Jump to content


Photo
- - - - -

Malwarebytes did not remove one virus


  • This topic is locked This topic is locked
41 replies to this topic

#1 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 28 December 2011 - 01:50 PM

I noticed that malwarebytes found a program call PUP Bitminer, and this created this HUGE journey for me. I used malwarebytes and it said the virus was gone. But after restarting and scaning and finding the PUP bitminer on my pc for a 2nd, 3rd, 4th, and 5th I would check the mark next to name and still find it pop up the next log in. I tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore.

Noticing I wasnt the only one here with this problem I went to this page:

http://forums.malwar...pic=102320&st=0

and tried the unhackme only to run into an error with a cd disc required.

When ever you get the chance to help, because I dont have any problems right now, I just read that this bitminer is a keylogger, so I do not want to have my passwords out there.

I noticed that malwarebytes found a program call PUP Bitminer, and this created this HUGE journey for me. I used malwarebytes and it said the virus was gone. But after restarting and scaning and finding the PUP bitminer on my pc for a 2nd, 3rd, 4th, and 5th I would check the mark next to name and still find it pop up the next log in. I tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore.

Noticing I wasnt the only one here with this problem I went to this page:

http://forums.malwar...pic=102320&st=0

and tried the unhackme only to run into an error with a cd disc required.

When ever you get the chance to help, because I dont have any problems right now, I just read that this bitminer is a keylogger, so I do not want to have my passwords out there.


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 911122605

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/28/2011 9:29:52 AM
mbam-log-2011-12-28 (09-29-52).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 304496
Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

I have an issue with Bitminer and cant remove it. I have tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore and now a PUM hidden desktop is showing up now. I also want to fix the whole fact that google is sending me to malcious sites, because I believe that's what started all of this.


Please help, and below are my log requirements

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by ClydeSanders at 21:03:14 on 2012-01-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1921 [GMT -5:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\C696E6B6379737 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
TCP: Interfaces\{F4366FAE-55DC-43AD-82C3-07BB0D5C8805} : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - C:\Users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\windows\system32\DRIVERS\klbg.sys --> C:\windows\system32\DRIVERS\klbg.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-20 51512]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2011-12-28 18:34:34 -------- d-sh--r- C:\comment.htt
2011-12-28 18:24:10 2 --shatr- C:\windows\winstart.bat
2011-12-28 18:24:02 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-12-28 14:48:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-12-28 14:44:13 -------- d-----w- C:\ProgramData\PC Tools
2011-12-15 17:24:01 -------- d-----we C:\windows\system64
.
==================== Find3M ====================
.
2011-10-11 14:32:31 44544 ----a-w- C:\windows\SysWow64\agremove.exe
2011-10-11 13:21:47 17920 ----a-w- C:\windows\System32\rpcnetp.exe
.
============= FINISH: 21:06:05.39 ===============



Topics / Post MERGED

Attached Files



#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 February 2012 - 02:06 PM

Hello,

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center
http://www.microsoft...&displaylang=en
It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log
The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.
Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64
http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:
----------------
No infection found.


Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.
If we do not hear back from you in 3 days, this thread will be closed.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 February 2012 - 03:01 PM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 March 2012 - 08:54 AM

Re-opened per member request.

@ loner
Requesting you run the tools I listed in my reply of Feb 8th. Post the new MBAM scan log for review.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 20 March 2012 - 06:43 PM

Just did and should I do a full scan and post that to here?

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 20 March 2012 - 07:03 PM

Yes, do a full scan after updating MBAM. Post the MBAM scan log.
Also, run a new run of DDS, and copy & Paste those logs into your reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 20 March 2012 - 11:13 PM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 912031605

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/20/2012 11:54:01 PM
mbam-log-2012-03-20 (23-54-00).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 357223
Time elapsed: 2 hour(s), 58 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by ClydeSanders at 0:06:29 on 2012-03-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.767 [GMT -4:00]
.
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\MozyHome\mozystat.exe
E:\Portable\FirefoxPortable\FirefoxPortable.exe
E:\Portable\FirefoxPortable\App\firefox\firefox.exe
C:\windows\system32\prevhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
E:\Portable\FirefoxPortable\App\firefox\plugin-container.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [gWLwiaDlyb.exe] C:\ProgramData\gWLwiaDlyb.exe
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\64249402355727675696C6C616E63656026516E6D27657563747 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\C696E6B6379737 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
TCP: Interfaces\{F4366FAE-55DC-43AD-82C3-07BB0D5C8805} : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - C:\Users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\windows\system32\DRIVERS\klbg.sys --> C:\windows\system32\DRIVERS\klbg.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]
R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-03-20 20:29:53 -------- d-----w- C:\windows\System32\MpEngineStore
2012-03-07 19:43:57 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2012-03-20 23:40:22 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2011-12-28 18:24:10 2 --shatr- C:\windows\winstart.bat
.
============= FINISH: 0:11:32.40 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2010 1:55:55 AM
System Uptime: 3/20/2012 7:39:00 PM (5 hours ago)
.
Motherboard: TOSHIBA | | NWQAA
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 392.095 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP45: 2/21/2012 2:30:36 PM - Scheduled Checkpoint
RP46: 2/29/2012 1:50:21 AM - Scheduled Checkpoint
RP47: 3/12/2012 1:17:01 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
.
Absolute Notifier
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Amazon Kindle For PC
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX340 series User Registration
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Compatibility Pack for the 2007 Office system
Hotfix for Office (KB975927)
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
jGRASP
JMicron Flash Media Controller Driver
Junk Mail filter update
Kaspersky Anti-Virus 2010
Label@Once 1.0
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.8)
MSVCRT
ooVoo
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Skype™ 5.1
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft Office Word 2007 (KB974631)
Utility Common Driver
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
3/20/2012 9:48:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
3/20/2012 9:45:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
3/20/2012 7:40:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/20/2012 7:39:20 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
3/20/2012 7:38:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
3/20/2012 7:38:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
3/20/2012 7:37:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
3/20/2012 7:21:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/20/2012 7:21:24 AM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus service hung on starting.
3/20/2012 7:18:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.
3/20/2012 7:18:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
3/20/2012 7:09:45 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2012 7:08:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
3/20/2012 2:01:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
3/20/2012 2:01:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
3/20/2012 10:22:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
3/19/2012 9:00:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800416f040, 0xfffff80000b9c510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 031912-19999-01.
3/19/2012 7:52:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
3/19/2012 10:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/17/2012 9:39:32 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
3/16/2012 9:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/16/2012 8:33:49 PM, Error: JMCR [15] - The device, \Device\Scsi\JMCR1, is not ready for access yet.
3/16/2012 7:46:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
3/15/2012 9:11:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
3/15/2012 9:11:34 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Edited by Maurice Naggar, 21 March 2012 - 07:59 AM.
Logs put In=line


#8 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 20 March 2012 - 11:16 PM

Is this all I need for this cause I have also noticed a google is redirecting and also opening new tabs to random sites, is this something I would post again or after I shouldn't see any of this anymore?

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 21 March 2012 - 08:40 AM

First, do NOT Attach log reports. Always Copy & Paste the contents into the main body of reply.
(Use NOTEPAD to open a log, then Select All, & Copy All; and then Paste into forum reply-box).

There's a lot more work to do. I will advise as to what tools to run & what logs are needed. This is just the beginning.
Do NOT do any websurfing of any kind, nor do any online transactions of any kind.

I'd also suggest you do not use instant messengers or Oovoo while we attempt to find & clean malware.
Tweak the settings on Oovoo so that it does not auto-start with each Windows startup.

The version of MBAM you have is out-dated. I will ask you to remove it and get the latest (steps below).

Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download and SAVE & then run mbam-clean.exe from >> here <<
It will ask to restart your computer, please allow it to do so very important
After the computer restarts, temporarily disable your Anti-Virus
If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<
Then Run the mbam-setup.
Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.
You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.
Run a FULL scan with MBAM

Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Download >> aswMBR.exe << ( 511KB ) to your desktop.
RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls


Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Step 6
Please read carefully and follow these steps.
  • Download >> TDSSKiller << and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
RE-Enable your antivirus program.
Copy & Paste contents of the latest MBAM scan log, Checkup.txt & log from aswMBR & TDSSKILLER log.
Use separate replies as needed if logs do not fit into one reply box.
do NOT use the Attach option when putting reports. Always COPY & PASTE into main-body of reply-box
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 21 March 2012 - 02:19 PM

Alright this is a long one....

MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.21.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ClydeSanders :: CLYDESANDERS-PC [administrator]

Protection: Enabled

3/21/2012 12:17:00 PM
mbam-log-2012-03-21 (12-17-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357906
Time elapsed: 44 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


















aswMBR log:






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-21 15:04:14
-----------------------------
15:04:14.587 OS Version: Windows x64 6.1.7600
15:04:14.587 Number of processors: 4 586 0x2502
15:04:14.587 ComputerName: CLYDESANDERS-PC UserName: ClydeSanders
15:04:19.142 Initialize success
15:10:19.481 AVAST engine defs: 12032000
15:11:36.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:11:36.498 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
15:11:36.514 Disk 0 MBR read successfully
15:11:36.514 Disk 0 MBR scan
15:11:36.529 Disk 0 Windows VISTA default MBR code
15:11:36.529 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:11:36.545 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464558 MB offset 3074048
15:11:36.576 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832
15:11:36.623 Disk 0 scanning C:\windows\system32\drivers
15:11:45.983 Service scanning
15:11:56.981 Service smwdm C:\windows\system32\nwrdr.dll **INFECTED** Win64:ZAccess-E [Rtk]
15:12:02.394 Modules scanning
15:12:02.394 Scan finished successfully
15:12:19.149 Disk 0 MBR has been saved successfully to "C:\Users\ClydeSanders\Desktop\MBR.dat"
15:12:19.149 The log file has been saved successfully to "C:\Users\ClydeSanders\Desktop\aswMBR-12.txt"












checkup log:





Results of screen317's Security Check version 0.99.31
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Kaspersky Anti-Virus 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Adobe Flash Player 10.1.82.76 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (3.6.8) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 2010 x64 klwtblfs.exe
``````````End of Log````````````











Report log (kaspersky):






15:12:56.0529 4660 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
15:12:56.0872 4660 ============================================================
15:12:56.0872 4660 Current date / time: 2012/03/21 15:12:56.0872
15:12:56.0872 4660 SystemInfo:
15:12:56.0872 4660
15:12:56.0872 4660 OS Version: 6.1.7600 ServicePack: 0.0
15:12:56.0872 4660 Product type: Workstation
15:12:56.0872 4660 ComputerName: CLYDESANDERS-PC
15:12:56.0872 4660 UserName: ClydeSanders
15:12:56.0872 4660 Windows directory: C:\windows
15:12:56.0872 4660 System windows directory: C:\windows
15:12:56.0872 4660 Running under WOW64
15:12:56.0872 4660 Processor architecture: Intel x64
15:12:56.0872 4660 Number of processors: 4
15:12:56.0872 4660 Page size: 0x1000
15:12:56.0872 4660 Boot type: Normal boot
15:12:56.0872 4660 ============================================================
15:12:57.0371 4660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:12:57.0371 4660 \Device\Harddisk0\DR0:
15:12:57.0371 4660 MBR used
15:12:57.0371 4660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B57000
15:12:57.0387 4660 Initialize success
15:12:57.0387 4660 ============================================================
15:13:07.0979 4364 ============================================================
15:13:07.0979 4364 Scan started
15:13:07.0979 4364 Mode: Manual;
15:13:07.0979 4364 ============================================================
15:13:10.0866 4364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
15:13:10.0866 4364 1394ohci - ok
15:13:10.0928 4364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
15:13:10.0944 4364 ACPI - ok
15:13:10.0990 4364 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
15:13:10.0990 4364 acpials - ok
15:13:11.0022 4364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
15:13:11.0022 4364 AcpiPmi - ok
15:13:11.0068 4364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
15:13:11.0084 4364 adp94xx - ok
15:13:11.0115 4364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
15:13:11.0131 4364 adpahci - ok
15:13:11.0162 4364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
15:13:11.0178 4364 adpu320 - ok
15:13:11.0224 4364 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
15:13:11.0240 4364 AFD - ok
15:13:11.0271 4364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
15:13:11.0271 4364 agp440 - ok
15:13:11.0318 4364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
15:13:11.0318 4364 aliide - ok
15:13:11.0349 4364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
15:13:11.0349 4364 amdide - ok
15:13:11.0380 4364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
15:13:11.0380 4364 AmdK8 - ok
15:13:11.0412 4364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
15:13:11.0412 4364 AmdPPM - ok
15:13:11.0443 4364 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
15:13:11.0443 4364 amdsata - ok
15:13:11.0458 4364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
15:13:11.0458 4364 amdsbs - ok
15:13:11.0505 4364 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
15:13:11.0505 4364 amdxata - ok
15:13:11.0552 4364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
15:13:11.0552 4364 AppID - ok
15:13:11.0614 4364 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
15:13:11.0614 4364 arc - ok
15:13:11.0661 4364 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
15:13:11.0661 4364 arcsas - ok
15:13:11.0692 4364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:13:11.0692 4364 AsyncMac - ok
15:13:11.0724 4364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
15:13:11.0724 4364 atapi - ok
15:13:11.0802 4364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
15:13:11.0848 4364 b06bdrv - ok
15:13:12.0145 4364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:13:12.0160 4364 b57nd60a - ok
15:13:12.0192 4364 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:13:12.0192 4364 Beep - ok
15:13:12.0223 4364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:13:12.0223 4364 blbdrive - ok
15:13:12.0270 4364 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
15:13:12.0270 4364 bowser - ok
15:13:12.0301 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:13:12.0301 4364 BrFiltLo - ok
15:13:12.0332 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:13:12.0332 4364 BrFiltUp - ok
15:13:12.0394 4364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:13:12.0394 4364 Brserid - ok
15:13:12.0426 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:13:12.0426 4364 BrSerWdm - ok
15:13:12.0457 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:13:12.0457 4364 BrUsbMdm - ok
15:13:12.0488 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:13:12.0488 4364 BrUsbSer - ok
15:13:12.0519 4364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
15:13:12.0519 4364 BTHMODEM - ok
15:13:12.0566 4364 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:13:12.0582 4364 cdfs - ok
15:13:12.0613 4364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
15:13:12.0613 4364 cdrom - ok
15:13:12.0675 4364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
15:13:12.0675 4364 circlass - ok
15:13:12.0722 4364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:13:12.0722 4364 CLFS - ok
15:13:12.0769 4364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:13:12.0769 4364 CmBatt - ok
15:13:12.0800 4364 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
15:13:12.0800 4364 cmdide - ok
15:13:12.0847 4364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
15:13:12.0847 4364 CNG - ok
15:13:12.0878 4364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
15:13:12.0878 4364 Compbatt - ok
15:13:12.0925 4364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
15:13:12.0925 4364 CompositeBus - ok
15:13:12.0972 4364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
15:13:12.0972 4364 crcdisk - ok
15:13:13.0034 4364 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
15:13:13.0034 4364 DfsC - ok
15:13:13.0081 4364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:13:13.0081 4364 discache - ok
15:13:13.0096 4364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
15:13:13.0096 4364 Disk - ok
15:13:13.0159 4364 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:13:13.0159 4364 drmkaud - ok
15:13:13.0190 4364 dump_wmimmc - ok
15:13:13.0237 4364 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
15:13:13.0268 4364 DXGKrnl - ok
15:13:13.0377 4364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
15:13:13.0455 4364 ebdrv - ok
15:13:13.0518 4364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
15:13:13.0533 4364 elxstor - ok
15:13:13.0564 4364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
15:13:13.0564 4364 ErrDev - ok
15:13:13.0611 4364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:13:13.0611 4364 exfat - ok
15:13:13.0658 4364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:13:13.0658 4364 fastfat - ok
15:13:13.0705 4364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
15:13:13.0705 4364 fdc - ok
15:13:13.0752 4364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:13:13.0752 4364 FileInfo - ok
15:13:13.0783 4364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:13:13.0783 4364 Filetrace - ok
15:13:13.0814 4364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
15:13:13.0814 4364 flpydisk - ok
15:13:13.0861 4364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
15:13:13.0876 4364 FltMgr - ok
15:13:13.0908 4364 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:13:13.0908 4364 FsDepends - ok
15:13:13.0939 4364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
15:13:13.0939 4364 Fs_Rec - ok
15:13:13.0970 4364 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
15:13:13.0970 4364 fvevol - ok
15:13:14.0001 4364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
15:13:14.0001 4364 gagp30kx - ok
15:13:14.0048 4364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:13:14.0048 4364 hcw85cir - ok
15:13:14.0095 4364 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
15:13:14.0095 4364 HdAudAddService - ok
15:13:14.0142 4364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:13:14.0142 4364 HDAudBus - ok
15:13:14.0188 4364 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
15:13:14.0188 4364 HECIx64 - ok
15:13:14.0235 4364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
15:13:14.0235 4364 HidBatt - ok
15:13:14.0251 4364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
15:13:14.0251 4364 HidBth - ok
15:13:14.0282 4364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
15:13:14.0282 4364 HidIr - ok
15:13:14.0344 4364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
15:13:14.0344 4364 HidUsb - ok
15:13:14.0407 4364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
15:13:14.0407 4364 HpSAMD - ok
15:13:14.0454 4364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
15:13:14.0469 4364 HTTP - ok
15:13:14.0500 4364 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
15:13:14.0500 4364 hwpolicy - ok
15:13:14.0547 4364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:13:14.0547 4364 i8042prt - ok
15:13:14.0625 4364 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
15:13:14.0625 4364 iaStor - ok
15:13:14.0656 4364 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
15:13:14.0672 4364 iaStorV - ok
15:13:14.0890 4364 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
15:13:15.0046 4364 igfx - ok
15:13:15.0109 4364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
15:13:15.0109 4364 iirsp - ok
15:13:15.0171 4364 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
15:13:15.0171 4364 Impcd - ok
15:13:15.0280 4364 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
15:13:15.0343 4364 IntcAzAudAddService - ok
15:13:15.0405 4364 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
15:13:15.0405 4364 IntcDAud - ok
15:13:15.0436 4364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
15:13:15.0436 4364 intelide - ok
15:13:15.0468 4364 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:13:15.0483 4364 intelppm - ok
15:13:15.0546 4364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:13:15.0546 4364 IpFilterDriver - ok
15:13:15.0561 4364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:13:15.0561 4364 IPMIDRV - ok
15:13:15.0592 4364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:13:15.0592 4364 IPNAT - ok
15:13:15.0639 4364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:13:15.0639 4364 IRENUM - ok
15:13:15.0655 4364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
15:13:15.0655 4364 isapnp - ok
15:13:15.0702 4364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
15:13:15.0717 4364 iScsiPrt - ok
15:13:15.0764 4364 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
15:13:15.0764 4364 JMCR - ok
15:13:15.0811 4364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:13:15.0811 4364 kbdclass - ok
15:13:15.0889 4364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
15:13:15.0889 4364 kbdhid - ok
15:13:15.0951 4364 kl1 (db449f50e5141458eb58e64ffac4863f) C:\windows\system32\DRIVERS\kl1.sys
15:13:15.0951 4364 kl1 - ok
15:13:15.0998 4364 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\windows\system32\DRIVERS\klbg.sys
15:13:15.0998 4364 KLBG - ok
15:13:16.0060 4364 KLIF (09bad645d3843669c281431c7df2db2e) C:\windows\system32\DRIVERS\klif.sys
15:13:16.0060 4364 KLIF - ok
15:13:16.0092 4364 KLIM6 (630f22545379437737cf4172f09fe449) C:\windows\system32\DRIVERS\klim6.sys
15:13:16.0092 4364 KLIM6 - ok
15:13:16.0107 4364 klmouflt (786791291939abb11f6d0f040da23912) C:\windows\system32\DRIVERS\klmouflt.sys
15:13:16.0107 4364 klmouflt - ok
15:13:16.0138 4364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
15:13:16.0154 4364 KSecDD - ok
15:13:16.0185 4364 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\windows\system32\Drivers\ksecpkg.sys
15:13:16.0185 4364 KSecPkg - ok
15:13:16.0232 4364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:13:16.0232 4364 ksthunk - ok
15:13:16.0279 4364 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:13:16.0279 4364 lltdio - ok
15:13:16.0341 4364 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
15:13:16.0341 4364 LPCFilter - ok
15:13:16.0388 4364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
15:13:16.0404 4364 LSI_FC - ok
15:13:16.0435 4364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
15:13:16.0435 4364 LSI_SAS - ok
15:13:16.0466 4364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:13:16.0466 4364 LSI_SAS2 - ok
15:13:16.0497 4364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:13:16.0497 4364 LSI_SCSI - ok
15:13:16.0528 4364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:13:16.0528 4364 luafv - ok
15:13:16.0606 4364 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
15:13:16.0606 4364 MBAMProtector - ok
15:13:16.0669 4364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
15:13:16.0669 4364 megasas - ok
15:13:16.0716 4364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
15:13:16.0716 4364 MegaSR - ok
15:13:16.0762 4364 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:13:16.0762 4364 Modem - ok
15:13:16.0809 4364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:13:16.0809 4364 monitor - ok
15:13:16.0872 4364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:13:16.0872 4364 mouclass - ok
15:13:16.0903 4364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:13:16.0903 4364 mouhid - ok
15:13:16.0934 4364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
15:13:16.0934 4364 mountmgr - ok
15:13:16.0996 4364 mozyFilter (bde7b39f87bf7f1d1baaa04706f181c2) C:\windows\system32\DRIVERS\mozy.sys
15:13:16.0996 4364 mozyFilter - ok
15:13:17.0028 4364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
15:13:17.0028 4364 mpio - ok
15:13:17.0059 4364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:13:17.0059 4364 mpsdrv - ok
15:13:17.0106 4364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
15:13:17.0106 4364 MRxDAV - ok
15:13:17.0137 4364 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
15:13:17.0137 4364 mrxsmb - ok
15:13:17.0168 4364 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:13:17.0168 4364 mrxsmb10 - ok
15:13:17.0199 4364 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:13:17.0199 4364 mrxsmb20 - ok
15:13:17.0230 4364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
15:13:17.0230 4364 msahci - ok
15:13:17.0277 4364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
15:13:17.0277 4364 msdsm - ok
15:13:17.0308 4364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:13:17.0308 4364 Msfs - ok
15:13:17.0355 4364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:13:17.0355 4364 mshidkmdf - ok
15:13:17.0386 4364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
15:13:17.0386 4364 msisadrv - ok
15:13:17.0433 4364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:13:17.0433 4364 MSKSSRV - ok
15:13:17.0480 4364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:13:17.0480 4364 MSPCLOCK - ok
15:13:17.0511 4364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:13:17.0511 4364 MSPQM - ok
15:13:17.0542 4364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
15:13:17.0558 4364 MsRPC - ok
15:13:17.0589 4364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:13:17.0589 4364 mssmbios - ok
15:13:17.0620 4364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:13:17.0620 4364 MSTEE - ok
15:13:17.0683 4364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
15:13:17.0683 4364 MTConfig - ok
15:13:17.0714 4364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:13:17.0730 4364 Mup - ok
15:13:17.0839 4364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:13:17.0870 4364 NativeWifiP - ok
15:13:18.0088 4364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
15:13:18.0104 4364 NDIS - ok
15:13:18.0151 4364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:13:18.0151 4364 NdisCap - ok
15:13:18.0198 4364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:13:18.0198 4364 NdisTapi - ok
15:13:18.0229 4364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
15:13:18.0229 4364 Ndisuio - ok
15:13:18.0276 4364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
15:13:18.0276 4364 NdisWan - ok
15:13:18.0307 4364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
15:13:18.0307 4364 NDProxy - ok
15:13:18.0338 4364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:13:18.0338 4364 NetBIOS - ok
15:13:18.0369 4364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
15:13:18.0369 4364 NetBT - ok
15:13:18.0572 4364 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
15:13:18.0712 4364 NETw5s64 - ok
15:13:18.0759 4364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
15:13:18.0759 4364 nfrd960 - ok
15:13:18.0790 4364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:13:18.0790 4364 Npfs - ok
15:13:18.0806 4364 NPPTNT2 - ok
15:13:18.0837 4364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:13:18.0837 4364 nsiproxy - ok
15:13:18.0900 4364 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
15:13:18.0946 4364 Ntfs - ok
15:13:18.0978 4364 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:13:18.0993 4364 Null - ok
15:13:19.0024 4364 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
15:13:19.0024 4364 nvraid - ok
15:13:19.0071 4364 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
15:13:19.0071 4364 nvstor - ok
15:13:19.0102 4364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
15:13:19.0102 4364 nv_agp - ok
15:13:19.0165 4364 odeeuygl - ok
15:13:19.0212 4364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
15:13:19.0227 4364 ohci1394 - ok
15:13:19.0274 4364 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
15:13:19.0290 4364 Parport - ok
15:13:19.0321 4364 Partizan - ok
15:13:19.0352 4364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
15:13:19.0352 4364 partmgr - ok
15:13:19.0399 4364 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
15:13:19.0399 4364 pci - ok
15:13:19.0430 4364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
15:13:19.0430 4364 pciide - ok
15:13:19.0461 4364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
15:13:19.0461 4364 pcmcia - ok
15:13:19.0492 4364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:13:19.0492 4364 pcw - ok
15:13:19.0539 4364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:13:19.0539 4364 PEAUTH - ok
15:13:19.0602 4364 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
15:13:19.0617 4364 PGEffect - ok
15:13:19.0695 4364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
15:13:19.0695 4364 PptpMiniport - ok
15:13:19.0726 4364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
15:13:19.0726 4364 Processor - ok
15:13:19.0804 4364 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
15:13:19.0820 4364 Psched - ok
15:13:19.0867 4364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
15:13:19.0898 4364 ql2300 - ok
15:13:19.0929 4364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
15:13:19.0929 4364 ql40xx - ok
15:13:19.0976 4364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:13:19.0992 4364 QWAVEdrv - ok
15:13:20.0007 4364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:13:20.0023 4364 RasAcd - ok
15:13:20.0085 4364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:13:20.0085 4364 RasAgileVpn - ok
15:13:20.0116 4364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
15:13:20.0116 4364 Rasl2tp - ok
15:13:20.0163 4364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:13:20.0163 4364 RasPppoe - ok
15:13:20.0210 4364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:13:20.0210 4364 RasSstp - ok
15:13:20.0257 4364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
15:13:20.0257 4364 rdbss - ok
15:13:20.0288 4364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
15:13:20.0288 4364 rdpbus - ok
15:13:20.0319 4364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:13:20.0319 4364 RDPCDD - ok
15:13:20.0350 4364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:13:20.0350 4364 RDPENCDD - ok
15:13:20.0382 4364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:13:20.0382 4364 RDPREFMP - ok
15:13:20.0413 4364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
15:13:20.0428 4364 RDPWD - ok
15:13:20.0460 4364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
15:13:20.0460 4364 rdyboost - ok
15:13:20.0538 4364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:13:20.0538 4364 rspndr - ok
15:13:20.0600 4364 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
15:13:20.0600 4364 RTL8167 - ok
15:13:20.0647 4364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
15:13:20.0647 4364 sbp2port - ok
15:13:20.0694 4364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
15:13:20.0694 4364 scfilter - ok
15:13:20.0756 4364 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
15:13:20.0756 4364 sdbus - ok
15:13:20.0803 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:13:20.0803 4364 secdrv - ok
15:13:20.0850 4364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
15:13:20.0850 4364 Serenum - ok
15:13:20.0928 4364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
15:13:20.0928 4364 Serial - ok
15:13:20.0990 4364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
15:13:20.0990 4364 sermouse - ok
15:13:21.0052 4364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
15:13:21.0052 4364 sffdisk - ok
15:13:21.0068 4364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:13:21.0068 4364 sffp_mmc - ok
15:13:21.0099 4364 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
15:13:21.0099 4364 sffp_sd - ok
15:13:21.0115 4364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
15:13:21.0115 4364 sfloppy - ok
15:13:21.0177 4364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:13:21.0177 4364 SiSRaid2 - ok
15:13:21.0193 4364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
15:13:21.0193 4364 SiSRaid4 - ok
15:13:21.0208 4364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:13:21.0208 4364 Smb - ok
15:13:21.0255 4364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:13:21.0255 4364 spldr - ok
15:13:21.0302 4364 srv (37c3abc2338010e110d2a6a3930f3149) C:\windows\system32\DRIVERS\srv.sys
15:13:21.0318 4364 srv - ok
15:13:21.0333 4364 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\windows\system32\DRIVERS\srv2.sys
15:13:21.0349 4364 srv2 - ok
15:13:21.0364 4364 srvnet (cce32bb223e9ff55d241099a858fa889) C:\windows\system32\DRIVERS\srvnet.sys
15:13:21.0364 4364 srvnet - ok
15:13:21.0411 4364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
15:13:21.0411 4364 stexstor - ok
15:13:21.0442 4364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:13:21.0458 4364 swenum - ok
15:13:21.0505 4364 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
15:13:21.0520 4364 SynTP - ok
15:13:21.0583 4364 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\drivers\tcpip.sys
15:13:21.0645 4364 Tcpip - ok
15:13:21.0739 4364 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\DRIVERS\tcpip.sys
15:13:21.0739 4364 TCPIP6 - ok
15:13:21.0786 4364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
15:13:21.0786 4364 tcpipreg - ok
15:13:21.0848 4364 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:13:21.0848 4364 tdcmdpst - ok
15:13:21.0848 4364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:13:21.0848 4364 TDPIPE - ok
15:13:21.0879 4364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
15:13:21.0879 4364 TDTCP - ok
15:13:21.0926 4364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
15:13:21.0926 4364 tdx - ok
15:13:21.0957 4364 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
15:13:21.0957 4364 TermDD - ok
15:13:21.0988 4364 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
15:13:21.0988 4364 Thpdrv - ok
15:13:22.0020 4364 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
15:13:22.0020 4364 Thpevm - ok
15:13:22.0098 4364 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
15:13:22.0113 4364 tos_sps64 - ok
15:13:22.0176 4364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
15:13:22.0176 4364 tssecsrv - ok
15:13:22.0207 4364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
15:13:22.0207 4364 tunnel - ok
15:13:22.0254 4364 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:13:22.0254 4364 TVALZ - ok
15:13:22.0285 4364 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
15:13:22.0285 4364 TVALZFL - ok
15:13:22.0300 4364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
15:13:22.0316 4364 uagp35 - ok
15:13:22.0332 4364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
15:13:22.0347 4364 udfs - ok
15:13:22.0378 4364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
15:13:22.0378 4364 uliagpkx - ok
15:13:22.0410 4364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
15:13:22.0410 4364 umbus - ok
15:13:22.0441 4364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
15:13:22.0441 4364 UmPass - ok
15:13:22.0488 4364 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
15:13:22.0488 4364 usbccgp - ok
15:13:22.0503 4364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
15:13:22.0503 4364 usbcir - ok
15:13:22.0550 4364 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys
15:13:22.0550 4364 usbehci - ok
15:13:22.0581 4364 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys
15:13:22.0581 4364 usbhub - ok
15:13:22.0597 4364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
15:13:22.0597 4364 usbohci - ok
15:13:22.0628 4364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
15:13:22.0628 4364 usbprint - ok
15:13:22.0659 4364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
15:13:22.0659 4364 usbscan - ok
15:13:22.0675 4364 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:13:22.0675 4364 USBSTOR - ok
15:13:22.0706 4364 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
15:13:22.0706 4364 usbuhci - ok
15:13:22.0737 4364 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
15:13:22.0737 4364 usbvideo - ok
15:13:22.0784 4364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
15:13:22.0784 4364 vdrvroot - ok
15:13:22.0800 4364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:13:22.0800 4364 vga - ok
15:13:22.0831 4364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:13:22.0831 4364 VgaSave - ok
15:13:22.0862 4364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
15:13:22.0862 4364 vhdmp - ok
15:13:22.0893 4364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
15:13:22.0893 4364 viaide - ok
15:13:22.0909 4364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
15:13:22.0924 4364 volmgr - ok
15:13:22.0956 4364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
15:13:22.0971 4364 volmgrx - ok
15:13:23.0002 4364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
15:13:23.0002 4364 volsnap - ok
15:13:23.0018 4364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
15:13:23.0034 4364 vsmraid - ok
15:13:23.0049 4364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:13:23.0049 4364 vwifibus - ok
15:13:23.0080 4364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:13:23.0080 4364 vwififlt - ok
15:13:23.0096 4364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
15:13:23.0096 4364 vwifimp - ok
15:13:23.0127 4364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
15:13:23.0127 4364 WacomPen - ok
15:13:23.0158 4364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
15:13:23.0158 4364 WANARP - ok
15:13:23.0174 4364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
15:13:23.0174 4364 Wanarpv6 - ok
15:13:23.0190 4364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
15:13:23.0190 4364 Wd - ok
15:13:23.0236 4364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:13:23.0252 4364 Wdf01000 - ok
15:13:23.0299 4364 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys
15:13:23.0299 4364 wdkmd - ok
15:13:23.0314 4364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:13:23.0330 4364 WfpLwf - ok
15:13:23.0346 4364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:13:23.0346 4364 WIMMount - ok
15:13:23.0439 4364 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
15:13:23.0439 4364 WinUsb - ok
15:13:23.0470 4364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
15:13:23.0470 4364 WmiAcpi - ok
15:13:23.0548 4364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:13:23.0548 4364 ws2ifsl - ok
15:13:23.0595 4364 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
15:13:23.0595 4364 WSDPrintDevice - ok
15:13:23.0611 4364 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys
15:13:23.0611 4364 WSDScan - ok
15:13:23.0642 4364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
15:13:23.0642 4364 WudfPf - ok
15:13:23.0658 4364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
15:13:23.0658 4364 WUDFRd - ok
15:13:23.0704 4364 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:13:23.0767 4364 \Device\Harddisk0\DR0 - ok
15:13:23.0782 4364 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0
15:13:23.0782 4364 \Device\Harddisk0\DR0\Partition0 - ok
15:13:23.0782 4364 ============================================================
15:13:23.0782 4364 Scan finished
15:13:23.0782 4364 ============================================================
15:13:23.0814 3184 Detected object count: 0
15:13:23.0814 3184 Actual detected object count: 0
15:16:04.0144 0792 ============================================================
15:16:04.0144 0792 Scan started
15:16:04.0144 0792 Mode: Manual; SigCheck; TDLFS;
15:16:04.0144 0792 ============================================================
15:16:05.0844 0792 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
15:16:05.0985 0792 1394ohci - ok
15:16:06.0032 0792 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
15:16:06.0063 0792 ACPI - ok
15:16:06.0110 0792 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
15:16:06.0172 0792 acpials - ok
15:16:06.0203 0792 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
15:16:06.0281 0792 AcpiPmi - ok
15:16:06.0328 0792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
15:16:06.0359 0792 adp94xx - ok
15:16:06.0390 0792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
15:16:06.0422 0792 adpahci - ok
15:16:06.0468 0792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
15:16:06.0484 0792 adpu320 - ok
15:16:06.0562 0792 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
15:16:06.0687 0792 AFD - ok
15:16:06.0734 0792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
15:16:06.0765 0792 agp440 - ok
15:16:06.0796 0792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
15:16:06.0812 0792 aliide - ok
15:16:06.0858 0792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
15:16:06.0874 0792 amdide - ok
15:16:06.0905 0792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
15:16:06.0936 0792 AmdK8 - ok
15:16:06.0983 0792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
15:16:07.0030 0792 AmdPPM - ok
15:16:07.0061 0792 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
15:16:07.0077 0792 amdsata - ok
15:16:07.0092 0792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
15:16:07.0124 0792 amdsbs - ok
15:16:07.0155 0792 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
15:16:07.0170 0792 amdxata - ok
15:16:07.0202 0792 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
15:16:07.0311 0792 AppID - ok
15:16:07.0358 0792 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
15:16:07.0373 0792 arc - ok
15:16:07.0482 0792 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
15:16:07.0498 0792 arcsas - ok
15:16:07.0560 0792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:16:07.0638 0792 AsyncMac - ok
15:16:07.0685 0792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
15:16:07.0701 0792 atapi - ok
15:16:07.0763 0792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
15:16:07.0826 0792 b06bdrv - ok
15:16:07.0857 0792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:16:07.0888 0792 b57nd60a - ok
15:16:07.0966 0792 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:16:08.0028 0792 Beep - ok
15:16:08.0060 0792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:16:08.0106 0792 blbdrive - ok
15:16:08.0169 0792 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
15:16:08.0247 0792 bowser - ok
15:16:08.0278 0792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:16:08.0309 0792 BrFiltLo - ok
15:16:08.0356 0792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:16:08.0372 0792 BrFiltUp - ok
15:16:08.0418 0792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:16:08.0481 0792 Brserid - ok
15:16:08.0512 0792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:16:08.0543 0792 BrSerWdm - ok
15:16:08.0590 0792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:16:08.0637 0792 BrUsbMdm - ok
15:16:08.0668 0792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:16:08.0699 0792 BrUsbSer - ok
15:16:08.0746 0792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
15:16:08.0777 0792 BTHMODEM - ok
15:16:08.0840 0792 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:16:08.0902 0792 cdfs - ok
15:16:08.0949 0792 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
15:16:08.0964 0792 cdrom - ok
15:16:09.0011 0792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
15:16:09.0058 0792 circlass - ok
15:16:09.0105 0792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:16:09.0136 0792 CLFS - ok
15:16:09.0183 0792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:16:09.0198 0792 CmBatt - ok
15:16:09.0214 0792 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
15:16:09.0230 0792 cmdide - ok
15:16:09.0276 0792 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
15:16:09.0308 0792 CNG - ok
15:16:09.0323 0792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
15:16:09.0354 0792 Compbatt - ok
15:16:09.0386 0792 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
15:16:09.0432 0792 CompositeBus - ok
15:16:09.0464 0792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
15:16:09.0479 0792 crcdisk - ok
15:16:09.0542 0792 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
15:16:09.0620 0792 DfsC - ok
15:16:09.0651 0792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:16:09.0713 0792 discache - ok
15:16:09.0760 0792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
15:16:09.0776 0792 Disk - ok
15:16:09.0822 0792 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:16:09.0869 0792 drmkaud - ok
15:16:09.0869 0792 dump_wmimmc - ok
15:16:09.0947 0792 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
15:16:09.0978 0792 DXGKrnl - ok
15:16:10.0088 0792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
15:16:10.0134 0792 ebdrv - ok
15:16:10.0181 0792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
15:16:10.0212 0792 elxstor - ok
15:16:10.0259 0792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
15:16:10.0306 0792 ErrDev - ok
15:16:10.0368 0792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:16:10.0431 0792 exfat - ok
15:16:10.0462 0792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:16:10.0524 0792 fastfat - ok
15:16:10.0556 0792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
15:16:10.0602 0792 fdc - ok
15:16:10.0649 0792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:16:10.0665 0792 FileInfo - ok
15:16:10.0696 0792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:16:10.0743 0792 Filetrace - ok
15:16:10.0790 0792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
15:16:10.0805 0792 flpydisk - ok
15:16:10.0852 0792 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
15:16:10.0868 0792 FltMgr - ok
15:16:10.0914 0792 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:16:10.0914 0792 FsDepends - ok
15:16:10.0946 0792 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
15:16:10.0961 0792 Fs_Rec - ok
15:16:10.0992 0792 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys
15:16:11.0008 0792 fvevol - ok
15:16:11.0039 0792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
15:16:11.0055 0792 gagp30kx - ok
15:16:11.0102 0792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:16:11.0164 0792 hcw85cir - ok
15:16:11.0226 0792 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
15:16:11.0258 0792 HdAudAddService - ok
15:16:11.0304 0792 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:16:11.0336 0792 HDAudBus - ok
15:16:11.0398 0792 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
15:16:11.0414 0792 HECIx64 - ok
15:16:11.0445 0792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
15:16:11.0492 0792 HidBatt - ok
15:16:11.0523 0792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
15:16:11.0570 0792 HidBth - ok
15:16:11.0616 0792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
15:16:11.0648 0792 HidIr - ok
15:16:11.0726 0792 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
15:16:11.0741 0792 HidUsb - ok
15:16:11.0788 0792 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
15:16:11.0788 0792 HpSAMD - ok
15:16:11.0835 0792 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
15:16:11.0897 0792 HTTP - ok
15:16:11.0944 0792 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
15:16:11.0960 0792 hwpolicy - ok
15:16:11.0991 0792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:16:12.0006 0792 i8042prt - ok
15:16:12.0084 0792 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
15:16:12.0116 0792 iaStor - ok
15:16:12.0147 0792 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
15:16:12.0162 0792 iaStorV - ok
15:16:12.0381 0792 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
15:16:12.0568 0792 igfx - ok
15:16:12.0599 0792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
15:16:12.0615 0792 iirsp - ok
15:16:12.0646 0792 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
15:16:12.0693 0792 Impcd - ok
15:16:12.0818 0792 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
15:16:12.0880 0792 IntcAzAudAddService - ok
15:16:12.0911 0792 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
15:16:12.0958 0792 IntcDAud - ok
15:16:12.0958 0792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
15:16:12.0974 0792 intelide - ok
15:16:12.0989 0792 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:16:13.0036 0792 intelppm - ok
15:16:13.0083 0792 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:16:13.0161 0792 IpFilterDriver - ok
15:16:13.0161 0792 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:16:13.0192 0792 IPMIDRV - ok
15:16:13.0192 0792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:16:13.0270 0792 IPNAT - ok
15:16:13.0301 0792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:16:13.0332 0792 IRENUM - ok
15:16:13.0332 0792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
15:16:13.0348 0792 isapnp - ok
15:16:13.0395 0792 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
15:16:13.0410 0792 iScsiPrt - ok
15:16:13.0442 0792 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
15:16:13.0457 0792 JMCR - ok
15:16:13.0488 0792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:16:13.0488 0792 kbdclass - ok
15:16:13.0520 0792 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
15:16:13.0535 0792 kbdhid - ok
15:16:13.0566 0792 kl1 (db449f50e5141458eb58e64ffac4863f) C:\windows\system32\DRIVERS\kl1.sys
15:16:13.0582 0792 kl1 - ok
15:16:13.0598 0792 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\windows\system32\DRIVERS\klbg.sys
15:16:13.0613 0792 KLBG - ok
15:16:13.0644 0792 KLIF (09bad645d3843669c281431c7df2db2e) C:\windows\system32\DRIVERS\klif.sys
15:16:13.0660 0792 KLIF - ok
15:16:13.0676 0792 KLIM6 (630f22545379437737cf4172f09fe449) C:\windows\system32\DRIVERS\klim6.sys
15:16:13.0691 0792 KLIM6 - ok
15:16:13.0707 0792 klmouflt (786791291939abb11f6d0f040da23912) C:\windows\system32\DRIVERS\klmouflt.sys
15:16:13.0722 0792 klmouflt - ok
15:16:13.0738 0792 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
15:16:13.0754 0792 KSecDD - ok
15:16:13.0769 0792 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\windows\system32\Drivers\ksecpkg.sys
15:16:13.0785 0792 KSecPkg - ok
15:16:13.0816 0792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:16:13.0910 0792 ksthunk - ok
15:16:13.0956 0792 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:16:14.0034 0792 lltdio - ok
15:16:14.0081 0792 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
15:16:14.0081 0792 LPCFilter - ok
15:16:14.0112 0792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
15:16:14.0128 0792 LSI_FC - ok
15:16:14.0144 0792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
15:16:14.0159 0792 LSI_SAS - ok
15:16:14.0206 0792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:16:14.0222 0792 LSI_SAS2 - ok
15:16:14.0237 0792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:16:14.0253 0792 LSI_SCSI - ok
15:16:14.0268 0792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:16:14.0362 0792 luafv - ok
15:16:14.0393 0792 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
15:16:14.0393 0792 MBAMProtector - ok
15:16:14.0456 0792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
15:16:14.0456 0792 megasas - ok
15:16:14.0487 0792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
15:16:14.0502 0792 MegaSR - ok
15:16:14.0534 0792 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:16:14.0612 0792 Modem - ok
15:16:14.0627 0792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:16:14.0674 0792 monitor - ok
15:16:14.0721 0792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:16:14.0736 0792 mouclass - ok
15:16:14.0752 0792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:16:14.0768 0792 mouhid - ok
15:16:14.0799 0792 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
15:16:14.0814 0792 mountmgr - ok
15:16:14.0861 0792 mozyFilter (bde7b39f87bf7f1d1baaa04706f181c2) C:\windows\system32\DRIVERS\mozy.sys
15:16:14.0877 0792 mozyFilter - ok
15:16:14.0908 0792 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
15:16:14.0924 0792 mpio - ok
15:16:14.0939 0792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:16:15.0033 0792 mpsdrv - ok
15:16:15.0064 0792 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
15:16:15.0111 0792 MRxDAV - ok
15:16:15.0142 0792 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
15:16:15.0204 0792 mrxsmb - ok
15:16:15.0220 0792 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:16:15.0267 0792 mrxsmb10 - ok
15:16:15.0298 0792 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:16:15.0314 0792 mrxsmb20 - ok
15:16:15.0329 0792 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
15:16:15.0329 0792 msahci - ok
15:16:15.0360 0792 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
15:16:15.0376 0792 msdsm - ok
15:16:15.0407 0792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:16:15.0470 0792 Msfs - ok
15:16:15.0485 0792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:16:15.0532 0792 mshidkmdf - ok
15:16:15.0548 0792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
15:16:15.0548 0792 msisadrv - ok
15:16:15.0579 0792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:16:15.0641 0792 MSKSSRV - ok
15:16:15.0672 0792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:16:15.0735 0792 MSPCLOCK - ok
15:16:15.0750 0792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:16:15.0813 0792 MSPQM - ok
15:16:15.0860 0792 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
15:16:15.0891 0792 MsRPC - ok
15:16:15.0906 0792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:16:15.0906 0792 mssmbios - ok
15:16:15.0938 0792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:16:16.0016 0792 MSTEE - ok
15:16:16.0031 0792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
15:16:16.0062 0792 MTConfig - ok
15:16:16.0094 0792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:16:16.0109 0792 Mup - ok
15:16:16.0125 0792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:16:16.0172 0792 NativeWifiP - ok
15:16:16.0218 0792 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
15:16:16.0250 0792 NDIS - ok
15:16:16.0265 0792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:16:16.0312 0792 NdisCap - ok
15:16:16.0343 0792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:16:16.0421 0792 NdisTapi - ok
15:16:16.0452 0792 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
15:16:16.0530 0792 Ndisuio - ok
15:16:16.0546 0792 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
15:16:16.0608 0792 NdisWan - ok
15:16:16.0624 0792 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
15:16:16.0671 0792 NDProxy - ok
15:16:16.0686 0792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:16:16.0749 0792 NetBIOS - ok
15:16:16.0780 0792 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
15:16:16.0874 0792 NetBT - ok
15:16:17.0030 0792 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys
15:16:17.0186 0792 NETw5s64 - ok
15:16:17.0201 0792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
15:16:17.0217 0792 nfrd960 - ok
15:16:17.0232 0792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:16:17.0279 0792 Npfs - ok
15:16:17.0295 0792 NPPTNT2 - ok
15:16:17.0326 0792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:16:17.0404 0792 nsiproxy - ok
15:16:17.0451 0792 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
15:16:17.0498 0792 Ntfs - ok
15:16:17.0513 0792 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:16:17.0576 0792 Null - ok
15:16:17.0607 0792 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
15:16:17.0622 0792 nvraid - ok
15:16:17.0638 0792 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
15:16:17.0669 0792 nvstor - ok
15:16:17.0685 0792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
15:16:17.0700 0792 nv_agp - ok
15:16:17.0716 0792 odeeuygl - ok
15:16:17.0747 0792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
15:16:17.0763 0792 ohci1394 - ok
15:16:17.0794 0792 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
15:16:17.0810 0792 Parport - ok
15:16:17.0825 0792 Partizan - ok
15:16:17.0856 0792 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
15:16:17.0872 0792 partmgr - ok
15:16:17.0919 0792 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
15:16:17.0934 0792 pci - ok
15:16:17.0934 0792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
15:16:17.0950 0792 pciide - ok
15:16:17.0981 0792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
15:16:17.0997 0792 pcmcia - ok
15:16:18.0028 0792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:16:18.0044 0792 pcw - ok
15:16:18.0090 0792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:16:18.0137 0792 PEAUTH - ok
15:16:18.0184 0792 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
15:16:18.0184 0792 PGEffect - ok
15:16:18.0231 0792 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
15:16:18.0293 0792 PptpMiniport - ok
15:16:18.0309 0792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
15:16:18.0340 0792 Processor - ok
15:16:18.0387 0792 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
15:16:18.0449 0792 Psched - ok
15:16:18.0512 0792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
15:16:18.0543 0792 ql2300 - ok
15:16:18.0574 0792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
15:16:18.0590 0792 ql40xx - ok
15:16:18.0605 0792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:16:18.0636 0792 QWAVEdrv - ok
15:16:18.0652 0792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:16:18.0699 0792 RasAcd - ok
15:16:18.0730 0792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:16:18.0777 0792 RasAgileVpn - ok
15:16:18.0808 0792 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
15:16:18.0886 0792 Rasl2tp - ok
15:16:18.0933 0792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:16:18.0964 0792 RasPppoe - ok
15:16:18.0995 0792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:16:19.0073 0792 RasSstp - ok
15:16:19.0104 0792 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
15:16:19.0167 0792 rdbss - ok
15:16:19.0167 0792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
15:16:19.0214 0792 rdpbus - ok
15:16:19.0245 0792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:16:19.0338 0792 RDPCDD - ok
15:16:19.0370 0792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:16:19.0416 0792 RDPENCDD - ok
15:16:19.0432 0792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:16:19.0479 0792 RDPREFMP - ok
15:16:19.0494 0792 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
15:16:19.0557 0792 RDPWD - ok
15:16:19.0588 0792 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
15:16:19.0604 0792 rdyboost - ok
15:16:19.0650 0792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:16:19.0713 0792 rspndr - ok
15:16:19.0760 0792 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
15:16:19.0775 0792 RTL8167 - ok
15:16:19.0791 0792 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
15:16:19.0806 0792 sbp2port - ok
15:16:19.0822 0792 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
15:16:19.0869 0792 scfilter - ok
15:16:19.0884 0792 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
15:16:19.0947 0792 sdbus - ok
15:16:19.0962 0792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:16:20.0009 0792 secdrv - ok
15:16:20.0040 0792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
15:16:20.0056 0792 Serenum - ok
15:16:20.0072 0792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
15:16:20.0103 0792 Serial - ok
15:16:20.0134 0792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
15:16:20.0165 0792 sermouse - ok
15:16:20.0212 0792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
15:16:20.0243 0792 sffdisk - ok
15:16:20.0259 0792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:16:20.0290 0792 sffp_mmc - ok
15:16:20.0290 0792 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
15:16:20.0306 0792 sffp_sd - ok
15:16:20.0321 0792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
15:16:20.0337 0792 sfloppy - ok
15:16:20.0368 0792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:16:20.0384 0792 SiSRaid2 - ok
15:16:20.0399 0792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
15:16:20.0415 0792 SiSRaid4 - ok
15:16:20.0430 0792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:16:20.0477 0792 Smb - ok
15:16:20.0493 0792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:16:20.0508 0792 spldr - ok
15:16:20.0540 0792 srv (37c3abc2338010e110d2a6a3930f3149) C:\windows\system32\DRIVERS\srv.sys
15:16:20.0571 0792 srv - ok
15:16:20.0602 0792 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\windows\system32\DRIVERS\srv2.sys
15:16:20.0664 0792 srv2 - ok
15:16:20.0696 0792 srvnet (cce32bb223e9ff55d241099a858fa889) C:\windows\system32\DRIVERS\srvnet.sys
15:16:20.0742 0792 srvnet - ok
15:16:20.0774 0792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
15:16:20.0789 0792 stexstor - ok
15:16:20.0805 0792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:16:20.0820 0792 swenum - ok
15:16:20.0852 0792 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
15:16:20.0867 0792 SynTP - ok
15:16:20.0914 0792 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\drivers\tcpip.sys
15:16:20.0961 0792 Tcpip - ok
15:16:21.0008 0792 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\DRIVERS\tcpip.sys
15:16:21.0054 0792 TCPIP6 - ok
15:16:21.0086 0792 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
15:16:21.0148 0792 tcpipreg - ok
15:16:21.0179 0792 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:16:21.0179 0792 tdcmdpst - ok
15:16:21.0195 0792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:16:21.0257 0792 TDPIPE - ok
15:16:21.0288 0792 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
15:16:21.0335 0792 TDTCP - ok
15:16:21.0366 0792 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
15:16:21.0429 0792 tdx - ok
15:16:21.0460 0792 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
15:16:21.0476 0792 TermDD - ok
15:16:21.0507 0792 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
15:16:21.0507 0792 Thpdrv - ok
15:16:21.0538 0792 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
15:16:21.0538 0792 Thpevm - ok
15:16:21.0585 0792 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
15:16:21.0600 0792 tos_sps64 - ok
15:16:21.0632 0792 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
15:16:21.0694 0792 tssecsrv - ok
15:16:21.0725 0792 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
15:16:21.0803 0792 tunnel - ok
15:16:21.0850 0792 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:16:21.0850 0792 TVALZ - ok
15:16:21.0881 0792 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
15:16:21.0897 0792 TVALZFL - ok
15:16:21.0928 0792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
15:16:21.0944 0792 uagp35 - ok
15:16:21.0959 0792 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
15:16:22.0022 0792 udfs - ok
15:16:22.0053 0792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
15:16:22.0068 0792 uliagpkx - ok
15:16:22.0084 0792 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
15:16:22.0100 0792 umbus - ok
15:16:22.0115 0792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
15:16:22.0146 0792 UmPass - ok
15:16:22.0193 0792 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
15:16:22.0240 0792 usbccgp - ok
15:16:22.0271 0792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
15:16:22.0302 0792 usbcir - ok
15:16:22.0318 0792 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys
15:16:22.0334 0792 usbehci - ok
15:16:22.0349 0792 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys
15:16:22.0365 0792 usbhub - ok
15:16:22.0396 0792 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
15:16:22.0412 0792 usbohci - ok
15:16:22.0427 0792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
15:16:22.0458 0792 usbprint - ok
15:16:22.0505 0792 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
15:16:22.0536 0792 usbscan - ok
15:16:22.0583 0792 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:16:22.0614 0792 USBSTOR - ok
15:16:22.0661 0792 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
15:16:22.0677 0792 usbuhci - ok
15:16:22.0708 0792 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys
15:16:22.0724 0792 usbvideo - ok
15:16:22.0770 0792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
15:16:22.0786 0792 vdrvroot - ok
15:16:22.0817 0792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:16:22.0848 0792 vga - ok
15:16:22.0880 0792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:16:22.0958 0792 VgaSave - ok
15:16:23.0004 0792 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
15:16:23.0020 0792 vhdmp - ok
15:16:23.0051 0792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
15:16:23.0067 0792 viaide - ok
15:16:23.0098 0792 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
15:16:23.0114 0792 volmgr - ok
15:16:23.0160 0792 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
15:16:23.0176 0792 volmgrx - ok
15:16:23.0207 0792 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
15:16:23.0223 0792 volsnap - ok
15:16:23.0254 0792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
15:16:23.0285 0792 vsmraid - ok
15:16:23.0316 0792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:16:23.0332 0792 vwifibus - ok
15:16:23.0363 0792 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:16:23.0410 0792 vwififlt - ok
15:16:23.0441 0792 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
15:16:23.0472 0792 vwifimp - ok
15:16:23.0504 0792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
15:16:23.0519 0792 WacomPen - ok
15:16:23.0550 0792 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
15:16:23.0613 0792 WANARP - ok
15:16:23.0644 0792 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
15:16:23.0691 0792 Wanarpv6 - ok
15:16:23.0722 0792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
15:16:23.0738 0792 Wd - ok
15:16:23.0784 0792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:16:23.0816 0792 Wdf01000 - ok
15:16:23.0862 0792 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys
15:16:23.0878 0792 wdkmd - ok
15:16:23.0925 0792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:16:23.0972 0792 WfpLwf - ok
15:16:24.0003 0792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:16:24.0018 0792 WIMMount - ok
15:16:24.0096 0792 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
15:16:24.0128 0792 WinUsb - ok
15:16:24.0159 0792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
15:16:24.0190 0792 WmiAcpi - ok
15:16:24.0252 0792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:16:24.0299 0792 ws2ifsl - ok
15:16:24.0362 0792 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
15:16:24.0393 0792 WSDPrintDevice - ok
15:16:24.0455 0792 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys
15:16:24.0486 0792 WSDScan - ok
15:16:24.0549 0792 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
15:16:24.0611 0792 WudfPf - ok
15:16:24.0658 0792 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
15:16:24.0720 0792 WUDFRd - ok
15:16:24.0752 0792 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:16:24.0923 0792 \Device\Harddisk0\DR0 - ok
15:16:24.0954 0792 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0
15:16:24.0970 0792 \Device\Harddisk0\DR0\Partition0 - ok
15:16:24.0970 0792 ============================================================
15:16:24.0970 0792 Scan finished
15:16:24.0970 0792 ============================================================
15:16:24.0970 1836 Detected object count: 0
15:16:24.0970 1836 Actual detected object count: 0

#11 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 21 March 2012 - 05:13 PM

These steps are for loner only. If you are a casual viewer, do NOT try this on your system!
If you are not loner and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!


You will want to print out or copy these instructions to Notepad for Safe offline reference!

Reminder, to not do any websurfing of any kind.
The aswMBR log tends to show a malware zero access.
In addition, your Adobe Flash Player, Firefox browser, and Java runtime our out of date (which I'll guide you to update later).
But my guess is you got the infection in your browsing online.

Step 1
Download and Save McAfee Stinger to your Desktop
http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,Kasperskey antivirus 2010.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click Posted Image and select Run as Administrator.
On XP, double-click to start it.

The GUI interface will look like this
Posted Image

The C drive is the default for scanning.
Press the Preferences button. In the top right-block "On virus detection", click Rename
In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.
When done, use the File menu and select Save report to file
Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.


Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.
It is not intended as virus protection.

Step 2
If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Close all browsers before starting. Disable your antivirus program and anti-malware,Kasperskey antivirus 2010.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light.
If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.
Note:
Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

Step 3
RE-Enable your anti-virus program.

Reply with a copy of the Stinger.txt log & C:\Combofix.txt log

Edited by Maurice Naggar, 21 March 2012 - 05:16 PM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#12 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 22 March 2012 - 08:49 AM

Stinger here:

McAfee® Labs Stinger™ Version 10.2.0.554 built on Mar 21 2012
Copyright © 2011 McAfee, Inc. All Rights Reserved.
Virus data file v1000.0000 created on Mar 21 2012.
Ready to scan for 4191 viruses, trojans and variants.

Scan initiated on Thu Mar 22 08:51:36 2012
Rootkit scan result : Not Scanned


Master Boot Record(s):....1
Possibly Infected:.............0
Boot Sector(s):.................1
Possibly Infected: ............0

Number of clean files: 21825







Combo fix here:

ComboFix 12-03-22.01 - ClydeSanders 03/22/2012 9:31.1.4 - x64
Running from: c:\users\ClydeSanders\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\LoJackNotifier.txt
c:\programdata\sh5gy611u40h
c:\programdata\x0lf03t5uw0olr
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\ClydeSanders\AppData\Local\sh5gy611u40h
c:\users\ClydeSanders\AppData\Local\xpg.exe
c:\users\ClydeSanders\AppData\Roaming\Microsoft\Windows\Templates\sh5gy611u40h
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\assembly\temp\keywords
c:\windows\system32\consrv.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\System64
.
.
((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))
.
.
2012-03-22 13:37 . 2012-03-22 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-22 06:34 . 2012-03-22 13:12 16200 ----a-w- c:\windows\stinger.sys
2012-03-22 06:33 . 2012-03-22 13:25 -------- d-----w- c:\program files (x86)\stinger
2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\users\ClydeSanders\AppData\Roaming\Malwarebytes
2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 16:15 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-21 15:15 . 2012-03-21 15:15 -------- d-----w- c:\program files (x86)\ERUNT
2012-03-20 20:29 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\MpEngineStore
2012-03-07 19:43 . 2012-03-07 19:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 19:41 . 2012-03-07 19:41 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-28 18:24 . 2011-12-28 18:24 2 --shatr- c:\windows\winstart.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]
"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 4832056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 odeeuygl;odeeuygl;c:\windows\system32\drivers\odeeuygl.sys [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 dump_wmimmc;dump_wmimmc;f:\clyde sanders files\Games\online games\Pangya\GameGuard\dump_wmimmc.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2010-11-08 21:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2010-11-08 21:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"combofix"="c:\combofix\CF763.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
smwdm
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10
FF - ProfilePath - c:\users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - c:\users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-gWLwiaDlyb.exe - c:\programdata\gWLwiaDlyb.exe
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
.
**************************************************************************
.
Completion time: 2012-03-22 09:44:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-22 13:44
.
Pre-Run: 424,249,344,000 bytes free
Post-Run: 424,774,270,976 bytes free
.
- - End Of File - - 0C7BEA2CDF1E9B00BFE84F3FA4997111

#13 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 March 2012 - 10:19 AM

Let's have you do some really needed updates:

1) Start your Kaspersky suite program. Do an update run & get it all up-to-date.

2) Posted Image
Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.


3) Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<


Close all browsers and instant messenger (IM) programs.
Run the uninstaller.

Go to http://www.adobe.com/go/getflash
and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!


Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
http://support.microsoft.com/kb/827218

4) Start your Firefox browser. Select Help, then About.
If an update is found, you will be prompted. Apply the update and allow a restart of Firefox, then Exit the browser.

5) Temporarily turn off your Kaspersky anti-virus
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do not turn off the firewall.

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.
Using Internet Explorer browser only, go to
http://www.f-secure....ee-online-tools

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.
Follow the directions in the F-Secure page for proper Installation.
Click the checkbox to accept the terms and press Run Check

You may receive an alert on the address bar at this point to install the ActiveX control.
Click on that alert and then click "Install ActiveX component".
Read the license agreement and click "Accept".
Click "Custom Scan" and be sure the following are checked:
  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics
When the scan completes, click the "I want to decide item by item" button.
For each item found, Select "Disinfect" and click "Next".
When done, click the "Show Report" button, then copy and paste the entire report into your next reply

6) Re-enable your anti-virus program.

Confirm that you have done the updates (from above), and, tell me, How i your system now?
and copy & paste the contents of the F-Secure report
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#14 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 22 March 2012 - 12:21 PM

Can't find the 64-bit version of the java download on http://www.java.com/.../manual.jsp#win

should i just use the offline version of what they have up? If not how do I get to the 64 bit version

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 22 March 2012 - 04:40 PM

Take a slow, careful look at the page. The Windows 64-bit is listed just below the one for 32-bit.
Make sure you are looking at the Windows section. It's all in front of you.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 23 March 2012 - 12:09 AM

Scanning Report

Friday, March 23, 2012 20:56:15 - 01:02:30

Computer name: CLYDESANDERS-PC
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\

12 malware found

TrackingCookie.Questionmarket (spyware)
  • System (Disinfected)
TrackingCookie.2o7 (spyware)
  • System (Disinfected)
TrackingCookie.Advertising (spyware)
  • System (Disinfected)
TrackingCookie.Atdmt (spyware)
  • System (Disinfected)
TrackingCookie.Doubleclick (spyware)
  • System (Disinfected)
TrackingCookie.Revsci (spyware)
  • System (Disinfected)
TrackingCookie.Fastclick (spyware)
  • System (Disinfected)
TrackingCookie.Adbrite (spyware)
  • System (Disinfected)
TrackingCookie.Webtrends (spyware)
  • System (Disinfected)
TrackingCookie.Mediaplex (spyware)
  • System (Disinfected)
TrackingCookie.Atwola (spyware)
  • System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
  • System (Disinfected)
Statistics

Scanned:
  • Files: 299686
  • System: 5699
  • Not scanned: 216
Actions:
  • Disinfected: 12
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0
Files not scanned:
  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSWOW64\LOG.TXT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
  • C:\USERS\CLYDESANDERS\NTUSER.DAT
  • C:\USERS\CLYDESANDERS\NTUSER.DAT.LOG1
  • C:\USERS\CLYDESANDERS\NTUSER.DAT.LOG2
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy I and II - Dawn of Souls.zip\Final Fantasy I & II - Dawn of Souls.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy IV Advance.zip\2279 - Final Fantasy 4 Advance (U).gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy Tactics Advance.zip\FFTA.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy Tactics Advance.zip\Final Fantasy I and II - Dawn of Souls.zip\Final Fantasy I & II - Dawn of Souls.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Legend of Zelda - The Minish Cap, The.zip\Minish cap.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\MegaMan Battle Network 6 - Cybeast Falzar.zip\2428 - MegaMan Battle Network 6 - Cybeast Falzar (E)(Rising Sun).gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\MegaMan Battle Network 6 - Cybeast Gregar.rar\MMBN6 Grega.gba
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF5063AC45362FA071.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF53B42819FB6B0560.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF5B692D36C647A832.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF9C3A657ECE30D72C.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFC3E8B09403860077.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFCA0ED874315C8B73.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFDB796D7CECC85286.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFE58254B0334D6D61.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFF4000A443855808B.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFFC65D086BDCF4893.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\HSPERFDATA_CLYDESANDERS\2332
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\HSPERFDATA_CLYDESANDERS\4964
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\RECOVERYSTORE.{6D407A5F-747F-11E1-9614-88AE1D53A027}.DAT
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\{6D407A60-747F-11E1-9614-88AE1D53A027}.DAT
  • C:\SYSTEM VOLUME INFORMATION\ISWIFT3.DAT
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
  • C:\SYSTEM VOLUME INFORMATION\{0E15E0A7-69FB-11E1-9EB8-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{1150031B-634F-11E1-8621-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{59754B11-60F3-11E1-A912-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{59754B48-60F3-11E1-A912-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{5C1C31CF-73E8-11E1-97E8-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{8777266D-727E-11E1-96DF-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A0E00049-747A-11E1-9614-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{B7065B7A-7370-11E1-BA30-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{C0069E8F-6C56-11E1-BA80-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{E473E118-6680-11E1-A5A7-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0120C722915B0A40C8B0829739535948_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0147C46973824CC3688A881F10B9A75D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B8A385D7A1C220E4E2D3085F4A6035_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\077155BCD49F2B5AD9EE0CD16299F410_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08A9D2B3ED1E8481AD86356731CD5BEF_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CFCA56CD4C50EEFAF88059473F9DB76_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2EE0B64A71D3DE1EECC6D70EAEE156_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10E7F822D3D810DE42FB12E36F216C16_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1733A217D7B9B3AED64728C3CD09943B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17801B1DD157D2D8BFEE433C2C6B53D4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1865536216E6763EE547F64ECE0F2DFA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B30403299BC211E65CADD2A1C314764_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D9B84D6BD419340B836BEE8F3EC9A0D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21E50035340B9C79C2723B0B68075289_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A68BCB8ECA230A616C32F56CE78C8E2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CC68D3C7FD853B5EB1CFCCC86AF26D5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CFC15EFEAE8C7386276EEFAD0F5BF3E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D68D0AAFF8EE018C54425F709EFF966_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF9537918BF3238F18AA33DA27C9C6C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F2413DCD557B6C58E0891EBBE71C0C8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\322935E150BAA1DD5DF8D93E3A072AEC_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34D003D15A8103F7532E4AED166A7757_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3737B010C25191A1C139FE046C5797B2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E573F5761511F002BDCB785F3D7D418_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40BAF4706C62D0B5453617E3F9E0DF36_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42711FE5A5D590DA19584F3D60FD51F8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43E9300AA5E9C7BBB8EF5247115DA5ED_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\454D0D90028448B991AA6CE101E2847E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\455C6CA9130831FE8FA7DD72396033DD_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C6DC397AF9D0068CC2E72C572EFEECE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A71D7C7FA32E5528B31B376D8ECFEB8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CB1C56725C8EC0166282D58B85D7957_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50DAB54054053FA942B34CDF6B26C755_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\516D39B5620F801AE475BE72AC4245F5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\522525B46DB8F6BFC3E00CA95354A805_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\535EEA2C7D693EAA7CD01E2C1AB91453_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D6C2C93FBF10E67692B94661399434_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53F79171025D01EC07F62A61D2E4F32A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\545588339FA8623275D1DD8556621F7A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54C725882630A8A737DF47D4F92607E9_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56D07C6E4DD7EAA37786507AD9E736A5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58533418637DC9D169D46F1232AC3E1B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C0B07933DE33E7CADBC04C5F793EBD7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E6124E20F02C061432D36629887886C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FBEDDCD8E346B75E04CFA68927A2BB7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62A04B96C20152405777E80697E690A1_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BDDDCBE3579CD603E47B9AC7AC6816_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A166F96BC69F23BDED6F1DA2F7473AE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C2D44FB3DF1F29FBD326033E01927A3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C504E03555450A2F6FFCA95A034715C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E6B83F1FC7872D0994541BEC2C20331_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FACCFDA3139CA8693ECAA48B73F290C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FF6DCD886AA0423ACC9B152FD55313A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72E824D0C3AEFB152BE279A798A3A7B1_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71C741FC77871ACD2E4E979F6614DE48_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74A8C9AA74AB5B9B2A83CF94A5398E87_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7524FA94507545CC0243AF3D77FFA31A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76145BC18D43947999D9A09F60F20D06_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76EA54C8387AB197BD10014BFDCD0F37_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78D2B5C0725998B767E9D6AAE798D257_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A04EFB1C5E4700E7C81AD621A03CB7C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A8D7BD471DB486CE3E335F6F82D0618_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E853FD5EFF7DA4C00EF6525B67A6F4A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EA40C4D1D439DD9004634D8745410BA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FC126E03EC994A705F67E60824FCFB0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82A190DB9819A15B3ADA959146DD9E95_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8573871771868B1D456C2A0B3598D76C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8824E4707E1159DD3B0C4272B910388E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89A77402AA26EE471E4554C388AD9D73_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AC62196776377093B41DA39C96BA0C3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AC9BA0BF7ADDF8A5DED9FC181FE16FE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D99955D9E0FA2F96FB97A9845E9E2DC_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EA55D1D608C5B821A1E61D2B796B37E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F271D190527E3C69DEC8C81A580EE7B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F335E19078FB21C0D77F31DAA8FADAB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9199597B987A46F4E6293D83FFD9ADE6_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C056C95C44BCC8408859E4B4C02BDB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EA3D6CC2EF08656400244E7B7CC897_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93BA3C69907DFE3338AEC4BD23135C7A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EEB5ED586969357D670A7BAB229E0B9_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FEE334A0C829F63134B6C5C2592168A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A07754BE28A9C1BE693FB201563F1838_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A19D5328C85479BC364CCD9C515F12D8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A59775E7B1E94D33EAE124F007CBF28E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7544C945CA49319EC6935D8415E22AB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8147270E6BAB825277580027AB3B73D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A92CC313F01A63EA281585BA0F646627_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAF1D2E55D506F470CD76B465AEF2168_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACD0305A43FFEE6861ECAF4C5FA2909D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD236CC13CEEF27C0410D6A004A87D35_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF542077D7009F4382FC41F3EC2B2A9E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4A7EDFE0A1107172F904116C3896CAB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4B42E80AD205293762A23CDDA9AD339_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B655A0CFE46F76882855D32304FD9390_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA21F05E0A44CDD9C2FA42865FA64E37_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA4C2B5484BFBED7E53C758F608DF891_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA786C7CCEF0AC9998D6F56322E3905A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7FF01BF617ED95E72FD51F52B800F2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7B9AF5549BBAC1F621FC290499AAB4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF004E9BC24AE8D8435BB503854933DB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF8B78BC58D853ECF9FEA509F8928900_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C03F7B2FB6F6CA1590E144ACD05B64FB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0651F927A325AA983855118F0306569_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D9F92B3A435708DC3D5777C339F766_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6029B6BF43F95A6AF9DFE4761F68BFA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8DE100A3D78C8BF249E2FDC5FDE776B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C907F5025A1C60B8CC0BB0475796A0D3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB3065860852A2353D6BC38A8848AAA0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF2B1505323141DB9432ECAEF0B8B2C3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3FC9CB855E32A5DAE87D93BFCE7124C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6514EDC2CA5EBD09C7B73A22FEFA5A3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D689B3A88FD13997B83A396CDAA487E7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6E5507486E63E23F79CFF611F13E396_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D712FCFA4B40093E8B749799CF56545B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF2D90FCBD622E63C90C458E1CF4B6B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC4057990ECCEE973DC821C58038B854_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD093336A4376CDFD2094270582404CB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD76EC887418DF108CBFF40F05BDFF5C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E27AE525EA7B2BD839C3DCBF22FBBF4F_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3F5543E61FA7D41C50F0055CF23C386_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DDABDD752611856DDE0D83A5990921F2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8FF6F101704F1D3AE5A73BD272C2F5C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E40EF4A5DA88C4F3E1525F98466980D0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB16C6D441CE0614998C3A4A5453C425_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB3EF2B51490C8BF844197AC07C7C79E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC3C52F13C43B6FE038A4A07BD7B4810_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F41733F23886A8CB15CBCA2A9630B986_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4CCFA5E4C34E02C969E32CBBECE6F56_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6ACF7165306E5EC9664E258AAFA35D5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F80B81388BFFFCE909AA2F7C018CC1F8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F82A07123055D731F601595B0BF577E5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8EA7A66B8823D88655B9C5B9FF3D907_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9E8F198746934334C663C105E0772A4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FAB867BAD1B2A90DB96265DE06EC6785_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE548D76F068CF9FEE3B4404B796872B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFE46099E9D8B7AA56CBCEEC7BE59A78_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\KASPERSKY LAB\AVP9\BASES\CACHE\AVDE4.TMP
Options

Scanning engines: Scanning options:
  • Scan all files
  • Scan inside archives
  • Use advanced heuristics
Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.







I noticed its taking longer because I did also have to a system before when I shutdown the first time and redid the steps but I other than the speed issue, I think I am alright


Thank you very much

#17 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 23 March 2012 - 07:19 AM

I am noticing that I am also getting the url directed links when I go on google still.

#18 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 23 March 2012 - 10:58 AM

The F-Secure scan removed some tracking cookies. Let's do a few more follow-up steps & a different online scan.

Download OTL by OldTimer & SAVE to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Close and save any open work documents you have running. Do not start any other programs. Let these next tools run un-interrupted.

Step 2
  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3
Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:
1) Download and SAVE the zip file to a temporary folder
2) Unzip (extract the contents) in the same folder
3) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides
typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________
¦ +---+¦
¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦
¦ +---+¦
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Previous version saved and renamed to HOSTS.MVP
Press any key to continue . . .


Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts
The latter is the same folder that had mvps.bat

Step 4
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:
{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}
  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology

    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad or Wordpad.

The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://www.eset.com/...c4.php?page=faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log, and
tell me, How is your system now :excl:
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#19 loner

loner

    New Member

  • Members
  • Pip
  • 25 posts

Posted 23 March 2012 - 07:59 PM

========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: ClydeSanders
->Flash cache emptied: 228482 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 03232012_193642


















C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan
C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan
Operating memory a variant of Win32/Sirefef.DN trojan










What is next if I don't think the scanner deleted the files, (I think it just showed the different files.) because the pop up tabs to random sites are still occuring.

#20 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 24 March 2012 - 10:44 AM

Those 3 files in the list are already in quarantine & are not active.
Provide more details as to the how & when of the "pop up tabs".
Were you browsing or searching?
If so, what browser were you using? (Internet Explorer, or Chrome, or Firefox, or which ?? )
Where were you browsing?
What are some of the Titles in the popups ?

I'd like for you to do 2 separate scans:
1) With your Kaspersky AV 2010
Start Kaspersky antivirus. Do an update run. Do a full system scan.
Provide details in next reply.

2) Temporarily turn off Kaspersky anti-virus.
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

3) After MBAM has finished, turn ON your Kaspersky antivirus.

4) Provide answers to my earlier questions,
details on the Kaspersky scan,
and copy & Paste the latest MBAM scan log
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users