Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit.zeroaccess infection please help me!!!


  • This topic is locked This topic is locked
23 replies to this topic

#1 con1287

con1287

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 16 May 2013 - 11:54 PM

Hey there, so on this computer it is a Windows XP 32 bit. It's fairly old and caught a bad trojan back in 2011 and I am only now attempting to fix it. So I went to another forum and they reccomended me to use ComboFix which I did, but it always ended up freezing on me with a black screen. Any suggestions would be great!




ATTACH LOG:





.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2011 9:39:50 PM
System Uptime: 5/16/2013 9:43:47 PM (0 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1596/mhz
Processor: Genuine Intel® CPU T2050 @ 1.60GHz | U1 | 1595/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 61.397 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player 11.6
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Desktop Dialer
DVD-RAM Driver
FATE
GemMaster Mystic
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0 Update 6
Mah Jong Quest
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Works
mIWA
mLogView
mMHouse
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
mXML
mZConfig
Norton Security Scan
Office 2003 Trial Assistant
Otto
Penguins!
Picasa 2
Polar Bowler
Polar Golfer
Pure Networks Port Magic
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
SCRABBLE
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sonic Encoders
Sophos Anti-Rootkit 1.5.20
StartNow Toolbar
swMSM
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Game Console
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888622
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Media Center Edition 2005 KB973768
Yahoo! Music Engine
.
==== Event Viewer Messages From Past Week ========
.
5/16/2013 6:57:13 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MRxSmb
5/16/2013 6:57:13 PM, error: Service Control Manager [7024] - The Workstation service terminated with service-specific error 2250 (0x8CA).
5/16/2013 6:57:13 PM, error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The service has returned a service-specific error code.
5/16/2013 6:55:36 PM, error: Workstation [5727] - Could not load RDR device driver.
5/16/2013 6:55:36 PM, error: Workstation [5727] - Could not load MRxSmb device driver.
5/16/2013 5:57:53 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
5/16/2013 5:49:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/16/2013 5:44:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
5/16/2013 5:43:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/16/2013 5:33:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================








DDS LOG:







DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 21:50:17 on 2013-05-16
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.259 [GMT -7:00]
.
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [NDSTray.exe] NDSTray.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [TFncKy] TFncKy.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [MozillaAgent] c:\windows\temp\_ex-68.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7B73B32B-188E-438A-B4FC-AA2CE3B45A0D} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
S2 5689;5689; [x]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe --> c:\progra~1\mcafee.com\agent\mctskshd.exe [?]
S2 PEVSystemStart;PEVSystemStart;c:\combofix\pev.3XE [2011-6-25 256000]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\b.tmp --> c:\windows\system32\B.tmp [?]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-12-23 50704]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music engine\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music engine\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2013-05-17 04:29:30 -------- d-s---w- C:\ComboFix
2013-05-17 01:09:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2013-05-17 00:56:55 -------- d-sha-r- C:\cmdcons
2013-05-17 00:52:01 98816 ----a-w- c:\windows\sed.exe
2013-05-17 00:52:01 256000 ----a-w- c:\windows\PEV.exe
2013-05-17 00:52:01 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-10-27 19:12:06 4096000 ----a-w- c:\program files\GUT12.tmp
.
============= FINISH: 21:53:12.28 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 17 May 2013 - 01:27 PM


Hello con1287

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 17 May 2013 - 09:34 PM

Hey Gringo,

So I am not able to boot into normal mode only into safe mode. Therefore I did not get a Adw log when I booted into safe mode.

I did run JRT succesfully. Here is the log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on Fri 05/17/2013 at 18:16:45.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\WINDOWS\prefetch\APNSTUB.EXE-007D5034.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\startnow toolbar"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/17/2013 at 19:33:13.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 17 May 2013 - 09:56 PM


Hello con1287

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 17 May 2013 - 09:58 PM

I've run ComboFix before under the request of another helper on a different forum, everytime I ran it, the screen would go into screensaver moder, when I move the cursor it goes black and freezes. Will ComboFix work if I do it now?



also do i do it in safe mode?



#6 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 17 May 2013 - 10:07 PM

also, apparently there is a McAfee VirusScan in my computer, but in safe mode I cannot disable it. Is it safe to proceed? I can not find McAfee anywhere and it is not in my tool bar or any bar.



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 18 May 2013 - 09:27 AM

go ahead and continue
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 18 May 2013 - 10:28 AM

go ahead and continue

 

I just tried it again yesterday and today and it froze on me every single time. It absolutely will not work. I did not click or do anything else. It keeps freezing.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 18 May 2013 - 12:07 PM


Hello con1287

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 18 May 2013 - 06:45 PM

TDSSKILLER LOG:


16:40:11.0687 1368 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:40:12.0250 1368 ============================================================
16:40:12.0250 1368 Current date / time: 2013/05/18 16:40:12.0250
16:40:12.0250 1368 SystemInfo:
16:40:12.0250 1368
16:40:12.0250 1368 OS Version: 5.1.2600 ServicePack: 2.0
16:40:12.0250 1368 Product type: Workstation
16:40:12.0250 1368 ComputerName: TOSHIBA-USER
16:40:12.0250 1368 UserName: Administrator
16:40:12.0250 1368 Windows directory: C:\WINDOWS
16:40:12.0250 1368 System windows directory: C:\WINDOWS
16:40:12.0250 1368 Processor architecture: Intel x86
16:40:12.0250 1368 Number of processors: 2
16:40:12.0250 1368 Page size: 0x1000
16:40:12.0250 1368 Boot type: Safe boot with network
16:40:12.0250 1368 ============================================================
16:40:14.0437 1368 BG loaded
16:40:14.0906 1368 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:40:14.0906 1368 ============================================================
16:40:14.0906 1368 \Device\Harddisk0\DR0:
16:40:14.0906 1368 MBR partitions:
16:40:14.0906 1368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x947551B
16:40:14.0906 1368 ============================================================
16:40:14.0984 1368 C: <-> \Device\Harddisk0\DR0\Partition1
16:40:15.0000 1368 ============================================================
16:40:15.0000 1368 Initialize success
16:40:15.0000 1368 ============================================================
16:40:26.0953 1420 ============================================================
16:40:26.0953 1420 Scan started
16:40:26.0953 1420 Mode: Manual; SigCheck; TDLFS;
16:40:26.0953 1420 ============================================================
16:40:27.0968 1420 ================ Scan system memory ========================
16:40:27.0968 1420 System memory - ok
16:40:27.0968 1420 ================ Scan services =============================
16:40:28.0187 1420 5689 - ok
16:40:28.0203 1420 Abiosdsk - ok
16:40:28.0234 1420 abp480n5 - ok
16:40:28.0296 1420 [ A10C7534F7223F4A73A948967D00E69B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:40:30.0625 1420 ACPI - ok
16:40:30.0640 1420 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:40:30.0812 1420 ACPIEC - ok
16:40:30.0828 1420 adpu160m - ok
16:40:30.0921 1420 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
16:40:31.0062 1420 aec - ok
16:40:31.0140 1420 [ 15E655BAA989444F56787EF558823643 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:40:31.0171 1420 AegisP ( UnsignedFile.Multi.Generic ) - warning
16:40:31.0171 1420 AegisP - detected UnsignedFile.Multi.Generic (1)
16:40:31.0234 1420 [ 55E6E1C51B6D30E54335750955453702 ] AFD C:\WINDOWS\System32\drivers\afd.sys
16:40:31.0281 1420 AFD - ok
16:40:31.0390 1420 [ 4458FCB8A00DA31FDCC086449274C40D ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:40:31.0484 1420 AgereSoftModem - ok
16:40:31.0500 1420 Aha154x - ok
16:40:31.0531 1420 aic78u2 - ok
16:40:31.0546 1420 aic78xx - ok
16:40:31.0609 1420 [ C7AE0FD3867DB0D42B03B73C18F3D671 ] Alerter C:\WINDOWS\system32\alrsvc.dll
16:40:31.0765 1420 Alerter - ok
16:40:31.0828 1420 [ F1958FBF86D5C004CF19A5951A9514B7 ] ALG C:\WINDOWS\System32\alg.exe
16:40:31.0953 1420 ALG - ok
16:40:31.0968 1420 AliIde - ok
16:40:32.0000 1420 amsint - ok
16:40:32.0125 1420 [ 089FF320CC9C37236D882C478ACBE3B2 ] AOL ACS C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
16:40:32.0140 1420 AOL ACS ( UnsignedFile.Multi.Generic ) - warning
16:40:32.0140 1420 AOL ACS - detected UnsignedFile.Multi.Generic (1)
16:40:32.0187 1420 [ 01923CCFA098B3EA6480CA763B0BD7F3 ] AOL TopSpeedMonitor C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
16:40:32.0187 1420 AOL TopSpeedMonitor ( UnsignedFile.Multi.Generic ) - warning
16:40:32.0187 1420 AOL TopSpeedMonitor - detected UnsignedFile.Multi.Generic (1)
16:40:32.0218 1420 [ 9C3C12975C97119412802B181FBEEFFE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
16:40:32.0312 1420 AppMgmt - ok
16:40:32.0390 1420 [ F0D692B0BFFB46E30EB3CEA168BBC49F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:40:32.0531 1420 Arp1394 - ok
16:40:32.0546 1420 asc - ok
16:40:32.0562 1420 asc3350p - ok
16:40:32.0593 1420 asc3550 - ok
16:40:32.0796 1420 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:40:32.0843 1420 aspnet_state - ok
16:40:32.0875 1420 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:40:33.0015 1420 AsyncMac - ok
16:40:33.0093 1420 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
16:40:33.0234 1420 atapi - ok
16:40:33.0250 1420 Atdisk - ok
16:40:33.0312 1420 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:40:33.0468 1420 Atmarpc - ok
16:40:33.0500 1420 [ DB66DB626E4882EBEF55F136F12C1829 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
16:40:33.0625 1420 AudioSrv - ok
16:40:33.0687 1420 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
16:40:33.0828 1420 audstub - ok
16:40:33.0906 1420 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
16:40:34.0046 1420 Beep - ok
16:40:34.0125 1420 [ 2C69EC7E5A311334D10DD95F338FCCEA ] BITS C:\WINDOWS\system32\qmgr.dll
16:40:34.0328 1420 BITS - ok
16:40:34.0421 1420 [ E3CFCCDDA4EDD1D0DC9168B2E18F27B8 ] Browser C:\WINDOWS\System32\browser.dll
16:40:34.0562 1420 Browser - ok
16:40:34.0625 1420 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
16:40:34.0765 1420 cbidf2k - ok
16:40:34.0781 1420 cd20xrnt - ok
16:40:34.0812 1420 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
16:40:34.0953 1420 Cdaudio - ok
16:40:35.0015 1420 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
16:40:35.0156 1420 Cdfs - ok
16:40:35.0234 1420 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:40:35.0359 1420 Cdrom - ok
16:40:35.0484 1420 [ 95887440917EF78271CFBF2EB868EE16 ] CFSvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
16:40:35.0515 1420 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
16:40:35.0515 1420 CFSvcs - detected UnsignedFile.Multi.Generic (1)
16:40:35.0531 1420 Changer - ok
16:40:35.0578 1420 [ 3192BD04D032A9C4A85A3278C268A13A ] CiSvc C:\WINDOWS\system32\cisvc.exe
16:40:35.0703 1420 CiSvc - ok
16:40:35.0765 1420 [ C8DEC22C4137D7A90F8BDF41CA4B82AE ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
16:40:35.0906 1420 ClipSrv - ok
16:40:35.0968 1420 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:36.0031 1420 clr_optimization_v2.0.50727_32 - ok
16:40:36.0062 1420 [ 4266BE808F85826AEDF3C64C1E240203 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:40:36.0203 1420 CmBatt - ok
16:40:36.0218 1420 CmdIde - ok
16:40:36.0296 1420 [ DF1B1A24BF52D0EBC01ED4ECE8979F50 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:40:36.0437 1420 Compbatt - ok
16:40:36.0468 1420 COMSysApp - ok
16:40:36.0531 1420 Cpqarray - ok
16:40:36.0593 1420 [ 10654F9DDCEA9C46CFB77554231BE73B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
16:40:36.0734 1420 CryptSvc - ok
16:40:36.0750 1420 dac2w2k - ok
16:40:36.0781 1420 dac960nt - ok
16:40:36.0875 1420 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
16:40:36.0984 1420 DcomLaunch - ok
16:40:37.0031 1420 [ CB6CA3E5261D65F6F809EED23BF167AA ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
16:40:37.0156 1420 Dhcp - ok
16:40:37.0203 1420 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
16:40:37.0328 1420 Disk - ok
16:40:37.0343 1420 dmadmin - ok
16:40:37.0437 1420 [ C0FBB516E06E243F0CF31F597E7EBF7D ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
16:40:37.0625 1420 dmboot - ok
16:40:37.0703 1420 [ F5E7B358A732D09F4BCF2824B88B9E28 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
16:40:37.0843 1420 dmio - ok
16:40:37.0875 1420 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
16:40:38.0031 1420 dmload - ok
16:40:38.0109 1420 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] dmserver C:\WINDOWS\System32\dmserver.dll
16:40:38.0250 1420 dmserver - ok
16:40:38.0296 1420 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
16:40:38.0437 1420 DMusic - ok
16:40:38.0484 1420 [ 7379DE06FD196E396A00AA97B990C00D ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
16:40:38.0625 1420 Dnscache - ok
16:40:38.0640 1420 dpti2o - ok
16:40:38.0703 1420 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
16:40:38.0843 1420 drmkaud - ok
16:40:38.0921 1420 [ 37E8A2530D8E803A4D725A06AB25043C ] DVD-RAM_Service C:\WINDOWS\system32\DVDRAMSV.exe
16:40:38.0968 1420 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - warning
16:40:38.0968 1420 DVD-RAM_Service - detected UnsignedFile.Multi.Generic (1)
16:40:39.0109 1420 [ B03BCD810A2EE089FA08E47B5200BE31 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
16:40:39.0218 1420 ehRecvr - ok
16:40:39.0250 1420 [ A53243709439AC2A4C216B817F8D7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
16:40:39.0296 1420 ehSched - ok
16:40:39.0359 1420 [ 66029E6C4B19223C24D8710EED3AAEAB ] EMSCR C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
16:40:39.0390 1420 EMSCR - ok
16:40:39.0406 1420 [ 67DFF7BBBD0E80AAB7B3CF061448DB8A ] ERSvc C:\WINDOWS\System32\ersvc.dll
16:40:39.0562 1420 ERSvc - ok
16:40:39.0593 1420 [ 9F0FA60836E1D1148CC0C1B6E67AA6F7 ] ESDCR C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
16:40:39.0640 1420 ESDCR - ok
16:40:39.0671 1420 [ D9DA881BE71B74B328471CCF28B5F0A9 ] ESMCR C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
16:40:39.0703 1420 ESMCR - ok
16:40:39.0765 1420 [ 4712531AB7A01B7EE059853CA17D39BD ] Eventlog C:\WINDOWS\system32\services.exe
16:40:39.0828 1420 Eventlog - ok
16:40:39.0890 1420 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] EventSystem C:\WINDOWS\system32\es.dll
16:40:39.0937 1420 EventSystem - ok
16:40:40.0062 1420 [ 69CEF3200B51BC805076077E99C10988 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
16:40:40.0125 1420 EvtEng ( UnsignedFile.Multi.Generic ) - warning
16:40:40.0125 1420 EvtEng - detected UnsignedFile.Multi.Generic (1)
16:40:40.0187 1420 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
16:40:40.0328 1420 Fastfat - ok
16:40:40.0406 1420 [ E7518DC542D3EBDCB80EDD98462C7821 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
16:40:40.0578 1420 FastUserSwitchingCompatibility - ok
16:40:40.0656 1420 [ FCBD571FA0EE8DC238944AE5FAB74461 ] Fax C:\WINDOWS\system32\fxssvc.exe
16:40:40.0812 1420 Fax - ok
16:40:40.0875 1420 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
16:40:41.0015 1420 Fdc - ok
16:40:41.0078 1420 [ E153AB8A11DE5452BCF5AC7652DBF3ED ] Fips C:\WINDOWS\system32\drivers\Fips.sys
16:40:41.0203 1420 Fips - ok
16:40:41.0250 1420 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
16:40:41.0375 1420 Flpydisk - ok
16:40:41.0421 1420 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:40:41.0562 1420 FltMgr - ok
16:40:41.0687 1420 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:40:41.0687 1420 FontCache3.0.0.0 - ok
16:40:41.0718 1420 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:40:41.0875 1420 Fs_Rec - ok
16:40:41.0906 1420 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:40:42.0062 1420 Ftdisk - ok
16:40:42.0125 1420 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:40:42.0265 1420 Gpc - ok
16:40:42.0375 1420 [ CA7C2F132A88398411F917A3197252DF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:40:42.0390 1420 gupdate ( UnsignedFile.Multi.Generic ) - warning
16:40:42.0390 1420 gupdate - detected UnsignedFile.Multi.Generic (1)
16:40:42.0406 1420 [ CA7C2F132A88398411F917A3197252DF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:40:42.0406 1420 gupdatem ( UnsignedFile.Multi.Generic ) - warning
16:40:42.0406 1420 gupdatem - detected UnsignedFile.Multi.Generic (1)
16:40:42.0453 1420 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:40:42.0531 1420 HDAudBus - ok
16:40:42.0593 1420 [ 8827911A8C37E40C027CBFC88E69D967 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:40:42.0718 1420 helpsvc - ok
16:40:42.0734 1420 HidServ - ok
16:40:42.0765 1420 hpn - ok
16:40:42.0843 1420 [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
16:40:42.0906 1420 HTTP - ok
16:40:42.0953 1420 [ 064D8581ADF77C25133E7D751D917D83 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
16:40:43.0203 1420 HTTPFilter - ok
16:40:43.0218 1420 i2omgmt - ok
16:40:43.0250 1420 i2omp - ok
16:40:43.0343 1420 [ 5502B58EEF7486EE6F93F3F164DCB808 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:40:43.0515 1420 i8042prt - ok
16:40:43.0625 1420 [ 0F0194C4B635C10C3F785E4FEE52D641 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:40:43.0781 1420 ialm - ok
16:40:43.0828 1420 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:40:43.0859 1420 IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:40:43.0859 1420 IDriverT - detected UnsignedFile.Multi.Generic (1)
16:40:44.0000 1420 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:40:44.0062 1420 idsvc - ok
16:40:44.0109 1420 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
16:40:44.0250 1420 Imapi - ok
16:40:44.0328 1420 [ FA788520BCAC0F5D9D5CDE5615C0D931 ] ImapiService C:\WINDOWS\system32\imapi.exe
16:40:44.0468 1420 ImapiService - ok
16:40:44.0500 1420 ini910u - ok
16:40:44.0781 1420 [ 7385944D4F025BD8C498BFD97981E336 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:40:45.0218 1420 IntcAzAudAddService - ok
16:40:45.0234 1420 IntelIde - ok
16:40:45.0281 1420 [ 279FB78702454DFF2BB445F238C048D2 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:40:45.0421 1420 intelppm - ok
16:40:45.0468 1420 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:40:45.0593 1420 Ip6Fw - ok
16:40:45.0640 1420 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:40:45.0765 1420 IpFilterDriver - ok
16:40:45.0812 1420 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:40:45.0968 1420 IpInIp - ok
16:40:46.0031 1420 [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:40:46.0421 1420 IpNat - ok
16:40:46.0484 1420 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:40:46.0625 1420 IPSec - ok
16:40:46.0656 1420 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
16:40:46.0734 1420 IRENUM - ok
16:40:46.0781 1420 [ E504F706CCB699C2596E9A3DA1596E87 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:40:46.0921 1420 isapnp - ok
16:40:46.0953 1420 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] Iviaspi C:\WINDOWS\system32\drivers\iviaspi.sys
16:40:46.0968 1420 Iviaspi ( UnsignedFile.Multi.Generic ) - warning
16:40:46.0968 1420 Iviaspi - detected UnsignedFile.Multi.Generic (1)
16:40:47.0000 1420 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:40:47.0125 1420 Kbdclass - ok
16:40:47.0203 1420 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
16:40:47.0343 1420 kmixer - ok
16:40:47.0390 1420 [ 1BE7CC2535D760AE4D481576EB789F24 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
16:40:47.0468 1420 KSecDD - ok
16:40:47.0546 1420 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
16:40:47.0953 1420 lanmanserver - ok
16:40:48.0031 1420 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
16:40:48.0078 1420 lanmanworkstation - ok
16:40:48.0093 1420 lbrtfdc - ok
16:40:48.0187 1420 [ B3EFF6D938C572E90A07B3D87A3C7657 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
16:40:48.0328 1420 LmHosts - ok
16:40:48.0406 1420 [ DF0A511F38F16016BF658FCA0090CB87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
16:40:48.0421 1420 McrdSvc - ok
16:40:48.0468 1420 McTskshd.exe - ok
16:40:48.0531 1420 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] meiudf C:\WINDOWS\system32\Drivers\meiudf.sys
16:40:48.0546 1420 meiudf ( UnsignedFile.Multi.Generic ) - warning
16:40:48.0546 1420 meiudf - detected UnsignedFile.Multi.Generic (1)
16:40:48.0562 1420 MEMSWEEP2 - ok
16:40:48.0640 1420 [ 95FD808E4AC22ABA025A7B3EAC0375D2 ] Messenger C:\WINDOWS\System32\msgsvc.dll
16:40:48.0781 1420 Messenger - ok
16:40:48.0828 1420 [ B7521F69C0A9B29D356157229376FB21 ] MHN C:\WINDOWS\System32\mhn.dll
16:40:48.0906 1420 MHN - ok
16:40:48.0921 1420 [ 7F2F1D2815A6449D346FCCCBC569FBD6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:40:48.0968 1420 MHNDRV - ok
16:40:49.0015 1420 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
16:40:49.0156 1420 mnmdd - ok
16:40:49.0218 1420 [ F6415361201915B9FE3896B0E4E724FF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
16:40:49.0359 1420 mnmsrvc - ok
16:40:49.0406 1420 [ 6FC6F9D7ACC36DCA9B914565A3AEDA05 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
16:40:49.0546 1420 Modem - ok
16:40:49.0593 1420 [ 34E1F0031153E491910E12551400192C ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:40:49.0734 1420 Mouclass - ok
16:40:49.0796 1420 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
16:40:49.0921 1420 MountMgr - ok
16:40:49.0937 1420 mraid35x - ok
16:40:49.0968 1420 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:40:50.0109 1420 MRxDAV - ok
16:40:50.0187 1420 [ F3AEFB11ABC521122B67095044169E98 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:40:50.0296 1420 MRxSmb - ok
16:40:50.0328 1420 [ C7C3D89EB0A6F3DBA622EA737FA335B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
16:40:50.0453 1420 MSDTC - ok
16:40:50.0515 1420 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
16:40:50.0640 1420 Msfs - ok
16:40:50.0656 1420 MSIServer - ok
16:40:50.0718 1420 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:40:50.0859 1420 MSKSSRV - ok
16:40:50.0906 1420 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:40:51.0046 1420 MSPCLOCK - ok
16:40:51.0093 1420 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
16:40:51.0250 1420 MSPQM - ok
16:40:51.0296 1420 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:40:51.0437 1420 mssmbios - ok
16:40:51.0500 1420 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
16:40:51.0625 1420 Mup - ok
16:40:51.0703 1420 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
16:40:51.0843 1420 NDIS - ok
16:40:51.0921 1420 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:40:52.0062 1420 NdisTapi - ok
16:40:52.0125 1420 [ EEFA1CE63805D2145978621BE5C6D955 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:40:52.0531 1420 Ndisuio - ok
16:40:52.0546 1420 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:40:52.0687 1420 NdisWan - ok
16:40:52.0734 1420 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
16:40:52.0875 1420 NDProxy - ok
16:40:52.0921 1420 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
16:40:53.0062 1420 NetBIOS - ok
16:40:53.0093 1420 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
16:40:53.0265 1420 NetBT - ok
16:40:53.0312 1420 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDE C:\WINDOWS\system32\netdde.exe
16:40:53.0437 1420 NetDDE - ok
16:40:53.0453 1420 [ 05AFB5AD06462257BEA7495283C86D50 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
16:40:53.0593 1420 NetDDEdsdm - ok
16:40:53.0640 1420 [ 1265EB253ED4EBE4ACB3BD5F548FF796 ] Netdevio C:\WINDOWS\system32\DRIVERS\netdevio.sys
16:40:53.0656 1420 Netdevio ( UnsignedFile.Multi.Generic ) - warning
16:40:53.0656 1420 Netdevio - detected UnsignedFile.Multi.Generic (1)
16:40:53.0687 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] Netlogon C:\WINDOWS\system32\lsass.exe
16:40:53.0828 1420 Netlogon - ok
16:40:53.0921 1420 [ 36739B39267914BA69AD0610A0299732 ] Netman C:\WINDOWS\System32\netman.dll
16:40:54.0359 1420 Netman - ok
16:40:54.0468 1420 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:40:54.0484 1420 NetTcpPortSharing - ok
16:40:54.0625 1420 [ F886500C285AF271FDD33BF8BA7B32EF ] NETw3x32 C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
16:40:54.0750 1420 NETw3x32 - ok
16:40:54.0781 1420 [ 5C5C53DB4FEF16CF87B9911C7E8C6FBC ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:40:54.0921 1420 NIC1394 - ok
16:40:55.0015 1420 [ 097722F235A1FB698BF9234E01B52637 ] Nla C:\WINDOWS\System32\mswsock.dll
16:40:55.0078 1420 Nla - ok
16:40:55.0109 1420 [ B9730495E0CF674680121E34BD95A73B ] NPF C:\WINDOWS\system32\drivers\NPF.sys
16:40:55.0156 1420 NPF - ok
16:40:55.0203 1420 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
16:40:55.0343 1420 Npfs - ok
16:40:55.0437 1420 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
16:40:55.0625 1420 Ntfs - ok
16:40:55.0656 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
16:40:55.0781 1420 NtLmSsp - ok
16:40:55.0890 1420 [ B62F29C00AC55A761B2E45877D85EA0F ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
16:40:56.0046 1420 NtmsSvc - ok
16:40:56.0078 1420 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
16:40:56.0218 1420 Null - ok
16:40:56.0265 1420 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:40:56.0421 1420 NwlnkFlt - ok
16:40:56.0468 1420 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:40:56.0593 1420 NwlnkFwd - ok
16:40:56.0640 1420 [ 0951DB8E5823EA366B0E408D71E1BA2A ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:40:56.0781 1420 ohci1394 - ok
16:40:56.0906 1420 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:40:56.0937 1420 ose - ok
16:40:56.0984 1420 [ 29744EB4CE659DFE3B4122DEB45BC478 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
16:40:57.0125 1420 Parport - ok
16:40:57.0187 1420 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
16:40:57.0328 1420 PartMgr - ok
16:40:57.0390 1420 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
16:40:57.0546 1420 ParVdm - ok
16:40:57.0562 1420 [ 8086D9979234B603AD5BC2F5D890B234 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
16:40:57.0703 1420 PCI - ok
16:40:57.0718 1420 PCIDump - ok
16:40:57.0750 1420 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
16:40:57.0875 1420 PCIIde - ok
16:40:57.0921 1420 [ 82A087207DECEC8456FBE8537947D579 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
16:40:58.0062 1420 Pcmcia - ok
16:40:58.0078 1420 PDCOMP - ok
16:40:58.0109 1420 PDFRAME - ok
16:40:58.0140 1420 PDRELI - ok
16:40:58.0171 1420 PDRFRAME - ok
16:40:58.0187 1420 perc2 - ok
16:40:58.0218 1420 perc2hib - ok
16:40:58.0546 1420 [ F042EE4C8D66248D9B86DCF52ABAE416 ] PEVSystemStart C:\ComboFix\pev.3XE
16:40:58.0562 1420 PEVSystemStart ( UnsignedFile.Multi.Generic ) - warning
16:40:58.0562 1420 PEVSystemStart - detected UnsignedFile.Multi.Generic (1)
16:40:58.0578 1420 [ 444F122E68DB44C0589227781F3C8B3F ] Pfc C:\WINDOWS\system32\drivers\pfc.sys
16:40:58.0609 1420 Pfc ( UnsignedFile.Multi.Generic ) - warning
16:40:58.0609 1420 Pfc - detected UnsignedFile.Multi.Generic (1)
16:40:58.0640 1420 [ 4712531AB7A01B7EE059853CA17D39BD ] PlugPlay C:\WINDOWS\system32\services.exe
16:40:58.0703 1420 PlugPlay - ok
16:40:58.0718 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
16:40:58.0843 1420 PolicyAgent - ok
16:40:58.0921 1420 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:40:59.0062 1420 PptpMiniport - ok
16:40:59.0109 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
16:40:59.0234 1420 ProtectedStorage - ok
16:40:59.0281 1420 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
16:40:59.0437 1420 PSched - ok
16:40:59.0453 1420 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:40:59.0609 1420 Ptilink - ok
16:40:59.0671 1420 [ 183EF96BCC2EC3D5294CB2C2C0ECBCD1 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:40:59.0687 1420 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
16:40:59.0687 1420 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
16:40:59.0703 1420 ql1080 - ok
16:40:59.0734 1420 Ql10wnt - ok
16:40:59.0750 1420 ql12160 - ok
16:40:59.0781 1420 ql1240 - ok
16:40:59.0812 1420 ql1280 - ok
16:40:59.0859 1420 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:41:00.0000 1420 RasAcd - ok
16:41:00.0062 1420 [ 44DB7A9BDD2FB58747D123FBF1D35ADB ] RasAuto C:\WINDOWS\System32\rasauto.dll
16:41:00.0218 1420 RasAuto - ok
16:41:00.0281 1420 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:41:00.0406 1420 Rasl2tp - ok
16:41:00.0453 1420 [ D4BD2EEAB07FEF323F0A0CEECC954F51 ] RasMan C:\WINDOWS\System32\rasmans.dll
16:41:00.0468 1420 RasMan ( UnsignedFile.Multi.Generic ) - warning
16:41:00.0468 1420 RasMan - detected UnsignedFile.Multi.Generic (1)
16:41:00.0500 1420 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:41:00.0625 1420 RasPppoe - ok
16:41:00.0671 1420 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
16:41:00.0812 1420 Raspti - ok
16:41:00.0906 1420 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:41:01.0359 1420 Rdbss - ok
16:41:01.0390 1420 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:41:01.0531 1420 RDPCDD - ok
16:41:01.0562 1420 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:41:01.0703 1420 rdpdr - ok
16:41:01.0765 1420 [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
16:41:02.0218 1420 RDPWD - ok
16:41:02.0312 1420 [ 729798E0933076B8FCFCD9934698F164 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
16:41:02.0437 1420 RDSessMgr - ok
16:41:02.0468 1420 [ B31B4588E4086D8D84ADBF9845C2402B ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
16:41:02.0593 1420 redbook - ok
16:41:02.0671 1420 [ 55EB1AEC4CD6690FC91656541C227558 ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
16:41:02.0703 1420 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
16:41:02.0703 1420 RegSrvc - detected UnsignedFile.Multi.Generic (1)
16:41:02.0765 1420 [ 3046DB917E3CFA040632799DD9B14865 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
16:41:02.0906 1420 RemoteAccess - ok
16:41:02.0968 1420 [ 3151427DB7D87107D1C5BE58FAC53960 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
16:41:03.0093 1420 RemoteRegistry - ok
16:41:03.0171 1420 [ 793F04A09B15E7C6C11DBDFFAF06C0AB ] RpcLocator C:\WINDOWS\system32\locator.exe
16:41:03.0312 1420 RpcLocator - ok
16:41:03.0406 1420 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
16:41:03.0484 1420 RpcSs - ok
16:41:03.0546 1420 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
16:41:03.0671 1420 RSVP - ok
16:41:03.0734 1420 [ 0E74171EE80A8640DE564B72DBBB397B ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:41:03.0796 1420 RTLE8023xp - ok
16:41:03.0937 1420 [ 74D3D133B9CA8F805FC69E0319F0BD34 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
16:41:04.0031 1420 S24EventMonitor ( UnsignedFile.Multi.Generic ) - warning
16:41:04.0031 1420 S24EventMonitor - detected UnsignedFile.Multi.Generic (1)
16:41:04.0109 1420 [ D4661148E44816B6501BE8F4466D65B0 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
16:41:04.0140 1420 s24trans ( UnsignedFile.Multi.Generic ) - warning
16:41:04.0140 1420 s24trans - detected UnsignedFile.Multi.Generic (1)
16:41:04.0171 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] SamSs C:\WINDOWS\system32\lsass.exe
16:41:04.0296 1420 SamSs - ok
16:41:04.0375 1420 [ 25D8DE134DF108E3DBC8D7D23B1AA58E ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
16:41:04.0500 1420 SCardSvr - ok
16:41:04.0546 1420 [ 92360854316611F6CC471612213C3D92 ] Schedule C:\WINDOWS\system32\schedsvc.dll
16:41:04.0687 1420 Schedule - ok
16:41:04.0765 1420 [ A1AB8355ECF5ACE3F2D5A47FC8A231E9 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:41:05.0234 1420 sdbus - ok
16:41:05.0265 1420 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:41:05.0343 1420 Secdrv - ok
16:41:05.0390 1420 [ B1E0CE09895376871746F36DC5773B4F ] seclogon C:\WINDOWS\System32\seclogon.dll
16:41:05.0531 1420 seclogon - ok
16:41:05.0546 1420 [ DFD9870CF39C791D86C4C209DA9FA919 ] SENS C:\WINDOWS\system32\sens.dll
16:41:05.0703 1420 SENS - ok
16:41:05.0765 1420 [ CD9404D115A00D249F70A371B46D5A26 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
16:41:05.0890 1420 Serial - ok
16:41:06.0000 1420 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
16:41:06.0125 1420 Sfloppy - ok
16:41:06.0203 1420 [ 36CC8C01B5E50163037BEF56CB96DEFF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
16:41:06.0343 1420 SharedAccess - ok
16:41:06.0390 1420 [ E7518DC542D3EBDCB80EDD98462C7821 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
16:41:06.0531 1420 ShellHWDetection - ok
16:41:06.0546 1420 Simbad - ok
16:41:06.0578 1420 Sparrow - ok
16:41:06.0640 1420 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
16:41:06.0781 1420 splitter - ok
16:41:06.0843 1420 [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler C:\WINDOWS\system32\spoolsv.exe
16:41:07.0312 1420 Spooler - ok
16:41:07.0359 1420 [ E41B6D037D6CD08461470AF04500DC24 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
16:41:07.0437 1420 sr - ok
16:41:07.0484 1420 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] srservice C:\WINDOWS\system32\srsvc.dll
16:41:07.0546 1420 srservice - ok
16:41:07.0609 1420 [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
16:41:07.0671 1420 Srv - ok
16:41:07.0703 1420 [ 4B8D61792F7175BED48859CC18CE4E38 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
16:41:07.0781 1420 SSDPSRV - ok
16:41:07.0828 1420 [ D9F6C4F6B1E188ADAFC42B561D9BC2E6 ] stisvc C:\WINDOWS\system32\wiaservc.dll
16:41:08.0015 1420 stisvc - ok
16:41:08.0031 1420 SVRPEDRV - ok
16:41:08.0093 1420 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
16:41:08.0234 1420 swenum - ok
16:41:08.0296 1420 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
16:41:08.0437 1420 swmidi - ok
16:41:08.0453 1420 SwPrv - ok
16:41:08.0562 1420 [ BCE335DF19213F8EB61059D9C535ED02 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
16:41:08.0578 1420 Swupdtmr ( UnsignedFile.Multi.Generic ) - warning
16:41:08.0578 1420 Swupdtmr - detected UnsignedFile.Multi.Generic (1)
16:41:08.0593 1420 symc810 - ok
16:41:08.0625 1420 symc8xx - ok
16:41:08.0656 1420 sym_hi - ok
16:41:08.0687 1420 sym_u3 - ok
16:41:08.0734 1420 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:41:08.0781 1420 SynTP - ok
16:41:08.0828 1420 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
16:41:08.0953 1420 sysaudio - ok
16:41:09.0000 1420 [ 8B54AA346D1B1B113FFAA75501B8B1B2 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
16:41:09.0156 1420 SysmonLog - ok
16:41:09.0218 1420 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
16:41:09.0234 1420 taphss - ok
16:41:09.0296 1420 [ FB78839B36025AA286A51289ED28B73E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
16:41:09.0750 1420 TapiSrv - ok
16:41:09.0828 1420 [ 36772B5EAAAF42DB5C5EE6EEB0EC0AF7 ] TAPPSRV C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
16:41:09.0843 1420 TAPPSRV ( UnsignedFile.Multi.Generic ) - warning
16:41:09.0843 1420 TAPPSRV - detected UnsignedFile.Multi.Generic (1)
16:41:09.0859 1420 [ 7147B0575BCC93A6AB7D5C90F47C0B9F ] tbiosdrv C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
16:41:09.0906 1420 tbiosdrv - ok
16:41:09.0953 1420 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:41:10.0046 1420 Tcpip - ok
16:41:10.0125 1420 [ FC6FE02F400308606A911640E72326B5 ] TcUsb C:\WINDOWS\system32\Drivers\tcusb.sys
16:41:10.0156 1420 TcUsb - ok
16:41:10.0187 1420 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] tdcmdpst C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
16:41:10.0218 1420 tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
16:41:10.0218 1420 tdcmdpst - detected UnsignedFile.Multi.Generic (1)
16:41:10.0250 1420 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
16:41:10.0375 1420 TDPIPE - ok
16:41:10.0406 1420 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
16:41:10.0546 1420 TDTCP - ok
16:41:10.0578 1420 [ 09AA3CF863793F92276B39E74878C386 ] tdudf C:\WINDOWS\system32\DRIVERS\tdudf.sys
16:41:10.0593 1420 tdudf ( UnsignedFile.Multi.Generic ) - warning
16:41:10.0593 1420 tdudf - detected UnsignedFile.Multi.Generic (1)
16:41:10.0640 1420 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
16:41:10.0765 1420 TermDD - ok
16:41:10.0859 1420 [ C29A5286E64D97385178452D5F307B98 ] TermService C:\WINDOWS\System32\termsrv.dll
16:41:11.0328 1420 TermService - ok
16:41:11.0375 1420 [ E7518DC542D3EBDCB80EDD98462C7821 ] Themes C:\WINDOWS\System32\shsvcs.dll
16:41:11.0500 1420 Themes - ok
16:41:11.0578 1420 [ 37DB0A7D097310E8B4DE803FC3119C78 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
16:41:11.0671 1420 TlntSvr - ok
16:41:11.0703 1420 [ 26A514FC6F91A632E4625A9040BA8540 ] TODDSrv C:\WINDOWS\system32\TODDSrv.exe
16:41:11.0734 1420 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
16:41:11.0734 1420 TODDSrv - detected UnsignedFile.Multi.Generic (1)
16:41:11.0750 1420 TosIde - ok
16:41:11.0828 1420 [ CC069342EE0EAE55B32A0AE99CF6185C ] tosrfec C:\WINDOWS\system32\DRIVERS\tosrfec.sys
16:41:11.0843 1420 tosrfec ( UnsignedFile.Multi.Generic ) - warning
16:41:11.0843 1420 tosrfec - detected UnsignedFile.Multi.Generic (1)
16:41:11.0921 1420 [ 6D9AC544B30F96C57F8206566C1FB6A1 ] TrkWks C:\WINDOWS\system32\trkwks.dll
16:41:12.0062 1420 TrkWks - ok
16:41:12.0125 1420 [ 676DB15DDF2E0FF6EC03068DEA428B8B ] TVALD C:\WINDOWS\system32\DRIVERS\NBSMI.sys
16:41:12.0125 1420 TVALD ( UnsignedFile.Multi.Generic ) - warning
16:41:12.0125 1420 TVALD - detected UnsignedFile.Multi.Generic (1)
16:41:12.0140 1420 [ 546DFBA6486569120D33F7AD6E94EFDD ] Tvs C:\WINDOWS\system32\DRIVERS\Tvs.sys
16:41:12.0156 1420 Tvs ( UnsignedFile.Multi.Generic ) - warning
16:41:12.0156 1420 Tvs - detected UnsignedFile.Multi.Generic (1)
16:41:12.0203 1420 [ 7CEF3E36843BF5DD55120FCCE88800CE ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
16:41:12.0656 1420 Udfs - ok
16:41:12.0671 1420 ultra - ok
16:41:12.0750 1420 [ 9651E5D850B6F6BD7C77C70AA06F02BF ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
16:41:12.0906 1420 UMWdf - ok
16:41:12.0937 1420 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
16:41:13.0093 1420 Update - ok
16:41:13.0171 1420 [ 0546477BDE979E33294FE97F6B3DE84A ] upnphost C:\WINDOWS\System32\upnphost.dll
16:41:13.0265 1420 upnphost - ok
16:41:13.0296 1420 [ 3F5DF65B0758675F95A2D43918A740A3 ] UPS C:\WINDOWS\System32\ups.exe
16:41:13.0453 1420 UPS - ok
16:41:13.0500 1420 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:41:13.0625 1420 usbehci - ok
16:41:13.0687 1420 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:41:13.0828 1420 usbhub - ok
16:41:13.0890 1420 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:41:14.0015 1420 usbscan - ok
16:41:14.0062 1420 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:41:14.0187 1420 USBSTOR - ok
16:41:14.0250 1420 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:41:14.0390 1420 usbuhci - ok
16:41:14.0421 1420 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
16:41:14.0562 1420 VgaSave - ok
16:41:14.0578 1420 ViaIde - ok
16:41:14.0625 1420 [ EE4660083DEBA849FF6C485D944B379B ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
16:41:14.0765 1420 VolSnap - ok
16:41:14.0812 1420 [ 3EE00364AE0FD8D604F46CBAF512838A ] VSS C:\WINDOWS\System32\vssvc.exe
16:41:14.0890 1420 VSS - ok
16:41:14.0953 1420 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] W32Time C:\WINDOWS\system32\w32time.dll
16:41:15.0078 1420 W32Time - ok
16:41:15.0140 1420 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:41:15.0281 1420 Wanarp - ok
16:41:15.0343 1420 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:41:15.0375 1420 wanatw - ok
16:41:15.0390 1420 WDICA - ok
16:41:15.0468 1420 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
16:41:15.0609 1420 wdmaud - ok
16:41:15.0687 1420 [ 265F534EF76832435AFBF771EC97176D ] WebClient C:\WINDOWS\System32\webclnt.dll
16:41:16.0171 1420 WebClient - ok
16:41:16.0312 1420 [ F399242A80C4066FD155EFA4CF96658E ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
16:41:16.0453 1420 winmgmt - ok
16:41:16.0562 1420 [ B9715B9C18BC6C8F4B66733D208CC9F7 ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
16:41:16.0625 1420 WmdmPmSN - ok
16:41:16.0687 1420 [ E8E57B0F9EB03D1AABEC28D550C75116 ] Wmi C:\WINDOWS\System32\advapi32.dll
16:41:16.0796 1420 Wmi - ok
16:41:16.0875 1420 [ BA8CECC3E813E1F7C441B20393D4F86C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:41:17.0000 1420 WmiApSrv - ok
16:41:17.0093 1420 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:41:17.0218 1420 WS2IFSL - ok
16:41:17.0281 1420 [ 4D59DAA66C60858CDF4F67A900F42D4A ] wscsvc C:\WINDOWS\system32\wscsvc.dll
16:41:17.0421 1420 wscsvc - ok
16:41:17.0468 1420 [ 13D72740963CBA12D9FF76A7F218BCD8 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
16:41:17.0609 1420 wuauserv - ok
16:41:17.0656 1420 [ 247520EDED53A08AE89EA4FAE04F54D8 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
16:41:18.0187 1420 WZCSVC - ok
16:41:18.0234 1420 [ EEF46DAB68229A14DA3D8E73C99E2959 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
16:41:18.0390 1420 xmlprov - ok
16:41:18.0421 1420 ================ Scan global ===============================
16:41:18.0468 1420 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
16:41:18.0531 1420 [ 31F2735965A8AD1EB56F774D703DDAF9 ] C:\WINDOWS\system32\winsrv.dll
16:41:18.0546 1420 [ 31F2735965A8AD1EB56F774D703DDAF9 ] C:\WINDOWS\system32\winsrv.dll
16:41:18.0562 1420 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
16:41:18.0578 1420 [Global] - ok
16:41:18.0578 1420 ================ Scan MBR ==================================
16:41:18.0625 1420 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk0\DR0
16:41:18.0625 1420 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:41:18.0656 1420 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
16:41:18.0656 1420 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
16:41:18.0656 1420 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
16:41:18.0656 1420 \Device\Harddisk0\DR0 - detected TDSS File System (1)
16:41:18.0656 1420 ================ Scan VBR ==================================
16:41:18.0671 1420 [ 2AFE4334D3B82A1C557BAB823F59CD05 ] \Device\Harddisk0\DR0\Partition1
16:41:18.0671 1420 \Device\Harddisk0\DR0\Partition1 - ok
16:41:18.0687 1420 ================ Scan active images ========================
16:41:18.0703 1420 [ 3FCC124B6E08EE0E9351F717DD136939 ] C:\WINDOWS\system32\drivers\Hdaudbus.sys
16:41:18.0703 1420 C:\WINDOWS\system32\drivers\Hdaudbus.sys - ok
16:41:18.0718 1420 [ 0E74171EE80A8640DE564B72DBBB397B ] C:\WINDOWS\system32\drivers\Rtenicxp.sys
16:41:18.0718 1420 C:\WINDOWS\system32\drivers\Rtenicxp.sys - ok
16:41:18.0750 1420 [ F886500C285AF271FDD33BF8BA7B32EF ] C:\WINDOWS\system32\drivers\NETw3x32.sys
16:41:18.0750 1420 C:\WINDOWS\system32\drivers\NETw3x32.sys - ok
16:41:18.0781 1420 [ 2034CA78F9C6E787B4B76D81AC888351 ] C:\WINDOWS\system32\drivers\usbport.sys
16:41:18.0781 1420 C:\WINDOWS\system32\drivers\usbport.sys - ok
16:41:18.0796 1420 [ F8FD1400092E23C8F2F31406EF06167B ] C:\WINDOWS\system32\drivers\usbuhci.sys
16:41:18.0796 1420 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
16:41:18.0828 1420 [ 15E993BA2F6946B2BFBBFCD30398621E ] C:\WINDOWS\system32\drivers\usbehci.sys
16:41:18.0828 1420 C:\WINDOWS\system32\drivers\usbehci.sys - ok
16:41:18.0843 1420 [ 66029E6C4B19223C24D8710EED3AAEAB ] C:\WINDOWS\system32\drivers\EMS7SK.sys
16:41:18.0843 1420 C:\WINDOWS\system32\drivers\EMS7SK.sys - ok
16:41:18.0859 1420 [ D9DA881BE71B74B328471CCF28B5F0A9 ] C:\WINDOWS\system32\drivers\ESM7SK.sys
16:41:18.0859 1420 C:\WINDOWS\system32\drivers\ESM7SK.sys - ok
16:41:18.0890 1420 [ 9F0FA60836E1D1148CC0C1B6E67AA6F7 ] C:\WINDOWS\system32\drivers\ESD7SK.sys
16:41:18.0890 1420 C:\WINDOWS\system32\drivers\ESD7SK.sys - ok
16:41:18.0921 1420 [ 5502B58EEF7486EE6F93F3F164DCB808 ] C:\WINDOWS\system32\drivers\i8042prt.sys
16:41:18.0921 1420 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
16:41:18.0953 1420 [ EBDEE8A2EE5393890A1ACEE971C4C246 ] C:\WINDOWS\system32\drivers\kbdclass.sys
16:41:18.0953 1420 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
16:41:18.0968 1420 [ A6CC8C28D5AAD4179EF32F05BED55E91 ] C:\WINDOWS\system32\drivers\SynTP.sys
16:41:18.0968 1420 C:\WINDOWS\system32\drivers\SynTP.sys - ok
16:41:19.0000 1420 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
16:41:19.0000 1420 C:\WINDOWS\system32\drivers\usbd.sys - ok
16:41:19.0031 1420 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] C:\WINDOWS\system32\drivers\imapi.sys
16:41:19.0031 1420 C:\WINDOWS\system32\drivers\imapi.sys - ok
16:41:19.0062 1420 [ F59C3569A2F2C464BB78CB1BDCDCA55E ] C:\WINDOWS\system32\drivers\iviaspi.sys
16:41:19.0062 1420 C:\WINDOWS\system32\drivers\iviaspi.sys - ok
16:41:19.0078 1420 [ 34E1F0031153E491910E12551400192C ] C:\WINDOWS\system32\drivers\mouclass.sys
16:41:19.0078 1420 C:\WINDOWS\system32\drivers\mouclass.sys - ok
16:41:19.0093 1420 [ 444F122E68DB44C0589227781F3C8B3F ] C:\WINDOWS\system32\drivers\pfc.sys
16:41:19.0093 1420 C:\WINDOWS\system32\drivers\pfc.sys - ok
16:41:19.0125 1420 [ CC1D7BC6A3632C55EE6D8877E9B936F3 ] C:\WINDOWS\system32\drivers\tdcmdpst.sys
16:41:19.0125 1420 C:\WINDOWS\system32\drivers\tdcmdpst.sys - ok
16:41:19.0156 1420 [ AF9C19B3100FE010496B1A27181FBF72 ] C:\WINDOWS\system32\drivers\cdrom.sys
16:41:19.0156 1420 C:\WINDOWS\system32\drivers\cdrom.sys - ok
16:41:19.0187 1420 [ B9540E258F952650DE8DEC68719A5C97 ] C:\WINDOWS\system32\drivers\ks.sys
16:41:19.0187 1420 C:\WINDOWS\system32\drivers\ks.sys - ok
16:41:19.0218 1420 [ B31B4588E4086D8D84ADBF9845C2402B ] C:\WINDOWS\system32\drivers\redbook.sys
16:41:19.0218 1420 C:\WINDOWS\system32\drivers\redbook.sys - ok
16:41:19.0234 1420 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] C:\WINDOWS\system32\drivers\ndistapi.sys
16:41:19.0234 1420 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
16:41:19.0265 1420 [ 0B90E255A9490166AB368CD55A529893 ] C:\WINDOWS\system32\drivers\ndiswan.sys
16:41:19.0265 1420 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
16:41:19.0296 1420 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] C:\WINDOWS\system32\drivers\rasl2tp.sys
16:41:19.0296 1420 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
16:41:19.0328 1420 [ 7306EEED8895454CBED4669BE9F79FAA ] C:\WINDOWS\system32\drivers\raspppoe.sys
16:41:19.0328 1420 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
16:41:19.0343 1420 [ 1C5CC65AAC0783C344F16353E60B72AC ] C:\WINDOWS\system32\drivers\raspptp.sys
16:41:19.0343 1420 C:\WINDOWS\system32\drivers\raspptp.sys - ok
16:41:19.0359 1420 [ 6891B74AB9A016064E82A419388D0601 ] C:\WINDOWS\system32\drivers\tdi.sys
16:41:19.0359 1420 C:\WINDOWS\system32\drivers\tdi.sys - ok
16:41:19.0390 1420 [ C0F1D4A21DE5A415DF8170616703DEBF ] C:\WINDOWS\system32\drivers\msgpc.sys
16:41:19.0390 1420 C:\WINDOWS\system32\drivers\msgpc.sys - ok
16:41:19.0421 1420 [ 48671F327553DCF1D27F6197F622A668 ] C:\WINDOWS\system32\drivers\psched.sys
16:41:19.0421 1420 C:\WINDOWS\system32\drivers\psched.sys - ok
16:41:19.0437 1420 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
16:41:19.0437 1420 C:\WINDOWS\system32\drivers\ptilink.sys - ok
16:41:19.0468 1420 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
16:41:19.0468 1420 C:\WINDOWS\system32\drivers\raspti.sys - ok
16:41:19.0500 1420 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] C:\WINDOWS\system32\drivers\wanatw4.sys
16:41:19.0500 1420 C:\WINDOWS\system32\drivers\wanatw4.sys - ok
16:41:19.0531 1420 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] C:\WINDOWS\system32\drivers\rdpdr.sys
16:41:19.0531 1420 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
16:41:19.0546 1420 [ A540A99C281D933F3D69D55E48727F47 ] C:\WINDOWS\system32\drivers\termdd.sys
16:41:19.0546 1420 C:\WINDOWS\system32\drivers\termdd.sys - ok
16:41:19.0578 1420 [ 03C1BAE4766E2450219D20B993D6E046 ] C:\WINDOWS\system32\drivers\swenum.sys
16:41:19.0578 1420 C:\WINDOWS\system32\drivers\swenum.sys - ok
16:41:19.0593 1420 [ AFF2E5045961BBC0A602BB6F95EB1345 ] C:\WINDOWS\system32\drivers\update.sys
16:41:19.0593 1420 C:\WINDOWS\system32\drivers\update.sys - ok
16:41:19.0625 1420 [ 469541F8BFD2B32659D5D463A6714BCE ] C:\WINDOWS\system32\drivers\mssmbios.sys
16:41:19.0625 1420 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
16:41:19.0656 1420 [ 59FC3FB44D2669BC144FD87826BB571F ] C:\WINDOWS\system32\drivers\ndproxy.sys
16:41:19.0656 1420 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
16:41:19.0687 1420 [ C72F40947F92CEA56A8FB532EDF025F1 ] C:\WINDOWS\system32\drivers\usbhub.sys
16:41:19.0687 1420 C:\WINDOWS\system32\drivers\usbhub.sys - ok
16:41:19.0703 1420 [ CED2E8396A8838E59D8FD529C680E02C ] C:\WINDOWS\system32\drivers\fdc.sys
16:41:19.0703 1420 C:\WINDOWS\system32\drivers\fdc.sys - ok
16:41:19.0734 1420 [ 0DD1DE43115B93F4D85E889D7A86F548 ] C:\WINDOWS\system32\drivers\flpydisk.sys
16:41:19.0734 1420 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
16:41:19.0765 1420 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] C:\WINDOWS\system32\drivers\sfloppy.sys
16:41:19.0765 1420 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
16:41:19.0796 1420 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
16:41:19.0796 1420 C:\WINDOWS\system32\drivers\beep.sys - ok
16:41:19.0812 1420 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
16:41:19.0812 1420 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
16:41:19.0828 1420 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
16:41:19.0828 1420 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
16:41:19.0859 1420 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
16:41:19.0859 1420 C:\WINDOWS\system32\drivers\null.sys - ok
16:41:19.0890 1420 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] C:\WINDOWS\system32\drivers\vga.sys
16:41:19.0890 1420 C:\WINDOWS\system32\drivers\vga.sys - ok
16:41:19.0921 1420 [ 4E598972DFF0D63526E9A5372E045064 ] C:\WINDOWS\system32\drivers\videoprt.sys
16:41:19.0921 1420 C:\WINDOWS\system32\drivers\videoprt.sys - ok
16:41:19.0937 1420 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
16:41:19.0937 1420 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
16:41:19.0968 1420 [ 7EFAC183A25B30FB5D64CC9D484B1EB6 ] C:\WINDOWS\system32\drivers\meiudf.sys
16:41:19.0968 1420 C:\WINDOWS\system32\drivers\meiudf.sys - ok
16:41:20.0000 1420 [ 7CEF3E36843BF5DD55120FCCE88800CE ] C:\WINDOWS\system32\drivers\udfs.sys
16:41:20.0000 1420 C:\WINDOWS\system32\drivers\udfs.sys - ok
16:41:20.0015 1420 [ 561B3A4333CA2DBDBA28B5B956822519 ] C:\WINDOWS\system32\drivers\msfs.sys
16:41:20.0015 1420 C:\WINDOWS\system32\drivers\msfs.sys - ok
16:41:20.0046 1420 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] C:\WINDOWS\system32\drivers\npfs.sys
16:41:20.0046 1420 C:\WINDOWS\system32\drivers\npfs.sys - ok
16:41:20.0078 1420 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
16:41:20.0078 1420 C:\WINDOWS\system32\drivers\rasacd.sys - ok
16:41:20.0093 1420 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] C:\WINDOWS\system32\drivers\ipsec.sys
16:41:20.0093 1420 C:\WINDOWS\system32\drivers\ipsec.sys - ok
16:41:20.0125 1420 [ 2A5554FC5B1E04E131230E3CE035C3F9 ] C:\WINDOWS\system32\drivers\tcpip.sys
16:41:20.0125 1420 C:\WINDOWS\system32\drivers\tcpip.sys - ok
16:41:20.0140 1420 [ E2168CBC7098FFE963C6F23F472A3593 ] C:\WINDOWS\system32\drivers\ipnat.sys
16:41:20.0140 1420 C:\WINDOWS\system32\drivers\ipnat.sys - ok
16:41:20.0171 1420 [ 0C80E410CD2F47134407EE7DD19CC86B ] C:\WINDOWS\system32\drivers\netbt.sys
16:41:20.0171 1420 C:\WINDOWS\system32\drivers\netbt.sys - ok
16:41:20.0203 1420 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
16:41:20.0203 1420 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
16:41:20.0234 1420 [ 55E6E1C51B6D30E54335750955453702 ] C:\WINDOWS\system32\drivers\afd.sys
16:41:20.0234 1420 C:\WINDOWS\system32\drivers\afd.sys - ok
16:41:20.0250 1420 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] C:\WINDOWS\system32\drivers\netbios.sys
16:41:20.0250 1420 C:\WINDOWS\system32\drivers\netbios.sys - ok
16:41:20.0281 1420 [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] C:\WINDOWS\system32\drivers\rdbss.sys
16:41:20.0281 1420 C:\WINDOWS\system32\drivers\rdbss.sys - ok
16:41:20.0312 1420 [ 2F868BFFBF50524653D7FE0D99AFB064 ] C:\WINDOWS\system32\ntdll.dll
16:41:20.0312 1420 C:\WINDOWS\system32\ntdll.dll - ok
16:41:20.0328 1420 [ BD7FB0957C716F1A60333AEE04DE2178 ] C:\WINDOWS\system32\smss.exe
16:41:20.0328 1420 C:\WINDOWS\system32\smss.exe - ok
16:41:20.0343 1420 [ B3415B9D6026F65E43089ABED096C38C ] C:\WINDOWS\system32\autochk.exe
16:41:20.0343 1420 C:\WINDOWS\system32\autochk.exe - ok
16:41:20.0375 1420 [ 30A609E00BD1D4FFC49D6B5A432BE7F2 ] C:\WINDOWS\system32\sfcfiles.dll
16:41:20.0375 1420 C:\WINDOWS\system32\sfcfiles.dll - ok
16:41:20.0406 1420 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] C:\WINDOWS\system32\drivers\atapi.sys
16:41:20.0406 1420 C:\WINDOWS\system32\drivers\atapi.sys - ok
16:41:20.0437 1420 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
16:41:20.0437 1420 C:\WINDOWS\system32\drivers\wmilib.sys - ok
16:41:20.0453 1420 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
16:41:20.0453 1420 C:\WINDOWS\system32\drivers\dxapi.sys - ok
16:41:20.0484 1420 [ C9BF2F12C4E6C12F8A85FBA4B6BC6208 ] C:\WINDOWS\system32\watchdog.sys
16:41:20.0484 1420 C:\WINDOWS\system32\watchdog.sys - ok
16:41:20.0515 1420 [ 7190A8EBD16D56C78864E49C9BB5FE7D ] C:\WINDOWS\system32\win32k.sys
16:41:20.0515 1420 C:\WINDOWS\system32\win32k.sys - ok
16:41:20.0546 1420 [ F12B178B1678D778CFD3FF1FC38C71FB ] C:\WINDOWS\system32\csrss.exe
16:41:20.0546 1420 C:\WINDOWS\system32\csrss.exe - ok
16:41:20.0562 1420 [ 00EF9C3AF83EDBAF18CA7A2837750117 ] C:\WINDOWS\system32\basesrv.dll
16:41:20.0562 1420 C:\WINDOWS\system32\basesrv.dll - ok
16:41:20.0578 1420 [ EFD2862F003538B9A5B4C015F8FDB1B3 ] C:\WINDOWS\system32\csrsrv.dll
16:41:20.0578 1420 C:\WINDOWS\system32\csrsrv.dll - ok
16:41:20.0609 1420 [ 0C07B16769E579F78C541773D0A2E7E0 ] C:\WINDOWS\system32\gdi32.dll
16:41:20.0609 1420 C:\WINDOWS\system32\gdi32.dll - ok
16:41:20.0640 1420 [ 31F2735965A8AD1EB56F774D703DDAF9 ] C:\WINDOWS\system32\winsrv.dll
16:41:20.0640 1420 C:\WINDOWS\system32\winsrv.dll - ok
16:41:20.0656 1420 [ B6ACAED7588295129791E0E6A2B0FADE ] C:\WINDOWS\system32\kernel32.dll
16:41:20.0656 1420 C:\WINDOWS\system32\kernel32.dll - ok
16:41:20.0687 1420 [ DE2DB164BBB35DB061AF0997E4499054 ] C:\WINDOWS\system32\user32.dll
16:41:20.0687 1420 C:\WINDOWS\system32\user32.dll - ok
16:41:20.0718 1420 [ 74D66B3DE265E8789153414E75175F26 ] C:\WINDOWS\system32\lpk.dll
16:41:20.0718 1420 C:\WINDOWS\system32\lpk.dll - ok
16:41:20.0734 1420 [ 2EB58F9DCD6AB320B46744A4EA48B2D2 ] C:\WINDOWS\system32\usp10.dll
16:41:20.0734 1420 C:\WINDOWS\system32\usp10.dll - ok
16:41:20.0765 1420 [ B0FEFA816D61EC66AA765DDF534EAB5E ] C:\WINDOWS\system32\msvcrt.dll
16:41:20.0765 1420 C:\WINDOWS\system32\msvcrt.dll - ok
16:41:20.0796 1420 [ E8E57B0F9EB03D1AABEC28D550C75116 ] C:\WINDOWS\system32\advapi32.dll
16:41:20.0796 1420 C:\WINDOWS\system32\advapi32.dll - ok
16:41:20.0828 1420 [ 461B6E2F04112E659280314B7A414F30 ] C:\WINDOWS\system32\rpcrt4.dll
16:41:20.0828 1420 C:\WINDOWS\system32\rpcrt4.dll - ok
16:41:20.0828 1420 [ 1D141672CE98383B22A1846E4D43C159 ] C:\WINDOWS\system32\secur32.dll
16:41:20.0828 1420 C:\WINDOWS\system32\secur32.dll - ok
16:41:20.0859 1420 [ D3DAC8432110AAD0B02A58B4459AB835 ] C:\WINDOWS\system32\drivers\dxg.sys
16:41:20.0859 1420 C:\WINDOWS\system32\drivers\dxg.sys - ok
16:41:20.0890 1420 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
16:41:20.0890 1420 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
16:41:20.0906 1420 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
16:41:20.0906 1420 C:\WINDOWS\system32\vga.dll - ok
16:41:20.0937 1420 [ D3C80B28E4F74E0BDD888A8798B29268 ] C:\WINDOWS\system32\framebuf.dll
16:41:20.0937 1420 C:\WINDOWS\system32\framebuf.dll - ok
16:41:20.0953 1420 [ 1FB5E4AD68B9091148D2A28CF6831D77 ] C:\WINDOWS\system32\vga256.dll
16:41:20.0953 1420 C:\WINDOWS\system32\vga256.dll - ok
16:41:20.0984 1420 [ D5A9D4E5DFD788A5F427DEC60A278FBD ] C:\WINDOWS\system32\vga64k.dll
16:41:20.0984 1420 C:\WINDOWS\system32\vga64k.dll - ok
16:41:21.0015 1420 [ 01C3346C241652F43AED8E2149881BFE ] C:\WINDOWS\system32\winlogon.exe
16:41:21.0015 1420 C:\WINDOWS\system32\winlogon.exe - ok
16:41:21.0031 1420 [ 5C3DF25926729EBEEF5CC7FF1933B360 ] C:\WINDOWS\system32\authz.dll
16:41:21.0031 1420 C:\WINDOWS\system32\authz.dll - ok
16:41:21.0062 1420 [ EFC958396A7A7EF7E6D4A52B97512E18 ] C:\WINDOWS\system32\crypt32.dll
16:41:21.0062 1420 C:\WINDOWS\system32\crypt32.dll - ok
16:41:21.0078 1420 [ DDE959EFC7CD79D1AC4BDA320A959DC0 ] C:\WINDOWS\system32\msasn1.dll
16:41:21.0078 1420 C:\WINDOWS\system32\msasn1.dll - ok
16:41:21.0093 1420 [ 458AB591E8CF240CC105A23671F2C3D6 ] C:\WINDOWS\system32\nddeapi.dll
16:41:21.0093 1420 C:\WINDOWS\system32\nddeapi.dll - ok
16:41:21.0125 1420 [ 0A457307006530FD03A797F572A067FA ] C:\WINDOWS\system32\netapi32.dll
16:41:21.0125 1420 C:\WINDOWS\system32\netapi32.dll - ok
16:41:21.0140 1420 [ FE4F71711CF5C17ADE5E506348132D24 ] C:\WINDOWS\system32\profmap.dll
16:41:21.0140 1420 C:\WINDOWS\system32\profmap.dll - ok
16:41:21.0171 1420 [ 2B9B56A89A8A42E917511972A6DB36E3 ] C:\WINDOWS\system32\userenv.dll
16:41:21.0171 1420 C:\WINDOWS\system32\userenv.dll - ok
16:41:21.0203 1420 [ 96E48C7EB9089D1DBF6F85CA11B264DF ] C:\WINDOWS\system32\psapi.dll
16:41:21.0203 1420 C:\WINDOWS\system32\psapi.dll - ok
16:41:21.0218 1420 [ 899ED710FDC37EB7D0115C2932C2B1EB ] C:\WINDOWS\system32\regapi.dll
16:41:21.0218 1420 C:\WINDOWS\system32\regapi.dll - ok
16:41:21.0250 1420 [ 7808313CBC634EE08346D5DDFEF1CC5F ] C:\WINDOWS\system32\setupapi.dll
16:41:21.0250 1420 C:\WINDOWS\system32\setupapi.dll - ok
16:41:21.0265 1420 [ D38408967BE738D0C1B47005BCE8CEEB ] C:\WINDOWS\system32\version.dll
16:41:21.0265 1420 C:\WINDOWS\system32\version.dll - ok
16:41:21.0296 1420 [ 7BC4BA4C33ADF3EF5CD370D99BC60B04 ] C:\WINDOWS\system32\winsta.dll
16:41:21.0296 1420 C:\WINDOWS\system32\winsta.dll - ok
16:41:21.0328 1420 [ 5AFCE94E8286B2F57A04DA37F01BF21A ] C:\WINDOWS\system32\imagehlp.dll
16:41:21.0328 1420 C:\WINDOWS\system32\imagehlp.dll - ok
16:41:21.0328 1420 [ 1955BD9737BE6F4B72AD7A4859B4E300 ] C:\WINDOWS\system32\wintrust.dll
16:41:21.0328 1420 C:\WINDOWS\system32\wintrust.dll - ok
16:41:21.0359 1420 [ 2ED0B7F12A60F90092081C50FA0EC2B2 ] C:\WINDOWS\system32\ws2_32.dll
16:41:21.0359 1420 C:\WINDOWS\system32\ws2_32.dll - ok
16:41:21.0390 1420 [ 9BEACB911CA61E5881102188AB7FB431 ] C:\WINDOWS\system32\ws2help.dll
16:41:21.0390 1420 C:\WINDOWS\system32\ws2help.dll - ok
16:41:21.0406 1420 [ 87CA7CE6469577F059297B9D6556D66D ] C:\WINDOWS\system32\imm32.dll
16:41:21.0406 1420 C:\WINDOWS\system32\imm32.dll - ok
16:41:21.0437 1420 [ E2A16F56A54CB58573A23DE3F099E03A ] C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
16:41:21.0437 1420 C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL - ok
16:41:21.0468 1420 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
16:41:21.0468 1420 C:\WINDOWS\system32\kbdus.dll - ok
16:41:21.0484 1420 [ FCCAB1C9F55640E7F9D0BB8A6DEC93AF ] C:\WINDOWS\system32\msgina.dll
16:41:21.0484 1420 C:\WINDOWS\system32\msgina.dll - ok
16:41:21.0515 1420 [ A77DFB85FAEE49D66C74DA6024EBC69B ] C:\WINDOWS\system32\comctl32.dll
16:41:21.0515 1420 C:\WINDOWS\system32\comctl32.dll - ok
16:41:21.0531 1420 [ F79D7D98CD764499ECCBAAF3F800D349 ] C:\WINDOWS\system32\odbc32.dll
16:41:21.0531 1420 C:\WINDOWS\system32\odbc32.dll - ok
16:41:21.0562 1420 [ 56B6333DDA2576803F99F0EA373D0A7B ] C:\WINDOWS\system32\shell32.dll
16:41:21.0562 1420 C:\WINDOWS\system32\shell32.dll - ok
16:41:21.0578 1420 [ FE7A0CDBC3E69D80BC5741A6BAF2F15F ] C:\WINDOWS\system32\shlwapi.dll
16:41:21.0578 1420 C:\WINDOWS\system32\shlwapi.dll - ok
16:41:21.0593 1420 [ 1EDB1BB89D021955E6F7265911175B8D ] C:\WINDOWS\system32\comdlg32.dll
16:41:21.0593 1420 C:\WINDOWS\system32\comdlg32.dll - ok
16:41:21.0625 1420 [ BCDF5F4BAE714231ECC916A1EF724627 ] C:\WINDOWS\system32\sxs.dll
16:41:21.0625 1420 C:\WINDOWS\system32\sxs.dll - ok
16:41:21.0656 1420 [ 5AF68A5E44734A082442668E9C787743 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
16:41:21.0656 1420 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll - ok
16:41:21.0687 1420 [ C237FB08F52F27823C4E4E6705ECD196 ] C:\WINDOWS\system32\odbcint.dll
16:41:21.0687 1420 C:\WINDOWS\system32\odbcint.dll - ok
16:41:21.0703 1420 [ E7518DC542D3EBDCB80EDD98462C7821 ] C:\WINDOWS\system32\shsvcs.dll
16:41:21.0703 1420 C:\WINDOWS\system32\shsvcs.dll - ok
16:41:21.0734 1420 [ E8A12A12EA9088B4327D49EDCA3ADD3E ] C:\WINDOWS\system32\sfc.dll
16:41:21.0734 1420 C:\WINDOWS\system32\sfc.dll - ok
16:41:21.0750 1420 [ 9858CC4D73A4CCF2F852FAE07C11A0B5 ] C:\WINDOWS\system32\sfc_os.dll
16:41:21.0750 1420 C:\WINDOWS\system32\sfc_os.dll - ok
16:41:21.0781 1420 [ A2F755E237FA2CDD748A80BFBE6657F3 ] C:\WINDOWS\system32\ole32.dll
16:41:21.0781 1420 C:\WINDOWS\system32\ole32.dll - ok
16:41:21.0796 1420 [ ECA24AB73FCFFA754D4070CDB03529E3 ] C:\WINDOWS\system32\apphelp.dll
16:41:21.0796 1420 C:\WINDOWS\system32\apphelp.dll - ok
16:41:21.0828 1420 [ 4712531AB7A01B7EE059853CA17D39BD ] C:\WINDOWS\system32\services.exe
16:41:21.0828 1420 C:\WINDOWS\system32\services.exe - ok
16:41:21.0843 1420 [ 84885F9B82F4D55C6146EBF6065D75D2 ] C:\WINDOWS\system32\lsass.exe
16:41:21.0843 1420 C:\WINDOWS\system32\lsass.exe - ok
16:41:21.0875 1420 [ DA201A0A309B96381FD674D0FAB5DA86 ] C:\WINDOWS\system32\ncobjapi.dll
16:41:21.0875 1420 C:\WINDOWS\system32\ncobjapi.dll - ok
16:41:21.0890 1420 [ 1F57EB5B92B2AC7F9D71A77D184D8C13 ] C:\WINDOWS\system32\msvcp60.dll
16:41:21.0890 1420 C:\WINDOWS\system32\msvcp60.dll - ok
16:41:21.0921 1420 [ 8185EEE4E645F74C9FF30271365E0ABA ] C:\WINDOWS\system32\lsasrv.dll
16:41:21.0921 1420 C:\WINDOWS\system32\lsasrv.dll - ok
16:41:21.0937 1420 [ D130A15CA178E92435F9F3D2C3D54D81 ] C:\WINDOWS\system32\scesrv.dll
16:41:21.0937 1420 C:\WINDOWS\system32\scesrv.dll - ok
16:41:21.0968 1420 [ 2CFE80AA3428C09E6DE67FAC50DA65CF ] C:\WINDOWS\system32\mpr.dll
16:41:21.0968 1420 C:\WINDOWS\system32\mpr.dll - ok
16:41:22.0000 1420 [ 6201BACF384292A5FE94CE73364AE53A ] C:\WINDOWS\system32\ntdsapi.dll
16:41:22.0000 1420 C:\WINDOWS\system32\ntdsapi.dll - ok
16:41:22.0015 1420 [ 586211F4FF4BC49CC215C956919CD33B ] C:\WINDOWS\system32\umpnpmgr.dll
16:41:22.0015 1420 C:\WINDOWS\system32\umpnpmgr.dll - ok
16:41:22.0046 1420 [ 176497D0E7AE618860552A4B5635B206 ] C:\WINDOWS\system32\dnsapi.dll
16:41:22.0046 1420 C:\WINDOWS\system32\dnsapi.dll - ok
16:41:22.0078 1420 [ 43DA983415EA533F9E667FDB415F4655 ] C:\WINDOWS\system32\shimeng.dll
16:41:22.0078 1420 C:\WINDOWS\system32\shimeng.dll - ok
16:41:22.0093 1420 [ 10F36FA092D7A309A0647FCDC764AE6C ] C:\WINDOWS\system32\wldap32.dll
16:41:22.0093 1420 C:\WINDOWS\system32\wldap32.dll - ok
16:41:22.0109 1420 [ FB537F29A827D78F756154CF397A113F ] C:\WINDOWS\AppPatch\AcGenral.dll
16:41:22.0109 1420 C:\WINDOWS\AppPatch\AcGenral.dll - ok
16:41:22.0140 1420 [ EBE12F403FDE45E7312E7BF764BFB6C6 ] C:\WINDOWS\system32\samlib.dll
16:41:22.0140 1420 C:\WINDOWS\system32\samlib.dll - ok
16:41:22.0171 1420 [ E15154E7FDA8A580A8F74C7CC16B1FFE ] C:\WINDOWS\system32\samsrv.dll
16:41:22.0171 1420 C:\WINDOWS\system32\samsrv.dll - ok
16:41:22.0187 1420 [ EF5B64A9CD71ED27E837165C08DA4CC1 ] C:\WINDOWS\system32\cryptdll.dll
16:41:22.0187 1420 C:\WINDOWS\system32\cryptdll.dll - ok
16:41:22.0218 1420 [ 90FDAA22F38D9E911F91FA3B8A1F7E5D ] C:\WINDOWS\system32\winmm.dll
16:41:22.0218 1420 C:\WINDOWS\system32\winmm.dll - ok
16:41:22.0250 1420 [ B3742DEE858B243E77C73D2B8F7C8223 ] C:\WINDOWS\system32\oleaut32.dll
16:41:22.0250 1420 C:\WINDOWS\system32\oleaut32.dll - ok
16:41:22.0281 1420 [ 975D12353B1D525C0F3444C447FB3B9A ] C:\WINDOWS\system32\msacm32.dll
16:41:22.0281 1420 C:\WINDOWS\system32\msacm32.dll - ok
16:41:22.0296 1420 [ 2CDE496666A975A2CE8F969F3042C8DB ] C:\WINDOWS\system32\uxtheme.dll
16:41:22.0296 1420 C:\WINDOWS\system32\uxtheme.dll - ok
16:41:22.0328 1420 [ E484F006380A89A52CCC7828ECE5DCA0 ] C:\WINDOWS\system32\msapsspc.dll
16:41:22.0328 1420 C:\WINDOWS\system32\msapsspc.dll - ok
16:41:22.0343 1420 [ 146D198E3AD9D4B69C9EB0AEA6EF333B ] C:\WINDOWS\system32\msvcrt40.dll
16:41:22.0343 1420 C:\WINDOWS\system32\msvcrt40.dll - ok
16:41:22.0375 1420 [ 3732492EDD6C46454752F9AC78F2539E ] C:\WINDOWS\system32\schannel.dll
16:41:22.0375 1420 C:\WINDOWS\system32\schannel.dll - ok
16:41:22.0390 1420 [ 7F2310210256C0AC04A82285DEBC0F51 ] C:\WINDOWS\system32\digest.dll
16:41:22.0390 1420 C:\WINDOWS\system32\digest.dll - ok
16:41:22.0421 1420 [ BB1367FECA810F06B1AEA06D610B1E4F ] C:\WINDOWS\system32\msnsspc.dll
16:41:22.0421 1420 C:\WINDOWS\system32\msnsspc.dll - ok
16:41:22.0453 1420 [ D87041EAA67ECA4394F6D5D09C0C2885 ] C:\WINDOWS\system32\MSCTFIME.IME
16:41:22.0453 1420 C:\WINDOWS\system32\MSCTFIME.IME - ok
16:41:22.0484 1420 [ 6BEC17053284E847CF1FBB8C9A181E1E ] C:\WINDOWS\system32\msprivs.dll
16:41:22.0484 1420 C:\WINDOWS\system32\msprivs.dll - ok
16:41:22.0500 1420 [ 1EFBD57FA79B96F638F3F72DCC393F34 ] C:\WINDOWS\system32\kerberos.dll
16:41:22.0500 1420 C:\WINDOWS\system32\kerberos.dll - ok
16:41:22.0531 1420 [ 8BCC4CB5AE075BFA6DDE97CC3DAC1DC6 ] C:\WINDOWS\system32\msv1_0.dll
16:41:22.0531 1420 C:\WINDOWS\system32\msv1_0.dll - ok
16:41:22.0562 1420 [ 42A1912DBDF8BCC087A1CAE008DB060C ] C:\WINDOWS\system32\iphlpapi.dll
16:41:22.0562 1420 C:\WINDOWS\system32\iphlpapi.dll - ok
16:41:22.0578 1420 [ 6C476D33D82F1054849790181E8F7772 ] C:\WINDOWS\system32\netlogon.dll
16:41:22.0578 1420 C:\WINDOWS\system32\netlogon.dll - ok
16:41:22.0593 1420 [ 2B281958F5D0CF99ED626E3EF39D5C8D ] C:\WINDOWS\system32\w32time.dll
16:41:22.0593 1420 C:\WINDOWS\system32\w32time.dll - ok
16:41:22.0625 1420 [ 6E2ABA80E627A6B2CACCC6D0C60874B1 ] C:\WINDOWS\system32\wdigest.dll
16:41:22.0625 1420 C:\WINDOWS\system32\wdigest.dll - ok
16:41:22.0656 1420 [ 26ACBD865F8CFF730F1791C4D0854352 ] C:\WINDOWS\system32\rsaenh.dll
16:41:22.0656 1420 C:\WINDOWS\system32\rsaenh.dll - ok
16:41:22.0687 1420 [ FE1F6432B5B64500FB2927098219EA8D ] C:\WINDOWS\system32\atmfd.dll
16:41:22.0687 1420 C:\WINDOWS\system32\atmfd.dll - ok
16:41:22.0703 1420 [ 7BCB23FA39CE266AF4347A6BEAB60F8C ] C:\WINDOWS\system32\winscard.dll
16:41:22.0703 1420 C:\WINDOWS\system32\winscard.dll - ok
16:41:22.0734 1420 [ 67F2D109AB373FECEB819F420DB11F03 ] C:\WINDOWS\system32\wtsapi32.dll
16:41:22.0734 1420 C:\WINDOWS\system32\wtsapi32.dll - ok
16:41:22.0765 1420 [ 0F78E27F563F2AAF74B91A49E2ABF19A ] C:\WINDOWS\system32\scecli.dll
16:41:22.0765 1420 C:\WINDOWS\system32\scecli.dll - ok
16:41:22.0781 1420 [ 8F078AE4ED187AAABC0A305146DE6716 ] C:\WINDOWS\system32\svchost.exe
16:41:22.0781 1420 C:\WINDOWS\system32\svchost.exe - ok
16:41:22.0812 1420 [ DAA91B358E685FC6CCA9ACA72BE6FE85 ] C:\WINDOWS\system32\ntmarta.dll
16:41:22.0812 1420 C:\WINDOWS\system32\ntmarta.dll - ok
16:41:22.0828 1420 [ 24B5D53B9ACCC1E2EDCF0A878D6659D4 ] C:\WINDOWS\system32\rpcss.dll
16:41:22.0828 1420 C:\WINDOWS\system32\rpcss.dll - ok
16:41:22.0859 1420 [ 1320AEA7057A26A671D9548CC7BEBDA5 ] C:\WINDOWS\system32\xpsp2res.dll
16:41:22.0859 1420 C:\WINDOWS\system32\xpsp2res.dll - ok
16:41:22.0890 1420 [ 82B24CB70E5944E6E34662205A2A5B78 ] C:\WINDOWS\system32\eventlog.dll
16:41:22.0890 1420 C:\WINDOWS\system32\eventlog.dll - ok
16:41:22.0906 1420 [ 097722F235A1FB698BF9234E01B52637 ] C:\WINDOWS\system32\mswsock.dll
16:41:22.0906 1420 C:\WINDOWS\system32\mswsock.dll - ok
16:41:22.0937 1420 [ 7DB59FFF2AF32C27EB2276424FA5EDDB ] C:\WINDOWS\system32\logonui.exe
16:41:22.0937 1420 C:\WINDOWS\system32\logonui.exe - ok
16:41:22.0968 1420 [ 765B30C776A1780B46B479FE614F707C ] C:\WINDOWS\system32\hnetcfg.dll
16:41:22.0968 1420 C:\WINDOWS\system32\hnetcfg.dll - ok
16:41:22.0984 1420 [ ED7E847905DD2797565B4B695E92F42B ] C:\WINDOWS\system32\duser.dll
16:41:22.0984 1420 C:\WINDOWS\system32\duser.dll - ok
16:41:23.0015 1420 [ A7F95A53EE055115DF03588997A47D4D ] C:\WINDOWS\system32\wshtcpip.dll
16:41:23.0015 1420 C:\WINDOWS\system32\wshtcpip.dll - ok
16:41:23.0046 1420 [ 2C8FDB176F22629EA5342DB474FAC391 ] C:\WINDOWS\system32\winrnr.dll
16:41:23.0046 1420 C:\WINDOWS\system32\winrnr.dll - ok
16:41:23.0078 1420 [ B5331F2B6F37C66C29C847F3B94FF900 ] C:\WINDOWS\system32\msimg32.dll
16:41:23.0078 1420 C:\WINDOWS\system32\msimg32.dll - ok
16:41:23.0078 1420 [ 5F2DBE3CB563741C8084657BF956CE64 ] C:\WINDOWS\system32\oleacc.dll
16:41:23.0078 1420 C:\WINDOWS\system32\oleacc.dll - ok
16:41:23.0109 1420 [ 4CAEC028C1E21C75E17877D4522D3DB4 ] C:\WINDOWS\system32\rasadhlp.dll
16:41:23.0109 1420 C:\WINDOWS\system32\rasadhlp.dll - ok
16:41:23.0140 1420 [ 587729679B4FE04CE06A5C61D6C56DCD ] C:\WINDOWS\system32\cscdll.dll
16:41:23.0140 1420 C:\WINDOWS\system32\cscdll.dll - ok
16:41:23.0171 1420 [ EEFA1CE63805D2145978621BE5C6D955 ] C:\WINDOWS\system32\drivers\ndisuio.sys
16:41:23.0171 1420 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
16:41:23.0187 1420 [ A599E5E366C1408E48AA5D37882D4E3E ] C:\WINDOWS\system32\wlnotify.dll
16:41:23.0187 1420 C:\WINDOWS\system32\wlnotify.dll - ok
16:41:23.0218 1420 [ 777EB29D0135D81AD9828A2B05443496 ] C:\WINDOWS\system32\winspool.drv
16:41:23.0218 1420 C:\WINDOWS\system32\winspool.drv - ok
16:41:23.0250 1420 [ CB6CA3E5261D65F6F809EED23BF167AA ] C:\WINDOWS\system32\dhcpcsvc.dll
16:41:23.0250 1420 C:\WINDOWS\system32\dhcpcsvc.dll - ok
16:41:23.0281 1420 [ 7379DE06FD196E396A00AA97B990C00D ] C:\WINDOWS\system32\dnsrslvr.dll
16:41:23.0281 1420 C:\WINDOWS\system32\dnsrslvr.dll - ok
16:41:23.0296 1420 [ 18AFEE0EDE045B6255408D634372DC29 ] C:\WINDOWS\system32\hid.dll
16:41:23.0296 1420 C:\WINDOWS\system32\hid.dll - ok
16:41:23.0328 1420 [ 9CE5DEF97E55E52C23201098DB755280 ] C:\WINDOWS\system32\wininet.dll
16:41:23.0328 1420 C:\WINDOWS\system32\wininet.dll - ok
16:41:23.0343 1420 [ B3EFF6D938C572E90A07B3D87A3C7657 ] C:\WINDOWS\system32\lmhsvc.dll
16:41:23.0343 1420 C:\WINDOWS\system32\lmhsvc.dll - ok
16:41:23.0375 1420 [ 247520EDED53A08AE89EA4FAE04F54D8 ] C:\WINDOWS\system32\wzcsvc.dll
16:41:23.0375 1420 C:\WINDOWS\system32\wzcsvc.dll - ok
16:41:23.0390 1420 [ A7ED8E8E8378E99913F346842B4CEC54 ] C:\WINDOWS\system32\clbcatq.dll
16:41:23.0390 1420 C:\WINDOWS\system32\clbcatq.dll - ok
16:41:23.0421 1420 [ 2030FA027E7C3E0A145649C03171457B ] C:\WINDOWS\system32\rtutils.dll
16:41:23.0421 1420 C:\WINDOWS\system32\rtutils.dll - ok
16:41:23.0453 1420 [ 6728270CB7DBB776ED086F5AC4C82310 ] C:\WINDOWS\system32\comres.dll
16:41:23.0453 1420 C:\WINDOWS\system32\comres.dll - ok
16:41:23.0484 1420 [ E682696D7F982494A8CFC80C5B59D422 ] C:\WINDOWS\system32\wmi.dll
16:41:23.0484 1420 C:\WINDOWS\system32\wmi.dll - ok
16:41:23.0500 1420 [ 50DE118DA580208B914B40DD47C90D52 ] C:\WINDOWS\system32\esent.dll
16:41:23.0500 1420 C:\WINDOWS\system32\esent.dll - ok
16:41:23.0531 1420 [ 1D3A8A40F8045100A3E35C5F9BC6C5DE ] C:\WINDOWS\system32\shgina.dll
16:41:23.0531 1420 C:\WINDOWS\system32\shgina.dll - ok
16:41:23.0562 1420 [ 72F2CFC7653FB5ABB85789D28E26A643 ] C:\WINDOWS\system32\atl.dll
16:41:23.0562 1420 C:\WINDOWS\system32\atl.dll - ok
16:41:23.0578 1420 [ 5414CCF382E4FCC6819ABA84F5BFEFD4 ] C:\WINDOWS\system32\rastls.dll
16:41:23.0578 1420 C:\WINDOWS\system32\rastls.dll - ok
16:41:23.0593 1420 [ 4AC302BF714DC163E685D0A187A36D0F ] C:\WINDOWS\system32\cryptui.dll
16:41:23.0593 1420 C:\WINDOWS\system32\cryptui.dll - ok
16:41:23.0625 1420 [ 9F78F329B1858E845087B923B4DBA0F3 ] C:\WINDOWS\system32\mprapi.dll
16:41:23.0625 1420 C:\WINDOWS\system32\mprapi.dll - ok
16:41:23.0656 1420 [ 875D770F477E0AE0088BE1810D537B23 ] C:\WINDOWS\system32\activeds.dll
16:41:23.0656 1420 C:\WINDOWS\system32\activeds.dll - ok
16:41:23.0687 1420 [ 12A581CA44E53B09D24C5B94F252C78D ] C:\WINDOWS\system32\adsldpc.dll
16:41:23.0687 1420 C:\WINDOWS\system32\adsldpc.dll - ok
16:41:23.0703 1420 [ CD1F7ED9842138BEADF9ECBF37818BEF ] C:\WINDOWS\system32\rasapi32.dll
16:41:23.0703 1420 C:\WINDOWS\system32\rasapi32.dll - ok
16:41:23.0734 1420 [ 30E244A707E6CE0A4B099CD6384EC6CA ] C:\WINDOWS\system32\rasman.dll
16:41:23.0734 1420 C:\WINDOWS\system32\rasman.dll - ok
16:41:23.0765 1420 [ 6307A1B82F6CA87D7E0CDF49E6E7BC00 ] C:\WINDOWS\system32\tapi32.dll
16:41:23.0765 1420 C:\WINDOWS\system32\tapi32.dll - ok
16:41:23.0781 1420 [ A0BC687A49542C40EB60B7308F454E8A ] C:\WINDOWS\system32\riched20.dll
16:41:23.0781 1420 C:\WINDOWS\system32\riched20.dll - ok
16:41:23.0812 1420 [ 0346DA24DE3C85909717D5997510A31F ] C:\WINDOWS\system32\mlang.dll
16:41:23.0812 1420 C:\WINDOWS\system32\mlang.dll - ok
16:41:23.0828 1420 [ 0B8EB60C983666C3F09AB770EDFD2F96 ] C:\WINDOWS\system32\raschap.dll
16:41:23.0828 1420 C:\WINDOWS\system32\raschap.dll - ok
16:41:23.0859 1420 [ 59E9857ABC6C62AF55EB29FA68354805 ] C:\WINDOWS\system32\xmlprovi.dll
16:41:23.0859 1420 C:\WINDOWS\system32\xmlprovi.dll - ok
16:41:23.0875 1420 [ FCBE41B9172FA24C8EF419490C682C8A ] C:\WINDOWS\system32\wzcsapi.dll
16:41:23.0875 1420 C:\WINDOWS\system32\wzcsapi.dll - ok
16:41:23.0906 1420 [ E1F27CFCD114EC9F1E1F44674B2FF9F0 ] C:\WINDOWS\system32\wkssvc.dll
16:41:23.0906 1420 C:\WINDOWS\system32\wkssvc.dll - ok
16:41:23.0937 1420 [ 10654F9DDCEA9C46CFB77554231BE73B ] C:\WINDOWS\system32\cryptsvc.dll
16:41:23.0937 1420 C:\WINDOWS\system32\cryptsvc.dll - ok
16:41:23.0968 1420 [ AD44C5BC21213F394F6AFCB55CC39293 ] C:\WINDOWS\system32\certcli.dll
16:41:23.0968 1420 C:\WINDOWS\system32\certcli.dll - ok
16:41:23.0984 1420 [ F042EE4C8D66248D9B86DCF52ABAE416 ] C:\ComboFix\pev.3XE
16:41:23.0984 1420 C:\ComboFix\pev.3XE - ok
16:41:24.0015 1420 [ 8827911A8C37E40C027CBFC88E69D967 ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
16:41:24.0015 1420 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
16:41:24.0046 1420 [ 0CB3AF149A0BAC0836022CA307C7A0F8 ] C:\WINDOWS\system32\srvsvc.dll
16:41:24.0046 1420 C:\WINDOWS\system32\srvsvc.dll - ok
16:41:24.0062 1420 [ 1639D9964C9E1B2ECCA95C8217D3E70D ] C:\WINDOWS\system32\dmserver.dll
16:41:24.0062 1420 C:\WINDOWS\system32\dmserver.dll - ok
16:41:24.0078 1420 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
16:41:24.0078 1420 C:\WINDOWS\system32\netmsg.dll - ok
16:41:24.0109 1420 [ 36739B39267914BA69AD0610A0299732 ] C:\WINDOWS\system32\netman.dll
16:41:24.0109 1420 C:\WINDOWS\system32\netman.dll - ok
16:41:24.0140 1420 [ 9BD086B1E1CB82A11B95F5BA613C4A4E ] C:\WINDOWS\system32\netshell.dll
16:41:24.0140 1420 C:\WINDOWS\system32\netshell.dll - ok
16:41:24.0156 1420 [ ABC6379205DE2618851C4FCBF72112EB ] C:\ComboFix\hidec.3XE
16:41:24.0156 1420 C:\ComboFix\hidec.3XE - ok
16:41:24.0187 1420 [ A46842C9B0C567A5A9584E83A163560C ] C:\ComboFix\swreg.3XE
16:41:24.0187 1420 C:\ComboFix\swreg.3XE - ok
16:41:24.0218 1420 [ 1ECB753D7CEEC8F5A94C9781CA64EC44 ] C:\WINDOWS\system32\credui.dll
16:41:24.0218 1420 C:\WINDOWS\system32\credui.dll - ok
16:41:24.0234 1420 [ 92BDF74F12D6CBEC43C94D4B7F804838 ] C:\WINDOWS\system32\srsvc.dll
16:41:24.0234 1420 C:\WINDOWS\system32\srsvc.dll - ok
16:41:24.0265 1420 [ 1B5F6923ABB450692E9FE0672C897AED ] C:\WINDOWS\system32\powrprof.dll
16:41:24.0265 1420 C:\WINDOWS\system32\powrprof.dll - ok
16:41:24.0296 1420 [ F399242A80C4066FD155EFA4CF96658E ] C:\WINDOWS\system32\wbem\wmisvc.dll
16:41:24.0296 1420 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
16:41:24.0328 1420 [ 79DABB124D00ADF19852AE879C201890 ] C:\WINDOWS\system32\vssapi.dll
16:41:24.0328 1420 C:\WINDOWS\system32\vssapi.dll - ok
16:41:24.0328 1420 [ 36CC8C01B5E50163037BEF56CB96DEFF ] C:\WINDOWS\system32\ipnathlp.dll
16:41:24.0328 1420 C:\WINDOWS\system32\ipnathlp.dll - ok
16:41:24.0359 1420 [ 7A4F147CC6B133F905F6E65E2F8669FB ] C:\WINDOWS\system32\drivers\srv.sys
16:41:24.0359 1420 C:\WINDOWS\system32\drivers\srv.sys - ok
16:41:24.0390 1420 [ 4E39C36213E95FB971A61A247BDE2F61 ] C:\WINDOWS\system32\wbem\wbemcomn.dll
16:41:24.0390 1420 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
16:41:24.0421 1420 [ 851547797C2A7F8A04841644C471A567 ] C:\WINDOWS\system32\wbem\wbemprox.dll
16:41:24.0421 1420 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
16:41:24.0437 1420 [ 36360B625D7290BBA2CD03AD4975E1BC ] C:\WINDOWS\system32\wbem\wbemcore.dll
16:41:24.0437 1420 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
16:41:24.0468 1420 [ DE578E4E6844954823FC7688625F00C8 ] C:\WINDOWS\system32\wbem\esscli.dll
16:41:24.0468 1420 C:\WINDOWS\system32\wbem\esscli.dll - ok
16:41:24.0500 1420 [ 4DE2616B80C62930FD337EC395462B21 ] C:\WINDOWS\system32\wbem\fastprox.dll
16:41:24.0500 1420 C:\WINDOWS\system32\wbem\fastprox.dll - ok
16:41:24.0531 1420 [ 7D676AC8CC19341117C77C261647BA07 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
16:41:24.0531 1420 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
16:41:24.0546 1420 [ 0A1161DB4FCCF7821736C70D70A0F5A3 ] C:\WINDOWS\system32\wbem\wmiutils.dll
16:41:24.0546 1420 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
16:41:24.0578 1420 [ 9A66728EFE501D855D0FFE3DE023CE32 ] C:\WINDOWS\system32\wbem\repdrvfs.dll
16:41:24.0578 1420 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
16:41:24.0593 1420 [ 44266E3A948FA690585B2D7205A672F6 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
16:41:24.0593 1420 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
16:41:24.0609 1420 [ 6708E1DDF12CAB2D5B5A2B66B76E0038 ] C:\WINDOWS\system32\wbem\wbemess.dll
16:41:24.0609 1420 C:\WINDOWS\system32\wbem\wbemess.dll - ok
16:41:24.0640 1420 [ E3AE8DC04643850D2DFD431443558B28 ] C:\WINDOWS\system32\netcfgx.dll
16:41:24.0640 1420 C:\WINDOWS\system32\netcfgx.dll - ok
16:41:24.0671 1420 [ 98C1FF6676E02D43DA208802286A6EE7 ] C:\WINDOWS\system32\clusapi.dll
16:41:24.0671 1420 C:\WINDOWS\system32\clusapi.dll - ok
16:41:24.0687 1420 [ 51230212AE7F8159A90F06A7EA30DD8A ] C:\WINDOWS\system32\cscui.dll
16:41:24.0687 1420 C:\WINDOWS\system32\cscui.dll - ok
16:41:24.0718 1420 [ 5922173AFBFC47E94A404ECF25663C09 ] C:\WINDOWS\system32\dpcdll.dll
16:41:24.0718 1420 C:\WINDOWS\system32\dpcdll.dll - ok
16:41:24.0734 1420 [ C29A5286E64D97385178452D5F307B98 ] C:\WINDOWS\system32\termsrv.dll
16:41:24.0734 1420 C:\WINDOWS\system32\termsrv.dll - ok
16:41:24.0765 1420 [ 39B1FFB03C2296323832ACBAE50D2AFF ] C:\WINDOWS\system32\userinit.exe
16:41:24.0765 1420 C:\WINDOWS\system32\userinit.exe - ok
16:41:24.0796 1420 [ 37E7DB460A5315E4609B212C6C014527 ] C:\WINDOWS\system32\icaapi.dll
16:41:24.0796 1420 C:\WINDOWS\system32\icaapi.dll - ok
16:41:24.0812 1420 [ F5EE7CACD1784241F138A5E55B715897 ] C:\WINDOWS\system32\mstlsapi.dll
16:41:24.0812 1420 C:\WINDOWS\system32\mstlsapi.dll - ok
16:41:24.0828 1420 [ A0732187050030AE399B241436565E64 ] C:\WINDOWS\explorer.exe
16:41:24.0828 1420 C:\WINDOWS\explorer.exe - ok
16:41:24.0859 1420 [ E6D28735E75C9BC6C9F00EAFA904B7D5 ] C:\WINDOWS\system32\browseui.dll
16:41:24.0859 1420 C:\WINDOWS\system32\browseui.dll - ok
16:41:24.0890 1420 [ 25D0F2A13A513EF381FA4D7532D13DE7 ] C:\WINDOWS\system32\shdocvw.dll
16:41:24.0890 1420 C:\WINDOWS\system32\shdocvw.dll - ok
16:41:24.0906 1420 [ 882912E0AED61A60BCD03F9B62D37F7F ] C:\WINDOWS\system32\urlmon.dll
16:41:24.0906 1420 C:\WINDOWS\system32\urlmon.dll - ok
16:41:24.0937 1420 [ E931B4DD87DFACE46468FD506FDCD262 ] C:\WINDOWS\system32\desk.cpl
16:41:24.0937 1420 C:\WINDOWS\system32\desk.cpl - ok
16:41:24.0968 1420 [ 4835E97243DD9ADEDEC91BB9740765A8 ] C:\WINDOWS\system32\themeui.dll
16:41:24.0968 1420 C:\WINDOWS\system32\themeui.dll - ok
16:41:25.0000 1420 [ 9EEA0CA999A33C9D2EABE82E4C624CC3 ] C:\WINDOWS\system32\msutb.dll
16:41:25.0000 1420 C:\WINDOWS\system32\msutb.dll - ok
16:41:25.0015 1420 [ 2B6D3630EB32B562E6763370CE35D730 ] C:\WINDOWS\system32\MSCTF.dll
16:41:25.0015 1420 C:\WINDOWS\system32\MSCTF.dll - ok
16:41:25.0046 1420 [ BA938AD30E2192C7281D21CEB94C9489 ] C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL
16:41:25.0046 1420 C:\PROGRA~1\Google\GOOGLE~1\GOA66E~1.DLL - ok
16:41:25.0078 1420 [ A1A688EE56CF3BBD24EDEB815D48E9BA ] C:\WINDOWS\system32\linkinfo.dll
16:41:25.0078 1420 C:\WINDOWS\system32\linkinfo.dll - ok
16:41:25.0093 1420 [ 385E9AEC6E100DBEBEE5BD1F27A55E1D ] C:\WINDOWS\system32\ntshrui.dll
16:41:25.0093 1420 C:\WINDOWS\system32\ntshrui.dll - ok
16:41:25.0125 1420 [ 32A71F37940DE5997FBB8F7BF76BD246 ] C:\WINDOWS\system32\verclsid.exe
16:41:25.0125 1420 C:\WINDOWS\system32\verclsid.exe - ok
16:41:25.0140 1420 [ 53AF9F2B2CE4B6EFF41C70417359D010 ] C:\WINDOWS\system32\wsock32.dll
16:41:25.0140 1420 C:\WINDOWS\system32\wsock32.dll - ok
16:41:25.0171 1420 [ 339089D6C3FC3BC5CED8D9049C4D2101 ] C:\WINDOWS\system32\upnp.dll
16:41:25.0171 1420 C:\WINDOWS\system32\upnp.dll - ok
16:41:25.0203 1420 [ DCE3C277C4C9ADBC11850DBC4AD131B3 ] C:\WINDOWS\system32\winhttp.dll
16:41:25.0203 1420 C:\WINDOWS\system32\winhttp.dll - ok
16:41:25.0234 1420 [ 5B8DFA748FA4845BC04445A30126F2E9 ] C:\WINDOWS\system32\ssdpapi.dll
16:41:25.0234 1420 C:\WINDOWS\system32\ssdpapi.dll - ok
16:41:25.0250 1420 [ D4BD2EEAB07FEF323F0A0CEECC954F51 ] C:\WINDOWS\system32\rasmans.dll
16:41:25.0250 1420 C:\WINDOWS\system32\rasmans.dll - ok
16:41:25.0281 1420 [ DFD9870CF39C791D86C4C209DA9FA919 ] C:\WINDOWS\system32\sens.dll
16:41:25.0281 1420 C:\WINDOWS\system32\sens.dll - ok
16:41:25.0312 1420 [ 2B2F31E3F2CE3723C1B0F3700C8BE28B ] C:\WINDOWS\system32\winipsec.dll
16:41:25.0312 1420 C:\WINDOWS\system32\winipsec.dll - ok
16:41:25.0328 1420 [ CAD4AA32E7ECA00C23CC39C0EB833F9D ] C:\WINDOWS\system32\cryptnet.dll
16:41:25.0328 1420 C:\WINDOWS\system32\cryptnet.dll - ok
16:41:25.0343 1420 [ 6E205319848B8AF2A0DA52B8D63DB91E ] C:\WINDOWS\system32\sensapi.dll
16:41:25.0343 1420 C:\WINDOWS\system32\sensapi.dll - ok
16:41:25.0375 1420 [ 08F0190AE201EC331B4CA3B0FA2D2CCE ] C:\WINDOWS\system32\cabinet.dll
16:41:25.0375 1420 C:\WINDOWS\system32\cabinet.dll - ok
16:41:25.0406 1420 [ 178A34E5554DCE485E1262DDF027960C ] C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
16:41:25.0406 1420 C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe - ok
16:41:25.0421 1420 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\11502380.sys
16:41:25.0421 1420 C:\WINDOWS\system32\drivers\11502380.sys - ok
16:41:25.0453 1420 [ 1CBC000ECD2DE2E6FD2B19BC9AABCC52 ] C:\WINDOWS\system32\msi.dll
16:41:25.0453 1420 C:\WINDOWS\system32\msi.dll - ok
16:41:25.0484 1420 [ A4AB3DCA4A383F0DF4988ABDEB84F9A4 ] C:\WINDOWS\system32\es.dll
16:41:25.0484 1420 C:\WINDOWS\system32\es.dll - ok
16:41:25.0500 1420 ============================================================
16:41:25.0500 1420 Scan finished
16:41:25.0500 1420 ============================================================
16:41:25.0640 1412 Detected object count: 29
16:41:25.0640 1412 Actual detected object count: 29
16:42:29.0156 1412 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0156 1412 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0156 1412 AOL ACS ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0156 1412 AOL ACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0171 1412 AOL TopSpeedMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0171 1412 AOL TopSpeedMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0187 1412 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0187 1412 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0203 1412 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0203 1412 DVD-RAM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0203 1412 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0203 1412 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0218 1412 gupdate ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0218 1412 gupdate ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0234 1412 gupdatem ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0234 1412 gupdatem ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0250 1412 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0250 1412 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0250 1412 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0250 1412 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0265 1412 meiudf ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0265 1412 meiudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0281 1412 Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0281 1412 Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0296 1412 PEVSystemStart ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0296 1412 PEVSystemStart ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0296 1412 Pfc ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0296 1412 Pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0312 1412 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0312 1412 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0328 1412 RasMan ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0328 1412 RasMan ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0343 1412 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0343 1412 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0343 1412 S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0343 1412 S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0359 1412 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0359 1412 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0375 1412 Swupdtmr ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0375 1412 Swupdtmr ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0390 1412 TAPPSRV ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0390 1412 TAPPSRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0390 1412 tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0390 1412 tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0406 1412 tdudf ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0406 1412 tdudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0406 1412 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0406 1412 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0421 1412 tosrfec ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0421 1412 tosrfec ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0437 1412 TVALD ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0437 1412 TVALD ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0437 1412 Tvs ( UnsignedFile.Multi.Generic ) - skipped by user
16:42:29.0437 1412 Tvs ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:42:29.0921 1412 \Device\Harddisk0\DR0\# - copied to quarantine
16:42:29.0937 1412 \Device\Harddisk0\DR0 - copied to quarantine
16:42:30.0046 1412 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
16:42:30.0046 1412 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
16:42:30.0046 1412 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:42:30.0046 1412 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:42:30.0062 1412 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:42:30.0062 1412 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:42:30.0062 1412 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:42:30.0109 1412 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:42:30.0156 1412 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
16:42:30.0156 1412 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine
16:42:30.0156 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
16:42:30.0171 1412 \Device\Harddisk0\DR0 - ok
16:42:30.0234 1412 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
16:42:30.0234 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:42:30.0234 1412 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
16:42:50.0843 1364 Deinitialize success

#11 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 18 May 2013 - 06:49 PM

ROGUE KILLER LOG:

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Administrator [Admin rights]
Mode : Remove -- Date : 05/18/2013 16:49:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : MozillaAgent (C:\WINDOWS\Temp\_ex-68.exe) [-] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8032GSX +++++
--- User ---
[MBR] a3c98aca6c4ddbfd0cb9647613a9d83d
[BSP] 1e4e918a69573a089608f04fb8f4d4fb : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76010 Mo
3 - [XXXXXX] UNKNOWN (0x88) [VISIBLE] Offset (sectors): 155669850 | Size: 305 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05182013_02d1649.txt >>
RKreport[1]_S_05182013_02d1648.txt ; RKreport[2]_D_05182013_02d1649.txt

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 18 May 2013 - 08:53 PM


Hello



I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 18 May 2013 - 09:24 PM

Hello



I would like you to rerun TDSSKiller and this time when it gets to this part

  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo

 

 

Ok I deleted what you wanted me to. What should I do now?



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:06 AM

Posted 18 May 2013 - 09:35 PM

Now I would like you to try and rerun combofix for me please



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 con1287

con1287
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 18 May 2013 - 11:06 PM

COMBO FIX LOG:


ComboFix 13-05-18.03 - Administrator 05/18/2013 20:09:02.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.234 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\shin\Local Settings\Application Data\6212bb16
c:\documents and settings\shin\Local Settings\Application Data\6212bb16\@
c:\documents and settings\shin\Local Settings\Application Data\6212bb16\X
c:\documents and settings\shin\Start Menu\Programs\System Fix
c:\documents and settings\shin\Start Menu\Programs\System Fix\System Fix.lnk
c:\documents and settings\shin\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\documents and settings\shin\WINDOWS
C:\Recycle.Bin
c:\windows\system32\2.tmp
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-08.exe
c:\windows\Temp\_ex-68.exe
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\export.dat
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html
c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected
Restored copy from - c:\program files\Google\Update\
.
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\program files\Intel\Wireless\Bin\
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . is infected!!
c:\program files\Intel\Wireless\Bin\S24EvMon.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\toshiba\IVP\swupdate\swupdtmr.exe . . . is infected!!
c:\toshiba\IVP\swupdate\swupdtmr.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\windows\system32\TODDSrv.exe . . . is infected!!
c:\windows\system32\TODDSrv.exe . . . was deleted!! You should re-install the program it pertains to
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_5689
-------\Legacy_NPF
-------\Service_5689
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-04-19 to 2013-05-19 )))))))))))))))))))))))))))))))
.
.
2013-05-18 23:42 . 2013-05-19 02:25 -------- d-----w- C:\TDSSKiller_Quarantine
2013-05-18 01:16 . 2013-05-18 01:16 -------- d-----w- c:\windows\ERUNT
2013-05-18 01:16 . 2013-05-18 01:16 -------- d-----w- C:\JRT
2013-05-17 01:09 . 2010-02-24 13:11 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-27 19:12 . 2012-10-27 19:12 4096000 ----a-w- c:\program files\GUT12.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 16050688]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"TFncKy"="TFncKy.exe" [BU]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-03 700416]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-01 273528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-07-20 98304]
.
c:\documents and settings\shin\Start Menu\Programs\Startup\
dxdiag.exe [2009-2-9 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153363098\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 11:50 AM 98816]
S0 89634693;89634693;c:\windows\system32\drivers\93580157.sys --> c:\windows\system32\drivers\93580157.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\B.tmp --> c:\windows\system32\B.tmp [?]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2013-05-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2505559543-2129697108-3678521768-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2011-12-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
2011-12-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2505559543-2129697108-3678521768-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-48796278.sys
SafeBoot-61389047.sys
SafeBoot-89634693.sys
AddRemove-NSS - c:\program files\Norton Security Scan\Engine\3.6.0.31\InstWrap.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-18 20:18
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\B.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\dllhost.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSMain.exe
c:\windows\eHome\ehmsas.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
.
**************************************************************************
.
Completion time: 2013-05-18 20:21:33 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-19 03:21
.
Pre-Run: 65,859,600,384 bytes free
Post-Run: 68,686,274,560 bytes free
.
- - End Of File - - 1535059670010390E0032FE3B08062ED




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users