33 replies to this topic

[tysonboh]

okay so i went ahead a restarted the system in normal mode, no pop up so far. and really the pop up was the only thing showing me that i had the virus, there were no other problems occuring on my computer, so basically its running the exact same way, minus the pop-up.

[Maurice Naggar]

Yes, you should be in Normal mode of Windows.

now, you had said

Quote

okay so i did the combofix thing, and after it was done it must have restarted the computer, but it restarted in normal mode, in normal mode these blue combofix boxes kept flashing up all over the screen, after waiting a while i realised this wasnt right, turned it off and opened it again in safe mode with networking. combofix was up again but working properly and it finished its thing. heres the log

I hope you never again have an occasion to need to run Combofix......but, you should be made very aware of this....
Combofix does a lot of work. and unless your Helper tells you otherwise, you should always allow it to restart on it's own and on it's own get back to Windows.

It appears things are back to "normal"....meaning the rogue "command processor" trojan is gone.

I believe much, much earlier you said your Norton license had expired. If still true, I would recommend you remove Norton antivirus and get either MS Security Essentials or Avira antivirus.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
I would suggest you get either MSE or Avira.

The sequence to use when switching antivirus is this:
1) Download AND SAVE the setup program of the new antivirus. (Have it handy).
2) Disconnect pc from internet
3) De-install the old antivirus (in your case with XP, use the Add-or-Remove program & then locate it & un-install (remove)
4) Make sure to Logoff and Restart Windows fresh.
5) Run setup of new antivirus
6) Logoff and Restart fresh
7) Reconnect to internet
7) start the new A-V, and do an Update run (to make sure it is all current)

Watch your system closely for another 24 hours.
Do not disappear, but return tomorrow to give me a new update; plus I need to convey to you the cleanup procedure.

Edited by Maurice Naggar, 05 July 2012 - 11:11 PM.

[tysonboh]

okay, ive uninstalled norton, put microsoft security essentials on and completely updated it, and now its doing a full scan, so far its taken about 3 hours and still going.

so am i now able to use my computer for browsing still? or would it still be unsafe to log into websites i want to use etc.

[Maurice Naggar]

After the scan finsihes, I highly recommend you get & apply the mvp hosts (below). After that, you may visit & browse but always be very careful to not be real quick to click links to unknown sites or questionable links.
Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:
1) Download and SAVE the zip file to a temporary folder
2) Unzip (extract the contents) in the same folder
3) Temporarily disable your antivirus program. Some antivirus apps will block changes to the Hosts file; so turn it off.
4) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides
typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

Quote

_________________________________________________
¦ +---+¦
¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦
¦ +---+¦
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Previous version saved and renamed to HOSTS.MVP
Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts
The latter is the same folder that had mvps.bat
5) Re-enable your antivirus app.

The MVP Hosts file is updated from time to time. See http://msmvps.com/blogs/hostsnews
for information. And you can also sign-up for email notice when Mike publishes updates.

Do not go away, as we still need to do cleanups and closure.

[tysonboh]

okay i just finished all that,so it is now safe to browse? what about online purchasing, logging into sites i use frequently etc?

[Maurice Naggar]

Hold on a bit. The Java runtime is out-dated & poses a security risk exposure.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Download the latest version of >> Windows Offline << from here and save it to your desktop.
  
  
• Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
  How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u5-windows-i586.exe to install the newest version.
  ( jre-7u5-windows-x64.exe if this is a 64-bit Windows o.s.)

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    Applications and Applets
    Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    
  • Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 7 Update 5 from Sun Microsystems Inc.

Step 2
Please read carefully and follow these steps.

• Delete any prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Copy & Paste the TDSSKILLER log for review.

[tysonboh]

22:59:53.0520 5684 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
22:59:54.0893 5684 ============================================================
22:59:54.0893 5684 Current date / time: 2012/07/06 22:59:54.0893
22:59:54.0893 5684 SystemInfo:
22:59:54.0893 5684
22:59:54.0893 5684 OS Version: 6.0.6002 ServicePack: 2.0
22:59:54.0893 5684 Product type: Workstation
22:59:54.0893 5684 ComputerName: USER-PC
22:59:54.0893 5684 UserName: USER
22:59:54.0893 5684 Windows directory: C:\Windows
22:59:54.0893 5684 System windows directory: C:\Windows
22:59:54.0893 5684 Processor architecture: Intel x86
22:59:54.0893 5684 Number of processors: 2
22:59:54.0893 5684 Page size: 0x1000
22:59:54.0893 5684 Boot type: Normal boot
22:59:54.0893 5684 ============================================================
22:59:55.0829 5684 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:59:55.0829 5684 ============================================================
22:59:55.0829 5684 \Device\Harddisk0\DR0:
22:59:55.0829 5684 MBR partitions:
22:59:55.0829 5684 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x16565800
22:59:55.0829 5684 ============================================================
22:59:55.0844 5684 C: <-> \Device\Harddisk0\DR0\Partition0
22:59:55.0844 5684 ============================================================
22:59:55.0844 5684 Initialize success
22:59:55.0844 5684 ============================================================
23:00:41.0078 2212 ============================================================
23:00:41.0078 2212 Scan started
23:00:41.0078 2212 Mode: Manual; SigCheck; TDLFS;
23:00:41.0078 2212 ============================================================
23:00:42.0184 2212 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:00:42.0287 2212 ACPI - ok
23:00:42.0529 2212 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:00:42.0570 2212 adp94xx - ok
23:00:42.0595 2212 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:00:42.0615 2212 adpahci - ok
23:00:42.0718 2212 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:00:42.0734 2212 adpu160m - ok
23:00:42.0776 2212 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:00:42.0793 2212 adpu320 - ok
23:00:42.0837 2212 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
23:00:42.0986 2212 AeLookupSvc - ok
23:00:43.0057 2212 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:00:43.0132 2212 AFD - ok
23:00:43.0282 2212 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:00:43.0296 2212 agp440 - ok
23:00:43.0447 2212 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:00:43.0463 2212 aic78xx - ok
23:00:43.0511 2212 AlfaFF (a3c95c02b2d26824d82718806bec915e) C:\Windows\system32\Drivers\AlfaFF.sys
23:00:43.0532 2212 AlfaFF - ok
23:00:43.0553 2212 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
23:00:43.0604 2212 ALG - ok
23:00:43.0661 2212 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:00:43.0674 2212 aliide - ok
23:00:43.0759 2212 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:00:43.0773 2212 amdagp - ok
23:00:43.0821 2212 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:00:43.0835 2212 amdide - ok
23:00:43.0869 2212 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:00:43.0936 2212 AmdK7 - ok
23:00:44.0045 2212 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
23:00:44.0102 2212 AmdK8 - ok
23:00:44.0220 2212 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
23:00:44.0273 2212 Appinfo - ok
23:00:44.0475 2212 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:00:44.0487 2212 Apple Mobile Device - ok
23:00:44.0521 2212 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:00:44.0539 2212 arc - ok
23:00:44.0706 2212 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:00:44.0721 2212 arcsas - ok
23:00:44.0986 2212 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:00:45.0000 2212 aspnet_state - ok
23:00:45.0102 2212 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:00:45.0148 2212 AsyncMac - ok
23:00:45.0252 2212 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:00:45.0266 2212 atapi - ok
23:00:45.0346 2212 Ati External Event Utility (26757a5a06c37ef44be544eb7e98d9d3) C:\Windows\system32\Ati2evxx.exe
23:00:45.0431 2212 Ati External Event Utility - ok
23:00:45.0891 2212 atikmdag (d5ab32f003780f21325f1c1df613f867) C:\Windows\system32\DRIVERS\atikmdag.sys
23:00:46.0168 2212 atikmdag - ok
23:00:46.0453 2212 ATSWPDRV (7ceaaa478bd100ecbb1a2fc38f8f03de) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
23:00:46.0467 2212 ATSWPDRV - ok
23:00:46.0537 2212 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:00:46.0601 2212 AudioEndpointBuilder - ok
23:00:46.0609 2212 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
23:00:46.0635 2212 Audiosrv - ok
23:00:46.0680 2212 Authentec memory manager (530fe40a1420e7e3992ddb58af12b8b9) C:\Windows\system32\TAMSvr.exe
23:00:46.0727 2212 Authentec memory manager ( UnsignedFile.Multi.Generic ) - warning
23:00:46.0727 2212 Authentec memory manager - detected UnsignedFile.Multi.Generic (1)
23:00:46.0920 2212 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
23:00:46.0996 2212 Automatic LiveUpdate Scheduler - ok
23:00:47.0049 2212 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:00:47.0116 2212 Beep - ok
23:00:47.0286 2212 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
23:00:47.0400 2212 BFE - ok
23:00:47.0499 2212 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
23:00:47.0613 2212 BITS - ok
23:00:47.0672 2212 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:00:47.0700 2212 blbdrive - ok
23:00:47.0816 2212 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
23:00:47.0851 2212 Bonjour Service - ok
23:00:47.0942 2212 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:00:47.0982 2212 bowser - ok
23:00:48.0037 2212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:00:48.0106 2212 BrFiltLo - ok
23:00:48.0132 2212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:00:48.0186 2212 BrFiltUp - ok
23:00:48.0237 2212 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
23:00:48.0311 2212 Browser - ok
23:00:48.0345 2212 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:00:48.0523 2212 Brserid - ok
23:00:48.0544 2212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:00:48.0612 2212 BrSerWdm - ok
23:00:48.0675 2212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:00:48.0749 2212 BrUsbMdm - ok
23:00:48.0797 2212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:00:48.0880 2212 BrUsbSer - ok
23:00:48.0919 2212 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:00:48.0990 2212 BTHMODEM - ok
23:00:49.0034 2212 catchme - ok
23:00:49.0056 2212 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:00:49.0100 2212 cdfs - ok
23:00:49.0153 2212 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:00:49.0196 2212 cdrom - ok
23:00:49.0247 2212 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:00:49.0280 2212 CertPropSvc - ok
23:00:49.0396 2212 CFcatchme - ok
23:00:49.0440 2212 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:00:49.0504 2212 circlass - ok
23:00:49.0580 2212 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:00:49.0600 2212 CLFS - ok
23:00:49.0673 2212 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:00:49.0687 2212 clr_optimization_v2.0.50727_32 - ok
23:00:49.0815 2212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:00:49.0832 2212 clr_optimization_v4.0.30319_32 - ok
23:00:49.0894 2212 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:00:49.0951 2212 CmBatt - ok
23:00:50.0012 2212 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:00:50.0029 2212 cmdide - ok
23:00:50.0044 2212 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:00:50.0060 2212 Compbatt - ok
23:00:50.0069 2212 COMSysApp - ok
23:00:50.0191 2212 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
23:00:50.0218 2212 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
23:00:50.0218 2212 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
23:00:50.0240 2212 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:00:50.0253 2212 crcdisk - ok
23:00:50.0396 2212 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:00:50.0441 2212 Crusoe - ok
23:00:50.0488 2212 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
23:00:50.0590 2212 CryptSvc - ok
23:00:50.0730 2212 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:00:50.0898 2212 DcomLaunch - ok
23:00:51.0018 2212 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:00:51.0046 2212 DfsC - ok
23:00:51.0489 2212 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
23:00:51.0700 2212 DFSR - ok
23:00:52.0076 2212 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
23:00:52.0135 2212 Dhcp - ok
23:00:52.0229 2212 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:00:52.0243 2212 disk - ok
23:00:52.0292 2212 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
23:00:52.0420 2212 Dnscache - ok
23:00:52.0482 2212 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
23:00:52.0508 2212 dot3svc - ok
23:00:52.0557 2212 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
23:00:52.0625 2212 DPS - ok
23:00:52.0665 2212 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:00:52.0706 2212 drmkaud - ok
23:00:52.0915 2212 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:00:52.0944 2212 DXGKrnl - ok
23:00:53.0039 2212 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:00:53.0138 2212 E1G60 - ok
23:00:53.0208 2212 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
23:00:53.0250 2212 EapHost - ok
23:00:53.0381 2212 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:00:53.0398 2212 Ecache - ok
23:00:53.0521 2212 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
23:00:53.0562 2212 ehRecvr - ok
23:00:53.0588 2212 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
23:00:53.0648 2212 ehSched - ok
23:00:53.0661 2212 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
23:00:53.0684 2212 ehstart - ok
23:00:53.0782 2212 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:00:53.0808 2212 elxstor - ok
23:00:53.0936 2212 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
23:00:54.0029 2212 EMDMgmt - ok
23:00:54.0064 2212 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:00:54.0107 2212 ErrDev - ok
23:00:54.0195 2212 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
23:00:54.0236 2212 EventSystem - ok
23:00:54.0305 2212 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:00:54.0411 2212 exfat - ok
23:00:54.0480 2212 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:00:54.0514 2212 fastfat - ok
23:00:54.0585 2212 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:00:54.0634 2212 fdc - ok
23:00:54.0662 2212 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
23:00:54.0690 2212 fdPHost - ok
23:00:54.0699 2212 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
23:00:54.0746 2212 FDResPub - ok
23:00:54.0768 2212 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:00:54.0782 2212 FileInfo - ok
23:00:54.0867 2212 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:00:54.0895 2212 Filetrace - ok
23:00:54.0909 2212 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:00:54.0950 2212 flpydisk - ok
23:00:55.0249 2212 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:00:55.0267 2212 FltMgr - ok
23:00:55.0520 2212 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
23:00:55.0637 2212 FontCache - ok
23:00:55.0789 2212 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:00:55.0801 2212 FontCache3.0.0.0 - ok
23:00:55.0863 2212 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
23:00:55.0914 2212 Fs_Rec - ok
23:00:55.0975 2212 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
23:00:56.0020 2212 FwLnk - ok
23:00:56.0049 2212 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:00:56.0063 2212 gagp30kx - ok
23:00:56.0129 2212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:00:56.0139 2212 GEARAspiWDM - ok
23:00:56.0244 2212 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
23:00:56.0341 2212 gpsvc - ok
23:00:56.0508 2212 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
23:00:56.0558 2212 HdAudAddService - ok
23:00:56.0745 2212 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:00:56.0828 2212 HDAudBus - ok
23:00:56.0845 2212 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:00:56.0892 2212 HidBth - ok
23:00:56.0973 2212 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:00:57.0037 2212 HidIr - ok
23:00:57.0150 2212 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
23:00:57.0202 2212 hidserv - ok
23:00:57.0245 2212 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:00:57.0298 2212 HidUsb - ok
23:00:57.0331 2212 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
23:00:57.0361 2212 hkmsvc - ok
23:00:57.0480 2212 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:00:57.0494 2212 HpCISSs - ok
23:00:57.0600 2212 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:00:57.0660 2212 HTTP - ok
23:00:57.0781 2212 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:00:57.0794 2212 i2omp - ok
23:00:57.0841 2212 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:00:57.0877 2212 i8042prt - ok
23:00:57.0974 2212 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
23:00:57.0990 2212 iaStor - ok
23:00:58.0242 2212 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:00:58.0299 2212 iaStorV - ok
23:00:58.0623 2212 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:00:58.0703 2212 idsvc - ok
23:00:58.0816 2212 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:00:58.0829 2212 iirsp - ok
23:00:58.0935 2212 IJPLMSVC (a06efd4965f8a3f97a8c9a291d032678) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
23:00:58.0964 2212 IJPLMSVC - ok
23:00:59.0022 2212 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
23:00:59.0066 2212 IKEEXT - ok
23:00:59.0398 2212 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
23:00:59.0580 2212 IntcAzAudAddService - ok
23:01:00.0088 2212 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:01:00.0102 2212 intelide - ok
23:01:00.0112 2212 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:01:00.0156 2212 intelppm - ok
23:01:00.0212 2212 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
23:01:00.0271 2212 IPBusEnum - ok
23:01:00.0293 2212 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:01:00.0334 2212 IpFilterDriver - ok
23:01:00.0405 2212 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
23:01:00.0454 2212 iphlpsvc - ok
23:01:00.0460 2212 IpInIp - ok
23:01:00.0567 2212 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:01:00.0595 2212 IPMIDRV - ok
23:01:00.0669 2212 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:01:00.0698 2212 IPNAT - ok
23:01:00.0868 2212 iPod Service (178fe38b7740f598391eb2f51ae4ccac) C:\Program Files\iPod\bin\iPodService.exe
23:01:00.0921 2212 iPod Service - ok
23:01:01.0031 2212 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:01:01.0058 2212 IRENUM - ok
23:01:01.0117 2212 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:01:01.0145 2212 isapnp - ok
23:01:01.0243 2212 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:01:01.0261 2212 iScsiPrt - ok
23:01:01.0340 2212 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:01:01.0352 2212 iteatapi - ok
23:01:01.0387 2212 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:01:01.0400 2212 iteraid - ok
23:01:01.0429 2212 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:01:01.0442 2212 kbdclass - ok
23:01:01.0457 2212 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
23:01:01.0503 2212 kbdhid - ok
23:01:01.0584 2212 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:01.0667 2212 KeyIso - ok
23:01:01.0735 2212 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:01:01.0773 2212 KSecDD - ok
23:01:01.0886 2212 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
23:01:02.0023 2212 KtmRm - ok
23:01:02.0101 2212 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
23:01:02.0175 2212 LanmanServer - ok
23:01:02.0286 2212 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
23:01:02.0367 2212 LanmanWorkstation - ok
23:01:03.0000 2212 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:01:03.0230 2212 LiveUpdate - ok
23:01:03.0451 2212 LiveUpdate Notice Ex - ok
23:01:03.0610 2212 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:01:03.0738 2212 LiveUpdate Notice Service - ok
23:01:04.0043 2212 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:01:04.0089 2212 lltdio - ok
23:01:04.0157 2212 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
23:01:04.0225 2212 lltdsvc - ok
23:01:04.0300 2212 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
23:01:04.0346 2212 lmhosts - ok
23:01:04.0415 2212 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:01:04.0431 2212 LSI_FC - ok
23:01:04.0500 2212 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:01:04.0515 2212 LSI_SAS - ok
23:01:04.0552 2212 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:01:04.0567 2212 LSI_SCSI - ok
23:01:04.0686 2212 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:01:04.0757 2212 luafv - ok
23:01:04.0788 2212 massfilter - ok
23:01:04.0869 2212 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
23:01:04.0901 2212 Mcx2Svc - ok
23:01:04.0955 2212 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:01:04.0969 2212 megasas - ok
23:01:05.0099 2212 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:01:05.0167 2212 MegaSR - ok
23:01:05.0257 2212 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:01:05.0286 2212 MMCSS - ok
23:01:05.0339 2212 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:01:05.0381 2212 Modem - ok
23:01:05.0444 2212 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:01:05.0509 2212 monitor - ok
23:01:05.0534 2212 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:01:05.0547 2212 mouclass - ok
23:01:05.0557 2212 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:01:05.0597 2212 mouhid - ok
23:01:05.0639 2212 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:01:05.0653 2212 MountMgr - ok
23:01:05.0850 2212 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:01:05.0865 2212 MozillaMaintenance - ok
23:01:06.0021 2212 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:01:06.0040 2212 MpFilter - ok
23:01:06.0160 2212 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:01:06.0176 2212 mpio - ok
23:01:06.0386 2212 MpKslda6ce9f1 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E33B7EA-EB9D-4A20-A783-7B54BA9DBF22}\MpKslda6ce9f1.sys
23:01:06.0397 2212 MpKslda6ce9f1 - ok
23:01:06.0417 2212 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:01:06.0440 2212 mpsdrv - ok
23:01:06.0550 2212 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
23:01:06.0629 2212 MpsSvc - ok
23:01:06.0671 2212 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:01:06.0683 2212 Mraid35x - ok
23:01:06.0795 2212 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:01:06.0828 2212 MRxDAV - ok
23:01:06.0872 2212 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:01:06.0902 2212 mrxsmb - ok
23:01:06.0984 2212 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:01:07.0004 2212 mrxsmb10 - ok
23:01:07.0033 2212 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:01:07.0078 2212 mrxsmb20 - ok
23:01:07.0125 2212 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:01:07.0138 2212 msahci - ok
23:01:07.0243 2212 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:01:07.0258 2212 msdsm - ok
23:01:07.0339 2212 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
23:01:07.0426 2212 MSDTC - ok
23:01:07.0533 2212 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:01:07.0578 2212 Msfs - ok
23:01:07.0664 2212 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:01:07.0680 2212 msisadrv - ok
23:01:07.0742 2212 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
23:01:07.0793 2212 MSiSCSI - ok
23:01:07.0798 2212 msiserver - ok
23:01:07.0847 2212 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:01:07.0893 2212 MSKSSRV - ok
23:01:08.0009 2212 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:01:08.0022 2212 MsMpSvc - ok
23:01:08.0072 2212 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:01:08.0099 2212 MSPCLOCK - ok
23:01:08.0129 2212 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:01:08.0170 2212 MSPQM - ok
23:01:08.0328 2212 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:01:08.0350 2212 MsRPC - ok
23:01:08.0479 2212 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:01:08.0495 2212 mssmbios - ok
23:01:08.0541 2212 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:01:08.0617 2212 MSTEE - ok
23:01:08.0710 2212 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:01:08.0725 2212 Mup - ok
23:01:08.0819 2212 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
23:01:08.0864 2212 napagent - ok
23:01:08.0991 2212 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:01:09.0050 2212 NativeWifiP - ok
23:01:09.0300 2212 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:01:09.0342 2212 NDIS - ok
23:01:09.0420 2212 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:01:09.0502 2212 NdisTapi - ok
23:01:09.0517 2212 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:01:09.0559 2212 Ndisuio - ok
23:01:09.0680 2212 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:01:09.0755 2212 NdisWan - ok
23:01:09.0773 2212 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:01:09.0796 2212 NDProxy - ok
23:01:09.0855 2212 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:01:09.0884 2212 NetBIOS - ok
23:01:09.0998 2212 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:01:10.0046 2212 netbt - ok
23:01:10.0147 2212 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:10.0164 2212 Netlogon - ok
23:01:10.0201 2212 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
23:01:10.0272 2212 Netman - ok
23:01:10.0436 2212 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:01:10.0452 2212 NetMsmqActivator - ok
23:01:10.0457 2212 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:01:10.0470 2212 NetPipeActivator - ok
23:01:10.0575 2212 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
23:01:10.0621 2212 netprofm - ok
23:01:10.0626 2212 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:01:10.0639 2212 NetTcpActivator - ok
23:01:10.0644 2212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:01:10.0658 2212 NetTcpPortSharing - ok
23:01:11.0237 2212 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
23:01:11.0636 2212 NETw3v32 - ok
23:01:12.0478 2212 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
23:01:12.0704 2212 NETw4v32 - ok
23:01:13.0575 2212 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
23:01:13.0823 2212 NETw5v32 - ok
23:01:14.0234 2212 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:01:14.0247 2212 nfrd960 - ok
23:01:14.0308 2212 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:01:14.0321 2212 NisDrv - ok
23:01:14.0516 2212 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:01:14.0535 2212 NisSrv - ok
23:01:14.0621 2212 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
23:01:14.0652 2212 NlaSvc - ok
23:01:14.0865 2212 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:01:14.0887 2212 Npfs - ok
23:01:14.0908 2212 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
23:01:14.0952 2212 nsi - ok
23:01:15.0000 2212 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:01:15.0062 2212 nsiproxy - ok
23:01:15.0275 2212 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:01:15.0395 2212 Ntfs - ok
23:01:15.0450 2212 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:01:15.0495 2212 ntrigdigi - ok
23:01:15.0518 2212 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:01:15.0569 2212 Null - ok
23:01:15.0647 2212 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:01:15.0663 2212 nvraid - ok
23:01:15.0692 2212 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:01:15.0708 2212 nvstor - ok
23:01:15.0764 2212 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:01:15.0780 2212 nv_agp - ok
23:01:15.0785 2212 NwlnkFlt - ok
23:01:15.0792 2212 NwlnkFwd - ok
23:01:15.0877 2212 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
23:01:15.0912 2212 ohci1394 - ok
23:01:16.0017 2212 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:01:16.0031 2212 ose - ok
23:01:16.0151 2212 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:16.0266 2212 p2pimsvc - ok
23:01:16.0275 2212 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:16.0352 2212 p2psvc - ok
23:01:16.0443 2212 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:01:16.0497 2212 Parport - ok
23:01:16.0582 2212 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
23:01:16.0597 2212 partmgr - ok
23:01:16.0625 2212 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:01:16.0686 2212 Parvdm - ok
23:01:16.0736 2212 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
23:01:16.0748 2212 PCASp50 - ok
23:01:16.0798 2212 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
23:01:16.0899 2212 PcaSvc - ok
23:01:16.0970 2212 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:01:16.0987 2212 pci - ok
23:01:17.0040 2212 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
23:01:17.0071 2212 pciide - ok
23:01:17.0096 2212 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:01:17.0113 2212 pcmcia - ok
23:01:17.0267 2212 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:01:17.0366 2212 PEAUTH - ok
23:01:17.0611 2212 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
23:01:17.0840 2212 pla - ok
23:01:18.0082 2212 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
23:01:18.0111 2212 PlugPlay - ok
23:01:18.0209 2212 PnkBstrA (3a2bdd76e7d2a5f40a7174793d1ba794) C:\Windows\system32\PnkBstrA.exe
23:01:18.0222 2212 PnkBstrA - ok
23:01:18.0365 2212 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:18.0426 2212 PNRPAutoReg - ok
23:01:18.0438 2212 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
23:01:18.0489 2212 PNRPsvc - ok
23:01:18.0566 2212 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
23:01:18.0629 2212 PolicyAgent - ok
23:01:18.0739 2212 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:01:18.0785 2212 PptpMiniport - ok
23:01:18.0843 2212 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:01:18.0871 2212 Processor - ok
23:01:18.0968 2212 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
23:01:18.0996 2212 ProfSvc - ok
23:01:19.0095 2212 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:19.0111 2212 ProtectedStorage - ok
23:01:19.0153 2212 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:01:19.0188 2212 PSched - ok
23:01:19.0394 2212 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:01:19.0518 2212 ql2300 - ok
23:01:19.0611 2212 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:01:19.0632 2212 ql40xx - ok
23:01:19.0856 2212 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
23:01:19.0934 2212 QWAVE - ok
23:01:19.0965 2212 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:01:19.0981 2212 QWAVEdrv - ok
23:01:20.0007 2212 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:01:20.0057 2212 RasAcd - ok
23:01:20.0096 2212 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
23:01:20.0150 2212 RasAuto - ok
23:01:20.0194 2212 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:01:20.0225 2212 Rasl2tp - ok
23:01:20.0300 2212 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
23:01:20.0351 2212 RasMan - ok
23:01:20.0468 2212 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:01:20.0503 2212 RasPppoe - ok
23:01:20.0602 2212 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:01:20.0619 2212 RasSstp - ok
23:01:20.0724 2212 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:01:20.0763 2212 rdbss - ok
23:01:20.0798 2212 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:01:20.0872 2212 RDPCDD - ok
23:01:20.0912 2212 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:01:20.0945 2212 rdpdr - ok
23:01:21.0014 2212 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:01:21.0066 2212 RDPENCDD - ok
23:01:21.0104 2212 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
23:01:21.0214 2212 RDPWD - ok
23:01:21.0256 2212 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
23:01:21.0286 2212 RemoteAccess - ok
23:01:21.0347 2212 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
23:01:21.0373 2212 RemoteRegistry - ok
23:01:21.0471 2212 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
23:01:21.0514 2212 rimmptsk - ok
23:01:21.0534 2212 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
23:01:21.0553 2212 rimsptsk - ok
23:01:21.0570 2212 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
23:01:21.0591 2212 rismxdp - ok
23:01:21.0665 2212 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
23:01:21.0735 2212 RpcLocator - ok
23:01:21.0855 2212 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
23:01:21.0902 2212 RpcSs - ok
23:01:22.0009 2212 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:01:22.0047 2212 rspndr - ok
23:01:22.0221 2212 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
23:01:22.0286 2212 RTL8169 - ok
23:01:22.0310 2212 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
23:01:22.0327 2212 SamSs - ok
23:01:22.0394 2212 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:01:22.0409 2212 sbp2port - ok
23:01:22.0647 2212 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
23:01:22.0739 2212 SBSDWSCService - ok
23:01:22.0852 2212 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
23:01:22.0879 2212 SCardSvr - ok
23:01:22.0949 2212 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
23:01:23.0018 2212 Schedule - ok
23:01:23.0039 2212 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
23:01:23.0060 2212 SCPolicySvc - ok
23:01:23.0195 2212 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
23:01:23.0219 2212 sdbus - ok
23:01:23.0298 2212 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
23:01:23.0344 2212 SDRSVC - ok
23:01:23.0423 2212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:01:23.0483 2212 secdrv - ok
23:01:23.0571 2212 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
23:01:23.0619 2212 seclogon - ok
23:01:23.0657 2212 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
23:01:23.0695 2212 SENS - ok
23:01:23.0870 2212 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:01:23.0916 2212 Serenum - ok
23:01:23.0979 2212 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:01:24.0045 2212 Serial - ok
23:01:24.0145 2212 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:01:24.0172 2212 sermouse - ok
23:01:24.0252 2212 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
23:01:24.0284 2212 SessionEnv - ok
23:01:24.0324 2212 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
23:01:24.0365 2212 sffdisk - ok
23:01:24.0387 2212 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:01:24.0456 2212 sffp_mmc - ok
23:01:24.0521 2212 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:01:24.0543 2212 sffp_sd - ok
23:01:24.0571 2212 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:01:24.0632 2212 sfloppy - ok
23:01:24.0781 2212 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
23:01:24.0855 2212 SharedAccess - ok
23:01:24.0942 2212 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
23:01:25.0020 2212 ShellHWDetection - ok
23:01:25.0049 2212 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:01:25.0063 2212 sisagp - ok
23:01:25.0144 2212 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:01:25.0158 2212 SiSRaid2 - ok
23:01:25.0181 2212 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:01:25.0197 2212 SiSRaid4 - ok
23:01:25.0743 2212 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
23:01:25.0973 2212 slsvc - ok
23:01:26.0376 2212 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
23:01:26.0481 2212 SLUINotify - ok
23:01:26.0575 2212 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:01:26.0635 2212 Smb - ok
23:01:26.0701 2212 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
23:01:26.0720 2212 SNMPTRAP - ok
23:01:26.0744 2212 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:01:26.0758 2212 spldr - ok
23:01:26.0819 2212 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
23:01:26.0888 2212 Spooler - ok
23:01:27.0022 2212 SQLWriter (9263c8898732e2b890f7e954e7729ab7) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:01:27.0035 2212 SQLWriter - ok
23:01:27.0198 2212 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:01:27.0360 2212 srv - ok
23:01:27.0469 2212 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:01:27.0542 2212 srv2 - ok
23:01:27.0596 2212 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:01:27.0627 2212 srvnet - ok
23:01:27.0684 2212 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
23:01:27.0736 2212 SSDPSRV - ok
23:01:27.0777 2212 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
23:01:27.0835 2212 SstpSvc - ok
23:01:27.0935 2212 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
23:01:27.0986 2212 stisvc - ok
23:01:28.0083 2212 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:01:28.0097 2212 swenum - ok
23:01:28.0278 2212 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
23:01:28.0309 2212 swprv - ok
23:01:28.0327 2212 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:01:28.0349 2212 Symc8xx - ok
23:01:28.0369 2212 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:01:28.0383 2212 Sym_hi - ok
23:01:28.0418 2212 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:01:28.0445 2212 Sym_u3 - ok
23:01:28.0562 2212 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
23:01:28.0578 2212 SynTP - ok
23:01:28.0741 2212 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
23:01:28.0849 2212 SysMain - ok
23:01:28.0942 2212 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
23:01:28.0979 2212 TabletInputService - ok
23:01:29.0147 2212 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
23:01:29.0203 2212 TapiSrv - ok
23:01:29.0315 2212 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
23:01:29.0359 2212 TBS - ok
23:01:29.0833 2212 Tcpip (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
23:01:29.0905 2212 Tcpip - ok
23:01:29.0920 2212 Tcpip6 (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
23:01:29.0974 2212 Tcpip6 - ok
23:01:30.0060 2212 tcpipreg (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
23:01:30.0101 2212 tcpipreg - ok
23:01:30.0154 2212 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
23:01:30.0195 2212 tdcmdpst - ok
23:01:30.0225 2212 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:01:30.0255 2212 TDPIPE - ok
23:01:30.0315 2212 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:01:30.0343 2212 TDTCP - ok
23:01:30.0394 2212 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:01:30.0430 2212 tdx - ok
23:01:30.0574 2212 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:01:30.0589 2212 TermDD - ok
23:01:30.0698 2212 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
23:01:30.0839 2212 TermService - ok
23:01:30.0945 2212 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
23:01:30.0965 2212 Themes - ok
23:01:31.0049 2212 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
23:01:31.0077 2212 THREADORDER - ok
23:01:31.0267 2212 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
23:01:31.0280 2212 TNaviSrv - ok
23:01:31.0421 2212 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
23:01:31.0475 2212 TODDSrv - ok
23:01:31.0593 2212 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
23:01:31.0626 2212 TosCoSrv - ok
23:01:31.0738 2212 TOSHIBA Bluetooth Service (2e7315b147e524e055026e6634b14ea6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
23:01:31.0750 2212 TOSHIBA Bluetooth Service - ok
23:01:31.0802 2212 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
23:01:31.0832 2212 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
23:01:31.0833 2212 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
23:01:31.0958 2212 tosrfbd (ae43138b0dea239b3621b0faf1bb1fe7) C:\Windows\system32\DRIVERS\tosrfbd.sys
23:01:32.0022 2212 tosrfbd - ok
23:01:32.0026 2212 Tosrfcom - ok
23:01:32.0069 2212 tosrfec (c063b8e2db85420438ebce3fc8d2752e) C:\Windows\system32\DRIVERS\tosrfec.sys
23:01:32.0108 2212 tosrfec - ok
23:01:32.0141 2212 Tosrfhid (87700714f25131ed21901d617b8b321f) C:\Windows\system32\DRIVERS\Tosrfhid.sys
23:01:32.0185 2212 Tosrfhid - ok
23:01:32.0213 2212 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\Windows\system32\DRIVERS\tosrfusb.sys
23:01:32.0250 2212 Tosrfusb - ok
23:01:32.0458 2212 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
23:01:32.0512 2212 tos_sps32 - ok
23:01:32.0712 2212 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
23:01:32.0767 2212 TrkWks - ok
23:01:32.0798 2212 TrojanKillerDriver (113384367c3999e084fe156b18c7625e) C:\Windows\system32\DRIVERS\gtkdrv.sys
23:01:32.0842 2212 TrojanKillerDriver - ok
23:01:32.0934 2212 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
23:01:32.0955 2212 TrustedInstaller - ok
23:01:33.0043 2212 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:01:33.0071 2212 tssecsrv - ok
23:01:33.0152 2212 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:01:33.0180 2212 tunmp - ok
23:01:33.0208 2212 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:01:33.0245 2212 tunnel - ok
23:01:33.0273 2212 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:01:33.0284 2212 TVALZ - ok
23:01:33.0302 2212 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:01:33.0317 2212 uagp35 - ok
23:01:33.0354 2212 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:01:33.0403 2212 udfs - ok
23:01:33.0487 2212 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
23:01:33.0528 2212 UI0Detect - ok
23:01:33.0680 2212 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
23:01:33.0687 2212 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
23:01:33.0687 2212 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
23:01:33.0802 2212 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:01:33.0817 2212 uliagpkx - ok
23:01:33.0849 2212 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:01:33.0911 2212 uliahci - ok
23:01:33.0997 2212 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:01:34.0012 2212 UlSata - ok
23:01:34.0032 2212 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:01:34.0060 2212 ulsata2 - ok
23:01:34.0120 2212 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:01:34.0207 2212 umbus - ok
23:01:34.0223 2212 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
23:01:34.0252 2212 UMPass - ok
23:01:34.0312 2212 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
23:01:34.0377 2212 upnphost - ok
23:01:34.0436 2212 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:01:34.0470 2212 USBAAPL - ok
23:01:34.0496 2212 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:01:34.0563 2212 usbccgp - ok
23:01:34.0741 2212 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:01:34.0811 2212 usbcir - ok
23:01:34.0930 2212 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:01:34.0984 2212 usbehci - ok
23:01:35.0099 2212 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:01:35.0151 2212 usbhub - ok
23:01:35.0217 2212 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:01:35.0278 2212 usbohci - ok
23:01:35.0316 2212 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:01:35.0344 2212 usbprint - ok
23:01:35.0382 2212 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:01:35.0415 2212 usbscan - ok
23:01:35.0585 2212 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:01:35.0620 2212 USBSTOR - ok
23:01:35.0643 2212 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:01:35.0693 2212 usbuhci - ok
23:01:35.0725 2212 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
23:01:35.0790 2212 usbvideo - ok
23:01:35.0855 2212 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
23:01:35.0892 2212 UVCFTR - ok
23:01:35.0930 2212 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
23:01:35.0966 2212 UxSms - ok
23:01:36.0080 2212 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
23:01:36.0158 2212 vds - ok
23:01:36.0215 2212 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:01:36.0291 2212 vga - ok
23:01:36.0411 2212 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:01:36.0439 2212 VgaSave - ok
23:01:36.0533 2212 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:01:36.0547 2212 viaagp - ok
23:01:36.0575 2212 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:01:36.0620 2212 ViaC7 - ok
23:01:36.0679 2212 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:01:36.0708 2212 viaide - ok
23:01:36.0730 2212 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:01:36.0745 2212 volmgr - ok
23:01:36.0790 2212 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:01:36.0812 2212 volmgrx - ok
23:01:36.0889 2212 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:01:36.0909 2212 volsnap - ok
23:01:37.0020 2212 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:01:37.0037 2212 vsmraid - ok
23:01:37.0365 2212 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
23:01:37.0468 2212 VSS - ok
23:01:37.0618 2212 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
23:01:37.0702 2212 W32Time - ok
23:01:37.0822 2212 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:01:37.0884 2212 WacomPen - ok
23:01:38.0005 2212 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:38.0028 2212 Wanarp - ok
23:01:38.0032 2212 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:01:38.0056 2212 Wanarpv6 - ok
23:01:38.0149 2212 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
23:01:38.0280 2212 wcncsvc - ok
23:01:38.0423 2212 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
23:01:38.0466 2212 WcsPlugInService - ok
23:01:38.0512 2212 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:01:38.0536 2212 Wd - ok
23:01:38.0622 2212 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:01:38.0677 2212 Wdf01000 - ok
23:01:38.0803 2212 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:01:38.0849 2212 WdiServiceHost - ok
23:01:38.0856 2212 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
23:01:38.0887 2212 WdiSystemHost - ok
23:01:38.0960 2212 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
23:01:39.0021 2212 WebClient - ok
23:01:39.0127 2212 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
23:01:39.0168 2212 Wecsvc - ok
23:01:39.0238 2212 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
23:01:39.0265 2212 wercplsupport - ok
23:01:39.0365 2212 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
23:01:39.0393 2212 WerSvc - ok
23:01:39.0525 2212 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
23:01:39.0545 2212 WinDefend - ok
23:01:39.0555 2212 WinHttpAutoProxySvc - ok
23:01:39.0679 2212 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
23:01:39.0704 2212 Winmgmt - ok
23:01:39.0916 2212 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
23:01:40.0092 2212 WinRM - ok
23:01:40.0232 2212 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
23:01:40.0296 2212 Wlansvc - ok
23:01:40.0387 2212 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:01:40.0410 2212 WmiAcpi - ok
23:01:40.0654 2212 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
23:01:40.0697 2212 wmiApSrv - ok
23:01:41.0014 2212 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:01:41.0103 2212 WMPNetworkSvc - ok
23:01:41.0196 2212 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
23:01:41.0265 2212 WPCSvc - ok
23:01:41.0326 2212 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
23:01:41.0365 2212 WPDBusEnum - ok
23:01:41.0490 2212 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:01:41.0507 2212 WpdUsb - ok
23:01:41.0792 2212 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:01:41.0843 2212 WPFFontCache_v0400 - ok
23:01:41.0940 2212 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:01:42.0028 2212 ws2ifsl - ok
23:01:42.0106 2212 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
23:01:42.0144 2212 wscsvc - ok
23:01:42.0149 2212 WSearch - ok
23:01:42.0533 2212 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:01:42.0713 2212 wuauserv - ok
23:01:43.0061 2212 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:01:43.0090 2212 WUDFRd - ok
23:01:43.0199 2212 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
23:01:43.0252 2212 wudfsvc - ok
23:01:43.0275 2212 ZTEusbmdm6k - ok
23:01:43.0283 2212 ZTEusbnet - ok
23:01:43.0329 2212 ZTEusbnmea - ok
23:01:43.0337 2212 ZTEusbser6k - ok
23:01:43.0373 2212 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
23:01:44.0210 2212 \Device\Harddisk0\DR0 - ok
23:01:44.0239 2212 Boot (0x1200) (f716aef41ef85260e1d1ed22fc0951d9) \Device\Harddisk0\DR0\Partition0
23:01:44.0258 2212 \Device\Harddisk0\DR0\Partition0 - ok
23:01:44.0259 2212 ============================================================
23:01:44.0259 2212 Scan finished
23:01:44.0259 2212 ============================================================
23:01:44.0274 5700 Detected object count: 4
23:01:44.0274 5700 Actual detected object count: 4
23:02:20.0885 5700 C:\Windows\system32\TAMSvr.exe - copied to quarantine
23:02:20.0928 5700 HKLM\SYSTEM\ControlSet001\services\Authentec memory manager - will be deleted on reboot
23:02:20.0956 5700 HKLM\SYSTEM\ControlSet002\services\Authentec memory manager - will be deleted on reboot
23:02:20.0972 5700 C:\Windows\system32\TAMSvr.exe - will be deleted on reboot
23:02:20.0972 5700 Authentec memory manager ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:02:21.0158 5700 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - copied to quarantine
23:02:21.0202 5700 HKLM\SYSTEM\ControlSet001\services\ConfigFree Service - will be deleted on reboot
23:02:21.0204 5700 HKLM\SYSTEM\ControlSet002\services\ConfigFree Service - will be deleted on reboot
23:02:21.0209 5700 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - will be deleted on reboot
23:02:21.0209 5700 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:02:21.0272 5700 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe - copied to quarantine
23:02:21.0475 5700 HKLM\SYSTEM\ControlSet001\services\TOSHIBA SMART Log Service - will be deleted on reboot
23:02:21.0500 5700 HKLM\SYSTEM\ControlSet002\services\TOSHIBA SMART Log Service - will be deleted on reboot
23:02:21.0506 5700 C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe - will be deleted on reboot
23:02:21.0506 5700 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
23:02:21.0600 5700 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - copied to quarantine
23:02:22.0099 5700 HKLM\SYSTEM\ControlSet001\services\UleadBurningHelper - will be deleted on reboot
23:02:22.0113 5700 HKLM\SYSTEM\ControlSet002\services\UleadBurningHelper - will be deleted on reboot
23:02:22.0118 5700 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - will be deleted on reboot
23:02:22.0118 5700 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Delete

[Maurice Naggar]

It is quite possible that the Toshiba applets just removed (from this last report) were not malicious ---but just missing signature in the driver itself.

I'd like to have you do a full scan with an updated MBAM, which will take an hour or two, but well worth the investment.

First, turn OFF your MS Security Essentials so that it does not interfere.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all finished, Re-enable your antivirus and
Copy & Paste the MBAM scan log for review and
advise me, if any re-occurence of the trojan / bogus "windows command processor" ?

[tysonboh]

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.06.14

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
USER :: USER-PC [administrator]

7/07/2012 11:29:45 AM
mbam-log-2012-07-07 (11-29-45).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 345696
Time elapsed: 1 hour(s), 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


and the pop-up is no longer occuring.

[Maurice Naggar]

Very good run of MBAM: nothing detected.
We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\USER\Desktop\ComboFix /uninstall

  
  
  
• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:
RogueKiller.exe
TDSSKILLER.exe

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
  
• Check in at Windows Update and install any Critical Updates offered.
  
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
  
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
  
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
  
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
  
  
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  
  Panda ActiveScan
  
  Trend Micro Housecall
  
  F-Secure Online Scanner
  
  
  
  
• See Six tips to help you stay safer online
  
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !

We are finished here. Best regards.

[tysonboh]

so your saying that the virus is now gone? no more backdoor trojan? no more hackers been able to use my computer as if they were sitting in front of it?

can i go back to using it as i used to? (except for being alot safer online) is online purchasing/logging into frequently used sites now okay?

[Maurice Naggar]

Yes, you may consider it back to normal. I would advise you to change your passwords, if you have not done so already.

[tysonboh]

okay, will do, thank you so much for all the help you really helped me out when i thought my computer was screwed. thanks so much!

[Maurice Naggar]

You are welcome. Stay safe.