Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Content.IE5 folder contains .js files about 450GBs in size with google redirect.


  • This topic is locked This topic is locked
14 replies to this topic

#1 tomforti

tomforti

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 06 March 2013 - 03:23 PM

Looking to get some help with possible malware. I am running server 2008 R2 with exchange 2010. This is for personal domain and a home bisness domain. About 3 years ago I had sonicwalls hardware malware, anti-virus and email filtering, but that service ended and I didn't renew it. Over the last 3 years it hasn't had any protection. Two weeks I received a notification that the server storage was full. I couldn't understand this because I have about 4 accounts with a make limit of 3 GB each. Things didn't add up. While using Remote Desktop I went and downloaded ccleaner to take a look and while doing so noticed I had a google redirect issue. At this point I knew something was up and I was infected with something. So ccleaner ran and I gained some space back and installed Microsoft security essentials and let it search but after 2 days it never finished. I stopped it and ran chkdsk on startup. Four days later it returned back the drive was OK. I then tried defrag to see if it would allow the malware scan to run. Defrag ran for 2 days and made it was far as about 10% so I stopped that too. I was able to account for about 50-60 GB of space but never was able to fully see one area. C:\windows\syswow64\config\systemprofile\appdata\local\Microsoft\windows\temporary Internet files\content.ie5\ (4 folders with 8digits and numbers) which I think is about 450GBs on size. I couldn't do anything until this folder was cleared out. I tried to use ccleaner to do this but it was just to slow, one file a second or 2. I decided 48 hours ago to restart in safe mode command prompt and run del content.ie5 /f /s / q to clear the folder. It has been 48 hours now and it's still deleting about 5 files a second, I noticed the files being deleted are *.js (JavaScript) files. I will tell you how many files and total size that is deleted. I'm posting this topic now to ask what I should do next once this folder is emptied out. I need help to figure out what infection caused it, how to remove the infection/s and what is best for me to use in the future (ran daily) Thank you and look forward to the advice. Tom

BC AdBot (Login to Remove)

 


#2 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 March 2013 - 12:12 PM

So after 4 days the content.ie5\1FA4OC0L has only deleted upto files that start with G. I have decided to stop and and restart so I can get some emails. I have restarted the delete in comman prompt in windows and also started a scan using Malwarebytes to see what I can find until I hear from someone on the team to tell me what I should really be doing. Tom

#3 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 March 2013 - 12:17 PM

Ahh am I ment to say even though I only deleted files from A-F it was a total of 75GBs! Which means G-Z is 350GBs

#4 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 March 2013 - 12:30 PM

Well to my surprise Malwarebytes came back saying that there are not infections. So now I need help!!!! Is this an infection? I can't see how it could be anything else. And if it is how do i find it. Please help!!



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 09 March 2013 - 05:24 PM

Hello and welcome.. can you run these??

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report(log file should be in your C drive)
 
Do not change the default options on scan results.

 

 

 

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 March 2013 - 05:33 PM

TDSSKiller

 

17:30:55.0810 6172 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

17:30:56.0059 6172 ============================================================

17:30:56.0059 6172 Current date / time: 2013/03/09 17:30:56.0059

17:30:56.0059 6172 SystemInfo:

17:30:56.0059 6172

17:30:56.0059 6172 OS Version: 6.1.7601 ServicePack: 1.0

17:30:56.0059 6172 Product type: Domain controller

17:30:56.0059 6172 ComputerName: MAIL-SERVER

17:30:56.0059 6172 UserName: tom

17:30:56.0059 6172 Windows directory: C:\Windows

17:30:56.0059 6172 System windows directory: C:\Windows

17:30:56.0059 6172 Running under WOW64

17:30:56.0059 6172 Processor architecture: Intel x64

17:30:56.0059 6172 Number of processors: 2

17:30:56.0059 6172 Page size: 0x1000

17:30:56.0059 6172 Boot type: Normal boot

17:30:56.0059 6172 ============================================================

17:30:57.0900 6172 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:30:57.0916 6172 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:30:57.0931 6172 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DCE0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFE, Type 'W'

17:31:05.0653 6172 ============================================================

17:31:05.0653 6172 \Device\Harddisk0\DR0:

17:31:05.0669 6172 MBR partitions:

17:31:05.0669 6172 \Device\Harddisk1\DR1:

17:31:05.0669 6172 MBR partitions:

17:31:05.0669 6172 \Device\Harddisk2\DR2:

17:31:05.0669 6172 MBR partitions:

17:31:05.0669 6172 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747055B0

17:31:05.0669 6172 ============================================================

17:31:05.0669 6172 Initialize success

17:31:05.0669 6172 ============================================================

17:31:35.0980 7620 ============================================================

17:31:35.0980 7620 Scan started

17:31:35.0980 7620 Mode: Manual; TDLFS;

17:31:35.0980 7620 ============================================================

17:31:36.0183 7620 ================ Scan system memory ========================

17:31:36.0183 7620 System memory - ok

17:31:36.0183 7620 ================ Scan services =============================

17:31:36.0276 7620 1394ohci - ok

17:31:36.0292 7620 ACPI - ok

17:31:36.0308 7620 AcpiPmi - ok

17:31:36.0339 7620 adp94xx - ok

17:31:36.0354 7620 adpahci - ok

17:31:36.0370 7620 adpu320 - ok

17:31:36.0401 7620 ADWS - ok

17:31:36.0417 7620 AeLookupSvc - ok

17:31:36.0448 7620 AFD - ok

17:31:36.0495 7620 agp440 - ok

17:31:36.0510 7620 ALG - ok

17:31:36.0510 7620 aliide - ok

17:31:36.0526 7620 amdide - ok

17:31:36.0542 7620 AmdK8 - ok

17:31:36.0557 7620 AmdPPM - ok

17:31:36.0573 7620 amdsata - ok

17:31:36.0573 7620 amdsbs - ok

17:31:36.0588 7620 amdxata - ok

17:31:36.0635 7620 AppHostSvc - ok

17:31:36.0682 7620 AppID - ok

17:31:36.0682 7620 AppIDSvc - ok

17:31:36.0698 7620 Appinfo - ok

17:31:36.0729 7620 AppMgmt - ok

17:31:36.0744 7620 arc - ok

17:31:36.0760 7620 arcsas - ok

17:31:36.0822 7620 aspnet_state - ok

17:31:36.0838 7620 AsyncMac - ok

17:31:36.0854 7620 atapi - ok

17:31:36.0869 7620 AudioEndpointBuilder - ok

17:31:36.0885 7620 AudioSrv - ok

17:31:36.0885 7620 b06bdrv - ok

17:31:36.0916 7620 b57nd60a - ok

17:31:36.0963 7620 Beep - ok

17:31:37.0041 7620 BFE - ok

17:31:37.0041 7620 BITS - ok

17:31:37.0072 7620 blbdrive - ok

17:31:37.0072 7620 bowser - ok

17:31:37.0088 7620 BrFiltLo - ok

17:31:37.0103 7620 BrFiltUp - ok

17:31:37.0103 7620 Browser - ok

17:31:37.0119 7620 Brserid - ok

17:31:37.0134 7620 BrSerWdm - ok

17:31:37.0134 7620 BrUsbMdm - ok

17:31:37.0150 7620 BrUsbSer - ok

17:31:37.0166 7620 cdfs - ok

17:31:37.0197 7620 cdrom - ok

17:31:37.0228 7620 CertPropSvc - ok

17:31:37.0244 7620 CLFS - ok

17:31:37.0259 7620 clr_optimization_v2.0.50727_32 - ok

17:31:37.0259 7620 clr_optimization_v2.0.50727_64 - ok

17:31:37.0306 7620 clr_optimization_v4.0.30319_32 - ok

17:31:37.0306 7620 clr_optimization_v4.0.30319_64 - ok

17:31:37.0337 7620 CmBatt - ok

17:31:37.0337 7620 cmdide - ok

17:31:37.0353 7620 CNG - ok

17:31:37.0353 7620 Compbatt - ok

17:31:37.0400 7620 CompositeBus - ok

17:31:37.0400 7620 COMSysApp - ok

17:31:37.0431 7620 crcdisk - ok

17:31:37.0462 7620 CryptSvc - ok

17:31:37.0478 7620 CSC - ok

17:31:37.0556 7620 CscService - ok

17:31:37.0571 7620 DcomLaunch - ok

17:31:37.0571 7620 defragsvc - ok

17:31:37.0634 7620 Dfs - ok

17:31:37.0649 7620 DfsC - ok

17:31:37.0665 7620 DfsDriver - ok

17:31:37.0665 7620 DFSR - ok

17:31:37.0680 7620 DfsrRo - ok

17:31:37.0712 7620 Dhcp - ok

17:31:37.0743 7620 discache - ok

17:31:37.0758 7620 Disk - ok

17:31:37.0774 7620 DNS - ok

17:31:37.0790 7620 Dnscache - ok

17:31:37.0790 7620 dot3svc - ok

17:31:37.0805 7620 DPS - ok

17:31:37.0821 7620 DXGKrnl - ok

17:31:37.0821 7620 EapHost - ok

17:31:37.0836 7620 ebdrv - ok

17:31:37.0852 7620 EFS - ok

17:31:37.0852 7620 elxstor - ok

17:31:37.0868 7620 ErrDev - ok

17:31:37.0914 7620 EventSystem - ok

17:31:37.0946 7620 exfat - ok

17:31:37.0961 7620 fastfat - ok

17:31:37.0992 7620 FCRegSvc - ok

17:31:37.0992 7620 fdc - ok

17:31:38.0024 7620 fdPHost - ok

17:31:38.0039 7620 FDResPub - ok

17:31:38.0055 7620 FileInfo - ok

17:31:38.0086 7620 Filetrace - ok

17:31:38.0086 7620 flpydisk - ok

17:31:38.0102 7620 FltMgr - ok

17:31:38.0102 7620 FontCache - ok

17:31:38.0117 7620 FontCache3.0.0.0 - ok

17:31:38.0164 7620 FsDepends - ok

17:31:38.0164 7620 Fs_Rec - ok

17:31:38.0211 7620 ftpsvc - ok

17:31:38.0226 7620 gagp30kx - ok

17:31:38.0242 7620 gpsvc - ok

17:31:38.0258 7620 gwxhkwzv - ok

17:31:38.0273 7620 hbsoboge - ok

17:31:38.0273 7620 HDAudBus - ok

17:31:38.0289 7620 HidBatt - ok

17:31:38.0289 7620 hidserv - ok

17:31:38.0320 7620 HidUsb - ok

17:31:38.0336 7620 hkmsvc - ok

17:31:38.0351 7620 HpSAMD - ok

17:31:38.0367 7620 HTTP - ok

17:31:38.0382 7620 hwpolicy - ok

17:31:38.0414 7620 i8042prt - ok

17:31:38.0429 7620 iaStorV - ok

17:31:38.0445 7620 idsvc - ok

17:31:38.0445 7620 iirsp - ok

17:31:38.0460 7620 IISADMIN - ok

17:31:38.0476 7620 IKEEXT - ok

17:31:38.0492 7620 intelide - ok

17:31:38.0523 7620 intelppm - ok

17:31:38.0523 7620 ioatdma - ok

17:31:38.0538 7620 IPBusEnum - ok

17:31:38.0538 7620 IpFilterDriver - ok

17:31:38.0585 7620 IpHlpSvc - ok

17:31:38.0601 7620 IPMIDRV - ok

17:31:38.0616 7620 IPNAT - ok

17:31:38.0648 7620 isapnp - ok

17:31:38.0663 7620 iScsiPrt - ok

17:31:38.0663 7620 IsmServ - ok

17:31:38.0679 7620 jhnlttbm - ok

17:31:38.0694 7620 kbdclass - ok

17:31:38.0726 7620 kbdhid - ok

17:31:38.0726 7620 kdc - ok

17:31:38.0726 7620 KeyIso - ok

17:31:38.0726 7620 KSecDD - ok

17:31:38.0741 7620 KSecPkg - ok

17:31:38.0757 7620 ksthunk - ok

17:31:38.0772 7620 KtmRm - ok

17:31:38.0772 7620 LanmanServer - ok

17:31:38.0788 7620 LanmanWorkstation - ok

17:31:38.0804 7620 lltdio - ok

17:31:38.0804 7620 lltdsvc - ok

17:31:38.0819 7620 lmhosts - ok

17:31:38.0835 7620 LSI_FC - ok

17:31:38.0850 7620 LSI_SAS - ok

17:31:38.0866 7620 LSI_SAS2 - ok

17:31:38.0882 7620 LSI_SCSI - ok

17:31:38.0882 7620 luafv - ok

17:31:38.0897 7620 mcdbus - ok

17:31:38.0913 7620 megasas - ok

17:31:38.0944 7620 MegaSR - ok

17:31:38.0960 7620 Microsoft SharePoint Workspace Audit Service - ok

17:31:38.0975 7620 MMCSS - ok

17:31:38.0975 7620 Modem - ok

17:31:38.0991 7620 monitor - ok

17:31:39.0006 7620 mouclass - ok

17:31:39.0038 7620 mouhid - ok

17:31:39.0038 7620 mountmgr - ok

17:31:39.0100 7620 MozillaMaintenance - ok

17:31:39.0162 7620 MpFilter - ok

17:31:39.0162 7620 mpio - ok

17:31:39.0162 7620 mpsdrv - ok

17:31:39.0178 7620 MpsSvc - ok

17:31:39.0194 7620 MRxDAV - ok

17:31:39.0194 7620 mrxsmb - ok

17:31:39.0209 7620 mrxsmb10 - ok

17:31:39.0209 7620 mrxsmb20 - ok

17:31:39.0209 7620 msahci - ok

17:31:39.0225 7620 msdsm - ok

17:31:39.0225 7620 MSDTC - ok

17:31:39.0786 7620 MSExchangeAB - ok

17:31:39.0786 7620 MSExchangeADTopology - ok

17:31:39.0802 7620 MSExchangeAntispamUpdate - ok

17:31:39.0818 7620 MSExchangeEdgeSync - ok

17:31:39.0833 7620 MSExchangeFBA - ok

17:31:39.0833 7620 MSExchangeFDS - ok

17:31:39.0864 7620 MSExchangeImap4 - ok

17:31:39.0880 7620 MSExchangeIS - ok

17:31:39.0896 7620 MSExchangeMailboxAssistants - ok

17:31:39.0911 7620 MSExchangeMailboxReplication - ok

17:31:39.0927 7620 MSExchangeMailSubmission - ok

17:31:39.0927 7620 MSExchangeMonitoring - ok

17:31:39.0958 7620 MSExchangePop3 - ok

17:31:39.0958 7620 MSExchangeProtectedServiceHost - ok

17:31:39.0989 7620 MSExchangeRepl - ok

17:31:39.0989 7620 MSExchangeRPC - ok

17:31:40.0005 7620 MSExchangeSA - ok

17:31:40.0005 7620 MSExchangeSearch - ok

17:31:40.0020 7620 MSExchangeServiceHost - ok

17:31:40.0020 7620 MSExchangeThrottling - ok

17:31:40.0036 7620 MSExchangeTransport - ok

17:31:40.0161 7620 MSExchangeTransportLogSearch - ok

17:31:40.0286 7620 Msfs - ok

17:31:40.0379 7620 msftesql-Exchange - ok

17:31:40.0426 7620 mshidkmdf - ok

17:31:40.0442 7620 msisadrv - ok

17:31:40.0457 7620 MSiSCSI - ok

17:31:40.0457 7620 msiserver - ok

17:31:40.0582 7620 MsMpSvc - ok

17:31:40.0582 7620 MsRPC - ok

17:31:40.0582 7620 mssmbios - ok

17:31:40.0598 7620 MSSQL$BLACKBERRY - ok

17:31:40.0613 7620 MSSQLServerADHelper - ok

17:31:40.0613 7620 MTConfig - ok

17:31:40.0629 7620 Mup - ok

17:31:40.0644 7620 napagent - ok

17:31:40.0707 7620 NDIS - ok

17:31:40.0722 7620 NdisCap - ok

17:31:40.0738 7620 NdisTapi - ok

17:31:40.0769 7620 Ndisuio - ok

17:31:40.0769 7620 NdisWan - ok

17:31:40.0785 7620 NDProxy - ok

17:31:40.0800 7620 NetBIOS - ok

17:31:40.0816 7620 NetBT - ok

17:31:40.0816 7620 Netlogon - ok

17:31:40.0832 7620 Netman - ok

17:31:40.0863 7620 NetMsmqActivator - ok

17:31:40.0863 7620 NetPipeActivator - ok

17:31:40.0863 7620 netprofm - ok

17:31:40.0878 7620 NetTcpActivator - ok

17:31:40.0878 7620 NetTcpPortSharing - ok

17:31:40.0894 7620 nfrd960 - ok

17:31:40.0910 7620 NisDrv - ok

17:31:40.0925 7620 NisSrv - ok

17:31:40.0941 7620 NlaSvc - ok

17:31:40.0941 7620 Npfs - ok

17:31:40.0956 7620 nsi - ok

17:31:40.0956 7620 nsiproxy - ok

17:31:40.0956 7620 NTDS - ok

17:31:40.0972 7620 NtFrs - ok

17:31:40.0972 7620 Ntfs - ok

17:31:40.0988 7620 Null - ok

17:31:41.0003 7620 nvraid - ok

17:31:41.0034 7620 nvstor - ok

17:31:41.0050 7620 nv_agp - ok

17:31:41.0066 7620 ohci1394 - ok

17:31:41.0112 7620 ose64 - ok

17:31:41.0128 7620 osppsvc - ok

17:31:41.0128 7620 Parport - ok

17:31:41.0144 7620 partmgr - ok

17:31:41.0144 7620 pci - ok

17:31:41.0144 7620 pciide - ok

17:31:41.0159 7620 pcmcia - ok

17:31:41.0159 7620 pcw - ok

17:31:41.0175 7620 PEAUTH - ok

17:31:41.0175 7620 PerfHost - ok

17:31:41.0190 7620 pla - ok

17:31:41.0190 7620 PlugPlay - ok

17:31:41.0206 7620 PolicyAgent - ok

17:31:41.0206 7620 Power - ok

17:31:41.0222 7620 PptpMiniport - ok

17:31:41.0237 7620 Processor - ok

17:31:41.0237 7620 ProfSvc - ok

17:31:41.0237 7620 ProtectedStorage - ok

17:31:41.0268 7620 Psched - ok

17:31:41.0268 7620 ql2300 - ok

17:31:41.0284 7620 ql40xx - ok

17:31:41.0284 7620 qmphook - ok

17:31:41.0300 7620 quickmacros2 - ok

17:31:41.0300 7620 RasAcd - ok

17:31:41.0315 7620 RasAgileVpn - ok

17:31:41.0331 7620 RasAuto - ok

17:31:41.0331 7620 Rasl2tp - ok

17:31:41.0346 7620 RasMan - ok

17:31:41.0362 7620 RasPppoe - ok

17:31:41.0362 7620 RasSstp - ok

17:31:41.0378 7620 rdbss - ok

17:31:41.0378 7620 rdpbus - ok

17:31:41.0393 7620 RDPCDD - ok

17:31:41.0409 7620 RDPDR - ok

17:31:41.0424 7620 RDPENCDD - ok

17:31:41.0440 7620 RDPREFMP - ok

17:31:41.0440 7620 RDPWD - ok

17:31:41.0471 7620 RemoteAccess - ok

17:31:41.0487 7620 RemoteRegistry - ok

17:31:41.0487 7620 RpcEptMapper - ok

17:31:41.0518 7620 RPCHTTPLBS - ok

17:31:41.0518 7620 RpcLocator - ok

17:31:41.0518 7620 RpcSs - ok

17:31:41.0534 7620 rqs - ok

17:31:41.0549 7620 RSoPProv - ok

17:31:41.0549 7620 rspndr - ok

17:31:41.0565 7620 s3cap - ok

17:31:41.0565 7620 sacdrv - ok

17:31:41.0580 7620 sacsvr - ok

17:31:41.0596 7620 SamSs - ok

17:31:41.0596 7620 sbp2port - ok

17:31:41.0612 7620 SCardSvr - ok

17:31:41.0612 7620 scfilter - ok

17:31:41.0612 7620 Schedule - ok

17:31:41.0627 7620 SCPolicySvc - ok

17:31:41.0643 7620 secdrv - ok

17:31:41.0658 7620 seclogon - ok

17:31:41.0674 7620 SENS - ok

17:31:41.0690 7620 Serenum - ok

17:31:41.0721 7620 Serial - ok

17:31:41.0721 7620 sermouse - ok

17:31:41.0736 7620 SessionEnv - ok

17:31:41.0752 7620 sffdisk - ok

17:31:41.0752 7620 sffp_mmc - ok

17:31:41.0752 7620 sffp_sd - ok

17:31:41.0768 7620 sfloppy - ok

17:31:41.0783 7620 SharedAccess - ok

17:31:41.0783 7620 ShellHWDetection - ok

17:31:41.0783 7620 SiSRaid2 - ok

17:31:41.0799 7620 SiSRaid4 - ok

17:31:41.0830 7620 Smb - ok

17:31:41.0846 7620 SNMPTRAP - ok

17:31:41.0861 7620 spldr - ok

17:31:41.0861 7620 Spooler - ok

17:31:41.0877 7620 sppsvc - ok

17:31:41.0877 7620 sppuinotify - ok

17:31:41.0892 7620 SQLBrowser - ok

17:31:41.0939 7620 SQLWriter - ok

17:31:41.0955 7620 srv - ok

17:31:41.0955 7620 srv2 - ok

17:31:41.0955 7620 srvnet - ok

17:31:41.0986 7620 SSDPSRV - ok

17:31:42.0002 7620 SstpSvc - ok

17:31:42.0002 7620 stexstor - ok

17:31:42.0017 7620 stisvc - ok

17:31:42.0033 7620 storflt - ok

17:31:42.0033 7620 storvsc - ok

17:31:42.0080 7620 storvsp - ok

17:31:42.0080 7620 swenum - ok

17:31:42.0095 7620 swprv - ok

17:31:42.0142 7620 TabletInputService - ok

17:31:42.0142 7620 TapiSrv - ok

17:31:42.0158 7620 TBS - ok

17:31:42.0189 7620 Tcpip - ok

17:31:42.0204 7620 TCPIP6 - ok

17:31:42.0220 7620 tcpipreg - ok

17:31:42.0236 7620 TDPIPE - ok

17:31:42.0251 7620 TDTCP - ok

17:31:42.0267 7620 tdx - ok

17:31:42.0267 7620 TermDD - ok

17:31:42.0282 7620 TermService - ok

17:31:42.0298 7620 Themes - ok

17:31:42.0314 7620 THREADORDER - ok

17:31:42.0314 7620 TlntSvr - ok

17:31:42.0329 7620 TrkWks - ok

17:31:42.0345 7620 TrustedInstaller - ok

17:31:42.0345 7620 tssecsrv - ok

17:31:42.0392 7620 TsUsbFlt - ok

17:31:42.0407 7620 tunnel - ok

17:31:42.0423 7620 uagp35 - ok

17:31:42.0423 7620 udfs - ok

17:31:42.0438 7620 UI0Detect - ok

17:31:42.0454 7620 uliagpkx - ok

17:31:42.0501 7620 umbus - ok

17:31:42.0501 7620 UmPass - ok

17:31:42.0516 7620 UmRdpService - ok

17:31:42.0516 7620 upnphost - ok

17:31:42.0532 7620 usbccgp - ok

17:31:42.0548 7620 usbehci - ok

17:31:42.0563 7620 usbhub - ok

17:31:42.0563 7620 usbohci - ok

17:31:42.0579 7620 usbprint - ok

17:31:42.0579 7620 USBSTOR - ok

17:31:42.0594 7620 usbuhci - ok

17:31:42.0610 7620 UxSms - ok

17:31:42.0610 7620 VaultSvc - ok

17:31:42.0626 7620 vdrvroot - ok

17:31:42.0626 7620 vds - ok

17:31:42.0641 7620 vga - ok

17:31:42.0657 7620 VgaSave - ok

17:31:42.0657 7620 vhdmp - ok

17:31:42.0672 7620 viaide - ok

17:31:42.0672 7620 Vid - ok

17:31:42.0688 7620 vmbus - ok

17:31:42.0704 7620 VMBusHID - ok

17:31:42.0704 7620 volmgr - ok

17:31:42.0719 7620 volmgrx - ok

17:31:42.0719 7620 volsnap - ok

17:31:42.0735 7620 vsmraid - ok

17:31:42.0735 7620 VSS - ok

17:31:42.0750 7620 W32Time - ok

17:31:42.0766 7620 W3SVC - ok

17:31:42.0766 7620 WacomPen - ok

17:31:42.0782 7620 WANARP - ok

17:31:42.0797 7620 Wanarpv6 - ok

17:31:42.0813 7620 WAS - ok

17:31:42.0828 7620 wbengine - ok

17:31:42.0844 7620 WcsPlugInService - ok

17:31:42.0844 7620 Wd - ok

17:31:42.0860 7620 Wdf01000 - ok

17:31:42.0860 7620 WdiServiceHost - ok

17:31:42.0875 7620 WdiSystemHost - ok

17:31:42.0875 7620 WebClient - ok

17:31:42.0891 7620 Wecsvc - ok

17:31:42.0906 7620 wercplsupport - ok

17:31:42.0906 7620 WerSvc - ok

17:31:42.0922 7620 WfpLwf - ok

17:31:42.0938 7620 WIMMount - ok

17:31:42.0953 7620 WinHttpAutoProxySvc - ok

17:31:42.0953 7620 Winmgmt - ok

17:31:42.0969 7620 WinRM - ok

17:31:43.0000 7620 WmiAcpi - ok

17:31:43.0016 7620 wmiApSrv - ok

17:31:43.0016 7620 WPDBusEnum - ok

17:31:43.0031 7620 ws2ifsl - ok

17:31:43.0062 7620 wsbexchange - ok

17:31:43.0078 7620 wuauserv - ok

17:31:43.0094 7620 WudfPf - ok

17:31:43.0109 7620 WUDFRd - ok

17:31:43.0125 7620 wudfsvc - ok

17:31:43.0125 7620 XGIGraphics_XG2X - ok

17:31:43.0156 7620 ================ Scan global ===============================

17:31:43.0156 7620 [Global] - ok

17:31:43.0156 7620 ================ Scan MBR ==================================

17:31:43.0172 7620 [ 905EC9ED9D2D3AA5016199F341A048D9 ] \Device\Harddisk0\DR0

17:31:43.0296 7620 \Device\Harddisk0\DR0 - ok

17:31:43.0312 7620 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

17:31:44.0466 7620 \Device\Harddisk1\DR1 - ok

17:31:44.0997 7620 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

17:31:45.0106 7620 \Device\Harddisk2\DR2 - ok

17:31:45.0106 7620 ================ Scan VBR ==================================

17:31:45.0106 7620 [ C3D5808EC938BC1DDA106A499FB87EAA ] \Device\Harddisk2\DR2\Partition1

17:31:45.0122 7620 \Device\Harddisk2\DR2\Partition1 - ok

17:31:45.0122 7620 ============================================================

17:31:45.0122 7620 Scan finished

17:31:45.0122 7620 ============================================================

17:31:45.0137 6836 Detected object count: 0

17:31:45.0137 6836 Actual detected object count: 0

17:31:49.0552 6188 ============================================================

17:31:49.0552 6188 Scan started

17:31:49.0552 6188 Mode: Manual; TDLFS;

17:31:49.0552 6188 ============================================================

17:31:49.0568 6188 ================ Scan system memory ========================

17:31:49.0568 6188 System memory - ok

17:31:49.0583 6188 ================ Scan services =============================

17:31:49.0614 6188 1394ohci - ok

17:31:49.0630 6188 ACPI - ok

17:31:49.0646 6188 AcpiPmi - ok

17:31:49.0661 6188 adp94xx - ok

17:31:49.0661 6188 adpahci - ok

17:31:49.0677 6188 adpu320 - ok

17:31:49.0692 6188 ADWS - ok

17:31:49.0708 6188 AeLookupSvc - ok

17:31:49.0724 6188 AFD - ok

17:31:49.0724 6188 agp440 - ok

17:31:49.0739 6188 ALG - ok

17:31:49.0755 6188 aliide - ok

17:31:49.0770 6188 amdide - ok

17:31:49.0770 6188 AmdK8 - ok

17:31:49.0786 6188 AmdPPM - ok

17:31:49.0802 6188 amdsata - ok

17:31:49.0817 6188 amdsbs - ok

17:31:49.0833 6188 amdxata - ok

17:31:49.0833 6188 AppHostSvc - ok

17:31:49.0848 6188 AppID - ok

17:31:49.0864 6188 AppIDSvc - ok

17:31:49.0880 6188 Appinfo - ok

17:31:49.0895 6188 AppMgmt - ok

17:31:49.0895 6188 arc - ok

17:31:49.0911 6188 arcsas - ok

17:31:49.0958 6188 aspnet_state - ok

17:31:49.0958 6188 AsyncMac - ok

17:31:49.0973 6188 atapi - ok

17:31:49.0989 6188 AudioEndpointBuilder - ok

17:31:50.0004 6188 AudioSrv - ok

17:31:50.0004 6188 b06bdrv - ok

17:31:50.0020 6188 b57nd60a - ok

17:31:50.0036 6188 Beep - ok

17:31:50.0051 6188 BFE - ok

17:31:50.0067 6188 BITS - ok

17:31:50.0067 6188 blbdrive - ok

17:31:50.0082 6188 bowser - ok

17:31:50.0098 6188 BrFiltLo - ok

17:31:50.0114 6188 BrFiltUp - ok

17:31:50.0129 6188 Browser - ok

17:31:50.0129 6188 Brserid - ok

17:31:50.0145 6188 BrSerWdm - ok

17:31:50.0160 6188 BrUsbMdm - ok

17:31:50.0176 6188 BrUsbSer - ok

17:31:50.0192 6188 cdfs - ok

17:31:50.0192 6188 cdrom - ok

17:31:50.0207 6188 CertPropSvc - ok

17:31:50.0223 6188 CLFS - ok

17:31:50.0238 6188 clr_optimization_v2.0.50727_32 - ok

17:31:50.0254 6188 clr_optimization_v2.0.50727_64 - ok

17:31:50.0270 6188 clr_optimization_v4.0.30319_32 - ok

17:31:50.0285 6188 clr_optimization_v4.0.30319_64 - ok

17:31:50.0285 6188 CmBatt - ok

17:31:50.0301 6188 cmdide - ok

17:31:50.0316 6188 CNG - ok

17:31:50.0332 6188 Compbatt - ok

17:31:50.0332 6188 CompositeBus - ok

17:31:50.0363 6188 COMSysApp - ok

17:31:50.0379 6188 crcdisk - ok

17:31:50.0394 6188 CryptSvc - ok

17:31:50.0410 6188 CSC - ok

17:31:50.0426 6188 CscService - ok

17:31:50.0426 6188 DcomLaunch - ok

17:31:50.0457 6188 defragsvc - ok

17:31:50.0457 6188 Dfs - ok

17:31:50.0472 6188 DfsC - ok

17:31:50.0488 6188 DfsDriver - ok

17:31:50.0504 6188 DFSR - ok

17:31:50.0504 6188 DfsrRo - ok

17:31:50.0519 6188 Dhcp - ok

17:31:50.0535 6188 discache - ok

17:31:50.0550 6188 Disk - ok

17:31:50.0566 6188 DNS - ok

17:31:50.0582 6188 Dnscache - ok

17:31:50.0582 6188 dot3svc - ok

17:31:50.0597 6188 DPS - ok

17:31:50.0613 6188 DXGKrnl - ok

17:31:50.0628 6188 EapHost - ok

17:31:50.0644 6188 ebdrv - ok

17:31:50.0660 6188 EFS - ok

17:31:50.0660 6188 elxstor - ok

17:31:50.0675 6188 ErrDev - ok

17:31:50.0706 6188 EventSystem - ok

17:31:50.0722 6188 exfat - ok

17:31:50.0738 6188 fastfat - ok

17:31:50.0753 6188 FCRegSvc - ok

17:31:50.0769 6188 fdc - ok

17:31:50.0784 6188 fdPHost - ok

17:31:50.0784 6188 FDResPub - ok

17:31:50.0800 6188 FileInfo - ok

17:31:50.0831 6188 Filetrace - ok

17:31:50.0831 6188 flpydisk - ok

17:31:50.0847 6188 FltMgr - ok

17:31:50.0862 6188 FontCache - ok

17:31:50.0878 6188 FontCache3.0.0.0 - ok

17:31:50.0940 6188 FsDepends - ok

17:31:50.0956 6188 Fs_Rec - ok

17:31:50.0972 6188 ftpsvc - ok

17:31:50.0987 6188 gagp30kx - ok

17:31:51.0003 6188 gpsvc - ok

17:31:51.0018 6188 gwxhkwzv - ok

17:31:51.0018 6188 hbsoboge - ok

17:31:51.0034 6188 HDAudBus - ok

17:31:51.0050 6188 HidBatt - ok

17:31:51.0065 6188 hidserv - ok

17:31:51.0081 6188 HidUsb - ok

17:31:51.0081 6188 hkmsvc - ok

17:31:51.0096 6188 HpSAMD - ok

17:31:51.0112 6188 HTTP - ok

17:31:51.0128 6188 hwpolicy - ok

17:31:51.0143 6188 i8042prt - ok

17:31:51.0143 6188 iaStorV - ok

17:31:51.0159 6188 idsvc - ok

17:31:51.0174 6188 iirsp - ok

17:31:51.0190 6188 IISADMIN - ok

17:31:51.0190 6188 IKEEXT - ok

17:31:51.0221 6188 intelide - ok

17:31:51.0237 6188 intelppm - ok

17:31:51.0252 6188 ioatdma - ok

17:31:51.0252 6188 IPBusEnum - ok

17:31:51.0268 6188 IpFilterDriver - ok

17:31:51.0284 6188 IpHlpSvc - ok

17:31:51.0284 6188 IPMIDRV - ok

17:31:51.0299 6188 IPNAT - ok

17:31:51.0330 6188 isapnp - ok

17:31:51.0346 6188 iScsiPrt - ok

17:31:51.0346 6188 IsmServ - ok

17:31:51.0362 6188 jhnlttbm - ok

17:31:51.0377 6188 kbdclass - ok

17:31:51.0393 6188 kbdhid - ok

17:31:51.0393 6188 kdc - ok

17:31:51.0408 6188 KeyIso - ok

17:31:51.0408 6188 KSecDD - ok

17:31:51.0424 6188 KSecPkg - ok

17:31:51.0440 6188 ksthunk - ok

17:31:51.0455 6188 KtmRm - ok

17:31:51.0455 6188 LanmanServer - ok

17:31:51.0471 6188 LanmanWorkstation - ok

17:31:51.0486 6188 lltdio - ok

17:31:51.0502 6188 lltdsvc - ok

17:31:51.0518 6188 lmhosts - ok

17:31:51.0533 6188 LSI_FC - ok

17:31:51.0549 6188 LSI_SAS - ok

17:31:51.0549 6188 LSI_SAS2 - ok

17:31:51.0564 6188 LSI_SCSI - ok

17:31:51.0580 6188 luafv - ok

17:31:51.0596 6188 mcdbus - ok

17:31:51.0611 6188 megasas - ok

17:31:51.0627 6188 MegaSR - ok

17:31:51.0642 6188 Microsoft SharePoint Workspace Audit Service - ok

17:31:51.0642 6188 MMCSS - ok

17:31:51.0658 6188 Modem - ok

17:31:51.0674 6188 monitor - ok

17:31:51.0689 6188 mouclass - ok

17:31:51.0689 6188 mouhid - ok

17:31:51.0705 6188 mountmgr - ok

17:31:51.0720 6188 MozillaMaintenance - ok

17:31:51.0736 6188 MpFilter - ok

17:31:51.0736 6188 mpio - ok

17:31:51.0752 6188 mpsdrv - ok

17:31:51.0767 6188 MpsSvc - ok

17:31:51.0783 6188 MRxDAV - ok

17:31:51.0798 6188 mrxsmb - ok

17:31:51.0814 6188 mrxsmb10 - ok

17:31:51.0814 6188 mrxsmb20 - ok

17:31:51.0830 6188 msahci - ok

17:31:51.0845 6188 msdsm - ok

17:31:51.0861 6188 MSDTC - ok

17:31:52.0532 6188 MSExchangeAB - ok

17:31:52.0532 6188 MSExchangeADTopology - ok

17:31:52.0563 6188 MSExchangeAntispamUpdate - ok

17:31:52.0610 6188 MSExchangeEdgeSync - ok

17:31:52.0672 6188 MSExchangeFBA - ok

17:31:52.0688 6188 MSExchangeFDS - ok

17:31:52.0703 6188 MSExchangeImap4 - ok

17:31:52.0703 6188 MSExchangeIS - ok

17:31:52.0719 6188 MSExchangeMailboxAssistants - ok

17:31:52.0734 6188 MSExchangeMailboxReplication - ok

17:31:52.0734 6188 MSExchangeMailSubmission - ok

17:31:52.0750 6188 MSExchangeMonitoring - ok

17:31:52.0766 6188 MSExchangePop3 - ok

17:31:52.0766 6188 MSExchangeProtectedServiceHost - ok

17:31:52.0781 6188 MSExchangeRepl - ok

17:31:52.0781 6188 MSExchangeRPC - ok

17:31:52.0797 6188 MSExchangeSA - ok

17:31:52.0797 6188 MSExchangeSearch - ok

17:31:52.0812 6188 MSExchangeServiceHost - ok

17:31:52.0812 6188 MSExchangeThrottling - ok

17:31:52.0828 6188 MSExchangeTransport - ok

17:31:52.0922 6188 MSExchangeTransportLogSearch - ok

17:31:52.0953 6188 Msfs - ok

17:31:52.0953 6188 msftesql-Exchange - ok

17:31:52.0968 6188 mshidkmdf - ok

17:31:52.0984 6188 msisadrv - ok

17:31:52.0984 6188 MSiSCSI - ok

17:31:53.0000 6188 msiserver - ok

17:31:53.0000 6188 MsMpSvc - ok

17:31:53.0015 6188 MsRPC - ok

17:31:53.0015 6188 mssmbios - ok

17:31:53.0031 6188 MSSQL$BLACKBERRY - ok

17:31:53.0031 6188 MSSQLServerADHelper - ok

17:31:53.0046 6188 MTConfig - ok

17:31:53.0062 6188 Mup - ok

17:31:53.0109 6188 napagent - ok

17:31:53.0140 6188 NDIS - ok

17:31:53.0187 6188 NdisCap - ok

17:31:53.0202 6188 NdisTapi - ok

17:31:53.0218 6188 Ndisuio - ok

17:31:53.0234 6188 NdisWan - ok

17:31:53.0234 6188 NDProxy - ok

17:31:53.0265 6188 NetBIOS - ok

17:31:53.0265 6188 NetBT - ok

17:31:53.0280 6188 Netlogon - ok

17:31:53.0296 6188 Netman - ok

17:31:53.0296 6188 NetMsmqActivator - ok

17:31:53.0296 6188 NetPipeActivator - ok

17:31:53.0312 6188 netprofm - ok

17:31:53.0327 6188 NetTcpActivator - ok

17:31:53.0327 6188 NetTcpPortSharing - ok

17:31:53.0343 6188 nfrd960 - ok

17:31:53.0343 6188 NisDrv - ok

17:31:53.0358 6188 NisSrv - ok

17:31:53.0358 6188 NlaSvc - ok

17:31:53.0374 6188 Npfs - ok

17:31:53.0374 6188 nsi - ok

17:31:53.0405 6188 nsiproxy - ok

17:31:53.0468 6188 NTDS - ok

17:31:53.0483 6188 NtFrs - ok

17:31:53.0483 6188 Ntfs - ok

17:31:53.0499 6188 Null - ok

17:31:53.0499 6188 nvraid - ok

17:31:53.0514 6188 nvstor - ok

17:31:53.0514 6188 nv_agp - ok

17:31:53.0530 6188 ohci1394 - ok

17:31:53.0530 6188 ose64 - ok

17:31:53.0546 6188 osppsvc - ok

17:31:53.0561 6188 Parport - ok

17:31:53.0561 6188 partmgr - ok

17:31:53.0577 6188 pci - ok

17:31:53.0577 6188 pciide - ok

17:31:53.0592 6188 pcmcia - ok

17:31:53.0592 6188 pcw - ok

17:31:53.0608 6188 PEAUTH - ok

17:31:53.0624 6188 PerfHost - ok

17:31:53.0639 6188 pla - ok

17:31:53.0655 6188 PlugPlay - ok

17:31:53.0655 6188 PolicyAgent - ok

17:31:53.0670 6188 Power - ok

17:31:53.0686 6188 PptpMiniport - ok

17:31:53.0686 6188 Processor - ok

17:31:53.0702 6188 ProfSvc - ok

17:31:53.0702 6188 ProtectedStorage - ok

17:31:53.0717 6188 Psched - ok

17:31:53.0717 6188 ql2300 - ok

17:31:53.0733 6188 ql40xx - ok

17:31:53.0733 6188 qmphook - ok

17:31:53.0748 6188 quickmacros2 - ok

17:31:53.0748 6188 RasAcd - ok

17:31:53.0764 6188 RasAgileVpn - ok

17:31:53.0780 6188 RasAuto - ok

17:31:53.0780 6188 Rasl2tp - ok

17:31:53.0795 6188 RasMan - ok

17:31:53.0795 6188 RasPppoe - ok

17:31:53.0811 6188 RasSstp - ok

17:31:53.0811 6188 rdbss - ok

17:31:53.0826 6188 rdpbus - ok

17:31:53.0826 6188 RDPCDD - ok

17:31:53.0842 6188 RDPDR - ok

17:31:53.0858 6188 RDPENCDD - ok

17:31:53.0858 6188 RDPREFMP - ok

17:31:53.0873 6188 RDPWD - ok

17:31:53.0873 6188 RemoteAccess - ok

17:31:53.0889 6188 RemoteRegistry - ok

17:31:53.0904 6188 RpcEptMapper - ok

17:31:53.0904 6188 RPCHTTPLBS - ok

17:31:53.0920 6188 RpcLocator - ok

17:31:53.0920 6188 RpcSs - ok

17:31:53.0936 6188 rqs - ok

17:31:53.0936 6188 RSoPProv - ok

17:31:53.0951 6188 rspndr - ok

17:31:53.0951 6188 s3cap - ok

17:31:53.0967 6188 sacdrv - ok

17:31:53.0982 6188 sacsvr - ok

17:31:53.0982 6188 SamSs - ok

17:31:53.0982 6188 sbp2port - ok

17:31:53.0998 6188 SCardSvr - ok

17:31:53.0998 6188 scfilter - ok

17:31:54.0014 6188 Schedule - ok

17:31:54.0014 6188 SCPolicySvc - ok

17:31:54.0029 6188 secdrv - ok

17:31:54.0029 6188 seclogon - ok

17:31:54.0045 6188 SENS - ok

17:31:54.0045 6188 Serenum - ok

17:31:54.0045 6188 Serial - ok

17:31:54.0060 6188 sermouse - ok

17:31:54.0076 6188 SessionEnv - ok

17:31:54.0076 6188 sffdisk - ok

17:31:54.0092 6188 sffp_mmc - ok

17:31:54.0092 6188 sffp_sd - ok

17:31:54.0092 6188 sfloppy - ok

17:31:54.0107 6188 SharedAccess - ok

17:31:54.0107 6188 ShellHWDetection - ok

17:31:54.0123 6188 SiSRaid2 - ok

17:31:54.0123 6188 SiSRaid4 - ok

17:31:54.0123 6188 Smb - ok

17:31:54.0138 6188 SNMPTRAP - ok

17:31:54.0154 6188 spldr - ok

17:31:54.0154 6188 Spooler - ok

17:31:54.0170 6188 sppsvc - ok

17:31:54.0185 6188 sppuinotify - ok

17:31:54.0185 6188 SQLBrowser - ok

17:31:54.0201 6188 SQLWriter - ok

17:31:54.0216 6188 srv - ok

17:31:54.0216 6188 srv2 - ok

17:31:54.0232 6188 srvnet - ok

17:31:54.0248 6188 SSDPSRV - ok

17:31:54.0263 6188 SstpSvc - ok

17:31:54.0279 6188 stexstor - ok

17:31:54.0279 6188 stisvc - ok

17:31:54.0294 6188 storflt - ok

17:31:54.0294 6188 storvsc - ok

17:31:54.0310 6188 storvsp - ok

17:31:54.0326 6188 swenum - ok

17:31:54.0341 6188 swprv - ok

17:31:54.0372 6188 TabletInputService - ok

17:31:54.0388 6188 TapiSrv - ok

17:31:54.0388 6188 TBS - ok

17:31:54.0419 6188 Tcpip - ok

17:31:54.0419 6188 TCPIP6 - ok

17:31:54.0435 6188 tcpipreg - ok

17:31:54.0450 6188 TDPIPE - ok

17:31:54.0466 6188 TDTCP - ok

17:31:54.0482 6188 tdx - ok

17:31:54.0482 6188 TermDD - ok

17:31:54.0497 6188 TermService - ok

17:31:54.0497 6188 Themes - ok

17:31:54.0513 6188 THREADORDER - ok

17:31:54.0528 6188 TlntSvr - ok

17:31:54.0544 6188 TrkWks - ok

17:31:54.0560 6188 TrustedInstaller - ok

17:31:54.0560 6188 tssecsrv - ok

17:31:54.0575 6188 TsUsbFlt - ok

17:31:54.0575 6188 tunnel - ok

17:31:54.0591 6188 uagp35 - ok

17:31:54.0591 6188 udfs - ok

17:31:54.0606 6188 UI0Detect - ok

17:31:54.0622 6188 uliagpkx - ok

17:31:54.0622 6188 umbus - ok

17:31:54.0638 6188 UmPass - ok

17:31:54.0653 6188 UmRdpService - ok

17:31:54.0653 6188 upnphost - ok

17:31:54.0669 6188 usbccgp - ok

17:31:54.0669 6188 usbehci - ok

17:31:54.0684 6188 usbhub - ok

17:31:54.0684 6188 usbohci - ok

17:31:54.0700 6188 usbprint - ok

17:31:54.0700 6188 USBSTOR - ok

17:31:54.0716 6188 usbuhci - ok

17:31:54.0716 6188 UxSms - ok

17:31:54.0731 6188 VaultSvc - ok

17:31:54.0731 6188 vdrvroot - ok

17:31:54.0731 6188 vds - ok

17:31:54.0747 6188 vga - ok

17:31:54.0762 6188 VgaSave - ok

17:31:54.0762 6188 vhdmp - ok

17:31:54.0778 6188 viaide - ok

17:31:54.0778 6188 Vid - ok

17:31:54.0794 6188 vmbus - ok

17:31:54.0809 6188 VMBusHID - ok

17:31:54.0809 6188 volmgr - ok

17:31:54.0825 6188 volmgrx - ok

17:31:54.0825 6188 volsnap - ok

17:31:54.0840 6188 vsmraid - ok

17:31:54.0840 6188 VSS - ok

17:31:54.0856 6188 W32Time - ok

17:31:54.0856 6188 W3SVC - ok

17:31:54.0872 6188 WacomPen - ok

17:31:54.0872 6188 WANARP - ok

17:31:54.0887 6188 Wanarpv6 - ok

17:31:54.0903 6188 WAS - ok

17:31:54.0903 6188 wbengine - ok

17:31:54.0918 6188 WcsPlugInService - ok

17:31:54.0918 6188 Wd - ok

17:31:54.0934 6188 Wdf01000 - ok

17:31:54.0934 6188 WdiServiceHost - ok

17:31:54.0950 6188 WdiSystemHost - ok

17:31:54.0965 6188 WebClient - ok

17:31:54.0965 6188 Wecsvc - ok

17:31:54.0981 6188 wercplsupport - ok

17:31:54.0981 6188 WerSvc - ok

17:31:54.0996 6188 WfpLwf - ok

17:31:54.0996 6188 WIMMount - ok

17:31:55.0028 6188 WinHttpAutoProxySvc - ok

17:31:55.0028 6188 Winmgmt - ok

17:31:55.0043 6188 WinRM - ok

17:31:55.0059 6188 WmiAcpi - ok

17:31:55.0074 6188 wmiApSrv - ok

17:31:55.0074 6188 WPDBusEnum - ok

17:31:55.0090 6188 ws2ifsl - ok

17:31:55.0106 6188 wsbexchange - ok

17:31:55.0106 6188 wuauserv - ok

17:31:55.0121 6188 WudfPf - ok

17:31:55.0121 6188 WUDFRd - ok

17:31:55.0137 6188 wudfsvc - ok

17:31:55.0137 6188 XGIGraphics_XG2X - ok

17:31:55.0168 6188 ================ Scan global ===============================

17:31:55.0168 6188 [Global] - ok

17:31:55.0168 6188 ================ Scan MBR ==================================

17:31:55.0184 6188 [ 905EC9ED9D2D3AA5016199F341A048D9 ] \Device\Harddisk0\DR0

17:31:55.0308 6188 \Device\Harddisk0\DR0 - ok

17:31:55.0324 6188 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1

17:31:57.0570 6188 \Device\Harddisk1\DR1 - ok

17:31:58.0085 6188 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2

17:31:58.0210 6188 \Device\Harddisk2\DR2 - ok

17:31:58.0210 6188 ================ Scan VBR ==================================

17:31:58.0210 6188 [ C3D5808EC938BC1DDA106A499FB87EAA ] \Device\Harddisk2\DR2\Partition1

17:31:58.0210 6188 \Device\Harddisk2\DR2\Partition1 - ok

17:31:58.0210 6188 ============================================================

17:31:58.0210 6188 Scan finished

17:31:58.0210 6188 ============================================================

17:31:58.0241 8576 Detected object count: 0

17:31:58.0241 8576 Actual detected object count: 0


Edited by tomforti, 09 March 2013 - 05:34 PM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 09 March 2013 - 10:35 PM

Let me knowhow it's running after ESET.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 09 March 2013 - 10:42 PM

I will. I started to run it right after the other software but when i checked back on it a few hours later it had an error. I started it again and it is still running, about 75% done. So far it shows no infections. Have no idea why i had the google redirect and 450GBs of files which I still have to get the remaining 325Gbs off of my computer somehow.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 10 March 2013 - 12:06 AM

Well if it stiil exists ..you may have a hidden rootkit and it would be best to get a deeper look as we don't want to leave that on here.. Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.


Include this link back to here... http://www.bleepingcomputer.com/forums/t/487685/contentie5-folder-contains-js-files-about-450gbs-in-size-with-google-redirect/#entry2998619


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 10 March 2013 - 12:11 AM

I have seem to reach a tough spot with ESET. It is scanning the content.ie5 folder and I have a feeling it will be scanning that folder for some time because of all the .js files. I will hope for it to be finished by tomorrow and post the log. I will then backup everything and get everything ready for the next step.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 10 March 2013 - 06:19 PM

You may want to look at this on Mozilla preferences.

https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/A_brief_guide_to_Mozilla_preferences

 

i do not use Firefox,so you may want to ask any details about that in the Web Browsers forum.


Edited by boopme, 10 March 2013 - 06:19 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 14 March 2013 - 06:44 PM

TDSS Killer

 

17:31:56.0206 6760  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:31:56.0897 6760  ============================================================
17:31:56.0897 6760  Current date / time: 2013/03/14 17:31:56.0897
17:31:56.0897 6760  SystemInfo:
17:31:56.0897 6760  
17:31:56.0897 6760  OS Version: 6.1.7601 ServicePack: 1.0
17:31:56.0897 6760  Product type: Domain controller
17:31:56.0897 6760  ComputerName: MAIL-SERVER
17:31:56.0926 6760  UserName: tom
17:31:56.0926 6760  Windows directory: C:\Windows
17:31:56.0926 6760  System windows directory: C:\Windows
17:31:56.0926 6760  Running under WOW64
17:31:56.0926 6760  Processor architecture: Intel x64
17:31:56.0926 6760  Number of processors: 2
17:31:56.0926 6760  Page size: 0x1000
17:31:56.0926 6760  Boot type: Normal boot
17:31:56.0926 6760  ============================================================
17:31:59.0570 6760  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:59.0580 6760  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:32:07.0385 6760  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DCE0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFE, Type 'W'
17:32:07.0387 6760  ============================================================
17:32:07.0387 6760  \Device\Harddisk0\DR0:
17:32:07.0412 6760  MBR partitions:
17:32:07.0412 6760  \Device\Harddisk1\DR1:
17:32:07.0412 6760  MBR partitions:
17:32:07.0412 6760  \Device\Harddisk2\DR2:
17:32:07.0412 6760  MBR partitions:
17:32:07.0412 6760  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747055B0
17:32:07.0412 6760  ============================================================
17:32:07.0471 6760  Initialize success
17:32:07.0471 6760  ============================================================
17:32:11.0547 6788  ============================================================
17:32:11.0547 6788  Scan started
17:32:11.0547 6788  Mode: Manual;
17:32:11.0547 6788  ============================================================
17:32:11.0592 6788  ================ Scan system memory ========================
17:32:11.0592 6788  System memory - ok
17:32:11.0597 6788  ================ Scan services =============================
17:32:11.0647 6788  1394ohci - ok
17:32:11.0655 6788  ACPI - ok
17:32:11.0664 6788  AcpiPmi - ok
17:32:11.0674 6788  adp94xx - ok
17:32:11.0684 6788  adpahci - ok
17:32:11.0692 6788  adpu320 - ok
17:32:11.0707 6788  ADWS - ok
17:32:11.0719 6788  AeLookupSvc - ok
17:32:11.0740 6788  AFD - ok
17:32:11.0745 6788  agp440 - ok
17:32:11.0756 6788  ALG - ok
17:32:11.0765 6788  aliide - ok
17:32:11.0775 6788  amdide - ok
17:32:11.0785 6788  AmdK8 - ok
17:32:11.0795 6788  AmdPPM - ok
17:32:11.0804 6788  amdsata - ok
17:32:11.0814 6788  amdsbs - ok
17:32:11.0824 6788  amdxata - ok
17:32:11.0844 6788  AppHostSvc - ok
17:32:11.0850 6788  AppID - ok
17:32:11.0859 6788  AppIDSvc - ok
17:32:11.0867 6788  Appinfo - ok
17:32:11.0877 6788  AppMgmt - ok
17:32:11.0887 6788  arc - ok
17:32:11.0896 6788  arcsas - ok
17:32:11.0929 6788  aspnet_state - ok
17:32:11.0939 6788  AsyncMac - ok
17:32:11.0947 6788  atapi - ok
17:32:11.0957 6788  AudioEndpointBuilder - ok
17:32:11.0966 6788  AudioSrv - ok
17:32:11.0976 6788  b06bdrv - ok
17:32:11.0997 6788  b57nd60a - ok
17:32:12.0016 6788  Beep - ok
17:32:12.0040 6788  BFE - ok
17:32:12.0050 6788  BITS - ok
17:32:12.0060 6788  blbdrive - ok
17:32:12.0069 6788  bowser - ok
17:32:12.0079 6788  BrFiltLo - ok
17:32:12.0087 6788  BrFiltUp - ok
17:32:12.0097 6788  Browser - ok
17:32:12.0106 6788  Brserid - ok
17:32:12.0116 6788  BrSerWdm - ok
17:32:12.0126 6788  BrUsbMdm - ok
17:32:12.0135 6788  BrUsbSer - ok
17:32:12.0150 6788  cdfs - ok
17:32:12.0160 6788  cdrom - ok
17:32:12.0171 6788  CertPropSvc - ok
17:32:12.0181 6788  CLFS - ok
17:32:12.0190 6788  clr_optimization_v2.0.50727_32 - ok
17:32:12.0200 6788  clr_optimization_v2.0.50727_64 - ok
17:32:12.0212 6788  clr_optimization_v4.0.30319_32 - ok
17:32:12.0222 6788  clr_optimization_v4.0.30319_64 - ok
17:32:12.0232 6788  CmBatt - ok
17:32:12.0242 6788  cmdide - ok
17:32:12.0252 6788  CNG - ok
17:32:12.0261 6788  Compbatt - ok
17:32:12.0270 6788  CompositeBus - ok
17:32:12.0280 6788  COMSysApp - ok
17:32:12.0299 6788  crcdisk - ok
17:32:12.0314 6788  CryptSvc - ok
17:32:12.0335 6788  CSC - ok
17:32:12.0355 6788  CscService - ok
17:32:12.0369 6788  DcomLaunch - ok
17:32:12.0377 6788  defragsvc - ok
17:32:12.0386 6788  Dfs - ok
17:32:12.0396 6788  DfsC - ok
17:32:12.0406 6788  DfsDriver - ok
17:32:12.0415 6788  DFSR - ok
17:32:12.0425 6788  DfsrRo - ok
17:32:12.0434 6788  Dhcp - ok
17:32:12.0447 6788  discache - ok
17:32:12.0457 6788  Disk - ok
17:32:12.0472 6788  DNS - ok
17:32:12.0481 6788  Dnscache - ok
17:32:12.0491 6788  dot3svc - ok
17:32:12.0500 6788  DPS - ok
17:32:12.0510 6788  DXGKrnl - ok
17:32:12.0520 6788  EapHost - ok
17:32:12.0529 6788  ebdrv - ok
17:32:12.0539 6788  EFS - ok
17:32:12.0547 6788  elxstor - ok
17:32:12.0557 6788  ErrDev - ok
17:32:12.0580 6788  EventSystem - ok
17:32:12.0615 6788  exfat - ok
17:32:12.0629 6788  fastfat - ok
17:32:12.0639 6788  FCRegSvc - ok
17:32:12.0647 6788  fdc - ok
17:32:12.0657 6788  fdPHost - ok
17:32:12.0667 6788  FDResPub - ok
17:32:12.0676 6788  FileInfo - ok
17:32:12.0694 6788  Filetrace - ok
17:32:12.0704 6788  flpydisk - ok
17:32:12.0712 6788  FltMgr - ok
17:32:12.0722 6788  FontCache - ok
17:32:12.0737 6788  FontCache3.0.0.0 - ok
17:32:12.0775 6788  FsDepends - ok
17:32:12.0787 6788  Fs_Rec - ok
17:32:12.0797 6788  ftpsvc - ok
17:32:12.0806 6788  gagp30kx - ok
17:32:12.0821 6788  gpsvc - ok
17:32:12.0826 6788  gwxhkwzv - ok
17:32:12.0836 6788  hbsoboge - ok
17:32:12.0845 6788  HDAudBus - ok
17:32:12.0855 6788  HidBatt - ok
17:32:12.0865 6788  hidserv - ok
17:32:12.0876 6788  HidUsb - ok
17:32:12.0886 6788  hkmsvc - ok
17:32:12.0895 6788  HpSAMD - ok
17:32:12.0905 6788  HTTP - ok
17:32:12.0914 6788  hwpolicy - ok
17:32:12.0924 6788  i8042prt - ok
17:32:12.0932 6788  iaStorV - ok
17:32:12.0942 6788  idsvc - ok
17:32:12.0952 6788  iirsp - ok
17:32:12.0962 6788  IISADMIN - ok
17:32:12.0984 6788  IKEEXT - ok
17:32:12.0997 6788  intelide - ok
17:32:13.0007 6788  intelppm - ok
17:32:13.0017 6788  ioatdma - ok
17:32:13.0026 6788  IPBusEnum - ok
17:32:13.0036 6788  IpFilterDriver - ok
17:32:13.0064 6788  IpHlpSvc - ok
17:32:13.0080 6788  IPMIDRV - ok
17:32:13.0089 6788  IPNAT - ok
17:32:13.0106 6788  isapnp - ok
17:32:13.0116 6788  iScsiPrt - ok
17:32:13.0126 6788  IsmServ - ok
17:32:13.0135 6788  jhnlttbm - ok
17:32:13.0144 6788  kbdclass - ok
17:32:13.0154 6788  kbdhid - ok
17:32:13.0164 6788  kdc - ok
17:32:13.0172 6788  KeyIso - ok
17:32:13.0182 6788  KSecDD - ok
17:32:13.0191 6788  KSecPkg - ok
17:32:13.0200 6788  ksthunk - ok
17:32:13.0211 6788  KtmRm - ok
17:32:13.0220 6788  LanmanServer - ok
17:32:13.0257 6788  LanmanWorkstation - ok
17:32:13.0271 6788  lltdio - ok
17:32:13.0280 6788  lltdsvc - ok
17:32:13.0289 6788  lmhosts - ok
17:32:13.0303 6788  LSI_FC - ok
17:32:13.0319 6788  LSI_SAS - ok
17:32:13.0329 6788  LSI_SAS2 - ok
17:32:13.0346 6788  LSI_SCSI - ok
17:32:13.0355 6788  luafv - ok
17:32:13.0371 6788  mcdbus - ok
17:32:13.0419 6788  megasas - ok
17:32:13.0464 6788  MegaSR - ok
17:32:13.0505 6788  Microsoft SharePoint Workspace Audit Service - ok
17:32:13.0515 6788  MMCSS - ok
17:32:13.0524 6788  Modem - ok
17:32:13.0534 6788  monitor - ok
17:32:13.0543 6788  mouclass - ok
17:32:13.0553 6788  mouhid - ok
17:32:13.0561 6788  mountmgr - ok
17:32:13.0598 6788  MozillaMaintenance - ok
17:32:13.0631 6788  MpFilter - ok
17:32:13.0644 6788  mpio - ok
17:32:13.0656 6788  mpsdrv - ok
17:32:13.0671 6788  MpsSvc - ok
17:32:13.0693 6788  MRxDAV - ok
17:32:13.0698 6788  mrxsmb - ok
17:32:13.0708 6788  mrxsmb10 - ok
17:32:13.0716 6788  mrxsmb20 - ok
17:32:13.0726 6788  msahci - ok
17:32:13.0735 6788  msdsm - ok
17:32:13.0745 6788  MSDTC - ok
17:32:14.0261 6788  MSExchangeAB - ok
17:32:14.0273 6788  MSExchangeADTopology - ok
17:32:14.0286 6788  MSExchangeAntispamUpdate - ok
17:32:14.0306 6788  MSExchangeEdgeSync - ok
17:32:14.0326 6788  MSExchangeFBA - ok
17:32:14.0336 6788  MSExchangeFDS - ok
17:32:14.0355 6788  MSExchangeImap4 - ok
17:32:14.0368 6788  MSExchangeIS - ok
17:32:14.0376 6788  MSExchangeMailboxAssistants - ok
17:32:14.0388 6788  MSExchangeMailboxReplication - ok
17:32:14.0398 6788  MSExchangeMailSubmission - ok
17:32:14.0408 6788  MSExchangeMonitoring - ok
17:32:14.0423 6788  MSExchangePop3 - ok
17:32:14.0434 6788  MSExchangeProtectedServiceHost - ok
17:32:14.0444 6788  MSExchangeRepl - ok
17:32:14.0454 6788  MSExchangeRPC - ok
17:32:14.0464 6788  MSExchangeSA - ok
17:32:14.0474 6788  MSExchangeSearch - ok
17:32:14.0484 6788  MSExchangeServiceHost - ok
17:32:14.0495 6788  MSExchangeThrottling - ok
17:32:14.0509 6788  MSExchangeTransport - ok
17:32:14.0606 6788  MSExchangeTransportLogSearch - ok
17:32:14.0640 6788  Msfs - ok
17:32:14.0650 6788  msftesql-Exchange - ok
17:32:14.0670 6788  mshidkmdf - ok
17:32:14.0679 6788  msisadrv - ok
17:32:14.0689 6788  MSiSCSI - ok
17:32:14.0698 6788  msiserver - ok
17:32:14.0749 6788  MsMpSvc - ok
17:32:14.0761 6788  MsRPC - ok
17:32:14.0774 6788  mssmbios - ok
17:32:14.0818 6788  MSSQL$BLACKBERRY - ok
17:32:14.0826 6788  MSSQLServerADHelper - ok
17:32:14.0838 6788  MTConfig - ok
17:32:14.0856 6788  Mup - ok
17:32:14.0866 6788  napagent - ok
17:32:14.0929 6788  NDIS - ok
17:32:14.0943 6788  NdisCap - ok
17:32:14.0959 6788  NdisTapi - ok
17:32:14.0969 6788  Ndisuio - ok
17:32:14.0979 6788  NdisWan - ok
17:32:14.0988 6788  NDProxy - ok
17:32:15.0000 6788  NetBIOS - ok
17:32:15.0009 6788  NetBT - ok
17:32:15.0020 6788  Netlogon - ok
17:32:15.0035 6788  Netman - ok
17:32:15.0053 6788  NetMsmqActivator - ok
17:32:15.0063 6788  NetPipeActivator - ok
17:32:15.0071 6788  netprofm - ok
17:32:15.0081 6788  NetTcpActivator - ok
17:32:15.0091 6788  NetTcpPortSharing - ok
17:32:15.0100 6788  nfrd960 - ok
17:32:15.0125 6788  NisDrv - ok
17:32:15.0134 6788  NisSrv - ok
17:32:15.0144 6788  NlaSvc - ok
17:32:15.0154 6788  Npfs - ok
17:32:15.0163 6788  nsi - ok
17:32:15.0171 6788  nsiproxy - ok
17:32:15.0181 6788  NTDS - ok
17:32:15.0191 6788  NtFrs - ok
17:32:15.0200 6788  Ntfs - ok
17:32:15.0210 6788  Null - ok
17:32:15.0220 6788  nvraid - ok
17:32:15.0229 6788  nvstor - ok
17:32:15.0238 6788  nv_agp - ok
17:32:15.0248 6788  ohci1394 - ok
17:32:15.0310 6788  ose64 - ok
17:32:15.0320 6788  osppsvc - ok
17:32:15.0336 6788  Parport - ok
17:32:15.0345 6788  partmgr - ok
17:32:15.0354 6788  pci - ok
17:32:15.0364 6788  pciide - ok
17:32:15.0373 6788  pcmcia - ok
17:32:15.0383 6788  pcw - ok
17:32:15.0393 6788  PEAUTH - ok
17:32:15.0406 6788  PerfHost - ok
17:32:15.0429 6788  pla - ok
17:32:15.0438 6788  PlugPlay - ok
17:32:15.0446 6788  PolicyAgent - ok
17:32:15.0461 6788  Power - ok
17:32:15.0470 6788  PptpMiniport - ok
17:32:15.0479 6788  Processor - ok
17:32:15.0489 6788  ProfSvc - ok
17:32:15.0499 6788  ProtectedStorage - ok
17:32:15.0508 6788  Psched - ok
17:32:15.0518 6788  ql2300 - ok
17:32:15.0526 6788  ql40xx - ok
17:32:15.0535 6788  qmphook - ok
17:32:15.0545 6788  quickmacros2 - ok
17:32:15.0555 6788  RasAcd - ok
17:32:15.0564 6788  RasAgileVpn - ok
17:32:15.0574 6788  RasAuto - ok
17:32:15.0584 6788  Rasl2tp - ok
17:32:15.0603 6788  RasMan - ok
17:32:15.0613 6788  RasPppoe - ok
17:32:15.0623 6788  RasSstp - ok
17:32:15.0631 6788  rdbss - ok
17:32:15.0640 6788  rdpbus - ok
17:32:15.0650 6788  RDPCDD - ok
17:32:15.0669 6788  RDPDR - ok
17:32:15.0684 6788  RDPENCDD - ok
17:32:15.0699 6788  RDPREFMP - ok
17:32:15.0708 6788  RDPWD - ok
17:32:15.0718 6788  RemoteAccess - ok
17:32:15.0735 6788  RemoteRegistry - ok
17:32:15.0755 6788  RpcEptMapper - ok
17:32:15.0785 6788  RPCHTTPLBS - ok
17:32:15.0795 6788  RpcLocator - ok
17:32:15.0804 6788  RpcSs - ok
17:32:15.0819 6788  rqs - ok
17:32:15.0829 6788  RSoPProv - ok
17:32:15.0839 6788  rspndr - ok
17:32:15.0848 6788  s3cap - ok
17:32:15.0861 6788  sacdrv - ok
17:32:15.0871 6788  sacsvr - ok
17:32:15.0880 6788  SamSs - ok
17:32:15.0890 6788  sbp2port - ok
17:32:15.0900 6788  SCardSvr - ok
17:32:15.0909 6788  scfilter - ok
17:32:15.0919 6788  Schedule - ok
17:32:15.0929 6788  SCPolicySvc - ok
17:32:15.0949 6788  secdrv - ok
17:32:15.0965 6788  seclogon - ok
17:32:15.0974 6788  SENS - ok
17:32:15.0983 6788  Serenum - ok
17:32:15.0993 6788  Serial - ok
17:32:16.0001 6788  sermouse - ok
17:32:16.0029 6788  SessionEnv - ok
17:32:16.0039 6788  sffdisk - ok
17:32:16.0049 6788  sffp_mmc - ok
17:32:16.0059 6788  sffp_sd - ok
17:32:16.0068 6788  sfloppy - ok
17:32:16.0081 6788  SharedAccess - ok
17:32:16.0090 6788  ShellHWDetection - ok
17:32:16.0100 6788  SiSRaid2 - ok
17:32:16.0109 6788  SiSRaid4 - ok
17:32:16.0129 6788  Smb - ok
17:32:16.0156 6788  SNMPTRAP - ok
17:32:16.0165 6788  spldr - ok
17:32:16.0175 6788  Spooler - ok
17:32:16.0184 6788  sppsvc - ok
17:32:16.0194 6788  sppuinotify - ok
17:32:16.0210 6788  SQLBrowser - ok
17:32:16.0226 6788  SQLWriter - ok
17:32:16.0236 6788  srv - ok
17:32:16.0245 6788  srv2 - ok
17:32:16.0255 6788  srvnet - ok
17:32:16.0271 6788  SSDPSRV - ok
17:32:16.0280 6788  SstpSvc - ok
17:32:16.0290 6788  stexstor - ok
17:32:16.0306 6788  stisvc - ok
17:32:16.0315 6788  storflt - ok
17:32:16.0325 6788  storvsc - ok
17:32:16.0343 6788  storvsp - ok
17:32:16.0351 6788  swenum - ok
17:32:16.0360 6788  swprv - ok
17:32:16.0371 6788  TabletInputService - ok
17:32:16.0381 6788  TapiSrv - ok
17:32:16.0390 6788  TBS - ok
17:32:16.0400 6788  Tcpip - ok
17:32:16.0420 6788  TCPIP6 - ok
17:32:16.0434 6788  tcpipreg - ok
17:32:16.0448 6788  TDPIPE - ok
17:32:16.0456 6788  TDTCP - ok
17:32:16.0465 6788  tdx - ok
17:32:16.0475 6788  TermDD - ok
17:32:16.0484 6788  TermService - ok
17:32:16.0496 6788  Themes - ok
17:32:16.0506 6788  THREADORDER - ok
17:32:16.0515 6788  TlntSvr - ok
17:32:16.0524 6788  TrkWks - ok
17:32:16.0534 6788  TrustedInstaller - ok
17:32:16.0550 6788  tssecsrv - ok
17:32:16.0571 6788  TsUsbFlt - ok
17:32:16.0583 6788  tunnel - ok
17:32:16.0591 6788  uagp35 - ok
17:32:16.0601 6788  udfs - ok
17:32:16.0610 6788  UI0Detect - ok
17:32:16.0620 6788  uliagpkx - ok
17:32:16.0629 6788  umbus - ok
17:32:16.0639 6788  UmPass - ok
17:32:16.0648 6788  UmRdpService - ok
17:32:16.0658 6788  upnphost - ok
17:32:16.0666 6788  usbccgp - ok
17:32:16.0676 6788  usbehci - ok
17:32:16.0686 6788  usbhub - ok
17:32:16.0695 6788  usbohci - ok
17:32:16.0705 6788  usbprint - ok
17:32:16.0714 6788  USBSTOR - ok
17:32:16.0724 6788  usbuhci - ok
17:32:16.0734 6788  UxSms - ok
17:32:16.0743 6788  VaultSvc - ok
17:32:16.0753 6788  vdrvroot - ok
17:32:16.0761 6788  vds - ok
17:32:16.0770 6788  vga - ok
17:32:16.0780 6788  VgaSave - ok
17:32:16.0790 6788  vhdmp - ok
17:32:16.0799 6788  viaide - ok
17:32:16.0808 6788  Vid - ok
17:32:16.0818 6788  vmbus - ok
17:32:16.0828 6788  VMBusHID - ok
17:32:16.0836 6788  volmgr - ok
17:32:16.0846 6788  volmgrx - ok
17:32:16.0856 6788  volsnap - ok
17:32:16.0865 6788  vsmraid - ok
17:32:16.0874 6788  VSS - ok
17:32:16.0884 6788  W32Time - ok
17:32:16.0894 6788  Scan interrupted by user!
17:32:16.0894 6788  ================ Scan global ===============================
17:32:16.0894 6788  Scan interrupted by user!
17:32:16.0894 6788  ================ Scan MBR ==================================
17:32:16.0894 6788  Scan interrupted by user!
17:32:16.0894 6788  ================ Scan VBR ==================================
17:32:16.0894 6788  Scan interrupted by user!
17:32:16.0894 6788  ============================================================
17:32:16.0894 6788  Scan finished
17:32:16.0894 6788  ============================================================
17:32:16.0908 6572  Detected object count: 0
17:32:16.0908 6572  Actual detected object count: 0
17:34:44.0775 7812  ============================================================
17:34:44.0775 7812  Scan started
17:34:44.0775 7812  Mode: Manual; TDLFS;
17:34:44.0775 7812  ============================================================
17:34:44.0839 7812  ================ Scan system memory ========================
17:34:44.0839 7812  System memory - ok
17:34:44.0844 7812  ================ Scan services =============================
17:34:44.0886 7812  1394ohci - ok
17:34:44.0899 7812  ACPI - ok
17:34:44.0910 7812  AcpiPmi - ok
17:34:44.0922 7812  adp94xx - ok
17:34:44.0935 7812  adpahci - ok
17:34:44.0947 7812  adpu320 - ok
17:34:44.0966 7812  ADWS - ok
17:34:44.0979 7812  AeLookupSvc - ok
17:34:44.0991 7812  AFD - ok
17:34:45.0004 7812  agp440 - ok
17:34:45.0016 7812  ALG - ok
17:34:45.0029 7812  aliide - ok
17:34:45.0045 7812  amdide - ok
17:34:45.0052 7812  AmdK8 - ok
17:34:45.0062 7812  AmdPPM - ok
17:34:45.0075 7812  amdsata - ok
17:34:45.0085 7812  amdsbs - ok
17:34:45.0096 7812  amdxata - ok
17:34:45.0107 7812  AppHostSvc - ok
17:34:45.0119 7812  AppID - ok
17:34:45.0126 7812  AppIDSvc - ok
17:34:45.0137 7812  Appinfo - ok
17:34:45.0150 7812  AppMgmt - ok
17:34:45.0166 7812  arc - ok
17:34:45.0179 7812  arcsas - ok
17:34:45.0220 7812  aspnet_state - ok
17:34:45.0232 7812  AsyncMac - ok
17:34:45.0242 7812  atapi - ok
17:34:45.0255 7812  AudioEndpointBuilder - ok
17:34:45.0267 7812  AudioSrv - ok
17:34:45.0280 7812  b06bdrv - ok
17:34:45.0297 7812  b57nd60a - ok
17:34:45.0316 7812  Beep - ok
17:34:45.0329 7812  BFE - ok
17:34:45.0341 7812  BITS - ok
17:34:45.0354 7812  blbdrive - ok
17:34:45.0365 7812  bowser - ok
17:34:45.0377 7812  BrFiltLo - ok
17:34:45.0391 7812  BrFiltUp - ok
17:34:45.0404 7812  Browser - ok
17:34:45.0415 7812  Brserid - ok
17:34:45.0429 7812  BrSerWdm - ok
17:34:45.0440 7812  BrUsbMdm - ok
17:34:45.0452 7812  BrUsbSer - ok
17:34:45.0471 7812  cdfs - ok
17:34:45.0484 7812  cdrom - ok
17:34:45.0496 7812  CertPropSvc - ok
17:34:45.0509 7812  CLFS - ok
17:34:45.0521 7812  clr_optimization_v2.0.50727_32 - ok
17:34:45.0541 7812  clr_optimization_v2.0.50727_64 - ok
17:34:45.0554 7812  clr_optimization_v4.0.30319_32 - ok
17:34:45.0566 7812  clr_optimization_v4.0.30319_64 - ok
17:34:45.0580 7812  CmBatt - ok
17:34:45.0592 7812  cmdide - ok
17:34:45.0605 7812  CNG - ok
17:34:45.0617 7812  Compbatt - ok
17:34:45.0629 7812  CompositeBus - ok
17:34:45.0641 7812  COMSysApp - ok
17:34:45.0666 7812  crcdisk - ok
17:34:45.0685 7812  CryptSvc - ok
17:34:45.0699 7812  CSC - ok
17:34:45.0711 7812  CscService - ok
17:34:45.0729 7812  DcomLaunch - ok
17:34:45.0742 7812  defragsvc - ok
17:34:45.0755 7812  Dfs - ok
17:34:45.0767 7812  DfsC - ok
17:34:45.0780 7812  DfsDriver - ok
17:34:45.0797 7812  DFSR - ok
17:34:45.0810 7812  DfsrRo - ok
17:34:45.0820 7812  Dhcp - ok
17:34:45.0841 7812  discache - ok
17:34:45.0854 7812  Disk - ok
17:34:45.0867 7812  DNS - ok
17:34:45.0880 7812  Dnscache - ok
17:34:45.0892 7812  dot3svc - ok
17:34:45.0905 7812  DPS - ok
17:34:45.0917 7812  DXGKrnl - ok
17:34:45.0930 7812  EapHost - ok
17:34:45.0942 7812  ebdrv - ok
17:34:45.0955 7812  EFS - ok
17:34:45.0967 7812  elxstor - ok
17:34:45.0980 7812  ErrDev - ok
17:34:46.0011 7812  EventSystem - ok
17:34:46.0030 7812  exfat - ok
17:34:46.0054 7812  fastfat - ok
17:34:46.0066 7812  FCRegSvc - ok
17:34:46.0079 7812  fdc - ok
17:34:46.0092 7812  fdPHost - ok
17:34:46.0105 7812  FDResPub - ok
17:34:46.0117 7812  FileInfo - ok
17:34:46.0142 7812  Filetrace - ok
17:34:46.0155 7812  flpydisk - ok
17:34:46.0169 7812  FltMgr - ok
17:34:46.0181 7812  FontCache - ok
17:34:46.0194 7812  FontCache3.0.0.0 - ok
17:34:46.0226 7812  FsDepends - ok
17:34:46.0239 7812  Fs_Rec - ok
17:34:46.0252 7812  ftpsvc - ok
17:34:46.0265 7812  gagp30kx - ok
17:34:46.0285 7812  gpsvc - ok
17:34:46.0302 7812  gwxhkwzv - ok
17:34:46.0315 7812  hbsoboge - ok
17:34:46.0327 7812  HDAudBus - ok
17:34:46.0340 7812  HidBatt - ok
17:34:46.0352 7812  hidserv - ok
17:34:46.0366 7812  HidUsb - ok
17:34:46.0380 7812  hkmsvc - ok
17:34:46.0391 7812  HpSAMD - ok
17:34:46.0405 7812  HTTP - ok
17:34:46.0417 7812  hwpolicy - ok
17:34:46.0427 7812  i8042prt - ok
17:34:46.0441 7812  iaStorV - ok
17:34:46.0454 7812  idsvc - ok
17:34:46.0466 7812  iirsp - ok
17:34:46.0480 7812  IISADMIN - ok
17:34:46.0492 7812  IKEEXT - ok
17:34:46.0516 7812  intelide - ok
17:34:46.0530 7812  intelppm - ok
17:34:46.0547 7812  ioatdma - ok
17:34:46.0560 7812  IPBusEnum - ok
17:34:46.0574 7812  IpFilterDriver - ok
17:34:46.0586 7812  IpHlpSvc - ok
17:34:46.0599 7812  IPMIDRV - ok
17:34:46.0611 7812  IPNAT - ok
17:34:46.0635 7812  isapnp - ok
17:34:46.0647 7812  iScsiPrt - ok
17:34:46.0661 7812  IsmServ - ok
17:34:46.0674 7812  jhnlttbm - ok
17:34:46.0686 7812  kbdclass - ok
17:34:46.0699 7812  kbdhid - ok
17:34:46.0711 7812  kdc - ok
17:34:46.0725 7812  KeyIso - ok
17:34:46.0737 7812  KSecDD - ok
17:34:46.0750 7812  KSecPkg - ok
17:34:46.0764 7812  ksthunk - ok
17:34:46.0776 7812  KtmRm - ok
17:34:46.0789 7812  LanmanServer - ok
17:34:46.0807 7812  LanmanWorkstation - ok
17:34:46.0826 7812  lltdio - ok
17:34:46.0839 7812  lltdsvc - ok
17:34:46.0852 7812  lmhosts - ok
17:34:46.0871 7812  LSI_FC - ok
17:34:46.0884 7812  LSI_SAS - ok
17:34:46.0896 7812  LSI_SAS2 - ok
17:34:46.0909 7812  LSI_SCSI - ok
17:34:46.0922 7812  luafv - ok
17:34:46.0936 7812  mcdbus - ok
17:34:46.0954 7812  megasas - ok
17:34:46.0966 7812  MegaSR - ok
17:34:46.0980 7812  Microsoft SharePoint Workspace Audit Service - ok
17:34:46.0994 7812  MMCSS - ok
17:34:47.0006 7812  Modem - ok
17:34:47.0020 7812  monitor - ok
17:34:47.0032 7812  mouclass - ok
17:34:47.0050 7812  mouhid - ok
17:34:47.0064 7812  mountmgr - ok
17:34:47.0076 7812  MozillaMaintenance - ok
17:34:47.0089 7812  MpFilter - ok
17:34:47.0102 7812  mpio - ok
17:34:47.0115 7812  mpsdrv - ok
17:34:47.0129 7812  MpsSvc - ok
17:34:47.0141 7812  MRxDAV - ok
17:34:47.0155 7812  mrxsmb - ok
17:34:47.0167 7812  mrxsmb10 - ok
17:34:47.0181 7812  mrxsmb20 - ok
17:34:47.0194 7812  msahci - ok
17:34:47.0207 7812  msdsm - ok
17:34:47.0220 7812  MSDTC - ok
17:34:47.0986 7812  MSExchangeAB - ok
17:34:48.0007 7812  MSExchangeADTopology - ok
17:34:48.0061 7812  MSExchangeAntispamUpdate - ok
17:34:48.0104 7812  MSExchangeEdgeSync - ok
17:34:48.0236 7812  MSExchangeFBA - ok
17:34:48.0246 7812  MSExchangeFDS - ok
17:34:48.0417 7812  MSExchangeImap4 - ok
17:34:48.0469 7812  MSExchangeIS - ok
17:34:48.0477 7812  MSExchangeMailboxAssistants - ok
17:34:48.0487 7812  MSExchangeMailboxReplication - ok
17:34:48.0497 7812  MSExchangeMailSubmission - ok
17:34:48.0701 7812  MSExchangeMonitoring - ok
17:34:48.0756 7812  MSExchangePop3 - ok
17:34:48.0919 7812  MSExchangeProtectedServiceHost - ok
17:34:48.0929 7812  MSExchangeRepl - ok
17:34:48.0939 7812  MSExchangeRPC - ok
17:34:48.0947 7812  MSExchangeSA - ok
17:34:48.0957 7812  MSExchangeSearch - ok
17:34:48.0967 7812  MSExchangeServiceHost - ok
17:34:48.0977 7812  MSExchangeThrottling - ok
17:34:48.0991 7812  MSExchangeTransport - ok
17:34:49.0294 7812  MSExchangeTransportLogSearch - ok
17:34:49.0327 7812  Msfs - ok
17:34:49.0337 7812  msftesql-Exchange - ok
17:34:49.0356 7812  mshidkmdf - ok
17:34:49.0366 7812  msisadrv - ok
17:34:49.0375 7812  MSiSCSI - ok
17:34:49.0385 7812  msiserver - ok
17:34:49.0394 7812  MsMpSvc - ok
17:34:49.0404 7812  MsRPC - ok
17:34:49.0412 7812  mssmbios - ok
17:34:49.0420 7812  MSSQL$BLACKBERRY - ok
17:34:49.0430 7812  MSSQLServerADHelper - ok
17:34:49.0439 7812  MTConfig - ok
17:34:49.0449 7812  Mup - ok
17:34:49.0457 7812  napagent - ok
17:34:49.0467 7812  NDIS - ok
17:34:49.0476 7812  NdisCap - ok
17:34:49.0485 7812  NdisTapi - ok
17:34:49.0495 7812  Ndisuio - ok
17:34:49.0504 7812  NdisWan - ok
17:34:49.0512 7812  NDProxy - ok
17:34:49.0522 7812  NetBIOS - ok
17:34:49.0531 7812  NetBT - ok
17:34:49.0544 7812  Netlogon - ok
17:34:49.0554 7812  Netman - ok
17:34:49.0562 7812  NetMsmqActivator - ok
17:34:49.0572 7812  NetPipeActivator - ok
17:34:49.0582 7812  netprofm - ok
17:34:49.0591 7812  NetTcpActivator - ok
17:34:49.0601 7812  NetTcpPortSharing - ok
17:34:49.0610 7812  nfrd960 - ok
17:34:49.0620 7812  NisDrv - ok
17:34:49.0629 7812  NisSrv - ok
17:34:49.0639 7812  NlaSvc - ok
17:34:49.0647 7812  Npfs - ok
17:34:49.0657 7812  nsi - ok
17:34:49.0666 7812  nsiproxy - ok
17:34:49.0675 7812  NTDS - ok
17:34:49.0685 7812  NtFrs - ok
17:34:49.0696 7812  Ntfs - ok
17:34:49.0705 7812  Null - ok
17:34:49.0711 7812  nvraid - ok
17:34:49.0720 7812  nvstor - ok
17:34:49.0727 7812  nv_agp - ok
17:34:49.0736 7812  ohci1394 - ok
17:34:49.0749 7812  ose64 - ok
17:34:49.0757 7812  osppsvc - ok
17:34:49.0771 7812  Parport - ok
17:34:49.0782 7812  partmgr - ok
17:34:49.0791 7812  pci - ok
17:34:49.0801 7812  pciide - ok
17:34:49.0810 7812  pcmcia - ok
17:34:49.0819 7812  pcw - ok
17:34:49.0829 7812  PEAUTH - ok
17:34:49.0839 7812  PerfHost - ok
17:34:49.0864 7812  pla - ok
17:34:49.0872 7812  PlugPlay - ok
17:34:49.0882 7812  PolicyAgent - ok
17:34:49.0896 7812  Power - ok
17:34:49.0906 7812  PptpMiniport - ok
17:34:49.0916 7812  Processor - ok
17:34:49.0925 7812  ProfSvc - ok
17:34:49.0931 7812  ProtectedStorage - ok
17:34:49.0940 7812  Psched - ok
17:34:49.0947 7812  ql2300 - ok
17:34:49.0956 7812  ql40xx - ok
17:34:49.0964 7812  qmphook - ok
17:34:49.0972 7812  quickmacros2 - ok
17:34:49.0981 7812  RasAcd - ok
17:34:49.0990 7812  RasAgileVpn - ok
17:34:50.0001 7812  RasAuto - ok
17:34:50.0010 7812  Rasl2tp - ok
17:34:50.0030 7812  RasMan - ok
17:34:50.0037 7812  RasPppoe - ok
17:34:50.0296 7812  RasSstp - ok
17:34:50.0302 7812  rdbss - ok
17:34:50.0311 7812  rdpbus - ok
17:34:50.0319 7812  RDPCDD - ok
17:34:50.0331 7812  RDPDR - ok
17:34:50.0340 7812  RDPENCDD - ok
17:34:50.0354 7812  RDPREFMP - ok
17:34:50.0361 7812  RDPWD - ok
17:34:50.0370 7812  RemoteAccess - ok
17:34:50.0379 7812  RemoteRegistry - ok
17:34:50.0387 7812  RpcEptMapper - ok
17:34:50.0396 7812  RPCHTTPLBS - ok
17:34:50.0405 7812  RpcLocator - ok
17:34:50.0469 7812  RpcSs - ok
17:34:50.0477 7812  rqs - ok
17:34:50.0485 7812  RSoPProv - ok
17:34:50.0494 7812  rspndr - ok
17:34:50.0501 7812  s3cap - ok
17:34:50.0515 7812  sacdrv - ok
17:34:50.0526 7812  sacsvr - ok
17:34:50.0535 7812  SamSs - ok
17:34:50.0545 7812  sbp2port - ok
17:34:50.0554 7812  SCardSvr - ok
17:34:50.0562 7812  scfilter - ok
17:34:50.0571 7812  Schedule - ok
17:34:50.0580 7812  SCPolicySvc - ok
17:34:50.0589 7812  secdrv - ok
17:34:50.0597 7812  seclogon - ok
17:34:50.0606 7812  SENS - ok
17:34:50.0620 7812  Serenum - ok
17:34:50.0629 7812  Serial - ok
17:34:50.0639 7812  sermouse - ok
17:34:50.0664 7812  SessionEnv - ok
17:34:50.0672 7812  sffdisk - ok
17:34:50.0682 7812  sffp_mmc - ok
17:34:50.0691 7812  sffp_sd - ok
17:34:50.0701 7812  sfloppy - ok
17:34:50.0711 7812  SharedAccess - ok
17:34:50.0721 7812  ShellHWDetection - ok
17:34:50.0730 7812  SiSRaid2 - ok
17:34:50.0741 7812  SiSRaid4 - ok
17:34:50.0750 7812  Smb - ok
17:34:50.0776 7812  SNMPTRAP - ok
17:34:50.0785 7812  spldr - ok
17:34:50.0795 7812  Spooler - ok
17:34:50.0804 7812  sppsvc - ok
17:34:50.0812 7812  sppuinotify - ok
17:34:50.0821 7812  SQLBrowser - ok
17:34:50.0830 7812  SQLWriter - ok
17:34:50.0839 7812  srv - ok
17:34:50.0847 7812  srv2 - ok
17:34:50.0856 7812  srvnet - ok
17:34:50.0865 7812  SSDPSRV - ok
17:34:50.0874 7812  SstpSvc - ok
17:34:50.0884 7812  stexstor - ok
17:34:50.0894 7812  stisvc - ok
17:34:50.0904 7812  storflt - ok
17:34:50.0912 7812  storvsc - ok
17:34:50.0922 7812  storvsp - ok
17:34:50.0936 7812  swenum - ok
17:34:50.0946 7812  swprv - ok
17:34:50.0956 7812  TabletInputService - ok
17:34:50.0964 7812  TapiSrv - ok
17:34:50.0972 7812  TBS - ok
17:34:50.0981 7812  Tcpip - ok
17:34:50.0987 7812  TCPIP6 - ok
17:34:51.0001 7812  tcpipreg - ok
17:34:51.0062 7812  TDPIPE - ok
17:34:51.0071 7812  TDTCP - ok
17:34:51.0080 7812  tdx - ok
17:34:51.0087 7812  TermDD - ok
17:34:51.0097 7812  TermService - ok
17:34:51.0106 7812  Themes - ok
17:34:51.0137 7812  THREADORDER - ok
17:34:51.0146 7812  TlntSvr - ok
17:34:51.0156 7812  TrkWks - ok
17:34:51.0182 7812  TrustedInstaller - ok
17:34:51.0197 7812  tssecsrv - ok
17:34:51.0207 7812  TsUsbFlt - ok
17:34:51.0217 7812  tunnel - ok
17:34:51.0225 7812  uagp35 - ok
17:34:51.0234 7812  udfs - ok
17:34:51.0242 7812  UI0Detect - ok
17:34:51.0250 7812  uliagpkx - ok
17:34:51.0259 7812  umbus - ok
17:34:51.0267 7812  UmPass - ok
17:34:51.0276 7812  UmRdpService - ok
17:34:51.0285 7812  upnphost - ok
17:34:51.0292 7812  usbccgp - ok
17:34:51.0305 7812  usbehci - ok
17:34:51.0311 7812  usbhub - ok
17:34:51.0319 7812  usbohci - ok
17:34:51.0327 7812  usbprint - ok
17:34:51.0336 7812  USBSTOR - ok
17:34:51.0344 7812  usbuhci - ok
17:34:51.0352 7812  UxSms - ok
17:34:51.0361 7812  VaultSvc - ok
17:34:51.0369 7812  vdrvroot - ok
17:34:51.0377 7812  vds - ok
17:34:51.0386 7812  vga - ok
17:34:51.0395 7812  VgaSave - ok
17:34:51.0402 7812  vhdmp - ok
17:34:51.0411 7812  viaide - ok
17:34:51.0420 7812  Vid - ok
17:34:51.0429 7812  vmbus - ok
17:34:51.0440 7812  VMBusHID - ok
17:34:51.0450 7812  volmgr - ok
17:34:51.0460 7812  volmgrx - ok
17:34:51.0469 7812  volsnap - ok
17:34:51.0537 7812  vsmraid - ok
17:34:51.0925 7812  VSS - ok
17:34:51.0931 7812  W32Time - ok
17:34:51.0940 7812  W3SVC - ok
17:34:51.0949 7812  WacomPen - ok
17:34:52.0232 7812  WANARP - ok
17:34:52.0254 7812  Wanarpv6 - ok
17:34:52.0259 7812  WAS - ok
17:34:52.0376 7812  wbengine - ok
17:34:52.0384 7812  WcsPlugInService - ok
17:34:52.0392 7812  Wd - ok
17:34:52.0402 7812  Wdf01000 - ok
17:34:52.0435 7812  WdiServiceHost - ok
17:34:52.0445 7812  WdiSystemHost - ok
17:34:52.0455 7812  WebClient - ok
17:34:52.0465 7812  Wecsvc - ok
17:34:52.0475 7812  wercplsupport - ok
17:34:52.0485 7812  WerSvc - ok
17:34:52.0514 7812  WfpLwf - ok
17:34:52.0520 7812  WIMMount - ok
17:34:52.0535 7812  WinHttpAutoProxySvc - ok
17:34:52.0549 7812  Winmgmt - ok
17:34:52.0555 7812  WinRM - ok
17:34:52.0600 7812  WmiAcpi - ok
17:34:52.0610 7812  wmiApSrv - ok
17:34:52.0615 7812  WPDBusEnum - ok
17:34:52.0622 7812  ws2ifsl - ok
17:34:52.0650 7812  wsbexchange - ok
17:34:52.0695 7812  wuauserv - ok
17:34:52.0701 7812  WudfPf - ok
17:34:52.0750 7812  WUDFRd - ok
17:34:52.0756 7812  wudfsvc - ok
17:34:52.0805 7812  XGIGraphics_XG2X - ok
17:34:52.0824 7812  ================ Scan global ===============================
17:34:52.0826 7812  [Global] - ok
17:34:52.0830 7812  ================ Scan MBR ==================================
17:34:52.0846 7812  [ 905EC9ED9D2D3AA5016199F341A048D9 ] \Device\Harddisk0\DR0
17:34:54.0444 7812  \Device\Harddisk0\DR0 - ok
17:34:54.0472 7812  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:34:55.0947 7812  \Device\Harddisk1\DR1 - ok
17:34:55.0967 7812  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
17:34:56.0096 7812  \Device\Harddisk2\DR2 - ok
17:34:56.0099 7812  ================ Scan VBR ==================================
17:34:56.0103 7812  [ C3D5808EC938BC1DDA106A499FB87EAA ] \Device\Harddisk2\DR2\Partition1
17:34:56.0105 7812  \Device\Harddisk2\DR2\Partition1 - ok
17:34:56.0109 7812  ============================================================
17:34:56.0109 7812  Scan finished
17:34:56.0109 7812  ============================================================
17:34:56.0120 5972  Detected object count: 0
17:34:56.0120 5972  Actual detected object count: 0
 


 



Yeah!! I finally caught a break. I found a post that recommended running the del in cmd prompt as

del /f/s/q c:\windows\syswow64\...\content.ie5 > nul
rmdir /s/q c:\windows\syswow64\...\content.ie5

My free space went from around 10GB to 400GB !!! That was one big content.ie5 folder, there is still a folder in Content.IE5 that i can't access though.

So now that i got that cleared out I have been able to run the programs. So I have attached the Log for the TDSS Killer and the ESET had no log because it came back with no infections. So I attempted to run DDS however it says i cant run it on my OS. What should i do next? Thank You for your help so far Boopme!



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 14 March 2013 - 10:19 PM

If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding RSIT attempting to contact the Internet, please allow the connection.

  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Read the disclaimer and click Continue.
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Another text file named info.txt will open minimized.
  • Save the log files to your desktop and copy/paste the contents of log.txt by highlighting everthing and pressing Ctrl+C.
  • After highlighting, right-click, choose Copy and then paste the contents into a new topic in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here.
  • Copies of both log files are automatically saved in the C:\RSIT folder which the tool creates during the scan.

Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If RSIT did not work, then reply back here.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 tomforti

tomforti
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:37 PM

Posted 15 March 2013 - 07:42 AM

Thank you Boopme I have started a new fourm now and attached my logs at http://www.bleepingcomputer.com/forums/t/488632/google-redirect-and-had-contentie5-contain-400gb-of-js-files/



#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 15 March 2013 - 02:11 PM

You're welcome!!

 

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 1 - 2 days and ALL logs are answered.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users