Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 R-Type

R-Type

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 12 July 2012 - 10:57 PM

Hello, I have several versions of the sirefef virus (not sure which one) on my Toshiba Satellite Windows 7, 32 bit laptop. It has shut down my Mircosoft Security Essentials and forced my laptop to constantly restart every one minute. I have been following most of the sirefef topics and have started using the Farbar Recovery Scan Tool that was recommended and already uploaded it to my USB stick and did my first scan, can anyone help me on this?

Here's my FRST.txt log:



Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 12-07-2012 20:33:19
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [460088 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [611672 2009-08-06] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1324384 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-07-16] (Toshiba)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [273544 2011-07-04] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\RayType\...\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO [264048 2009-08-06] (TOSHIBA)
HKU\RayType\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\RayType\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
ShortcutTarget: hp psc 1000 series.lnk -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
Startup: C:\Users\RayType\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

================================ Services (Whitelisted) ==================

2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [238328 2009-11-13] (WildTangent, Inc.)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-21] (TOSHIBA Corporation)
2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [185712 2009-08-11] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-09-17] (TOSHIBA Corporation)
3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [685424 2009-08-06] (TOSHIBA Corporation)
2 LxrSII1s; LxrSII1s.exe [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
2 NecUsb; C:\windows\system32\NUSB3w32.dll [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [80184 2011-11-24] (DEVGURU Co., LTD.(www.devguru.co.kr))
3 MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [40776 2012-07-10] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation )
2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
3 usb_rndisx; C:\Windows\System32\DRIVERS\usb8023x.sys [15872 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\system32\drivers\cdrom.sys [x]
1 hanbsklu; \??\C:\windows\system32\drivers\hanbsklu.sys [x]
2 LxrSII1d; \??\C:\windows\system32\Drivers\LxrSII1d.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 21:52 - 2012-07-10 21:52 - 00000000 ____D C:\FRST
2012-07-10 19:59 - 2012-07-10 19:59 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\deztveil.sys
2012-07-10 17:15 - 2012-07-10 19:55 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-10 16:44 - 2012-07-10 16:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-10 16:42 - 2012-07-10 16:42 - 10288512 ____A (Microsoft Corporation) C:\Users\RayType\Desktop\mseinstall.exe
2012-07-10 16:32 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 16:30 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:30 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:30 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:30 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 16:30 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 16:30 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:30 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 16:30 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:30 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:30 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 15:20 - 2012-07-10 15:20 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-24 08:30 - 2012-06-24 08:30 - 00000924 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-21 07:09 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:09 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:09 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:09 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:09 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:09 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:09 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:08 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 07:08 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 15:40 - 2012-06-14 15:40 - 00001764 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 15:38 - 2012-06-14 15:40 - 00000000 ____D C:\Program Files\iTunes
2012-06-14 15:38 - 2012-06-14 15:38 - 00000000 ____D C:\Program Files\iPod
2012-06-14 15:11 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 15:11 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 15:11 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 15:11 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 15:11 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 15:11 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-14 15:11 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 15:11 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 15:11 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 15:11 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 15:10 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-06-14 15:10 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 15:10 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 15:10 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 15:10 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 15:10 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 15:10 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 15:10 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 15:10 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 15:10 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 15:10 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 15:09 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 15:05 - 2012-06-12 15:07 - 00000000 ____D C:\Users\RayType\AppData\Local\Lexar Media
2012-06-12 15:05 - 2006-11-09 09:58 - 00139264 ____A (Lexar Media, Inc.) C:\Windows\System32\LxrSII1.dll

============ 3 Months Modified Files ========================

2012-07-12 19:27 - 2010-03-18 20:05 - 00000384 ____A C:\Windows\Tasks\FileCure Startup.job
2012-07-12 19:27 - 2009-07-13 15:11 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-12 19:25 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 19:25 - 2009-07-13 20:39 - 00298158 ____A C:\Windows\setupact.log
2012-07-10 21:02 - 2009-09-01 21:32 - 00821716 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-10 20:17 - 2009-09-01 21:53 - 00209370 ____A C:\Windows\PFRO.log
2012-07-10 19:59 - 2012-07-10 19:59 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\deztveil.sys
2012-07-10 19:55 - 2012-07-10 17:15 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-07-10 18:29 - 2012-04-04 18:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-10 17:15 - 2010-02-11 16:24 - 86873600 __ASH C:\Users\RayType\Desktop\Thumbs.db
2012-07-10 17:06 - 2009-09-23 06:15 - 02014771 ____A C:\Windows\WindowsUpdate.log
2012-07-10 17:00 - 2010-10-07 18:40 - 00000446 ____A C:\Windows\Tasks\ParetoLogic Registration.job
2012-07-10 16:45 - 2009-07-13 20:34 - 00015792 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-10 16:45 - 2009-07-13 20:34 - 00015792 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-10 16:44 - 2011-01-25 20:23 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-10 16:42 - 2012-07-10 16:42 - 10288512 ____A (Microsoft Corporation) C:\Users\RayType\Desktop\mseinstall.exe
2012-07-10 16:38 - 2009-07-13 20:33 - 00333808 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 16:32 - 2009-12-08 08:32 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 13:17 - 2011-09-03 18:41 - 00198557 ____A C:\Users\RayType\Desktop\Toy List.rtf
2012-06-30 07:31 - 2009-12-05 20:58 - 00079544 ____A C:\Users\RayType\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-24 08:30 - 2012-06-24 08:30 - 00000924 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-06-20 18:55 - 2009-07-13 20:53 - 00032574 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-14 15:40 - 2012-06-14 15:40 - 00001764 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-14 07:27 - 2012-04-04 18:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-14 07:27 - 2011-05-18 19:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-11 18:40 - 2012-07-10 16:32 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 20:41 - 2012-07-10 16:30 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-05 21:05 - 2012-07-10 16:30 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:05 - 2012-07-10 16:30 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:03 - 2012-07-10 16:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-02 14:19 - 2012-06-21 07:09 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:09 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:09 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:09 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:09 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:19 - 2012-06-21 07:08 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:12 - 2012-06-21 07:09 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 07:09 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 07:08 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 20:45 - 2012-07-10 16:30 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 20:45 - 2012-07-10 16:30 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 20:40 - 2012-07-10 16:30 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 20:40 - 2012-07-10 16:30 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 20:39 - 2012-07-10 16:30 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-05-26 22:03 - 2012-05-08 19:27 - 00001382 ____A C:\Windows\System32\.crusader
2012-05-26 21:34 - 2009-07-13 18:04 - 00000458 ____A C:\Windows\win.ini
2012-05-25 19:48 - 2012-05-25 19:48 - 00000078 ____A C:\Users\RayType\Documents\CFScript.txt
2012-05-25 19:34 - 2012-05-25 19:34 - 00000355 ____A C:\Users\RayType\Documents\CFScript.rtf
2012-05-25 15:26 - 2012-05-25 12:43 - 250312440 ____A C:\Users\RayType\Downloads\05- Black Unicorn.mkv
2012-05-25 13:11 - 2012-05-25 13:11 - 00000041 ___RH C:\Users\RayType\Desktop\stinger.opt
2012-05-14 19:03 - 2012-06-14 15:11 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:00 - 2012-06-14 15:11 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-12 20:24 - 2012-05-12 20:24 - 00000193 ____A C:\Windows\WORDPAD.INI
2012-05-11 22:09 - 2012-05-11 22:09 - 00079544 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-05-09 18:00 - 2012-05-09 17:59 - 00000042 ____A C:\repairs_running.dat
2012-05-04 01:59 - 2012-06-14 15:10 - 00514560 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-30 20:44 - 2012-06-14 15:09 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:17 - 2012-06-14 15:10 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-14 15:10 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-14 15:10 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-14 15:10 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-14 15:10 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-14 15:10 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 15:10 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 21:00 - 2012-06-14 15:11 - 01231360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:00 - 2012-06-14 15:11 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 20:57 - 2012-06-14 15:11 - 06027776 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 20:57 - 2012-06-14 15:11 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 20:57 - 2012-06-14 15:11 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 20:56 - 2012-06-14 15:11 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 20:56 - 2012-06-14 15:11 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 20:56 - 2012-06-14 15:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 19:16 - 2012-06-14 15:10 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-18 19:56 - 2012-04-18 19:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 19:56 - 2012-04-18 19:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-16 20:34 - 2012-06-14 15:10 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-14 16:09 - 2012-04-14 16:09 - 00001062 ____A C:\Users\Public\Desktop\iPod PC Transfer.lnk


ZeroAccess:
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\@
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\L
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\n
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\U
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\L\00000004.@
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\L\1afb2d56
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}\L\201d3dde

ZeroAccess:
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876}
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876}\@
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876}\L
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 2812.17 MB
Available physical RAM: 2362.3 MB
Total Pagefile: 2810.45 MB
Available Pagefile: 2363.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.62 MB

======================= Partitions =========================

1 Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:109.43 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:7.2 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 7636 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 288 GB 1501 MB
Partition 3 Primary 8108 MB 290 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI103426W0D NTFS Partition 288 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7632 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 7632 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 21:04

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 13 July 2012 - 12:39 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

winlogon.exe;explorer.exe

Note: The file names should be separated by semicolon (;)

It then should look like:

Search: winlogon.exe;explorer.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 13 July 2012 - 09:03 PM

Hello Gringo, here's my search.txt result:



Farbar Recovery Scan Tool Version: 10-07-2012
Ran by SYSTEM at 2012-07-13 18:47:07
Running from F:\

================== Search: "winlogon.exe;explorer.exe" ===================

C:\Windows\explorer.exe
[2011-04-27 06:55] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2011-06-19 16:39] - [2010-11-20 04:17] - 0286720 ____A (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010-01-27 06:36] - [2009-10-27 21:52] - 0285696 ____A (Microsoft Corporation) 3BABE6767C78FBF5FB8435FEED187F30

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010-01-27 06:36] - [2009-10-27 22:17] - 0285696 ____A (Microsoft Corporation) 37CDB7E72EB66BA85A87CBE37E7F03FD

C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009-07-13 15:37] - [2009-07-13 17:14] - 0285696 ____A (Microsoft Corporation) 8EC6A4AB12B8F3759E21F8E3A388F2CF

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2011-04-27 06:55] - [2011-02-25 21:19] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2011-04-27 06:55] - [2011-02-24 21:30] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011-06-19 16:39] - [2010-11-20 04:17] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2011-04-27 06:55] - [2011-02-25 21:51] - 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2010-01-27 06:36] - [2009-10-30 22:00] - 2614272 ____A (Microsoft Corporation) C76153C7ECA00FA852BB0C193378F917

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009-12-08 08:14] - [2009-08-02 21:49] - 2613248 ____A (Microsoft Corporation) 9FF6C4C91A3711C0A3B18F87B08B518D

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011-04-27 06:55] - [2011-02-25 21:33] - 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010-01-27 06:36] - [2009-10-30 21:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009-12-08 08:14] - [2009-08-02 21:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009-07-13 15:41] - [2009-07-13 17:14] - 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F

C:\Windows\System32\winlogon.exe
[2011-06-19 16:39] - [2010-11-20 04:17] - 0286720 ____A (Microsoft Corporation) 6D13E1406F50C66E2A95D97F22C47560

C:\Users\RayType\AppData\Local\Temp\RarSFX5\winlogon.exe
[2012-07-10 17:42] - [2009-05-26 17:47] - 0031232 ____A (NirSoft) AC6094297CD882B8626466CDEB64F19F

C:\Users\RayType\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2012-07-10 17:42] - [2011-01-16 14:55] - 0255488 ____A () 3C33B26F2F7FA61D882515F2D6078691

C:\Users\RayType\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2012-07-10 17:42] - [2005-08-16 00:54] - 0001536 ____A () ABC6379205DE2618851C4FCBF72112EB

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011-12-31 09:11] - [2012-04-04 14:56] - 0199240 ____A () 097D0E812D7A9A3101CE46CB2BE0474D

=== End Of Search ===

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 13 July 2012 - 09:05 PM

Greetings

OK those look good so lets check this one

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 13 July 2012 - 09:15 PM

My services.exe results:


Farbar Recovery Scan Tool Version: 10-07-2012
Ran by SYSTEM at 2012-07-13 19:09:12
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-07-12 19:27] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 13 July 2012 - 09:28 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876}
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876}
C:\Windows\assembly\GAC\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 13 July 2012 - 09:39 PM

My fixlog.txt result:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-13 19:36:31 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{485f57bb-294e-ce28-c429-735469e78876} moved successfully.
C:\Users\RayType\AppData\Local\{485f57bb-294e-ce28-c429-735469e78876} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.

==== End of Fixlog ====

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 13 July 2012 - 09:55 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 13 July 2012 - 11:15 PM

Hello, just finished running ComboFix.
My computer stopped doing the automatic restarts. Internet connection was okay and I installed ComboFix, after installing ComboFix and running it for the first time it detected the Rootkit.ZeroAccess!, and my internet connection was gone. I rebooted my computer and ran ComboFix again and my internet is functioning now.


Here's my ComboFix log:



ComboFix 12-07-13.03 - RayType 07/13/2012 20:30:27.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1631 [GMT -7:00]
Running from: c:\users\RayType\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AcRemoteUpdate.exe
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\TaskScheduler.dll
c:\program files\AutocompletePro\unins000.exe
c:\windows\system32\Thumbs.db
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 03:42 . 2012-07-14 03:46 -------- d-----w- c:\users\RayType\AppData\Local\temp
2012-07-14 03:42 . 2012-07-14 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 03:42 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-07-14 03:24 . 2012-07-14 03:44 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0EC40BD-A995-413F-9139-42377E59AE04}\offreg.dll
2012-07-14 03:15 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0EC40BD-A995-413F-9139-42377E59AE04}\mpengine.dll
2012-07-11 05:52 . 2012-07-11 05:52 -------- d-----w- C:\FRST
2012-07-11 03:59 . 2012-07-11 03:59 43480 ----a-w- c:\windows\system32\drivers\deztveil.sys
2012-07-11 01:05 . 2012-07-11 01:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7975770-2DAF-4E56-8797-045EDDA7B374}\gapaengine.dll
2012-07-11 01:05 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 00:44 . 2012-07-11 00:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-11 00:32 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:20 . 2012-07-10 23:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 03:08 . 2012-06-30 03:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-29 23:10 . 2012-06-29 23:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-29 23:10 . 2012-06-29 23:10 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-21 15:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:08 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:08 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 23:38 . 2012-06-14 23:38 -------- d-----w- c:\program files\iPod
2012-06-14 23:38 . 2012-06-14 23:40 -------- d-----w- c:\program files\iTunes
2012-06-14 23:10 . 2012-04-20 03:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 23:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 23:10 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 23:10 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 23:10 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 23:10 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 23:10 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 23:10 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 23:10 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 23:10 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 23:09 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-14 15:27 . 2012-04-05 02:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 15:27 . 2011-05-19 03:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-05 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\RayType\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-09 01:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 hanbsklu;hanbsklu;c:\windows\system32\drivers\hanbsklu.sys [x]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\Drivers\LxrSII1d.sys [x]
R2 NecUsb;USB Service;c:\windows\System32\svchost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 15:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1899322962-818149704-2685093776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1899322962-818149704-2685093776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2012-07-13 20:59:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 03:59
.
Pre-Run: 117,840,932,864 bytes free
Post-Run: 117,799,383,040 bytes free
.
- - End Of File - - D7E8E15877F960E77303D283D9C9625F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 14 July 2012 - 10:46 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 14 July 2012 - 11:57 AM

TDSSKIller log file:


08:49:56.0018 1700 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
08:49:56.0627 1700 ============================================================
08:49:56.0627 1700 Current date / time: 2012/07/14 08:49:56.0627
08:49:56.0627 1700 SystemInfo:
08:49:56.0627 1700
08:49:56.0627 1700 OS Version: 6.1.7601 ServicePack: 1.0
08:49:56.0627 1700 Product type: Workstation
08:49:56.0627 1700 ComputerName: RAYTYPE-PC
08:49:56.0627 1700 UserName: RayType
08:49:56.0627 1700 Windows directory: C:\windows
08:49:56.0627 1700 System windows directory: C:\windows
08:49:56.0627 1700 Processor architecture: Intel x86
08:49:56.0627 1700 Number of processors: 2
08:49:56.0627 1700 Page size: 0x1000
08:49:56.0627 1700 Boot type: Normal boot
08:49:56.0627 1700 ============================================================
08:50:00.0886 1700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:50:00.0886 1700 ============================================================
08:50:00.0886 1700 \Device\Harddisk0\DR0:
08:50:00.0886 1700 MBR partitions:
08:50:00.0886 1700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000
08:50:00.0886 1700 ============================================================
08:50:00.0901 1700 C: <-> \Device\Harddisk0\DR0\Partition0
08:50:00.0901 1700 ============================================================
08:50:00.0901 1700 Initialize success
08:50:00.0901 1700 ============================================================
08:50:07.0999 1544 ============================================================
08:50:07.0999 1544 Scan started
08:50:07.0999 1544 Mode: Manual;
08:50:07.0999 1544 ============================================================
08:50:09.0809 1544 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
08:50:09.0824 1544 1394ohci - ok
08:50:09.0902 1544 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
08:50:09.0902 1544 ACPI - ok
08:50:09.0934 1544 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
08:50:09.0949 1544 AcpiPmi - ok
08:50:10.0074 1544 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:50:10.0183 1544 AdobeFlashPlayerUpdateSvc - ok
08:50:10.0308 1544 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
08:50:10.0355 1544 adp94xx - ok
08:50:10.0402 1544 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
08:50:10.0433 1544 adpahci - ok
08:50:10.0464 1544 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
08:50:10.0495 1544 adpu320 - ok
08:50:10.0589 1544 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
08:50:10.0589 1544 AeLookupSvc - ok
08:50:10.0651 1544 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
08:50:10.0667 1544 AFD - ok
08:50:10.0870 1544 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
08:50:11.0010 1544 AgereSoftModem - ok
08:50:11.0540 1544 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
08:50:11.0603 1544 agp440 - ok
08:50:11.0665 1544 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
08:50:11.0728 1544 aic78xx - ok
08:50:11.0790 1544 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
08:50:11.0852 1544 ALG - ok
08:50:11.0899 1544 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
08:50:11.0899 1544 aliide - ok
08:50:11.0915 1544 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\windows\system32\atiesrxx.exe
08:50:11.0993 1544 AMD External Events Utility - ok
08:50:12.0040 1544 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
08:50:12.0102 1544 amdagp - ok
08:50:12.0149 1544 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
08:50:12.0180 1544 amdide - ok
08:50:12.0227 1544 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
08:50:12.0258 1544 AmdK8 - ok
08:50:12.0289 1544 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
08:50:12.0289 1544 AmdPPM - ok
08:50:12.0320 1544 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
08:50:12.0352 1544 amdsata - ok
08:50:12.0430 1544 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
08:50:12.0492 1544 amdsbs - ok
08:50:12.0539 1544 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
08:50:12.0539 1544 amdxata - ok
08:50:12.0554 1544 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
08:50:12.0586 1544 AppID - ok
08:50:12.0617 1544 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
08:50:12.0632 1544 AppIDSvc - ok
08:50:12.0664 1544 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
08:50:12.0664 1544 Appinfo - ok
08:50:12.0960 1544 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:50:12.0960 1544 Apple Mobile Device - ok
08:50:13.0038 1544 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
08:50:13.0085 1544 arc - ok
08:50:13.0100 1544 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
08:50:13.0132 1544 arcsas - ok
08:50:13.0163 1544 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
08:50:13.0194 1544 AsyncMac - ok
08:50:13.0194 1544 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
08:50:13.0194 1544 atapi - ok
08:50:13.0319 1544 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
08:50:13.0397 1544 athr - ok
08:50:15.0409 1544 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
08:50:15.0565 1544 atikmdag - ok
08:50:16.0610 1544 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
08:50:16.0626 1544 AtiPcie - ok
08:50:16.0798 1544 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:50:16.0798 1544 AudioEndpointBuilder - ok
08:50:16.0813 1544 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
08:50:16.0813 1544 Audiosrv - ok
08:50:16.0876 1544 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
08:50:16.0922 1544 AxInstSV - ok
08:50:17.0047 1544 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
08:50:17.0110 1544 b06bdrv - ok
08:50:17.0156 1544 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
08:50:17.0219 1544 b57nd60x - ok
08:50:17.0266 1544 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
08:50:17.0297 1544 BDESVC - ok
08:50:17.0359 1544 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
08:50:17.0375 1544 Beep - ok
08:50:17.0422 1544 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
08:50:17.0453 1544 BFE - ok
08:50:17.0640 1544 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
08:50:17.0640 1544 BITS - ok
08:50:17.0780 1544 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
08:50:17.0827 1544 blbdrive - ok
08:50:17.0952 1544 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:50:17.0952 1544 Bonjour Service - ok
08:50:17.0968 1544 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
08:50:18.0014 1544 bowser - ok
08:50:18.0014 1544 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
08:50:18.0061 1544 BrFiltLo - ok
08:50:18.0077 1544 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
08:50:18.0108 1544 BrFiltUp - ok
08:50:18.0139 1544 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
08:50:18.0155 1544 BridgeMP - ok
08:50:18.0202 1544 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
08:50:18.0202 1544 Browser - ok
08:50:18.0264 1544 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
08:50:18.0311 1544 Brserid - ok
08:50:18.0342 1544 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
08:50:18.0373 1544 BrSerWdm - ok
08:50:18.0404 1544 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
08:50:18.0420 1544 BrUsbMdm - ok
08:50:18.0436 1544 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
08:50:18.0451 1544 BrUsbSer - ok
08:50:18.0467 1544 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
08:50:18.0514 1544 BTHMODEM - ok
08:50:18.0607 1544 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
08:50:18.0638 1544 bthserv - ok
08:50:18.0966 1544 catchme - ok
08:50:19.0465 1544 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
08:50:19.0528 1544 cdfs - ok
08:50:19.0559 1544 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
08:50:19.0559 1544 cdrom - ok
08:50:19.0621 1544 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:50:19.0684 1544 CertPropSvc - ok
08:50:19.0918 1544 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
08:50:19.0933 1544 cfWiMAXService - ok
08:50:19.0980 1544 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
08:50:19.0996 1544 circlass - ok
08:50:20.0058 1544 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
08:50:20.0074 1544 CLFS - ok
08:50:20.0152 1544 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:50:20.0230 1544 clr_optimization_v2.0.50727_32 - ok
08:50:20.0323 1544 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:50:20.0371 1544 clr_optimization_v4.0.30319_32 - ok
08:50:20.0543 1544 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
08:50:20.0621 1544 CmBatt - ok
08:50:20.0652 1544 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
08:50:20.0652 1544 cmdide - ok
08:50:20.0777 1544 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
08:50:20.0777 1544 CNG - ok
08:50:20.0839 1544 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
08:50:20.0839 1544 Compbatt - ok
08:50:20.0870 1544 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
08:50:20.0901 1544 CompositeBus - ok
08:50:20.0901 1544 COMSysApp - ok
08:50:21.0182 1544 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
08:50:21.0182 1544 ConfigFree Service - ok
08:50:21.0245 1544 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
08:50:21.0260 1544 crcdisk - ok
08:50:21.0323 1544 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
08:50:21.0338 1544 CryptSvc - ok
08:50:21.0479 1544 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:50:21.0479 1544 DcomLaunch - ok
08:50:21.0572 1544 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
08:50:21.0650 1544 defragsvc - ok
08:50:21.0759 1544 dg_ssudbus (919f338fd36f47d860775368d0748780) C:\windows\system32\DRIVERS\ssudbus.sys
08:50:21.0775 1544 dg_ssudbus - ok
08:50:21.0853 1544 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
08:50:21.0900 1544 Dhcp - ok
08:50:21.0931 1544 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
08:50:21.0931 1544 discache - ok
08:50:21.0947 1544 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
08:50:21.0947 1544 Disk - ok
08:50:22.0009 1544 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
08:50:22.0056 1544 Dnscache - ok
08:50:22.0103 1544 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
08:50:22.0149 1544 dot3svc - ok
08:50:22.0165 1544 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
08:50:22.0165 1544 DPS - ok
08:50:22.0227 1544 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
08:50:22.0243 1544 drmkaud - ok
08:50:22.0368 1544 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
08:50:22.0383 1544 DXGKrnl - ok
08:50:22.0695 1544 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
08:50:22.0742 1544 EapHost - ok
08:50:23.0631 1544 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
08:50:23.0803 1544 ebdrv - ok
08:50:24.0552 1544 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
08:50:24.0583 1544 EFS - ok
08:50:24.0770 1544 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
08:50:24.0817 1544 ehRecvr - ok
08:50:24.0833 1544 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
08:50:24.0879 1544 ehSched - ok
08:50:25.0082 1544 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
08:50:25.0176 1544 elxstor - ok
08:50:25.0223 1544 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
08:50:25.0238 1544 ErrDev - ok
08:50:25.0316 1544 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
08:50:25.0316 1544 EventSystem - ok
08:50:25.0363 1544 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
08:50:25.0394 1544 exfat - ok
08:50:25.0425 1544 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
08:50:25.0441 1544 fastfat - ok
08:50:25.0613 1544 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
08:50:25.0644 1544 Fax - ok
08:50:25.0753 1544 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
08:50:25.0784 1544 fdc - ok
08:50:25.0815 1544 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
08:50:25.0815 1544 fdPHost - ok
08:50:25.0847 1544 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
08:50:25.0847 1544 FDResPub - ok
08:50:25.0878 1544 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
08:50:25.0878 1544 FileInfo - ok
08:50:25.0909 1544 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
08:50:25.0925 1544 Filetrace - ok
08:50:25.0940 1544 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
08:50:25.0956 1544 flpydisk - ok
08:50:26.0034 1544 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
08:50:26.0049 1544 FltMgr - ok
08:50:26.0252 1544 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
08:50:26.0299 1544 FontCache - ok
08:50:26.0455 1544 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:50:26.0471 1544 FontCache3.0.0.0 - ok
08:50:26.0892 1544 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
08:50:26.0892 1544 FsDepends - ok
08:50:26.0954 1544 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
08:50:26.0954 1544 Fs_Rec - ok
08:50:26.0985 1544 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
08:50:26.0985 1544 fvevol - ok
08:50:27.0001 1544 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
08:50:27.0017 1544 FwLnk - ok
08:50:27.0032 1544 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
08:50:27.0032 1544 gagp30kx - ok
08:50:27.0204 1544 GameConsoleService (58f9ee8357271a5529cccbd35a80e599) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
08:50:27.0297 1544 GameConsoleService - ok
08:50:27.0329 1544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\Drivers\GEARAspiWDM.sys
08:50:27.0329 1544 GEARAspiWDM - ok
08:50:27.0438 1544 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
08:50:27.0500 1544 gpsvc - ok
08:50:27.0547 1544 hanbsklu - ok
08:50:27.0609 1544 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
08:50:27.0641 1544 hcw85cir - ok
08:50:27.0656 1544 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
08:50:27.0687 1544 HdAudAddService - ok
08:50:27.0703 1544 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
08:50:27.0703 1544 HDAudBus - ok
08:50:27.0734 1544 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
08:50:27.0765 1544 HidBatt - ok
08:50:27.0781 1544 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
08:50:27.0812 1544 HidBth - ok
08:50:27.0828 1544 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
08:50:27.0875 1544 HidIr - ok
08:50:27.0937 1544 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
08:50:27.0968 1544 hidserv - ok
08:50:27.0984 1544 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
08:50:28.0031 1544 HidUsb - ok
08:50:28.0062 1544 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
08:50:28.0093 1544 hkmsvc - ok
08:50:28.0124 1544 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
08:50:28.0124 1544 HomeGroupListener - ok
08:50:28.0171 1544 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
08:50:28.0171 1544 HomeGroupProvider - ok
08:50:28.0233 1544 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
08:50:28.0233 1544 HpSAMD - ok
08:50:28.0296 1544 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
08:50:28.0296 1544 HTTP - ok
08:50:28.0311 1544 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
08:50:28.0311 1544 hwpolicy - ok
08:50:28.0327 1544 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
08:50:28.0374 1544 i8042prt - ok
08:50:28.0421 1544 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
08:50:28.0436 1544 iaStorV - ok
08:50:28.0826 1544 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:50:29.0045 1544 idsvc - ok
08:50:29.0466 1544 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
08:50:29.0466 1544 iirsp - ok
08:50:29.0653 1544 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
08:50:29.0684 1544 IKEEXT - ok
08:50:30.0495 1544 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
08:50:30.0542 1544 IntcAzAudAddService - ok
08:50:31.0073 1544 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
08:50:31.0073 1544 intelide - ok
08:50:31.0088 1544 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
08:50:31.0119 1544 intelppm - ok
08:50:31.0197 1544 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
08:50:31.0260 1544 IPBusEnum - ok
08:50:31.0275 1544 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:50:31.0322 1544 IpFilterDriver - ok
08:50:31.0369 1544 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
08:50:31.0385 1544 iphlpsvc - ok
08:50:31.0416 1544 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
08:50:31.0463 1544 IPMIDRV - ok
08:50:31.0526 1544 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
08:50:31.0573 1544 IPNAT - ok
08:50:31.0791 1544 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
08:50:31.0822 1544 iPod Service - ok
08:50:32.0290 1544 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
08:50:32.0322 1544 IRENUM - ok
08:50:32.0353 1544 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
08:50:32.0353 1544 isapnp - ok
08:50:32.0400 1544 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
08:50:32.0415 1544 iScsiPrt - ok
08:50:32.0446 1544 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
08:50:32.0478 1544 kbdclass - ok
08:50:32.0478 1544 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
08:50:32.0509 1544 kbdhid - ok
08:50:32.0571 1544 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:50:32.0587 1544 KeyIso - ok
08:50:32.0634 1544 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
08:50:32.0634 1544 KSecDD - ok
08:50:32.0649 1544 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
08:50:32.0649 1544 KSecPkg - ok
08:50:32.0743 1544 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
08:50:32.0774 1544 KtmRm - ok
08:50:32.0821 1544 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
08:50:32.0821 1544 LanmanServer - ok
08:50:32.0883 1544 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
08:50:32.0899 1544 LanmanWorkstation - ok
08:50:33.0055 1544 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
08:50:33.0102 1544 lltdio - ok
08:50:33.0336 1544 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
08:50:33.0382 1544 lltdsvc - ok
08:50:33.0398 1544 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
08:50:33.0429 1544 lmhosts - ok
08:50:33.0507 1544 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
08:50:33.0523 1544 LSI_FC - ok
08:50:33.0570 1544 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
08:50:33.0570 1544 LSI_SAS - ok
08:50:33.0585 1544 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
08:50:33.0601 1544 LSI_SAS2 - ok
08:50:33.0601 1544 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
08:50:33.0616 1544 LSI_SCSI - ok
08:50:33.0632 1544 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
08:50:33.0663 1544 luafv - ok
08:50:33.0694 1544 LxrSII1d - ok
08:50:33.0710 1544 LxrSII1s - ok
08:50:33.0835 1544 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
08:50:33.0866 1544 Mcx2Svc - ok
08:50:33.0913 1544 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
08:50:33.0913 1544 megasas - ok
08:50:33.0944 1544 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
08:50:33.0944 1544 MegaSR - ok
08:50:33.0991 1544 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:50:34.0006 1544 MMCSS - ok
08:50:34.0022 1544 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
08:50:34.0038 1544 Modem - ok
08:50:34.0100 1544 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
08:50:34.0100 1544 monitor - ok
08:50:34.0116 1544 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
08:50:34.0178 1544 mouclass - ok
08:50:34.0194 1544 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
08:50:34.0225 1544 mouhid - ok
08:50:34.0272 1544 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
08:50:34.0272 1544 mountmgr - ok
08:50:34.0318 1544 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys
08:50:34.0318 1544 MpFilter - ok
08:50:34.0334 1544 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
08:50:34.0350 1544 mpio - ok
08:50:34.0568 1544 MpKsl17c87c93 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\MpKsl17c87c93.sys
08:50:34.0568 1544 MpKsl17c87c93 - ok
08:50:34.0615 1544 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
08:50:34.0646 1544 mpsdrv - ok
08:50:34.0818 1544 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
08:50:34.0896 1544 MpsSvc - ok
08:50:35.0005 1544 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
08:50:35.0036 1544 MRxDAV - ok
08:50:35.0052 1544 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
08:50:35.0098 1544 mrxsmb - ok
08:50:35.0130 1544 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:50:35.0145 1544 mrxsmb10 - ok
08:50:35.0176 1544 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:50:35.0223 1544 mrxsmb20 - ok
08:50:35.0239 1544 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
08:50:35.0239 1544 msahci - ok
08:50:35.0254 1544 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
08:50:35.0254 1544 msdsm - ok
08:50:35.0317 1544 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
08:50:35.0364 1544 MSDTC - ok
08:50:35.0426 1544 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
08:50:35.0473 1544 Msfs - ok
08:50:35.0488 1544 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
08:50:35.0488 1544 mshidkmdf - ok
08:50:35.0520 1544 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
08:50:35.0520 1544 msisadrv - ok
08:50:35.0566 1544 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
08:50:35.0598 1544 MSiSCSI - ok
08:50:35.0613 1544 msiserver - ok
08:50:35.0629 1544 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
08:50:35.0644 1544 MSKSSRV - ok
08:50:35.0800 1544 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:50:35.0800 1544 MsMpSvc - ok
08:50:35.0847 1544 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
08:50:35.0878 1544 MSPCLOCK - ok
08:50:35.0894 1544 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
08:50:35.0910 1544 MSPQM - ok
08:50:35.0972 1544 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
08:50:35.0988 1544 MsRPC - ok
08:50:36.0019 1544 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
08:50:36.0019 1544 mssmbios - ok
08:50:36.0081 1544 MSSQL$SQLEXPRESS - ok
08:50:36.0190 1544 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
08:50:36.0222 1544 MSSQLServerADHelper100 - ok
08:50:36.0253 1544 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
08:50:36.0268 1544 MSTEE - ok
08:50:36.0268 1544 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
08:50:36.0300 1544 MTConfig - ok
08:50:36.0378 1544 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
08:50:36.0378 1544 Mup - ok
08:50:36.0549 1544 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
08:50:36.0565 1544 napagent - ok
08:50:36.0674 1544 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
08:50:36.0705 1544 NativeWifiP - ok
08:50:36.0814 1544 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
08:50:36.0814 1544 NDIS - ok
08:50:37.0064 1544 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
08:50:37.0080 1544 NdisCap - ok
08:50:37.0111 1544 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
08:50:37.0126 1544 NdisTapi - ok
08:50:37.0142 1544 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
08:50:37.0173 1544 Ndisuio - ok
08:50:37.0220 1544 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
08:50:37.0267 1544 NdisWan - ok
08:50:37.0282 1544 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
08:50:37.0314 1544 NDProxy - ok
08:50:37.0314 1544 NecUsb - ok
08:50:37.0329 1544 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
08:50:37.0360 1544 NetBIOS - ok
08:50:37.0407 1544 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
08:50:37.0407 1544 NetBT - ok
08:50:37.0470 1544 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:50:37.0470 1544 Netlogon - ok
08:50:37.0563 1544 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
08:50:37.0563 1544 Netman - ok
08:50:37.0610 1544 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
08:50:37.0610 1544 netprofm - ok
08:50:37.0782 1544 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:50:37.0813 1544 NetTcpPortSharing - ok
08:50:37.0891 1544 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
08:50:37.0906 1544 nfrd960 - ok
08:50:37.0938 1544 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys
08:50:37.0938 1544 NisDrv - ok
08:50:38.0047 1544 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
08:50:38.0109 1544 NisSrv - ok
08:50:38.0203 1544 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
08:50:38.0203 1544 NlaSvc - ok
08:50:38.0250 1544 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
08:50:38.0281 1544 Npfs - ok
08:50:38.0296 1544 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
08:50:38.0312 1544 nsi - ok
08:50:38.0312 1544 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
08:50:38.0312 1544 nsiproxy - ok
08:50:38.0437 1544 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
08:50:38.0452 1544 Ntfs - ok
08:50:38.0749 1544 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
08:50:38.0780 1544 Null - ok
08:50:38.0796 1544 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
08:50:38.0811 1544 nvraid - ok
08:50:38.0827 1544 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
08:50:38.0827 1544 nvstor - ok
08:50:38.0858 1544 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
08:50:38.0858 1544 nv_agp - ok
08:50:39.0108 1544 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:50:39.0201 1544 odserv - ok
08:50:39.0435 1544 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
08:50:39.0466 1544 ohci1394 - ok
08:50:39.0544 1544 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:50:39.0591 1544 ose - ok
08:50:39.0654 1544 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:50:39.0654 1544 p2pimsvc - ok
08:50:39.0685 1544 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
08:50:39.0685 1544 p2psvc - ok
08:50:39.0856 1544 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
08:50:39.0856 1544 Parport - ok
08:50:39.0903 1544 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
08:50:39.0903 1544 partmgr - ok
08:50:39.0934 1544 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
08:50:39.0950 1544 Parvdm - ok
08:50:39.0997 1544 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
08:50:39.0997 1544 PcaSvc - ok
08:50:40.0012 1544 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
08:50:40.0012 1544 pci - ok
08:50:40.0090 1544 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
08:50:40.0090 1544 pciide - ok
08:50:40.0137 1544 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
08:50:40.0137 1544 pcmcia - ok
08:50:40.0168 1544 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
08:50:40.0168 1544 pcw - ok
08:50:40.0215 1544 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
08:50:40.0215 1544 PEAUTH - ok
08:50:40.0512 1544 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
08:50:40.0621 1544 pla - ok
08:50:40.0948 1544 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
08:50:40.0980 1544 PlugPlay - ok
08:50:41.0011 1544 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
08:50:41.0042 1544 PNRPAutoReg - ok
08:50:41.0089 1544 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
08:50:41.0089 1544 PNRPsvc - ok
08:50:41.0151 1544 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
08:50:41.0151 1544 PolicyAgent - ok
08:50:41.0182 1544 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
08:50:41.0182 1544 Power - ok
08:50:41.0292 1544 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
08:50:41.0338 1544 PptpMiniport - ok
08:50:41.0354 1544 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
08:50:41.0385 1544 Processor - ok
08:50:41.0416 1544 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
08:50:41.0463 1544 ProfSvc - ok
08:50:41.0494 1544 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:50:41.0494 1544 ProtectedStorage - ok
08:50:41.0541 1544 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
08:50:41.0541 1544 Psched - ok
08:50:41.0697 1544 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
08:50:41.0713 1544 ql2300 - ok
08:50:41.0947 1544 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
08:50:41.0947 1544 ql40xx - ok
08:50:41.0994 1544 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
08:50:42.0040 1544 QWAVE - ok
08:50:42.0056 1544 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
08:50:42.0103 1544 QWAVEdrv - ok
08:50:42.0118 1544 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
08:50:42.0150 1544 RasAcd - ok
08:50:42.0181 1544 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
08:50:42.0212 1544 RasAgileVpn - ok
08:50:42.0290 1544 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
08:50:42.0321 1544 RasAuto - ok
08:50:42.0352 1544 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
08:50:42.0384 1544 Rasl2tp - ok
08:50:42.0493 1544 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
08:50:42.0493 1544 RasMan - ok
08:50:42.0524 1544 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
08:50:42.0540 1544 RasPppoe - ok
08:50:42.0555 1544 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
08:50:42.0602 1544 RasSstp - ok
08:50:42.0680 1544 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
08:50:42.0727 1544 rdbss - ok
08:50:42.0758 1544 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
08:50:42.0774 1544 rdpbus - ok
08:50:42.0789 1544 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
08:50:42.0789 1544 RDPCDD - ok
08:50:42.0820 1544 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
08:50:42.0820 1544 RDPENCDD - ok
08:50:42.0867 1544 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
08:50:42.0867 1544 RDPREFMP - ok
08:50:42.0914 1544 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
08:50:42.0992 1544 RDPWD - ok
08:50:43.0070 1544 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
08:50:43.0070 1544 rdyboost - ok
08:50:43.0164 1544 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
08:50:43.0273 1544 RemoteAccess - ok
08:50:43.0320 1544 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
08:50:43.0351 1544 RemoteRegistry - ok
08:50:43.0366 1544 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
08:50:43.0382 1544 RpcEptMapper - ok
08:50:43.0413 1544 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
08:50:43.0444 1544 RpcLocator - ok
08:50:43.0554 1544 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
08:50:43.0554 1544 RpcSs - ok
08:50:43.0678 1544 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\windows\system32\DRIVERS\RsFx0105.sys
08:50:43.0694 1544 RsFx0105 - ok
08:50:43.0710 1544 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
08:50:43.0741 1544 rspndr - ok
08:50:43.0756 1544 RSUSBSTOR - ok
08:50:43.0819 1544 RTHDMIAzAudService (87407b31ea6ff0dc4765258164b98bea) C:\windows\system32\drivers\RtHDMIV.sys
08:50:43.0834 1544 RTHDMIAzAudService - ok
08:50:43.0928 1544 RTL8167 (e099d23ee1bbce0cf5745f811f3b1882) C:\windows\system32\DRIVERS\Rt86win7.sys
08:50:43.0959 1544 RTL8167 - ok
08:50:44.0037 1544 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
08:50:44.0084 1544 RTL8187Se - ok
08:50:44.0100 1544 RtsUIR - ok
08:50:44.0162 1544 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:50:44.0162 1544 SamSs - ok
08:50:44.0193 1544 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
08:50:44.0209 1544 sbp2port - ok
08:50:44.0583 1544 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
08:50:44.0630 1544 SBSDWSCService - ok
08:50:44.0895 1544 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
08:50:44.0926 1544 SCardSvr - ok
08:50:45.0020 1544 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
08:50:45.0036 1544 scfilter - ok
08:50:45.0176 1544 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
08:50:45.0238 1544 Schedule - ok
08:50:45.0441 1544 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
08:50:45.0457 1544 SCPolicySvc - ok
08:50:45.0504 1544 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
08:50:45.0550 1544 SDRSVC - ok
08:50:45.0644 1544 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
08:50:45.0644 1544 secdrv - ok
08:50:45.0675 1544 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
08:50:45.0675 1544 seclogon - ok
08:50:45.0691 1544 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
08:50:45.0706 1544 SENS - ok
08:50:45.0722 1544 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
08:50:45.0738 1544 SensrSvc - ok
08:50:45.0769 1544 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
08:50:45.0784 1544 Serenum - ok
08:50:45.0800 1544 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
08:50:45.0878 1544 Serial - ok
08:50:45.0909 1544 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
08:50:45.0940 1544 sermouse - ok
08:50:46.0034 1544 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
08:50:46.0081 1544 SessionEnv - ok
08:50:46.0112 1544 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
08:50:46.0128 1544 sffdisk - ok
08:50:46.0174 1544 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
08:50:46.0190 1544 sffp_mmc - ok
08:50:46.0206 1544 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
08:50:46.0221 1544 sffp_sd - ok
08:50:46.0221 1544 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
08:50:46.0237 1544 sfloppy - ok
08:50:46.0362 1544 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
08:50:46.0377 1544 SharedAccess - ok
08:50:46.0440 1544 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
08:50:46.0455 1544 ShellHWDetection - ok
08:50:46.0549 1544 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
08:50:46.0549 1544 sisagp - ok
08:50:46.0580 1544 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
08:50:46.0580 1544 SiSRaid2 - ok
08:50:46.0611 1544 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
08:50:46.0611 1544 SiSRaid4 - ok
08:50:46.0627 1544 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
08:50:46.0658 1544 Smb - ok
08:50:46.0705 1544 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
08:50:46.0705 1544 SNMPTRAP - ok
08:50:46.0736 1544 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
08:50:46.0752 1544 spldr - ok
08:50:46.0798 1544 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
08:50:46.0830 1544 Spooler - ok
08:50:47.0095 1544 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
08:50:47.0126 1544 sppsvc - ok
08:50:47.0313 1544 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
08:50:47.0344 1544 sppuinotify - ok
08:50:47.0532 1544 SQLAgent$SQLEXPRESS (a892134c28777978ecde8283dc57ac0f) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
08:50:47.0594 1544 SQLAgent$SQLEXPRESS - ok
08:50:47.0688 1544 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:50:47.0734 1544 SQLBrowser - ok
08:50:47.0750 1544 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:50:47.0750 1544 SQLWriter - ok
08:50:47.0968 1544 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
08:50:47.0968 1544 srv - ok
08:50:48.0000 1544 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
08:50:48.0031 1544 srv2 - ok
08:50:48.0046 1544 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
08:50:48.0078 1544 srvnet - ok
08:50:48.0109 1544 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
08:50:48.0124 1544 SSDPSRV - ok
08:50:48.0156 1544 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
08:50:48.0171 1544 SstpSvc - ok
08:50:48.0202 1544 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
08:50:48.0202 1544 stexstor - ok
08:50:48.0265 1544 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
08:50:48.0265 1544 StiSvc - ok
08:50:48.0312 1544 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
08:50:48.0312 1544 swenum - ok
08:50:48.0343 1544 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
08:50:48.0390 1544 swprv - ok
08:50:48.0405 1544 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
08:50:48.0452 1544 SynTP - ok
08:50:48.0639 1544 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
08:50:48.0655 1544 SysMain - ok
08:50:48.0842 1544 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
08:50:48.0858 1544 TabletInputService - ok
08:50:49.0154 1544 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
08:50:49.0154 1544 TapiSrv - ok
08:50:49.0185 1544 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
08:50:49.0185 1544 TBS - ok
08:50:49.0450 1544 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
08:50:49.0466 1544 Tcpip - ok
08:50:49.0887 1544 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
08:50:49.0903 1544 TCPIP6 - ok
08:50:50.0137 1544 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
08:50:50.0137 1544 tcpipreg - ok
08:50:50.0152 1544 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:50:50.0152 1544 tdcmdpst - ok
08:50:50.0168 1544 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
08:50:50.0184 1544 TDPIPE - ok
08:50:50.0199 1544 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
08:50:50.0215 1544 TDTCP - ok
08:50:50.0246 1544 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
08:50:50.0293 1544 tdx - ok
08:50:50.0293 1544 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
08:50:50.0324 1544 TermDD - ok
08:50:50.0449 1544 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
08:50:50.0496 1544 TermService - ok
08:50:50.0511 1544 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
08:50:50.0542 1544 Themes - ok
08:50:50.0589 1544 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
08:50:50.0589 1544 THREADORDER - ok
08:50:50.0714 1544 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:50:50.0714 1544 TMachInfo - ok
08:50:50.0776 1544 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
08:50:50.0792 1544 TODDSrv - ok
08:50:50.0901 1544 TosCoSrv (66c35016e01746715f8f606a9f081bf9) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:50:50.0917 1544 TosCoSrv - ok
08:50:50.0979 1544 TOSHIBA eco Utility Service (0b5fa26e0c8a8e07a6df3df4e5711da8) C:\Program Files\TOSHIBA\TECO\TecoService.exe
08:50:50.0979 1544 TOSHIBA eco Utility Service - ok
08:50:51.0042 1544 TOSHIBA HDD SSD Alert Service (67c1da40d78c92622081a3e780c926b2) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:50:51.0042 1544 TOSHIBA HDD SSD Alert Service - ok
08:50:51.0369 1544 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
08:50:51.0369 1544 tos_sps32 - ok
08:50:51.0510 1544 TPCHSrv (31d2881b0647f2b09b118b9b50c02888) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
08:50:51.0525 1544 TPCHSrv - ok
08:50:51.0712 1544 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
08:50:51.0712 1544 TrkWks - ok
08:50:51.0759 1544 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
08:50:51.0822 1544 TrustedInstaller - ok
08:50:51.0962 1544 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
08:50:51.0993 1544 tssecsrv - ok
08:50:52.0009 1544 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
08:50:52.0040 1544 TsUsbFlt - ok
08:50:52.0056 1544 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
08:50:52.0071 1544 tunnel - ok
08:50:52.0118 1544 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:50:52.0118 1544 TVALZ - ok
08:50:52.0149 1544 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
08:50:52.0149 1544 TVALZFL - ok
08:50:52.0165 1544 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
08:50:52.0165 1544 uagp35 - ok
08:50:52.0212 1544 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
08:50:52.0227 1544 udfs - ok
08:50:52.0290 1544 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
08:50:52.0321 1544 UI0Detect - ok
08:50:52.0336 1544 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
08:50:52.0336 1544 uliagpkx - ok
08:50:52.0352 1544 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
08:50:52.0383 1544 umbus - ok
08:50:52.0430 1544 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
08:50:52.0461 1544 UmPass - ok
08:50:52.0508 1544 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
08:50:52.0508 1544 upnphost - ok
08:50:52.0524 1544 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
08:50:52.0570 1544 USBAAPL - ok
08:50:52.0602 1544 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
08:50:52.0633 1544 usbccgp - ok
08:50:52.0633 1544 USBCCID - ok
08:50:52.0680 1544 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
08:50:52.0695 1544 usbcir - ok
08:50:52.0711 1544 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
08:50:52.0742 1544 usbehci - ok
08:50:52.0773 1544 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
08:50:52.0789 1544 usbhub - ok
08:50:52.0804 1544 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
08:50:52.0836 1544 usbohci - ok
08:50:52.0867 1544 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
08:50:52.0882 1544 usbprint - ok
08:50:52.0914 1544 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
08:50:52.0929 1544 usbscan - ok
08:50:52.0960 1544 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:50:52.0992 1544 USBSTOR - ok
08:50:53.0038 1544 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
08:50:53.0054 1544 usbuhci - ok
08:50:53.0070 1544 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
08:50:53.0101 1544 usbvideo - ok
08:50:53.0101 1544 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\windows\system32\DRIVERS\usb8023x.sys
08:50:53.0132 1544 usb_rndisx - ok
08:50:53.0163 1544 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
08:50:53.0179 1544 UxSms - ok
08:50:53.0226 1544 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
08:50:53.0226 1544 VaultSvc - ok
08:50:53.0241 1544 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
08:50:53.0241 1544 vdrvroot - ok
08:50:53.0272 1544 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
08:50:53.0335 1544 vds - ok
08:50:53.0382 1544 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
08:50:53.0413 1544 vga - ok
08:50:53.0428 1544 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
08:50:53.0444 1544 VgaSave - ok
08:50:53.0475 1544 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
08:50:53.0475 1544 vhdmp - ok
08:50:53.0506 1544 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
08:50:53.0506 1544 viaagp - ok
08:50:53.0522 1544 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
08:50:53.0553 1544 ViaC7 - ok
08:50:53.0584 1544 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
08:50:53.0584 1544 viaide - ok
08:50:53.0600 1544 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
08:50:53.0600 1544 volmgr - ok
08:50:53.0662 1544 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
08:50:53.0662 1544 volmgrx - ok
08:50:53.0694 1544 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
08:50:53.0694 1544 volsnap - ok
08:50:53.0725 1544 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
08:50:53.0725 1544 vsmraid - ok
08:50:53.0928 1544 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
08:50:53.0990 1544 VSS - ok
08:50:54.0193 1544 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
08:50:54.0208 1544 vwifibus - ok
08:50:54.0240 1544 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
08:50:54.0255 1544 vwififlt - ok
08:50:54.0302 1544 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
08:50:54.0318 1544 vwifimp - ok
08:50:54.0396 1544 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
08:50:54.0442 1544 W32Time - ok
08:50:54.0458 1544 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
08:50:54.0474 1544 WacomPen - ok
08:50:54.0505 1544 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:50:54.0536 1544 WANARP - ok
08:50:54.0536 1544 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
08:50:54.0536 1544 Wanarpv6 - ok
08:50:54.0723 1544 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
08:50:55.0254 1544 WatAdminSvc - ok
08:50:55.0581 1544 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
08:50:55.0675 1544 wbengine - ok
08:50:55.0909 1544 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
08:50:55.0940 1544 WbioSrvc - ok
08:50:55.0956 1544 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
08:50:55.0971 1544 wcncsvc - ok
08:50:55.0987 1544 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
08:50:56.0018 1544 WcsPlugInService - ok
08:50:56.0080 1544 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
08:50:56.0112 1544 Wd - ok
08:50:56.0158 1544 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
08:50:56.0174 1544 Wdf01000 - ok
08:50:56.0205 1544 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:50:56.0205 1544 WdiServiceHost - ok
08:50:56.0205 1544 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
08:50:56.0221 1544 WdiSystemHost - ok
08:50:56.0252 1544 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
08:50:56.0299 1544 WebClient - ok
08:50:56.0392 1544 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
08:50:56.0424 1544 Wecsvc - ok
08:50:56.0439 1544 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
08:50:56.0470 1544 wercplsupport - ok
08:50:56.0502 1544 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
08:50:56.0533 1544 WerSvc - ok
08:50:56.0626 1544 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
08:50:56.0642 1544 WfpLwf - ok
08:50:56.0642 1544 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
08:50:56.0673 1544 WIMMount - ok
08:50:57.0063 1544 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
08:50:57.0126 1544 WinDefend - ok
08:50:57.0141 1544 WinHttpAutoProxySvc - ok
08:50:57.0391 1544 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
08:50:57.0391 1544 Winmgmt - ok
08:50:57.0547 1544 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
08:50:57.0609 1544 WinRM - ok
08:50:57.0921 1544 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
08:50:57.0968 1544 Wlansvc - ok
08:50:58.0186 1544 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:50:58.0202 1544 wlidsvc - ok
08:50:58.0467 1544 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
08:50:58.0483 1544 WmiAcpi - ok
08:50:58.0608 1544 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
08:50:58.0670 1544 wmiApSrv - ok
08:50:58.0826 1544 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
08:50:58.0842 1544 WMPNetworkSvc - ok
08:50:59.0076 1544 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
08:50:59.0091 1544 WPCSvc - ok
08:50:59.0107 1544 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
08:50:59.0107 1544 WPDBusEnum - ok
08:50:59.0232 1544 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
08:50:59.0247 1544 ws2ifsl - ok
08:50:59.0310 1544 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
08:50:59.0310 1544 wscsvc - ok
08:50:59.0325 1544 WSearch - ok
08:50:59.0590 1544 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
08:50:59.0637 1544 wuauserv - ok
08:50:59.0965 1544 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
08:51:00.0012 1544 WudfPf - ok
08:51:00.0058 1544 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
08:51:00.0090 1544 WUDFRd - ok
08:51:00.0136 1544 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
08:51:00.0168 1544 wudfsvc - ok
08:51:00.0183 1544 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
08:51:00.0214 1544 WwanSvc - ok
08:51:00.0246 1544 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:51:00.0542 1544 \Device\Harddisk0\DR0 - ok
08:51:00.0573 1544 Boot (0x1200) (5d23c7fb3ae2f4e4543dcf7c11664442) \Device\Harddisk0\DR0\Partition0
08:51:00.0573 1544 \Device\Harddisk0\DR0\Partition0 - ok
08:51:00.0573 1544 ============================================================
08:51:00.0573 1544 Scan finished
08:51:00.0573 1544 ============================================================
08:51:00.0589 5712 Detected object count: 0
08:51:00.0589 5712 Actual detected object count: 0
08:54:18.0642 0672 Deinitialize success






aswMBR log:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 08:56:55
-----------------------------
08:56:55.626 OS Version: Windows 6.1.7601 Service Pack 1
08:56:55.626 Number of processors: 2 586 0x602
08:56:55.626 ComputerName: RAYTYPE-PC UserName: RayType
08:57:21.179 Initialize success
09:09:48.856 AVAST engine defs: 12071401
09:10:01.463 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
09:10:01.471 Disk 0 Vendor: Hitachi_HTS545032B9A300 PB3OC64G Size: 305245MB BusType: 11
09:10:01.503 Disk 0 MBR read successfully
09:10:01.511 Disk 0 MBR scan
09:10:01.549 Disk 0 Windows VISTA default MBR code
09:10:01.574 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
09:10:01.653 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295636 MB offset 3074048
09:10:01.723 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8108 MB offset 608536576
09:10:01.805 Disk 0 scanning sectors +625141760
09:10:01.918 Disk 0 scanning C:\windows\system32\drivers
09:10:20.468 Service scanning
09:10:40.644 Service MpKsl17c87c93 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\MpKsl17c87c93.sys **LOCKED** 32
09:11:14.567 Modules scanning
09:11:26.579 Disk 0 trace - called modules:
09:11:26.627 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
09:11:26.644 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873d8030]
09:11:26.662 3 CLASSPNP.SYS[8bfd959e] -> nt!IofCallDriver -> [0x873cf400]
09:11:26.680 5 ACPI.sys[8ba1c3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x873bd030]
09:11:28.344 AVAST engine scan C:\windows
09:11:37.901 AVAST engine scan C:\windows\system32
09:18:09.407 AVAST engine scan C:\windows\system32\drivers
09:18:31.152 AVAST engine scan C:\Users\RayType
09:38:11.161 AVAST engine scan C:\ProgramData
09:43:58.501 Scan finished successfully
09:52:44.493 Disk 0 MBR has been saved successfully to "C:\Users\RayType\Desktop\MBR.dat"
09:52:44.512 The log file has been saved successfully to "C:\Users\RayType\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 14 July 2012 - 12:23 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\AutocompletePro

File::
c:\windows\system32\drivers\deztveil.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 14 July 2012 - 07:36 PM

So far I have encountered no problems, I have been running my computer for awhile and everything looks good so far.


Here's my ComboFix log:



ComboFix 12-07-14.01 - RayType 07/14/2012 15:08:12.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1712 [GMT -7:00]
Running from: c:\users\RayType\Desktop\ComboFix.exe
Command switches used :: c:\users\RayType\Desktop\CFScript.txt.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\deztveil.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\deztveil.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-14 22:18 . 2012-07-14 22:19 -------- d-----w- c:\users\RayType\AppData\Local\temp
2012-07-14 22:18 . 2012-07-14 22:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-14 22:18 . 2012-07-14 22:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-14 22:05 . 2012-07-14 22:05 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\MpKsl3cfc8997.sys
2012-07-14 21:56 . 2012-07-14 21:56 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\offreg.dll
2012-07-14 04:04 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\mpengine.dll
2012-07-14 03:42 . 2010-11-20 08:38 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-07-11 05:52 . 2012-07-11 05:52 -------- d-----w- C:\FRST
2012-07-11 01:05 . 2012-07-11 01:05 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B7975770-2DAF-4E56-8797-045EDDA7B374}\gapaengine.dll
2012-07-11 01:05 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-11 00:44 . 2012-07-11 00:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-11 00:32 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 23:20 . 2012-07-10 23:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-30 03:08 . 2012-06-30 03:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-06-29 23:10 . 2012-06-29 23:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-29 23:10 . 2012-06-29 23:10 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-21 15:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:08 . 2012-06-02 22:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:08 . 2012-06-02 22:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 23:38 . 2012-06-14 23:38 -------- d-----w- c:\program files\iPod
2012-06-14 23:38 . 2012-06-14 23:40 -------- d-----w- c:\program files\iTunes
2012-06-14 23:10 . 2012-04-20 03:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 23:10 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-14 23:10 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 23:10 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 23:10 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 23:10 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 23:10 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 23:10 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 23:10 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 23:10 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 23:09 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 04:32 . 2012-04-05 02:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-14 04:32 . 2011-05-19 03:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 03:56 . 2012-04-19 03:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 03:56 . 2012-04-19 03:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-14_03.45.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-02 05:29 . 2012-07-14 21:59 68738 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-07-14 21:59 64256 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-07 04:43 . 2012-07-14 21:59 20342 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1899322962-818149704-2685093776-1000_UserData.bin
+ 2009-12-07 21:28 . 2012-07-14 21:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-07 21:28 . 2012-07-14 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-07 21:28 . 2012-07-14 03:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-07 21:28 . 2012-07-14 21:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-07 21:28 . 2012-07-14 21:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-07 21:28 . 2012-07-14 03:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-06 04:53 . 2012-07-14 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 04:53 . 2012-07-14 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-06 04:53 . 2012-07-14 03:46 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-06 04:53 . 2012-07-14 22:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-14 21:56 . 2012-07-14 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 03:23 . 2012-07-14 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-14 21:56 . 2012-07-14 21:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 03:23 . 2012-07-14 03:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-14 04:32 . 2012-07-14 04:32 686280 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
+ 2012-07-14 04:32 . 2012-07-14 04:32 465096 c:\windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll
+ 2012-04-05 02:28 . 2012-07-14 04:32 250056 c:\windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-12-06 03:51 . 2012-07-14 03:45 638976 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-06 03:51 . 2012-07-14 22:00 638976 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:47 . 2012-07-14 17:33 308780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-07-14 03:22 308780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-12-06 03:51 . 2012-07-14 22:00 3244032 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-06 03:51 . 2012-07-14 03:45 3244032 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-07-14 03:45 6815744 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-07-14 22:00 6815744 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-07-05 273544]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\RayType\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-09 01:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
R1 hanbsklu;hanbsklu;c:\windows\system32\drivers\hanbsklu.sys [x]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\Drivers\LxrSII1d.sys [x]
R2 NecUsb;USB Service;c:\windows\System32\svchost.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S1 MpKsl3cfc8997;MpKsl3cfc8997;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB0CFFED-9A3D-4075-9CFA-97482DFAA157}\MpKsl3cfc8997.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL3CFC8997
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsbSevice REG_MULTI_SZ NecUsb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1899322962-818149704-2685093776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1899322962-818149704-2685093776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-14 15:28:41
ComboFix-quarantined-files.txt 2012-07-14 22:28
ComboFix2.txt 2012-07-14 04:00
.
Pre-Run: 117,883,969,536 bytes free
Post-Run: 117,917,564,928 bytes free
.
- - End Of File - - 01F1949085025C53B177441D94E1619E

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 14 July 2012 - 08:15 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 R-Type

R-Type
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 14 July 2012 - 10:49 PM

My extra ComboFix report:


Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Cuban Missile Crisis
D3DX10
Download Updater (AOL LLC)
Facebook Plug-In
FLV Player 2.0 (build 25)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
iCloud
iPod PC Transfer 6.4
iTunes
Java™ 6 Update 14
Junk Mail filter update
K-Lite Codec Pack 6.6.0 (Basic)
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
NetZero Launcher
Norton Internet Security
OGA Notifier 2.0.0048.0
PlayReady PC Runtime x86
Quickbooks Financial Center
QuickTime
Real Alternative 2.0.2
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Service Pack 3 for SQL Server 2008 (KB2546951)
Skype Launcher
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Synaptics Pointing Device Driver
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Video Cutter 1.0
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
WinZip 15.0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users