TrojanC-05 Continual Crash Poweroff

**ASB2012** · 2012-03-16, 03:01

Hello:
Unfortunately I didn’t see this forum until I’d already tried many ‘fixes’ but I hope you can help.

My laptop continually powers off unless running in safemode.
I began having a problem around 3-12-13 or 3-13-12.
All programs were slow. Shortcuts didn’t work. Anything took forever or would hang.
Don’t know what I had done to cause this. Somewhere during that time I updated the firmware for the netgear wireless router. Unfortunately, I updated this firmware on wireless network before realizing I wasn’t supposed to do that.
I Ran Spybot Search Destroy and it found the TrojanC-05. I selected “Fix Problem”. Seemed to be okay but it must have reinstalled itself. I repeated this.
My laptop worked for a couple hours and then the power cut off.
Now I can only work in safemode. Kaspersky Pure didn’t catch this and it won’t even run in safemode.
My laptop continually powers off when I try to start in anything but safemode. I have tried “Last known Good Configuration”, I have tried CHKDSK and FSUTIL repair. During System Restore, the laptop cut off again so I now do not have any good restore points.
Unfortunately, I downloaded RegCure and it “fixed” 400+ problems and when I called the 888# they said I had over 4000 issues that had been on my laptop since the harddrive was replaced in June/July 2011. However I did not have any issues until a few days ago. I have, I hope, uninstalled this program.
I also ran Malware Bytes which found nothing.
I also today reinstalled and ran Everest Ultimate Edition and it did not identify the battery, even though my desktop shows the battery at 100%.
Since I can only keep the laptop powered on while in safemode, the Kaspersky is not running.
I have also unchecked the ‘resident’ box on the advanced mode of Spybot.
I have already downloaded and ran the ERUNT program.
I have run HiJackThis but am only attaching the two files you requested to start.
Thank You for your assistance.
Attachment 9294

Attachment 9295
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
Run by Alicia at 21:35:14 on 2012-03-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.3077 [GMT -4:00]
.
AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.rr.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
mURLSearchHooks: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll
TB: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Add animation to IncrediMail Style Box - C:\Program Files (x86)\IncrediMail\bin\resources\WebMenuImg.htm
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0FD623B8-6E10-4691-BBF5-6B880E1B5D27} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DFEA21E9-D44E-4173-AEA8-3F2DC743771F} : DhcpNameServer = 192.168.1.1
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File
BHO-X64: IEGBH0 - No File
BHO-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
BHO-X64: IncrediMail MediaBar 2 - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll
BHO-X64: TMIEGBHO - No File
TB-X64: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbIncr.dll
TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe"
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alicia\AppData\Roaming\Mozilla\Firefox\Profiles\cecfzcl8.default\
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - www.rr.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?]
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992]
S2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2011-11-25 439632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-6-22 1153368]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-7-20 245760]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-25 136176]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-9-17 89920]
.
=============== Created Last 30 ================
.
2012-03-16 00:04:54 -------- d-----w- C:\Windows\System32\wbem\Logs
2012-03-15 22:20:37 -------- d-----w- C:\Users\Alicia\AppData\Local\LogMeIn Rescue Applet
2012-03-15 22:00:26 -------- d-----w- C:\Users\Alicia\AppData\Roaming\ParetoLogic
2012-03-15 22:00:26 -------- d-----w- C:\Users\Alicia\AppData\Roaming\DriverCure
2012-03-15 22:00:19 -------- d-----w- C:\ProgramData\ParetoLogic
2012-03-15 21:49:19 -------- d-----w- C:\Users\Alicia\AppData\Local\ElevatedDiagnostics
2012-03-15 21:35:14 -------- d-----w- C:\ProgramData\SecTaskMan
2012-03-15 21:35:10 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-03-15 21:24:15 -------- d-----w- C:\Program Files (x86)\Lavalys
2012-03-15 17:51:27 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{021FF130-6110-42C7-9D4A-0085D3C20119}\mpengine.dll
2012-03-15 00:55:32 708096 ----a-w- C:\Windows\System32\rdpencom.dll
2012-03-15 00:55:32 613376 ----a-w- C:\Windows\SysWow64\rdpencom.dll
2012-03-15 00:55:32 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 21:18:51 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-03-14 21:12:57 27424 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-03-14 21:11:34 -------- d-----w- C:\Program Files\HitmanPro
2012-03-14 21:11:30 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-12 19:46:15 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2012-03-12 19:46:15 225280 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-02-25 01:53:24 -------- d-----w- C:\Windows\Twain32
2012-02-24 20:33:37 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-02-24 19:19:03 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-21 00:27:38 53248 ----a-r- C:\Users\Alicia\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
2012-02-21 00:26:33 -------- d-----w- C:\Users\Alicia\AppData\Roaming\Avery
.
==================== Find3M ====================
.
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-02 15:34:25 2765824 ----a-w- C:\Windows\System32\win32k.sys
2012-01-03 14:25:21 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 21:35:35.99 ===============

**diver79** · 2012-03-18, 21:52

Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.

The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

Originally Posted by diver79

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
How do I backup my files and folders in XP?
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.

**diver79** · 2012-03-18, 22:18

Hi ASB2012,

There are no indications of infection in the logs so far. Lets run a few more scans and see what we find. If possible try to run the scans in normal mode, if this is not possible proceed to safe mode.

Can you confirm that the laptop never powers off while in Safe Mode?

aswMBR Scan
Please download aswMBR and save it to your Desktop.

Right click aswMBR.exe & choose "Run as Administrator" to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.

TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.

Right click on TDSSKiller.exe and select Run as Administrator to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT

**ASB2012** · 2012-03-19, 03:33

Thanks. I just saw your reply. Am downloading recommended items now and will reply with post as soon as they're done.
And No, the laptop does not ever powerout when in safe mode.

**ASB2012** · 2012-03-19, 04:38

I was unable to attach the asw file. Nothing worked when I tried to browse to locate it. Also it wouldn't let me type in the file name. So, I have to copy and paste the the entire asw text file here. the TDSS file follows. Thanks for your assistance. I'll look forward to your reply, at your convenience.
While I'm thinking of it, if there are no infections, why did spybot detect the TrojanC-05 at about the same time my laptop started it's slowness, hanging and shutoff.
I'm due to receive a new battery and charger tomorrow I hope, though I will check back to this forum before letting the laptop charge the new battery.
I know you are inundated with requests. Thanks Again for your help.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-18 22:47:14
-----------------------------
22:47:14.084 OS Version: Windows x64 6.0.6002 Service Pack 2
22:47:14.084 Number of processors: 2 586 0x170A
22:47:14.084 ComputerName: MOUNTAINFLOWER UserName: Alicia
22:47:14.942 Initialize success
22:47:18.733 AVAST engine defs: 12031700
22:47:29.434 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
22:47:29.434 Disk 0 Vendor: WDC_WD3200BEKT-00PVMT0 01.01A01 Size: 305245MB BusType: 3
22:47:29.466 Disk 0 MBR read successfully
22:47:29.466 Disk 0 MBR scan
22:47:29.466 Disk 0 Windows VISTA default MBR code
22:47:29.481 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305243 MB offset 2048
22:47:29.512 Disk 0 scanning C:\Windows\system32\drivers
22:47:41.150 Service scanning
22:48:00.931 Modules scanning
22:48:00.931 Disk 0 trace - called modules:
22:48:00.978 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:48:00.978 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004df2060]
22:48:00.978 3 CLASSPNP.SYS[fffffa6000dc7c33] -> nt!IofCallDriver -> [0xfffffa8004b91520]
22:48:01.492 5 acpi.sys[fffffa60008fbfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8004b9b060]
22:48:02.709 AVAST engine scan C:\Windows
22:48:09.994 AVAST engine scan C:\Windows\system32
22:52:11.626 AVAST engine scan C:\Windows\system32\drivers
22:52:24.582 AVAST engine scan C:\Users\Alicia
23:02:11.602 AVAST engine scan C:\ProgramData
23:10:50.177 Scan finished successfully
23:11:15.184 Disk 0 MBR has been saved successfully to "C:\Users\Alicia\Desktop\MBR.dat"
23:11:15.200 The log file has been saved successfully to "C:\Users\Alicia\Desktop\aswMBR.txt"

23:13:04.0196 1660 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
23:13:04.0508 1660 ============================================================
23:13:04.0508 1660 Current date / time: 2012/03/18 23:13:04.0508
23:13:04.0508 1660 SystemInfo:
23:13:04.0508 1660
23:13:04.0508 1660 OS Version: 6.0.6002 ServicePack: 2.0
23:13:04.0508 1660 Product type: Workstation
23:13:04.0508 1660 ComputerName: MOUNTAINFLOWER
23:13:04.0508 1660 UserName: Alicia
23:13:04.0508 1660 Windows directory: C:\Windows
23:13:04.0508 1660 System windows directory: C:\Windows
23:13:04.0508 1660 Running under WOW64
23:13:04.0508 1660 Processor architecture: Intel x64
23:13:04.0508 1660 Number of processors: 2
23:13:04.0508 1660 Page size: 0x1000
23:13:04.0508 1660 Boot type: Safe boot with network
23:13:04.0508 1660 ============================================================
23:13:05.0522 1660 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:13:05.0522 1660 \Device\Harddisk0\DR0:
23:13:05.0538 1660 MBR used
23:13:05.0538 1660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
23:13:05.0569 1660 Initialize success
23:13:05.0569 1660 ============================================================
23:13:08.0346 1908 ============================================================
23:13:08.0346 1908 Scan started
23:13:08.0346 1908 Mode: Manual;
23:13:08.0346 1908 ============================================================
23:13:09.0110 1908 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
23:13:09.0110 1908 ACPI - ok
23:13:09.0141 1908 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
23:13:09.0157 1908 adp94xx - ok
23:13:09.0173 1908 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
23:13:09.0173 1908 adpahci - ok
23:13:09.0204 1908 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
23:13:09.0204 1908 adpu160m - ok
23:13:09.0219 1908 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
23:13:09.0219 1908 adpu320 - ok
23:13:09.0282 1908 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
23:13:09.0282 1908 AFD - ok
23:13:09.0329 1908 AgereSoftModem (e59bc94c0fc336f2f6a07a7e16441c48) C:\Windows\system32\DRIVERS\agrsm64.sys
23:13:09.0344 1908 AgereSoftModem - ok
23:13:09.0360 1908 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
23:13:09.0360 1908 agp440 - ok
23:13:09.0375 1908 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
23:13:09.0375 1908 aic78xx - ok
23:13:09.0391 1908 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
23:13:09.0391 1908 aliide - ok
23:13:09.0407 1908 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
23:13:09.0407 1908 amdide - ok
23:13:09.0422 1908 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
23:13:09.0422 1908 AmdK8 - ok
23:13:09.0453 1908 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
23:13:09.0453 1908 arc - ok
23:13:09.0469 1908 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
23:13:09.0469 1908 arcsas - ok
23:13:09.0500 1908 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:09.0500 1908 AsyncMac - ok
23:13:09.0563 1908 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
23:13:09.0563 1908 atapi - ok
23:13:09.0812 1908 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
23:13:09.0812 1908 blbdrive - ok
23:13:09.0843 1908 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
23:13:09.0843 1908 bowser - ok
23:13:09.0859 1908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
23:13:09.0859 1908 BrFiltLo - ok
23:13:09.0890 1908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
23:13:09.0890 1908 BrFiltUp - ok
23:13:09.0937 1908 BrSerIb (6df544e72ff139e8fbbba6d0e569bea5) C:\Windows\system32\DRIVERS\BrSerIb.sys
23:13:09.0937 1908 BrSerIb - ok
23:13:09.0953 1908 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
23:13:09.0953 1908 Brserid - ok
23:13:09.0984 1908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
23:13:09.0984 1908 BrSerWdm - ok
23:13:09.0999 1908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
23:13:09.0999 1908 BrUsbMdm - ok
23:13:09.0999 1908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
23:13:10.0015 1908 BrUsbSer - ok
23:13:10.0015 1908 BrUsbSIb (80082ad46578f0d3270d2e56d6433082) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
23:13:10.0015 1908 BrUsbSIb - ok
23:13:10.0046 1908 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
23:13:10.0046 1908 BTHMODEM - ok
23:13:10.0077 1908 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
23:13:10.0093 1908 cdfs - ok
23:13:10.0109 1908 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
23:13:10.0109 1908 cdrom - ok
23:13:10.0155 1908 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
23:13:10.0155 1908 circlass - ok
23:13:10.0202 1908 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
23:13:10.0202 1908 CLFS - ok
23:13:10.0249 1908 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
23:13:10.0249 1908 CmBatt - ok
23:13:10.0280 1908 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
23:13:10.0280 1908 cmdide - ok
23:13:10.0280 1908 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
23:13:10.0280 1908 Compbatt - ok
23:13:10.0296 1908 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
23:13:10.0296 1908 crcdisk - ok
23:13:10.0358 1908 CSCrySec (ab1201f8de199e764da9a32abf71049c) C:\Windows\system32\DRIVERS\CSCrySec.sys
23:13:10.0358 1908 CSCrySec - ok
23:13:10.0374 1908 CSVirtualDiskDrv (a6eed705bb510fa6b0f9f097165a3395) C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys
23:13:10.0374 1908 CSVirtualDiskDrv - ok
23:13:10.0389 1908 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
23:13:10.0389 1908 DfsC - ok
23:13:10.0421 1908 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
23:13:10.0421 1908 disk - ok
23:13:10.0452 1908 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
23:13:10.0452 1908 drmkaud - ok
23:13:10.0514 1908 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
23:13:10.0530 1908 DXGKrnl - ok
23:13:10.0577 1908 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
23:13:10.0577 1908 E1G60 - ok
23:13:10.0623 1908 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
23:13:10.0623 1908 Ecache - ok
23:13:10.0670 1908 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
23:13:10.0670 1908 elxstor - ok
23:13:10.0701 1908 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
23:13:10.0701 1908 ErrDev - ok
23:13:10.0764 1908 EverestDriver - ok
23:13:10.0795 1908 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
23:13:10.0811 1908 exfat - ok
23:13:10.0826 1908 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
23:13:10.0826 1908 fastfat - ok
23:13:10.0842 1908 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
23:13:10.0842 1908 fdc - ok
23:13:10.0889 1908 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
23:13:10.0889 1908 FileInfo - ok
23:13:10.0904 1908 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
23:13:10.0904 1908 Filetrace - ok
23:13:10.0935 1908 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:13:10.0935 1908 flpydisk - ok
23:13:10.0951 1908 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
23:13:10.0951 1908 FltMgr - ok
23:13:10.0998 1908 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
23:13:10.0998 1908 Fs_Rec - ok
23:13:11.0013 1908 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
23:13:11.0029 1908 gagp30kx - ok
23:13:11.0060 1908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:13:11.0060 1908 GEARAspiWDM - ok
23:13:11.0138 1908 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
23:13:11.0138 1908 HdAudAddService - ok
23:13:11.0201 1908 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:13:11.0216 1908 HDAudBus - ok
23:13:11.0247 1908 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
23:13:11.0263 1908 HidBth - ok
23:13:11.0279 1908 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
23:13:11.0279 1908 HidIr - ok
23:13:11.0325 1908 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
23:13:11.0325 1908 HidUsb - ok
23:13:11.0357 1908 hitmanpro35 (8ab06ddaf6fe854db1e28f7c0ab1fce3) C:\Windows\system32\drivers\hitmanpro36.sys
23:13:11.0357 1908 hitmanpro35 - ok
23:13:11.0388 1908 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
23:13:11.0388 1908 HpCISSs - ok
23:13:11.0450 1908 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
23:13:11.0450 1908 HTTP - ok
23:13:11.0481 1908 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
23:13:11.0497 1908 i2omp - ok
23:13:11.0513 1908 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
23:13:11.0513 1908 i8042prt - ok
23:13:11.0544 1908 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
23:13:11.0544 1908 iaStorV - ok
23:13:11.0684 1908 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:13:11.0793 1908 igfx - ok
23:13:11.0825 1908 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
23:13:11.0825 1908 iirsp - ok
23:13:11.0887 1908 IntcAzAudAddService (ce57d1a91272a35989837b868c8366df) C:\Windows\system32\drivers\RTKVHD64.sys
23:13:11.0918 1908 IntcAzAudAddService - ok
23:13:11.0949 1908 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
23:13:11.0949 1908 intelide - ok
23:13:11.0981 1908 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
23:13:11.0981 1908 intelppm - ok
23:13:12.0027 1908 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:12.0027 1908 IpFilterDriver - ok
23:13:12.0043 1908 IpInIp - ok
23:13:12.0074 1908 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
23:13:12.0074 1908 IPMIDRV - ok
23:13:12.0105 1908 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
23:13:12.0105 1908 IPNAT - ok
23:13:12.0121 1908 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
23:13:12.0121 1908 IRENUM - ok
23:13:12.0152 1908 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
23:13:12.0152 1908 isapnp - ok
23:13:12.0183 1908 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
23:13:12.0199 1908 iScsiPrt - ok
23:13:12.0215 1908 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
23:13:12.0215 1908 iteatapi - ok
23:13:12.0230 1908 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
23:13:12.0230 1908 iteraid - ok
23:13:12.0261 1908 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
23:13:12.0261 1908 kbdclass - ok
23:13:12.0293 1908 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:13:12.0293 1908 kbdhid - ok
23:13:12.0371 1908 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
23:13:12.0371 1908 kl1 - ok
23:13:12.0386 1908 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\Windows\system32\DRIVERS\klbg.sys
23:13:12.0386 1908 KLBG - ok
23:13:12.0449 1908 KLIF (34d49307217b20e5a845b7db50cdd4fa) C:\Windows\system32\DRIVERS\klif.sys
23:13:12.0449 1908 KLIF - ok
23:13:12.0464 1908 KLIM6 (630f22545379437737cf4172f09fe449) C:\Windows\system32\DRIVERS\klim6.sys
23:13:12.0464 1908 KLIM6 - ok
23:13:12.0511 1908 klmouflt (786791291939abb11f6d0f040da23912) C:\Windows\system32\DRIVERS\klmouflt.sys
23:13:12.0511 1908 klmouflt - ok
23:13:12.0573 1908 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
23:13:12.0573 1908 KSecDD - ok
23:13:12.0605 1908 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
23:13:12.0605 1908 ksthunk - ok
23:13:12.0636 1908 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
23:13:12.0636 1908 lltdio - ok
23:13:12.0683 1908 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
23:13:12.0683 1908 LSI_FC - ok
23:13:12.0714 1908 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
23:13:12.0714 1908 LSI_SAS - ok
23:13:12.0745 1908 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
23:13:12.0745 1908 LSI_SCSI - ok
23:13:12.0776 1908 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
23:13:12.0776 1908 luafv - ok
23:13:12.0792 1908 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
23:13:12.0792 1908 megasas - ok
23:13:12.0823 1908 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
23:13:12.0823 1908 MegaSR - ok
23:13:12.0839 1908 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
23:13:12.0839 1908 Modem - ok
23:13:12.0854 1908 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
23:13:12.0854 1908 monitor - ok
23:13:12.0870 1908 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
23:13:12.0870 1908 mouclass - ok
23:13:12.0885 1908 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
23:13:12.0885 1908 mouhid - ok
23:13:12.0901 1908 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
23:13:12.0901 1908 MountMgr - ok
23:13:12.0932 1908 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
23:13:12.0932 1908 mpio - ok
23:13:12.0963 1908 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
23:13:12.0963 1908 mpsdrv - ok
23:13:13.0010 1908 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
23:13:13.0010 1908 Mraid35x - ok
23:13:13.0041 1908 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
23:13:13.0041 1908 MRxDAV - ok
23:13:13.0073 1908 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:13.0073 1908 mrxsmb - ok
23:13:13.0088 1908 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:13.0104 1908 mrxsmb10 - ok
23:13:13.0104 1908 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:13.0104 1908 mrxsmb20 - ok
23:13:13.0135 1908 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
23:13:13.0135 1908 msahci - ok
23:13:13.0166 1908 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
23:13:13.0166 1908 msdsm - ok
23:13:13.0213 1908 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
23:13:13.0213 1908 Msfs - ok
23:13:13.0229 1908 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
23:13:13.0229 1908 msisadrv - ok
23:13:13.0260 1908 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
23:13:13.0260 1908 MSKSSRV - ok
23:13:13.0275 1908 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:13.0275 1908 MSPCLOCK - ok
23:13:13.0291 1908 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
23:13:13.0291 1908 MSPQM - ok
23:13:13.0338 1908 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
23:13:13.0338 1908 MsRPC - ok
23:13:13.0369 1908 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
23:13:13.0369 1908 mssmbios - ok
23:13:13.0400 1908 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
23:13:13.0400 1908 MSTEE - ok
23:13:13.0431 1908 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
23:13:13.0431 1908 Mup - ok
23:13:13.0494 1908 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
23:13:13.0494 1908 NativeWifiP - ok
23:13:13.0525 1908 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
23:13:13.0541 1908 NDIS - ok
23:13:13.0556 1908 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:13.0556 1908 NdisTapi - ok
23:13:13.0572 1908 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:13.0572 1908 Ndisuio - ok
23:13:13.0587 1908 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:13.0587 1908 NdisWan - ok
23:13:13.0603 1908 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
23:13:13.0603 1908 NDProxy - ok
23:13:13.0619 1908 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
23:13:13.0619 1908 NetBIOS - ok
23:13:13.0650 1908 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
23:13:13.0650 1908 netbt - ok
23:13:13.0790 1908 NETw5v64 (263796d4f50df61c0c7ca86f746b5767) C:\Windows\system32\DRIVERS\NETw5v64.sys
23:13:13.0884 1908 NETw5v64 - ok
23:13:13.0915 1908 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
23:13:13.0915 1908 nfrd960 - ok
23:13:13.0931 1908 NPF - ok
23:13:13.0977 1908 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
23:13:13.0977 1908 Npfs - ok
23:13:13.0993 1908 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
23:13:13.0993 1908 nsiproxy - ok
23:13:14.0055 1908 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
23:13:14.0087 1908 Ntfs - ok
23:13:14.0102 1908 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
23:13:14.0102 1908 Null - ok
23:13:14.0149 1908 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
23:13:14.0149 1908 nvraid - ok
23:13:14.0180 1908 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
23:13:14.0180 1908 nvstor - ok
23:13:14.0211 1908 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
23:13:14.0211 1908 nv_agp - ok
23:13:14.0211 1908 NwlnkFlt - ok
23:13:14.0227 1908 NwlnkFwd - ok
23:13:14.0258 1908 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
23:13:14.0258 1908 ohci1394 - ok
23:13:14.0289 1908 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
23:13:14.0289 1908 Parport - ok
23:13:14.0336 1908 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
23:13:14.0336 1908 partmgr - ok
23:13:14.0367 1908 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
23:13:14.0367 1908 pci - ok
23:13:14.0383 1908 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
23:13:14.0383 1908 pciide - ok
23:13:14.0430 1908 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
23:13:14.0430 1908 pcmcia - ok
23:13:14.0492 1908 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
23:13:14.0492 1908 PEAUTH - ok
23:13:14.0570 1908 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
23:13:14.0570 1908 PptpMiniport - ok
23:13:14.0601 1908 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
23:13:14.0601 1908 Processor - ok
23:13:14.0664 1908 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
23:13:14.0664 1908 PSched - ok
23:13:14.0711 1908 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
23:13:14.0726 1908 ql2300 - ok
23:13:14.0773 1908 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
23:13:14.0773 1908 ql40xx - ok
23:13:14.0804 1908 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
23:13:14.0804 1908 QWAVEdrv - ok
23:13:14.0820 1908 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
23:13:14.0820 1908 RasAcd - ok
23:13:14.0882 1908 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:14.0882 1908 Rasl2tp - ok
23:13:14.0929 1908 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:14.0929 1908 RasPppoe - ok
23:13:14.0929 1908 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
23:13:14.0945 1908 RasSstp - ok
23:13:14.0960 1908 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
23:13:14.0960 1908 rdbss - ok
23:13:14.0976 1908 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:14.0976 1908 RDPCDD - ok
23:13:15.0023 1908 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
23:13:15.0023 1908 rdpdr - ok
23:13:15.0023 1908 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
23:13:15.0038 1908 RDPENCDD - ok
23:13:15.0069 1908 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
23:13:15.0069 1908 RDPWD - ok
23:13:15.0101 1908 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
23:13:15.0101 1908 rspndr - ok
23:13:15.0147 1908 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\Windows\system32\Drivers\RtsUStor.sys
23:13:15.0147 1908 RSUSBSTOR - ok
23:13:15.0194 1908 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
23:13:15.0194 1908 RTL8169 - ok
23:13:15.0210 1908 RtsUIR - ok
23:13:15.0241 1908 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
23:13:15.0241 1908 sbp2port - ok
23:13:15.0288 1908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:13:15.0288 1908 secdrv - ok
23:13:15.0319 1908 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
23:13:15.0319 1908 Serenum - ok
23:13:15.0350 1908 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
23:13:15.0350 1908 Serial - ok
23:13:15.0381 1908 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
23:13:15.0381 1908 sermouse - ok
23:13:15.0397 1908 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
23:13:15.0397 1908 sffdisk - ok
23:13:15.0428 1908 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
23:13:15.0428 1908 sffp_mmc - ok
23:13:15.0444 1908 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
23:13:15.0444 1908 sffp_sd - ok
23:13:15.0459 1908 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
23:13:15.0475 1908 sfloppy - ok
23:13:15.0491 1908 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
23:13:15.0491 1908 SiSRaid2 - ok
23:13:15.0522 1908 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
23:13:15.0522 1908 SiSRaid4 - ok
23:13:15.0553 1908 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
23:13:15.0553 1908 Smb - ok
23:13:15.0600 1908 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
23:13:15.0600 1908 spldr - ok
23:13:15.0631 1908 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
23:13:15.0631 1908 srv - ok
23:13:15.0662 1908 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
23:13:15.0662 1908 srv2 - ok
23:13:15.0693 1908 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
23:13:15.0693 1908 srvnet - ok
23:13:15.0725 1908 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
23:13:15.0725 1908 StillCam - ok
23:13:15.0740 1908 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
23:13:15.0740 1908 swenum - ok
23:13:15.0787 1908 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
23:13:15.0787 1908 Symc8xx - ok
23:13:15.0803 1908 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
23:13:15.0803 1908 Sym_hi - ok
23:13:15.0818 1908 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
23:13:15.0818 1908 Sym_u3 - ok
23:13:15.0881 1908 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
23:13:15.0881 1908 SynTP - ok
23:13:15.0959 1908 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
23:13:15.0990 1908 Tcpip - ok
23:13:16.0021 1908 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
23:13:16.0021 1908 Tcpip6 - ok
23:13:16.0083 1908 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
23:13:16.0083 1908 tcpipreg - ok
23:13:16.0130 1908 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
23:13:16.0130 1908 TDPIPE - ok
23:13:16.0161 1908 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
23:13:16.0161 1908 TDTCP - ok
23:13:16.0193 1908 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
23:13:16.0193 1908 tdx - ok
23:13:16.0224 1908 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
23:13:16.0224 1908 TermDD - ok
23:13:16.0286 1908 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:13:16.0286 1908 tssecsrv - ok
23:13:16.0333 1908 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
23:13:16.0333 1908 tunmp - ok
23:13:16.0380 1908 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
23:13:16.0380 1908 tunnel - ok
23:13:16.0411 1908 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
23:13:16.0411 1908 TVALZ - ok
23:13:16.0442 1908 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
23:13:16.0442 1908 uagp35 - ok
23:13:16.0473 1908 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
23:13:16.0489 1908 udfs - ok
23:13:16.0520 1908 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
23:13:16.0520 1908 uliagpkx - ok
23:13:16.0551 1908 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
23:13:16.0551 1908 uliahci - ok
23:13:16.0567 1908 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
23:13:16.0583 1908 UlSata - ok
23:13:16.0598 1908 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
23:13:16.0614 1908 ulsata2 - ok
23:13:16.0629 1908 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
23:13:16.0629 1908 umbus - ok
23:13:16.0692 1908 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:13:16.0692 1908 USBAAPL64 - ok
23:13:16.0723 1908 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
23:13:16.0723 1908 usbccgp - ok
23:13:16.0739 1908 USBCCID - ok
23:13:16.0754 1908 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
23:13:16.0754 1908 usbcir - ok
23:13:16.0785 1908 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
23:13:16.0785 1908 usbehci - ok
23:13:16.0801 1908 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
23:13:16.0817 1908 usbhub - ok
23:13:16.0832 1908 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
23:13:16.0832 1908 usbohci - ok
23:13:16.0863 1908 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
23:13:16.0863 1908 usbprint - ok
23:13:16.0910 1908 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
23:13:16.0910 1908 usbscan - ok
23:13:16.0957 1908 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:13:16.0957 1908 USBSTOR - ok
23:13:16.0973 1908 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
23:13:16.0973 1908 usbuhci - ok
23:13:17.0004 1908 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
23:13:17.0004 1908 usbvideo - ok
23:13:17.0051 1908 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
23:13:17.0051 1908 vga - ok
23:13:17.0082 1908 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
23:13:17.0082 1908 VgaSave - ok
23:13:17.0113 1908 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
23:13:17.0113 1908 viaide - ok
23:13:17.0144 1908 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
23:13:17.0160 1908 volmgr - ok
23:13:17.0207 1908 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
23:13:17.0207 1908 volmgrx - ok
23:13:17.0238 1908 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
23:13:17.0253 1908 volsnap - ok
23:13:17.0285 1908 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
23:13:17.0285 1908 vsmraid - ok
23:13:17.0316 1908 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
23:13:17.0316 1908 WacomPen - ok
23:13:17.0363 1908 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:17.0363 1908 Wanarp - ok
23:13:17.0363 1908 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
23:13:17.0363 1908 Wanarpv6 - ok
23:13:17.0409 1908 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
23:13:17.0409 1908 Wd - ok
23:13:17.0441 1908 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
23:13:17.0456 1908 Wdf01000 - ok
23:13:17.0550 1908 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
23:13:17.0550 1908 WmiAcpi - ok
23:13:17.0597 1908 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
23:13:17.0597 1908 WpdUsb - ok
23:13:17.0643 1908 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
23:13:17.0643 1908 ws2ifsl - ok
23:13:17.0675 1908 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:13:17.0675 1908 WUDFRd - ok
23:13:17.0706 1908 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:13:17.0768 1908 \Device\Harddisk0\DR0 - ok
23:13:17.0768 1908 Boot (0x1200) (28baecf6bc97844b20ad4be916b018e3) \Device\Harddisk0\DR0\Partition0
23:13:17.0768 1908 \Device\Harddisk0\DR0\Partition0 - ok
23:13:17.0768 1908 ============================================================
23:13:17.0768 1908 Scan finished
23:13:17.0768 1908 ============================================================
23:13:17.0784 1740 Detected object count: 0
23:13:17.0784 1740 Actual detected object count: 0
23:26:42.0447 1780 Deinitialize success

**diver79** · 2012-03-19, 12:58

Hi ASB2012

While I'm thinking of it, if there are no infections,

There may still be an infection, we just haven't found one yet. Likewise, it may have been a coincidence and something else could be causing it.

I have a few questions to ask about the laptop and some more scans to run.

Have you had any other symptoms that suggest an infection (search redirects, pop ups etc)?
How long do you get in normal mode before the laptop powers off?
Can you hear the laptop's fan spin?
If so, does it sound louder than normal?
Does the base of the laptop seem hot?
Do you have a Windows Vista installation DVD?

OTL Scan

Download OTL to your desktop.
Right click on the icon and select Run as Administrator to run it. Make sure all other windows are closed to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.

Under Custom Scans/Fixes copy/paste the contents of the code box below.

Code:

>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

**ASB2012** · 2012-03-19, 16:46

I seem to recall redirects (which I denied) and more popups than usual although I had popups blocked.
Fan doesn't sound any louder and I also use a cooling mat fan.
Doesn't seem hot, no more than since I bought it a few years ago.
Only began having this problem around March 12-13 when icons and shortcuts didn't work, system was slow and would 'hang' on everything, and then started powering off.

I tried several times to run the OTL scan, as instructed.
Each time it would scan for about a minute, but when it got to "Scanning Firefox settings" nothing happened further - it would stop responding as indicated in the "Task Manager" I tried three times. Also tried without "run as administrator." No other programs were open. Tried with and without internet connected.
What to do now?
Thanks!

**diver79** · 2012-03-19, 19:37

Hi ASB2012,

Lets disable Malwarebytes and Kaspersky's self defense mechanism as they may be interfering.
The rkill tool should then terminate any known malicious programs that are blocking OTL.

Disable MBAM Real-Time protection

Right-click on the MBAM icon in the System Tray and uncheck Enable Protection.
When asked, "Are you sure you want to disable the MBAM Protection Module?", click Yes.
Right-click on the MBAM icon again and then uncheck Start with Windows.
Restart your computer for the changes to take effect.

Disable Kaspersky Pure Self Defense

Open Kaspersky Pure.
In the right upper corner click the Settings link
In the left part of the Settings window select the Self-Defense item
Uncheck Enable Self-Defense in the right part of the window.
In the right lower corner click the OK button
Close the main application window.

Download/run Rkill

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

Right click on Rkill and select Run as Administrator to run it.
A command window will open then disappear upon completion, this is normal.
When finished, Notepad will open with a log called, "rkill.log".
Please copy and paste the contents of the rkill.log in your next reply.
The file is automatically saved... located at C:\rkill.log.
Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Now run the OTL scan using the instructions here. Let me know how you get on.

**ASB2012** · 2012-03-19, 19:59

Since I can only run in safe mode, the MBAB and Kaspersky are not running and the icons do not appear in the system tray. When I try to run them from the Start Programs Button, it gives a message that they are not available in safe mode.
So should I uninstall these programs?

**ASB2012** · 2012-03-19, 20:03

Also, the WIndows Installer Service is not available in safe mode either. So even if I wanted to uninstall or modify Kaspersky Pure, IDK how I would be able to do that.

Thread: TrojanC-05 Continual Crash Poweroff

Thread Tools

Display

TrojanC-05 Continual Crash Poweroff

Thank You and I'm working on your suggestions.

ASW and tdss files

OTL Scan Hangs

MBAB and KIS

Cannot uninstall in safe mode either

Posting Permissions