PEAUTH - ok
15:48:57.0917 2380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:48:57.0920 2380 PerfHost - ok
15:48:57.0959 2380 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
15:48:57.0966 2380 PGEffect - ok
15:48:58.0078 2380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:48:58.0094 2380 pla - ok
15:48:58.0158 2380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:48:58.0165 2380 PlugPlay - ok
15:48:58.0197 2380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:48:58.0199 2380 PNRPAutoReg - ok
15:48:58.0225 2380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:48:58.0229 2380 PNRPsvc - ok
15:48:58.0306 2380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:48:58.0313 2380 PolicyAgent - ok
15:48:58.0359 2380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:48:58.0363 2380 Power - ok
15:48:58.0462 2380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:48:58.0465 2380 PptpMiniport - ok
15:48:58.0501 2380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
15:48:58.0503 2380 Processor - ok
15:48:58.0602 2380 PROCEXP113 (c56a9ed0192c5a2b39691e54f2132a2f) C:\windows\system32\Drivers\PROCEXP113.SYS
15:48:58.0613 2380 PROCEXP113 - ok
15:48:58.0686 2380 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
15:48:58.0707 2380 ProfSvc - ok
15:48:58.0773 2380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:48:58.0775 2380 ProtectedStorage - ok
15:48:58.0842 2380 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:48:58.0847 2380 Psched - ok
15:48:59.0046 2380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
15:48:59.0065 2380 ql2300 - ok
15:48:59.0189 2380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
15:48:59.0191 2380 ql40xx - ok
15:48:59.0230 2380 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:48:59.0236 2380 QWAVE - ok
15:48:59.0254 2380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:48:59.0256 2380 QWAVEdrv - ok
15:48:59.0280 2380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:48:59.0281 2380 RasAcd - ok
15:48:59.0311 2380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:48:59.0312 2380 RasAgileVpn - ok
15:48:59.0342 2380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:48:59.0345 2380 RasAuto - ok
15:48:59.0402 2380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:48:59.0418 2380 Rasl2tp - ok
15:48:59.0487 2380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:48:59.0495 2380 RasMan - ok
15:48:59.0520 2380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:48:59.0522 2380 RasPppoe - ok
15:48:59.0540 2380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:48:59.0542 2380 RasSstp - ok
15:48:59.0602 2380 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:48:59.0608 2380 rdbss - ok
15:48:59.0640 2380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
15:48:59.0641 2380 rdpbus - ok
15:48:59.0665 2380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:48:59.0666 2380 RDPCDD - ok
15:48:59.0694 2380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:48:59.0695 2380 RDPENCDD - ok
15:48:59.0702 2380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:48:59.0706 2380 RDPREFMP - ok
15:48:59.0760 2380 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
15:48:59.0763 2380 RDPWD - ok
15:48:59.0842 2380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:48:59.0845 2380 rdyboost - ok
15:48:59.0886 2380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:48:59.0891 2380 RemoteAccess - ok
15:48:59.0928 2380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:48:59.0932 2380 RemoteRegistry - ok
15:48:59.0970 2380 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
15:48:59.0974 2380 RFCOMM - ok
15:49:00.0013 2380 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
15:49:00.0025 2380 rimspci - ok
15:49:00.0044 2380 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
15:49:00.0048 2380 risdpcie - ok
15:49:00.0075 2380 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
15:49:00.0077 2380 rixdpcie - ok
15:49:00.0115 2380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:49:00.0118 2380 RpcEptMapper - ok
15:49:00.0148 2380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:49:00.0150 2380 RpcLocator - ok
15:49:00.0215 2380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:49:00.0221 2380 RpcSs - ok
15:49:00.0276 2380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:49:00.0278 2380 rspndr - ok
15:49:00.0407 2380 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\windows\system32\DRIVERS\Rt64win7.sys
15:49:00.0415 2380 RTL8167 - ok
15:49:00.0566 2380 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
15:49:00.0581 2380 rtl8192se - ok
15:49:00.0640 2380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:49:00.0642 2380 SamSs - ok
15:49:00.0724 2380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:49:00.0727 2380 sbp2port - ok
15:49:00.0937 2380 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:49:00.0955 2380 SBSDWSCService - ok
15:49:01.0009 2380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:49:01.0013 2380 SCardSvr - ok
15:49:01.0096 2380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:49:01.0098 2380 scfilter - ok
15:49:01.0210 2380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:49:01.0225 2380 Schedule - ok
15:49:01.0277 2380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:49:01.0278 2380 SCPolicySvc - ok
15:49:01.0352 2380 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
15:49:01.0355 2380 sdbus - ok
15:49:01.0422 2380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:49:01.0427 2380 SDRSVC - ok
15:49:01.0489 2380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:49:01.0491 2380 secdrv - ok
15:49:01.0549 2380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:49:01.0552 2380 seclogon - ok
15:49:01.0598 2380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
15:49:01.0601 2380 SENS - ok
15:49:01.0615 2380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:49:01.0617 2380 SensrSvc - ok
15:49:01.0693 2380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
15:49:01.0696 2380 Serenum - ok
15:49:01.0735 2380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
15:49:01.0737 2380 Serial - ok
15:49:01.0792 2380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
15:49:01.0796 2380 sermouse - ok
15:49:01.0863 2380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:49:01.0866 2380 SessionEnv - ok
15:49:01.0916 2380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:49:01.0917 2380 sffdisk - ok
15:49:01.0929 2380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:49:01.0930 2380 sffp_mmc - ok
15:49:01.0939 2380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:49:01.0940 2380 sffp_sd - ok
15:49:01.0989 2380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
15:49:01.0991 2380 sfloppy - ok
15:49:02.0065 2380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:49:02.0072 2380 ShellHWDetection - ok
15:49:02.0114 2380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:49:02.0116 2380 SiSRaid2 - ok
15:49:02.0140 2380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
15:49:02.0142 2380 SiSRaid4 - ok
15:49:02.0182 2380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:49:02.0184 2380 Smb - ok
15:49:02.0233 2380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:49:02.0236 2380 SNMPTRAP - ok
15:49:02.0259 2380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:49:02.0262 2380 spldr - ok
15:49:02.0340 2380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:49:02.0345 2380 Spooler - ok
15:49:02.0617 2380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:49:02.0698 2380 sppsvc - ok
15:49:02.0810 2380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:49:02.0813 2380 sppuinotify - ok
15:49:02.0902 2380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:49:02.0909 2380 srv - ok
15:49:02.0939 2380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:49:02.0946 2380 srv2 - ok
15:49:02.0962 2380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:49:02.0965 2380 srvnet - ok
15:49:03.0039 2380 ssadbus (866f8212ef7e75bac8bca03331e30cb4) C:\windows\system32\DRIVERS\ssadbus.sys
15:49:03.0042 2380 ssadbus - ok
15:49:03.0056 2380 ssadmdfl (73e2ba39e7eb024dc686412e2e924a74) C:\windows\system32\DRIVERS\ssadmdfl.sys
15:49:03.0058 2380 ssadmdfl - ok
15:49:03.0081 2380 ssadmdm (74b032d6c1e36ae2f790752fde8ce055) C:\windows\system32\DRIVERS\ssadmdm.sys
15:49:03.0084 2380 ssadmdm - ok
15:49:03.0132 2380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:49:03.0136 2380 SSDPSRV - ok
15:49:03.0150 2380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:49:03.0153 2380 SstpSvc - ok
15:49:03.0191 2380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
15:49:03.0193 2380 stexstor - ok
15:49:03.0279 2380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:49:03.0288 2380 stisvc - ok
15:49:03.0344 2380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
15:49:03.0349 2380 swenum - ok
15:49:03.0398 2380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:49:03.0406 2380 swprv - ok
15:49:03.0464 2380 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
15:49:03.0468 2380 SynTP - ok
15:49:03.0581 2380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:49:03.0600 2380 SysMain - ok
15:49:03.0719 2380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:49:03.0724 2380 TabletInputService - ok
15:49:03.0784 2380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:49:03.0789 2380 TapiSrv - ok
15:49:03.0807 2380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:49:03.0810 2380 TBS - ok
15:49:03.0957 2380 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
15:49:03.0981 2380 Tcpip - ok
15:49:04.0194 2380 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
15:49:04.0208 2380 TCPIP6 - ok
15:49:04.0420 2380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:49:04.0424 2380 tcpipreg - ok
15:49:04.0492 2380 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:49:04.0495 2380 tdcmdpst - ok
15:49:04.0528 2380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:49:04.0530 2380 TDPIPE - ok
15:49:04.0582 2380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:49:04.0585 2380 TDTCP - ok
15:49:04.0657 2380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:49:04.0661 2380 tdx - ok
15:49:04.0725 2380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
15:49:04.0728 2380 TermDD - ok
15:49:04.0856 2380 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:49:04.0866 2380 TermService - ok
15:49:04.0905 2380 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:49:04.0907 2380 Themes - ok
15:49:05.0013 2380 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
15:49:05.0015 2380 Thpdrv - ok
15:49:05.0042 2380 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
15:49:05.0043 2380 Thpevm - ok
15:49:05.0096 2380 Thpsrv (6146eac71ae3c9da17b0e33632082b7b) C:\windows\system32\ThpSrv.exe
15:49:05.0101 2380 Thpsrv - ok
15:49:05.0145 2380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:49:05.0147 2380 THREADORDER - ok
15:49:05.0215 2380 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:49:05.0216 2380 TMachInfo - ok
15:49:05.0250 2380 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
15:49:05.0253 2380 TODDSrv - ok
15:49:05.0373 2380 TosCoSrv (4db8c79bcea76063b83b13410366a1f7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:49:05.0379 2380 TosCoSrv - ok
15:49:05.0425 2380 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
15:49:05.0428 2380 TOSHIBA eco Utility Service - ok
15:49:05.0497 2380 TOSHIBA HDD SSD Alert Service (eda12e9bc9a0f104c24101720eec4785) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:49:05.0503 2380 TOSHIBA HDD SSD Alert Service - ok
15:49:05.0589 2380 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
15:49:05.0595 2380 tos_sps64 - ok
15:49:05.0667 2380 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
15:49:05.0674 2380 TPCHSrv - ok
15:49:05.0790 2380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:49:05.0796 2380 TrkWks - ok
15:49:05.0879 2380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:49:05.0882 2380 TrustedInstaller - ok
15:49:05.0952 2380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:49:05.0955 2380 tssecsrv - ok
15:49:06.0044 2380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:49:06.0047 2380 TsUsbFlt - ok
15:49:06.0115 2380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:49:06.0118 2380 tunnel - ok
15:49:06.0139 2380 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:49:06.0141 2380 TVALZ - ok
15:49:06.0175 2380 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
15:49:06.0177 2380 TVALZFL - ok
15:49:06.0215 2380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
15:49:06.0217 2380 uagp35 - ok
15:49:06.0277 2380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:49:06.0312 2380 udfs - ok
15:49:06.0518 2380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:49:06.0522 2380 UI0Detect - ok
15:49:06.0589 2380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:49:06.0590 2380 uliagpkx - ok
15:49:06.0609 2380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
15:49:06.0623 2380 umbus - ok
15:49:06.0685 2380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
15:49:06.0687 2380 UmPass - ok
15:49:06.0760 2380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:49:06.0767 2380 upnphost - ok
15:49:06.0829 2380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
15:49:06.0831 2380 usbccgp - ok
15:49:06.0886 2380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:49:06.0888 2380 usbcir - ok
15:49:06.0906 2380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
15:49:06.0908 2380 usbehci - ok
15:49:07.0022 2380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:49:07.0027 2380 usbhub - ok
15:49:07.0062 2380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
15:49:07.0064 2380 usbohci - ok
15:49:07.0145 2380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
15:49:07.0146 2380 usbprint - ok
15:49:07.0207 2380 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
15:49:07.0209 2380 usbscan - ok
15:49:07.0271 2380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:49:07.0273 2380 USBSTOR - ok
15:49:07.0298 2380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
15:49:07.0300 2380 usbuhci - ok
15:49:07.0366 2380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
15:49:07.0369 2380 usbvideo - ok
15:49:07.0408 2380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:49:07.0411 2380 UxSms - ok
15:49:07.0472 2380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:49:07.0474 2380 VaultSvc - ok
15:49:07.0539 2380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:49:07.0541 2380 vdrvroot - ok
15:49:07.0616 2380 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:49:07.0625 2380 vds - ok
15:49:07.0652 2380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:49:07.0653 2380 vga - ok
15:49:07.0678 2380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:49:07.0679 2380 VgaSave - ok
15:49:07.0741 2380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:49:07.0746 2380 vhdmp - ok
15:49:07.0771 2380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:49:07.0773 2380 viaide - ok
15:49:07.0796 2380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:49:07.0798 2380 volmgr - ok
15:49:07.0857 2380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:49:07.0863 2380 volmgrx - ok
15:49:07.0933 2380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:49:07.0938 2380 volsnap - ok
15:49:07.0983 2380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
15:49:07.0986 2380 vsmraid - ok
15:49:08.0098 2380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:49:08.0116 2380 VSS - ok
15:49:08.0364 2380 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
15:49:08.0383 2380 vToolbarUpdater11.2.0 - ok
15:49:08.0533 2380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:49:08.0534 2380 vwifibus - ok
15:49:08.0572 2380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:49:08.0574 2380 vwififlt - ok
15:49:08.0644 2380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:49:08.0652 2380 W32Time - ok
15:49:08.0694 2380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
15:49:08.0697 2380 WacomPen - ok
15:49:08.0778 2380 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:49:08.0781 2380 WANARP - ok
15:49:08.0787 2380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:49:08.0788 2380 Wanarpv6 - ok
15:49:08.0965 2380 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:49:08.0980 2380 WatAdminSvc - ok
15:49:09.0096 2380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:49:09.0114 2380 wbengine - ok
15:49:09.0239 2380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:49:09.0246 2380 WbioSrvc - ok
15:49:09.0335 2380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:49:09.0347 2380 wcncsvc - ok
15:49:09.0388 2380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:49:09.0393 2380 WcsPlugInService - ok
15:49:09.0443 2380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
15:49:09.0445 2380 Wd - ok
15:49:09.0483 2380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:49:09.0491 2380 Wdf01000 - ok
15:49:09.0521 2380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:49:09.0526 2380 WdiServiceHost - ok
15:49:09.0530 2380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:49:09.0533 2380 WdiSystemHost - ok
15:49:09.0596 2380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:49:09.0601 2380 WebClient - ok
15:49:09.0618 2380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:49:09.0623 2380 Wecsvc - ok
15:49:09.0653 2380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:49:09.0656 2380 wercplsupport - ok
15:49:09.0685 2380 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:49:09.0689 2380 WerSvc - ok
15:49:09.0743 2380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:49:09.0746 2380 WfpLwf - ok
15:49:09.0763 2380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:49:09.0764 2380 WIMMount - ok
15:49:09.0823 2380 WinDefend - ok
15:49:09.0837 2380 WinHttpAutoProxySvc - ok
15:49:09.0909 2380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:49:09.0912 2380 Winmgmt - ok
15:49:10.0053 2380 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:49:10.0077 2380 WinRM - ok
15:49:10.0224 2380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:49:10.0237 2380 Wlansvc - ok
15:49:10.0335 2380 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:49:10.0337 2380 wlcrasvc - ok
15:49:10.0580 2380 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:49:10.0598 2380 wlidsvc - ok
15:49:10.0757 2380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
15:49:10.0758 2380 WmiAcpi - ok
15:49:10.0826 2380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:49:10.0829 2380 wmiApSrv - ok
15:49:10.0900 2380 WMPNetworkSvc - ok
15:49:10.0931 2380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:49:10.0934 2380 WPCSvc - ok
15:49:10.0983 2380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:49:10.0987 2380 WPDBusEnum - ok
15:49:11.0009 2380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:49:11.0011 2380 ws2ifsl - ok
15:49:11.0040 2380 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
15:49:11.0044 2380 wscsvc - ok
15:49:11.0049 2380 WSearch - ok
15:49:11.0200 2380 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
15:49:11.0227 2380 wuauserv - ok
15:49:11.0367 2380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:49:11.0369 2380 WudfPf - ok
15:49:11.0422 2380 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:49:11.0425 2380 WUDFRd - ok
15:49:11.0480 2380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:49:11.0483 2380 wudfsvc - ok
15:49:11.0512 2380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:49:11.0518 2380 WwanSvc - ok
15:49:11.0565 2380 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:49:11.0759 2380 \Device\Harddisk0\DR0 - ok
15:49:11.0765 2380 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
15:49:11.0803 2380 \Device\Harddisk1\DR1 - ok
15:49:11.0818 2380 Boot (0x1200) (cad3298d4d77bbb8d8c4f32376809149) \Device\Harddisk0\DR0\Partition0
15:49:11.0819 2380 \Device\Harddisk0\DR0\Partition0 - ok
15:49:11.0824 2380 Boot (0x1200) (e81e18687a8540f917d72d1092cf0cf3) \Device\Harddisk1\DR1\Partition0
15:49:11.0825 2380 \Device\Harddisk1\DR1\Partition0 - ok
15:49:11.0826 2380 ============================================================
15:49:11.0826 2380 Scan finished
15:49:11.0826 2380 ============================================================
15:49:11.0840 6456 Detected object count: 0
15:49:11.0840 6456 Actual detected object count: 0
15:50:00.0598 6780 Deinitialize success

#8 hooyman04

hooyman04
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:56 AM

Posted 13 July 2012 - 04:10 PM

result of aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 15:53:28
-----------------------------
15:53:28.043 OS Version: Windows x64 6.1.7601 Service Pack 1
15:53:28.043 Number of processors: 2 586 0x170A
15:53:28.048 ComputerName: TONYHOOYMAN UserName:
15:53:33.618 Initialize success
15:54:25.059 AVAST engine defs: 12071301
15:54:49.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:54:49.467 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
15:54:49.472 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000078
15:54:49.476 Disk 1 Vendor: RICOH 01 Size: 1946MB BusType: 0
15:54:49.492 Disk 0 MBR read successfully
15:54:49.498 Disk 0 MBR scan
15:54:49.505 Disk 0 Windows VISTA default MBR code
15:54:49.516 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:54:49.533 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464503 MB offset 3074048
15:54:49.565 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10936 MB offset 954376192
15:54:49.612 Disk 0 scanning C:\windows\system32\drivers
15:55:08.854 Service scanning
15:56:02.889 Modules scanning
15:56:03.088 Disk 0 trace - called modules:
15:56:03.149 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
15:56:03.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c12060]
15:56:03.159 3 CLASSPNP.SYS[fffff8800168b43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c10060]
15:56:03.165 5 thpdrv.sys[fffff88001b99cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ba050]
15:56:09.200 AVAST engine scan C:\windows
15:56:10.725 Disk 0 MBR has been saved successfully to "C:\Users\Tony Hooyman\Desktop\MBR.dat"
15:56:10.734 The log file has been saved successfully to "C:\Users\Tony Hooyman\Desktop\aswMBR.txt"
15:56:12.756 AVAST engine scan C:\windows\system32
15:58:51.991 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:58:56.809 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:02:10.622 AVAST engine scan C:\windows\system32\drivers
16:03:02.280 AVAST engine scan C:\Users\Tony Hooyman

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 13 July 2012 - 05:24 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 15 July 2012 - 11:25 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 19 July 2012 - 12:17 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:56 AM

Posted 21 July 2012 - 11:08 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users