PDA

View Full Version : Trojan Help needed



Debbie7075
2012-02-01, 05:08
My computer keeps telling me I have a trojan and it apparently can't be removed from just my antiviurs or Spybot. I need help, please! Here is the DDS Log requested. When I ran Spybot, I can't get it to remove the problem it found. It just tells me there was an error. Here is the information from Spybot. I have also just disabled TeaTimer on Spybot. Thank you in advance for any help. :thanks:


Smitfraud-C.generic: [SBI $5926A588] Executable (File, nothing done)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 20:14:45


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---




Thank you in advance for any help.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Debbie Williamson at 21:08:08 on 2012-01-31
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.2134 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\AOL\1316449412\ee\aolsoftware.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Debbie Williamson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AOL\1316449412\ee\aolupdates.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\DllHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\Debbie Williamson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1316449412\ee\AOLSoftware.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
TCP: Interfaces\{11E5944F-01D3-42E8-AF85-8719414D1253} : DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
TCP: Interfaces\{11E5944F-01D3-42E8-AF85-8719414D1253}\24F6F6B63747F62756 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1316449412\ee\AOLSoftware.exe
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 94.63.147.14 www.google.com
Hosts: 94.63.147.15 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-9-14 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-9-14 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-14 2656280]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2011-12-25 263504]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C60x64.sys --> C:\windows\system32\DRIVERS\L1C60x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-9-14 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-19 1153368]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;C:\windows\system32\DRIVERS\btfilter.sys --> C:\windows\system32\DRIVERS\btfilter.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-1-23 246784]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\windows\system32\DRIVERS\rcblan.sys --> C:\windows\system32\DRIVERS\rcblan.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-29 08:18:28 20480 ----a-w- C:\windows\svchost.exe
2012-01-26 00:00:24 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\149F.tmp
2012-01-25 21:34:50 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-01-23 18:34:56 83 ----a-w- C:\windows\SysWow64\gpupdate.bin
2012-01-23 17:28:52 -------- d-----w- C:\Users\Debbie Williamson\AppData\Local\iBackuper
2012-01-23 17:28:40 246784 ----a-w- C:\windows\SysWow64\GSService.exe
2012-01-23 17:28:39 -------- d-----w- C:\Program Files (x86)\iBackuper
2012-01-20 18:27:13 -------- d-----w- C:\Program Files\iTunes
2012-01-20 18:27:13 -------- d-----w- C:\Program Files\iPod
2012-01-20 18:27:13 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-12 20:52:20 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-01-11 02:50:11 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-01-11 02:50:11 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-01-11 02:50:11 1572864 ----a-w- C:\windows\System32\quartz.dll
2012-01-11 02:50:11 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2012-01-11 02:50:01 1731920 ----a-w- C:\windows\System32\ntdll.dll
2012-01-11 02:50:01 1292080 ----a-w- C:\windows\SysWow64\ntdll.dll
2012-01-11 02:49:59 77312 ----a-w- C:\windows\System32\packager.dll
2012-01-11 02:49:59 67072 ----a-w- C:\windows\SysWow64\packager.dll
.
==================== Find3M ====================
.
2012-01-19 05:54:12 1872 ----a-w- C:\windows\System32\ASOROSet.bin
2012-01-01 21:50:41 58696 ----a-w- C:\windows\SysWow64\AOLParconLink.exe
2011-12-14 20:51:17 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-12-14 20:51:16 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-11-21 20:44:30 2793472 ----a-w- C:\windows\System32\drivers\athrx.sys
2011-11-18 03:41:09 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2011-11-05 05:32:50 2048 ----a-w- C:\windows\System32\tzres.dll
2011-11-05 04:26:03 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 21:10:07.37 ===============

diver79
2012-02-02, 21:54
Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems. I am currently in training at the Malware University. All of my instructions need to be checked and approved by a teacher, which may lead to a slight delay.

Before we start please note the following important guidelines.

The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Because of this, I advise you to backup any personal files and folders before you start.

How to backup your data - Vista/Win7 (http://www.vista4beginners.com/How-to-backup-your-data)

Looking into your logs now. Will post instructions soon...

diver79.

Debbie7075
2012-02-03, 00:18
Thank you, Diver79. I have read the "Before you Post" article. I have downloaded ERUNT and have backed up using that. I forgot to mention that in my first post. Do I need to do another backup on a disc? I have already backed up any personal files, such as pic and personal documents, onto a separate hard drive.

I appreciate you taking the time to help.

diver79
2012-02-03, 15:35
Hi Debbie7075,

Having the erunt and personal file backups should suffice for now.
Also, is this computer used to connect to a business or educational network?


aswMBR Scan
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Right click aswMBR.exe and select " Run as administrator " to run it.
Click the Scan button.
After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.


TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select Run as Administrator to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT


Online Antivirus file scan
Upload file(s) to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)

Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:

C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Post the results in your next response.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.
A result from either one of the above scanners would be sufficient.


For your next reply

Business use answer
aswMBR log
TdssKiller log
Online file scan result.

Debbie7075
2012-02-03, 20:17
No, this is my personal laptop, and I only use it at home. No business or educational network.

Here is the aswMBR.txt log.


aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-03 12:37:24
-----------------------------
12:37:24.788 OS Version: Windows x64 6.1.7601 Service Pack 1
12:37:24.788 Number of processors: 4 586 0x2A07
12:37:24.788 ComputerName: DEBBIEWILLIAMSO UserName:
12:37:29.172 Initialize success
12:47:58.963 AVAST engine defs: 12020300
12:49:00.073 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:49:00.073 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
12:49:00.073 Device \Driver\iaStor -> MajorFunction fffffa800973a5c4
12:49:00.083 Disk 0 MBR read successfully
12:49:00.083 Disk 0 MBR scan
12:49:00.083 Disk 0 Windows VISTA default MBR code
12:49:00.133 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:49:00.153 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 699845 MB offset 3074048
12:49:00.183 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1436356608
12:49:00.193 Service scanning
12:49:01.573 Modules scanning
12:49:01.573 Disk 0 trace - called modules:
12:49:01.583 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800973a5c4]<<
12:49:01.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b52060]
12:49:01.913 3 CLASSPNP.SYS[fffff8800188c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062a6050]
12:49:01.923 \Driver\iaStor[0xfffffa80057a4e70] -> IRP_MJ_CREATE -> 0xfffffa800973a5c4
12:49:04.314 AVAST engine scan C:\windows
12:49:06.741 AVAST engine scan C:\windows\system32
12:52:40.375 AVAST engine scan C:\windows\system32\drivers
12:52:52.730 AVAST engine scan C:\Users\Debbie Williamson
13:03:03.955 Disk 0 MBR has been saved successfully to "C:\Users\Debbie Williamson\Desktop\MBR.dat"
13:03:03.967 The log file has been saved successfully to "C:\Users\Debbie Williamson\Desktop\aswMBR.txt"



Here is the TDSSKiller log.


13:06:33.0532 6592 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
13:06:33.0956 6592 ============================================================
13:06:33.0956 6592 Current date / time: 2012/02/03 13:06:33.0956
13:06:33.0956 6592 SystemInfo:
13:06:33.0956 6592
13:06:33.0956 6592 OS Version: 6.1.7601 ServicePack: 1.0
13:06:33.0956 6592 Product type: Workstation
13:06:33.0956 6592 ComputerName: DEBBIEWILLIAMSO
13:06:33.0957 6592 UserName: Debbie Williamson
13:06:33.0957 6592 Windows directory: C:\windows
13:06:33.0957 6592 System windows directory: C:\windows
13:06:33.0957 6592 Running under WOW64
13:06:33.0957 6592 Processor architecture: Intel x64
13:06:33.0957 6592 Number of processors: 4
13:06:33.0957 6592 Page size: 0x1000
13:06:33.0957 6592 Boot type: Normal boot
13:06:33.0957 6592 ============================================================
13:06:34.0444 6592 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:06:34.0448 6592 \Device\Harddisk0\DR0:
13:06:34.0448 6592 MBR used
13:06:34.0448 6592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x556E2800
13:06:34.0482 6592 Initialize success
13:06:34.0482 6592 ============================================================
13:06:49.0073 3248 ============================================================
13:06:49.0073 3248 Scan started
13:06:49.0073 3248 Mode: Manual;
13:06:49.0073 3248 ============================================================
13:06:51.0092 3248 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:06:51.0095 3248 1394ohci - ok
13:06:51.0199 3248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:06:51.0202 3248 ACPI - ok
13:06:51.0299 3248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:06:51.0301 3248 AcpiPmi - ok
13:06:51.0429 3248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
13:06:51.0436 3248 adp94xx - ok
13:06:51.0565 3248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
13:06:51.0570 3248 adpahci - ok
13:06:51.0689 3248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
13:06:51.0692 3248 adpu320 - ok
13:06:52.0119 3248 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
13:06:52.0161 3248 AFD - ok
13:06:52.0286 3248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:06:52.0288 3248 agp440 - ok
13:06:52.0399 3248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:06:52.0400 3248 aliide - ok
13:06:52.0499 3248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:06:52.0500 3248 amdide - ok
13:06:52.0592 3248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
13:06:52.0594 3248 AmdK8 - ok
13:06:52.0696 3248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
13:06:52.0698 3248 AmdPPM - ok
13:06:52.0804 3248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:06:52.0807 3248 amdsata - ok
13:06:52.0916 3248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
13:06:52.0919 3248 amdsbs - ok
13:06:53.0026 3248 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:06:53.0027 3248 amdxata - ok
13:06:53.0129 3248 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:06:53.0131 3248 AppID - ok
13:06:53.0241 3248 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
13:06:53.0244 3248 arc - ok
13:06:53.0338 3248 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
13:06:53.0341 3248 arcsas - ok
13:06:53.0453 3248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:06:53.0455 3248 AsyncMac - ok
13:06:53.0551 3248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:06:53.0552 3248 atapi - ok
13:06:53.0727 3248 athr (78117aea65177490c87bbd9518a7cca4) C:\windows\system32\DRIVERS\athrx.sys
13:06:53.0756 3248 athr - ok
13:06:53.0887 3248 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
13:06:53.0889 3248 AVGIDSDriver - ok
13:06:53.0984 3248 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
13:06:53.0985 3248 AVGIDSEH - ok
13:06:54.0078 3248 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
13:06:54.0079 3248 AVGIDSFilter - ok
13:06:54.0194 3248 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
13:06:54.0197 3248 Avgldx64 - ok
13:06:54.0326 3248 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
13:06:54.0327 3248 Avgmfx64 - ok
13:06:54.0443 3248 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
13:06:54.0444 3248 Avgrkx64 - ok
13:06:54.0475 3248 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
13:06:54.0480 3248 Avgtdia - ok
13:06:54.0620 3248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
13:06:54.0627 3248 b06bdrv - ok
13:06:54.0738 3248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:06:54.0742 3248 b57nd60a - ok
13:06:54.0851 3248 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:06:54.0852 3248 Beep - ok
13:06:54.0965 3248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:06:54.0967 3248 blbdrive - ok
13:06:55.0091 3248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:06:55.0092 3248 bowser - ok
13:06:55.0215 3248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
13:06:55.0217 3248 BrFiltLo - ok
13:06:55.0325 3248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
13:06:55.0326 3248 BrFiltUp - ok
13:06:55.0435 3248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:06:55.0440 3248 Brserid - ok
13:06:55.0551 3248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:06:55.0553 3248 BrSerWdm - ok
13:06:55.0651 3248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:06:55.0652 3248 BrUsbMdm - ok
13:06:55.0866 3248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:06:55.0868 3248 BrUsbSer - ok
13:06:55.0910 3248 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
13:06:55.0912 3248 BtFilter - ok
13:06:56.0011 3248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
13:06:56.0013 3248 BTHMODEM - ok
13:06:56.0131 3248 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:06:56.0133 3248 cdfs - ok
13:06:56.0231 3248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
13:06:56.0233 3248 cdrom - ok
13:06:56.0341 3248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
13:06:56.0343 3248 circlass - ok
13:06:56.0438 3248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:06:56.0443 3248 CLFS - ok
13:06:56.0515 3248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:06:56.0516 3248 CmBatt - ok
13:06:56.0610 3248 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:06:56.0612 3248 cmdide - ok
13:06:56.0740 3248 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:06:56.0745 3248 CNG - ok
13:06:56.0886 3248 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
13:06:56.0905 3248 CnxtHdAudService - ok
13:06:57.0010 3248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
13:06:57.0012 3248 Compbatt - ok
13:06:57.0114 3248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
13:06:57.0115 3248 CompositeBus - ok
13:06:57.0553 3248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
13:06:57.0555 3248 crcdisk - ok
13:06:57.0692 3248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:06:57.0693 3248 DfsC - ok
13:06:57.0830 3248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:06:57.0831 3248 discache - ok
13:06:57.0927 3248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
13:06:57.0928 3248 Disk - ok
13:06:58.0038 3248 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
13:06:58.0041 3248 Dot4 - ok
13:06:58.0172 3248 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\windows\system32\DRIVERS\Dot4Prt.sys
13:06:58.0173 3248 Dot4Print - ok
13:06:58.0286 3248 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
13:06:58.0288 3248 dot4usb - ok
13:06:58.0461 3248 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:06:58.0462 3248 drmkaud - ok
13:06:58.0576 3248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:06:58.0588 3248 DXGKrnl - ok
13:06:58.0846 3248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
13:06:58.0894 3248 ebdrv - ok
13:06:59.0014 3248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
13:06:59.0021 3248 elxstor - ok
13:06:59.0129 3248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:06:59.0130 3248 ErrDev - ok
13:06:59.0260 3248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:06:59.0263 3248 exfat - ok
13:06:59.0405 3248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:06:59.0408 3248 fastfat - ok
13:06:59.0521 3248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
13:06:59.0522 3248 fdc - ok
13:06:59.0641 3248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:06:59.0643 3248 FileInfo - ok
13:06:59.0818 3248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:06:59.0819 3248 Filetrace - ok
13:06:59.0923 3248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
13:06:59.0925 3248 flpydisk - ok
13:07:00.0032 3248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:07:00.0035 3248 FltMgr - ok
13:07:00.0229 3248 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:07:00.0231 3248 FsDepends - ok
13:07:00.0355 3248 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
13:07:00.0356 3248 Fs_Rec - ok
13:07:00.0551 3248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:07:00.0553 3248 fvevol - ok
13:07:01.0007 3248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
13:07:01.0009 3248 gagp30kx - ok
13:07:01.0165 3248 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:07:01.0166 3248 GEARAspiWDM - ok
13:07:01.0362 3248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:07:01.0363 3248 hcw85cir - ok
13:07:01.0581 3248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:07:01.0586 3248 HdAudAddService - ok
13:07:01.0790 3248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
13:07:01.0792 3248 HDAudBus - ok
13:07:02.0018 3248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
13:07:02.0019 3248 HidBatt - ok
13:07:02.0166 3248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
13:07:02.0168 3248 HidBth - ok
13:07:02.0275 3248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
13:07:02.0283 3248 HidIr - ok
13:07:02.0325 3248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:07:02.0327 3248 HidUsb - ok
13:07:02.0445 3248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:07:02.0447 3248 HpSAMD - ok
13:07:02.0553 3248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:07:02.0561 3248 HTTP - ok
13:07:02.0606 3248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:07:02.0607 3248 hwpolicy - ok
13:07:02.0709 3248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
13:07:02.0711 3248 i8042prt - ok
13:07:02.0831 3248 iaStor (8180a2392e732e8871589b54fab6991f) C:\windows\system32\DRIVERS\iaStor.sys
13:07:02.0835 3248 iaStor - ok
13:07:02.0958 3248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:07:02.0964 3248 iaStorV - ok
13:07:03.0330 3248 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\windows\system32\DRIVERS\igdkmd64.sys
13:07:03.0593 3248 igfx - ok
13:07:03.0715 3248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
13:07:03.0734 3248 iirsp - ok
13:07:04.0301 3248 IntcDAud (ae594cc17c33ac146739494615e14851) C:\windows\system32\DRIVERS\IntcDAud.sys
13:07:04.0301 3248 IntcDAud - ok
13:07:04.0421 3248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:07:04.0421 3248 intelide - ok
13:07:04.0451 3248 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:07:04.0461 3248 intelppm - ok
13:07:04.0561 3248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:07:04.0571 3248 IpFilterDriver - ok
13:07:04.0711 3248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:07:04.0731 3248 IPMIDRV - ok
13:07:04.0841 3248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:07:04.0841 3248 IPNAT - ok
13:07:05.0001 3248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:07:05.0001 3248 IRENUM - ok
13:07:05.0101 3248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:07:05.0101 3248 isapnp - ok
13:07:05.0211 3248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:07:05.0221 3248 iScsiPrt - ok
13:07:05.0331 3248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
13:07:05.0331 3248 kbdclass - ok
13:07:05.0421 3248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:07:05.0431 3248 kbdhid - ok
13:07:05.0571 3248 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:07:05.0581 3248 KSecDD - ok
13:07:05.0691 3248 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:07:05.0701 3248 KSecPkg - ok
13:07:06.0311 3248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:07:06.0311 3248 ksthunk - ok
13:07:06.0421 3248 L1C (1ceb4ab3df1acbe5f0bc93fea577e0f8) C:\windows\system32\DRIVERS\L1C60x64.sys
13:07:06.0421 3248 L1C - ok
13:07:06.0521 3248 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:07:06.0521 3248 lltdio - ok
13:07:06.0631 3248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
13:07:06.0631 3248 LSI_FC - ok
13:07:06.0741 3248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
13:07:06.0741 3248 LSI_SAS - ok
13:07:06.0851 3248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
13:07:06.0861 3248 LSI_SAS2 - ok
13:07:06.0981 3248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
13:07:06.0981 3248 LSI_SCSI - ok
13:07:07.0081 3248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:07:07.0081 3248 luafv - ok
13:07:07.0181 3248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
13:07:07.0181 3248 megasas - ok
13:07:07.0361 3248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
13:07:07.0371 3248 MegaSR - ok
13:07:07.0461 3248 MEIx64 (86614752d2fae34ccd9e7b2aaba5fbec) C:\windows\system32\DRIVERS\HECIx64.sys
13:07:07.0461 3248 MEIx64 - ok
13:07:07.0591 3248 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:07:07.0591 3248 Modem - ok
13:07:07.0721 3248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:07:07.0721 3248 monitor - ok
13:07:08.0942 3248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
13:07:08.0942 3248 mouclass - ok
13:07:09.0062 3248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
13:07:09.0062 3248 mouhid - ok
13:07:09.0162 3248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:07:09.0162 3248 mountmgr - ok
13:07:09.0262 3248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:07:09.0262 3248 mpio - ok
13:07:09.0372 3248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:07:09.0372 3248 mpsdrv - ok
13:07:09.0482 3248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:07:09.0482 3248 MRxDAV - ok
13:07:09.0522 3248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:07:09.0532 3248 mrxsmb - ok
13:07:09.0642 3248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:07:09.0642 3248 mrxsmb10 - ok
13:07:09.0762 3248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:07:09.0762 3248 mrxsmb20 - ok
13:07:09.0902 3248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
13:07:09.0902 3248 msahci - ok
13:07:10.0012 3248 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:07:10.0012 3248 msdsm - ok
13:07:10.0122 3248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:07:10.0122 3248 Msfs - ok
13:07:10.0212 3248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:07:10.0212 3248 mshidkmdf - ok
13:07:10.0252 3248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:07:10.0252 3248 msisadrv - ok
13:07:10.0372 3248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:07:10.0372 3248 MSKSSRV - ok
13:07:10.0502 3248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:07:10.0502 3248 MSPCLOCK - ok
13:07:10.0592 3248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:07:10.0592 3248 MSPQM - ok
13:07:10.0732 3248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:07:10.0732 3248 MsRPC - ok
13:07:10.0862 3248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
13:07:10.0862 3248 mssmbios - ok
13:07:10.0972 3248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:07:10.0972 3248 MSTEE - ok
13:07:11.0072 3248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
13:07:11.0072 3248 MTConfig - ok
13:07:11.0173 3248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:07:11.0173 3248 Mup - ok
13:07:11.0303 3248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:07:11.0303 3248 NativeWifiP - ok
13:07:11.0473 3248 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:07:11.0483 3248 NDIS - ok
13:07:11.0583 3248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:07:11.0583 3248 NdisCap - ok
13:07:11.0753 3248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:07:11.0753 3248 NdisTapi - ok
13:07:11.0903 3248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:07:11.0903 3248 Ndisuio - ok
13:07:11.0993 3248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:07:11.0993 3248 NdisWan - ok
13:07:12.0123 3248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:07:12.0123 3248 NDProxy - ok
13:07:12.0233 3248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:07:12.0233 3248 NetBIOS - ok
13:07:12.0353 3248 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:07:12.0363 3248 NetBT - ok
13:07:12.0483 3248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
13:07:12.0483 3248 nfrd960 - ok
13:07:12.0593 3248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:07:12.0593 3248 Npfs - ok
13:07:12.0703 3248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:07:12.0703 3248 nsiproxy - ok
13:07:12.0883 3248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:07:12.0903 3248 Ntfs - ok
13:07:13.0023 3248 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:07:13.0023 3248 Null - ok
13:07:13.0134 3248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:07:13.0134 3248 nvraid - ok
13:07:13.0264 3248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:07:13.0264 3248 nvstor - ok
13:07:13.0414 3248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:07:13.0414 3248 nv_agp - ok
13:07:13.0554 3248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:07:13.0554 3248 ohci1394 - ok
13:07:13.0684 3248 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
13:07:13.0684 3248 Parport - ok
13:07:14.0694 3248 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:07:14.0694 3248 partmgr - ok
13:07:14.0774 3248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:07:14.0784 3248 pci - ok
13:07:14.0824 3248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
13:07:14.0824 3248 pciide - ok
13:07:14.0914 3248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
13:07:14.0914 3248 pcmcia - ok
13:07:14.0944 3248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:07:14.0944 3248 pcw - ok
13:07:15.0014 3248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:07:15.0024 3248 PEAUTH - ok
13:07:15.0074 3248 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
13:07:15.0084 3248 PGEffect - ok
13:07:15.0184 3248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:07:15.0194 3248 PptpMiniport - ok
13:07:15.0264 3248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
13:07:15.0274 3248 Processor - ok
13:07:15.0354 3248 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:07:15.0354 3248 Psched - ok
13:07:15.0444 3248 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
13:07:15.0444 3248 QIOMem - ok
13:07:15.0544 3248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
13:07:15.0564 3248 ql2300 - ok
13:07:15.0644 3248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
13:07:15.0644 3248 ql40xx - ok
13:07:15.0754 3248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:07:15.0754 3248 QWAVEdrv - ok
13:07:15.0864 3248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:07:15.0864 3248 RasAcd - ok
13:07:15.0904 3248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:07:15.0904 3248 RasAgileVpn - ok
13:07:16.0014 3248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:07:16.0014 3248 Rasl2tp - ok
13:07:16.0044 3248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:07:16.0044 3248 RasPppoe - ok
13:07:16.0084 3248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:07:16.0084 3248 RasSstp - ok
13:07:16.0175 3248 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:07:16.0175 3248 rdbss - ok
13:07:16.0215 3248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
13:07:16.0215 3248 rdpbus - ok
13:07:16.0315 3248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:07:16.0315 3248 RDPCDD - ok
13:07:16.0335 3248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:07:16.0335 3248 RDPENCDD - ok
13:07:16.0415 3248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:07:16.0415 3248 RDPREFMP - ok
13:07:16.0445 3248 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
13:07:16.0455 3248 RDPWD - ok
13:07:16.0525 3248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:07:16.0525 3248 rdyboost - ok
13:07:16.0625 3248 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\windows\system32\DRIVERS\rcblan.sys
13:07:16.0625 3248 RemoteControl-USBLAN - ok
13:07:16.0745 3248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:07:16.0745 3248 rspndr - ok
13:07:16.0839 3248 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
13:07:16.0842 3248 RSUSBSTOR - ok
13:07:16.0877 3248 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
13:07:16.0882 3248 RSUSBVSTOR - ok
13:07:16.0967 3248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:07:16.0969 3248 sbp2port - ok
13:07:16.0989 3248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:07:16.0990 3248 scfilter - ok
13:07:17.0089 3248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:07:17.0090 3248 secdrv - ok
13:07:17.0118 3248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
13:07:17.0120 3248 Serenum - ok
13:07:17.0229 3248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
13:07:17.0231 3248 Serial - ok
13:07:17.0300 3248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
13:07:17.0301 3248 sermouse - ok
13:07:17.0387 3248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:07:17.0389 3248 sffdisk - ok
13:07:17.0457 3248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:07:17.0458 3248 sffp_mmc - ok
13:07:17.0512 3248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:07:17.0514 3248 sffp_sd - ok
13:07:17.0635 3248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
13:07:17.0636 3248 sfloppy - ok
13:07:17.0888 3248 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
13:07:17.0897 3248 Sftfs - ok
13:07:18.0021 3248 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
13:07:18.0024 3248 Sftplay - ok
13:07:18.0154 3248 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
13:07:18.0155 3248 Sftredir - ok
13:07:18.0273 3248 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
13:07:18.0274 3248 Sftvol - ok
13:07:18.0374 3248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
13:07:18.0376 3248 SiSRaid2 - ok
13:07:18.0403 3248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
13:07:18.0405 3248 SiSRaid4 - ok
13:07:18.0512 3248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:07:18.0515 3248 Smb - ok
13:07:18.0556 3248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:07:18.0557 3248 spldr - ok
13:07:18.0614 3248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:07:18.0621 3248 srv - ok
13:07:18.0742 3248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:07:18.0747 3248 srv2 - ok
13:07:18.0876 3248 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
13:07:18.0880 3248 SrvHsfHDA - ok
13:07:19.0015 3248 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
13:07:19.0031 3248 SrvHsfV92 - ok
13:07:19.0143 3248 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
13:07:19.0151 3248 SrvHsfWinac - ok
13:07:19.0242 3248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:07:19.0242 3248 srvnet - ok
13:07:19.0272 3248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
13:07:19.0272 3248 stexstor - ok
13:07:19.0342 3248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
13:07:19.0342 3248 swenum - ok
13:07:19.0402 3248 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
13:07:19.0412 3248 SynTP - ok
13:07:19.0562 3248 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
13:07:19.0572 3248 Tcpip - ok
13:07:19.0712 3248 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
13:07:19.0742 3248 TCPIP6 - ok
13:07:19.0872 3248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:07:19.0872 3248 tcpipreg - ok
13:07:19.0962 3248 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:07:19.0972 3248 tdcmdpst - ok
13:07:20.0032 3248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:07:20.0042 3248 TDPIPE - ok
13:07:20.0152 3248 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
13:07:20.0152 3248 TDTCP - ok
13:07:20.0202 3248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:07:20.0202 3248 tdx - ok
13:07:20.0292 3248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
13:07:20.0292 3248 TermDD - ok
13:07:20.0402 3248 Tosrfcom - ok
13:07:20.0432 3248 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
13:07:20.0432 3248 tosrfec - ok
13:07:20.0522 3248 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
13:07:20.0522 3248 Tosrfusb - ok
13:07:20.0612 3248 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:07:20.0612 3248 tos_sps64 - ok
13:07:20.0712 3248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:07:20.0722 3248 tssecsrv - ok
13:07:20.0742 3248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:07:20.0742 3248 TsUsbFlt - ok
13:07:20.0812 3248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
13:07:20.0822 3248 TsUsbGD - ok
13:07:20.0912 3248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:07:20.0912 3248 tunnel - ok
13:07:21.0002 3248 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:07:21.0002 3248 TVALZ - ok
13:07:21.0032 3248 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:07:21.0032 3248 TVALZFL - ok
13:07:21.0112 3248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
13:07:21.0112 3248 uagp35 - ok
13:07:21.0142 3248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:07:21.0142 3248 udfs - ok
13:07:21.0222 3248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:07:21.0232 3248 uliagpkx - ok
13:07:21.0252 3248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
13:07:21.0252 3248 umbus - ok
13:07:21.0322 3248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
13:07:21.0332 3248 UmPass - ok
13:07:21.0402 3248 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
13:07:21.0402 3248 USBAAPL64 - ok
13:07:21.0462 3248 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:07:21.0472 3248 usbccgp - ok
13:07:21.0542 3248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:07:21.0542 3248 usbcir - ok
13:07:21.0582 3248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
13:07:21.0592 3248 usbehci - ok
13:07:21.0692 3248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:07:21.0692 3248 usbhub - ok
13:07:21.0812 3248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:07:21.0812 3248 usbohci - ok
13:07:21.0922 3248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:07:21.0942 3248 usbprint - ok
13:07:22.0002 3248 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
13:07:22.0002 3248 usbscan - ok
13:07:22.0152 3248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:07:22.0152 3248 USBSTOR - ok
13:07:22.0302 3248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:07:22.0302 3248 usbuhci - ok
13:07:22.0432 3248 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
13:07:22.0442 3248 usbvideo - ok
13:07:22.0562 3248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:07:22.0562 3248 vdrvroot - ok
13:07:22.0672 3248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:07:22.0672 3248 vga - ok
13:07:22.0722 3248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:07:22.0722 3248 VgaSave - ok
13:07:22.0832 3248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:07:22.0842 3248 vhdmp - ok
13:07:22.0952 3248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:07:22.0962 3248 viaide - ok
13:07:22.0992 3248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:07:22.0992 3248 volmgr - ok
13:07:23.0092 3248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:07:23.0102 3248 volmgrx - ok
13:07:23.0142 3248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:07:23.0142 3248 volsnap - ok
13:07:23.0262 3248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
13:07:23.0272 3248 vsmraid - ok
13:07:23.0312 3248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:07:23.0312 3248 vwifibus - ok
13:07:23.0422 3248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:07:23.0422 3248 vwififlt - ok
13:07:23.0552 3248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
13:07:23.0552 3248 WacomPen - ok
13:07:23.0572 3248 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:07:23.0572 3248 WANARP - ok
13:07:23.0582 3248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:07:23.0582 3248 Wanarpv6 - ok
13:07:23.0662 3248 wanatw (eceb715bece47e101ddec06b11126066) C:\windows\system32\DRIVERS\wanatw64.sys
13:07:23.0662 3248 wanatw - ok
13:07:23.0762 3248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
13:07:23.0762 3248 Wd - ok
13:07:23.0872 3248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:07:23.0882 3248 Wdf01000 - ok
13:07:23.0992 3248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:07:23.0992 3248 WfpLwf - ok
13:07:24.0012 3248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:07:24.0012 3248 WIMMount - ok
13:07:24.0132 3248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
13:07:24.0132 3248 WinUsb - ok
13:07:24.0252 3248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
13:07:24.0252 3248 WmiAcpi - ok
13:07:24.0292 3248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:07:24.0302 3248 ws2ifsl - ok
13:07:24.0442 3248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:07:24.0452 3248 WudfPf - ok
13:07:24.0482 3248 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:07:24.0482 3248 WUDFRd - ok
13:07:24.0532 3248 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
13:07:24.0582 3248 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:07:24.0582 3248 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:07:24.0622 3248 Boot (0x1200) (70c1068b4c81bfae790d6e8bc6846155) \Device\Harddisk0\DR0\Partition0
13:07:24.0622 3248 \Device\Harddisk0\DR0\Partition0 - ok
13:07:24.0622 3248 ============================================================
13:07:24.0622 3248 Scan finished
13:07:24.0622 3248 ============================================================
13:07:24.0632 6088 Detected object count: 1
13:07:24.0632 6088 Actual detected object count: 1
13:08:05.0640 6088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
13:08:05.0640 6088 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

Debbie7075
2012-02-03, 20:20
I tried to do the Online Antivirus file scan, in all three links you provided. Each time I put in that file, it told me I didn't have permission to open this file. It said to contact the file owner or the administrator. Not sure what to do to complete this step.

diver79
2012-02-04, 02:56
Hi Debbie7075,

I'm afraid I have some bad news. TDSSKiller shows the presence of the rootkit pihar.b. This rootkit is particularly difficult to remove as it embeds itself outside of the Windows operating system. Removing it incorrectly can cause your computer to become unbootable, and you may lose your data. See my rootkit warning below for further information.

Rootkit

Your computer has a dangerous Rootkit infection. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

Disconnect the computer from the Internet and from any networked computers until it is cleaned.
Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).

DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so once you understand the risks involved.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia (http://en.wikipedia.org/wiki/Rootkit)
How do I respond to a possible identity theft and how do I prevent it (http://www.dslreports.com/faq/10451)
When should I do a reformat and reinstallation of my OS (http://www.dslreports.com/faq/10063)

Should you have any questions please feel free to ask.

Please let us know what you have decided to do in your next post.

diver79.

Debbie7075
2012-02-04, 22:04
Wow, this laptop is only 5 months old. I don't have a way to reinstall my OS right now, so I think I'd like to try and fix it. I will contact Toshiba and see if they'll send me a disc to reinstall it, but I'm not sure if they will. I understand the risks, and I'd like to try to clean it. I really don't use any personal information from this computer, thankfully. No bill paying, banking, or anything of the sort. The way I see it, worst case is it crashes and I'll have to reinstall the OS anyway. If you don't mind, I'd like to proceed with trying to clean it. Thanks for your help.

diver79
2012-02-05, 01:42
Hi Debbie,

OK, first thing we need to do is make a backup of your computers Master Boot Record. This is where the infection lies. I will need you to upload it so I can make corrections to it.

You will also need a USB flash drive to run some tools later on.

Create an MBR backup
Download MBRBackup (http://www.misec.net/products/MBRBackup.exe) to your Desktop.

Right-click MBRBackup.exe and select " Run as administrator " to run it.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
It will have a name similar to MBR_2012-XX-XX.bin where the numbers correspond to the date the backup was made.
Exit the program.


Upload the MBR file
Open a browser and go to http://www.sendspace.com
Click on the Browse button
Navigate to your Desktop and locate the MBR_2012-XX-XX.bin file. Select this file and click the Open button.
Now click on the Upload button.
You should now see a message stating the upload was successful.
There should also be a Download Link. Press the Copy Link button and paste this link in your next reply.

Debbie7075
2012-02-05, 04:07
I had told my husband about my laptop and what you had said about it needing to be reformatted. While I was out today, my husband called Toshiba and they told him to go to their website and run a recovery on the system. They told him it would fix the problem so he did it. It wiped all my data off and it looks like it did when I first got it.

I went to google and it wasn't redirecting the searches like it was before. I apologize for not consulting you first, but he did it when I wasn't home. Should I run one of the previous scans to see if the problem is still there? Or should I just continue with your latest instructions? Again, I appreciate your time and your help.

diver79
2012-02-05, 16:27
Hi Debbie,

No need to follow my previous instructions now. A reformat will have gotten rid of the infection and was the best course of action to follow.

This particualr infection takes advantages of known vulnerabilities in out of date software. I would like to get a scan of the machine to make sure you do not have insecure programs installed.

Of utmost importance is updating your anti-virus program and installing all available Microsoft updates. I do not mind waiting if you want to get these done before running the scan.

Follow the instructions below to run Securitycheck and reply back with the log file.


Security Check
Please download Security Check by screen317 from one of the links below:
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Save it to your Desktop.
Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt
Please post the contents of that document.

Debbie7075
2012-02-05, 21:19
Ok, it took me a bit of time to get everything updated that I could find that needed updating. I have a quick question for you. I had been using the free version of AVG for my security program. Is there a better free one? This one has Norton on it, but it's just a 30 day trial. Do you have a better suggestion for a free security program?

Here is the Security Check log.



Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.5
Spybot - Search & Destroy
Java(TM) 6 Update 30
Adobe Flash Player 10.2.152.32 Flash Player out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

diver79
2012-02-06, 10:42
Hi Debbie,


Do you have a better suggestion for a free security program? Here are some programs I would reccomend instead of AVG Free. Install one of these and then uninstall Norton.
avast! 6 Free Anti-Virus (http://www.avast.com/index) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) - Free and provides real-time protection for your home PC.

Remove Out of date Programs
The following programs installed on your PC are out of date and represent a significant risk of re-infection.

Adobe Flash Player 10 Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
Copy and paste the value below, into the open text entry box:
appwiz.cpl
Locate the out of date program(s) above.
Select the program and click on Uninstall to uninstall it.
If you have installed either of the Anti Virus programs listed above then you can also uninstall Norton AntiVirus while you are here.

Note: You can get the latest version of flash player here http://get.adobe.com/flashplayer/


Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check (http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/health-check/) - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.

Debbie7075
2012-02-07, 19:18
I have downloaded Microsoft Security Essentials (and have updated it) and have uninstalled Norton. It ran a scan when it was finished and said it found no problems. I have also uninstalled Adobe Flash Player 10 and installed the latest version. I've also downloaded Secunia Personal Software Inspector and ran it. Also have ran the F-Secure Health Check, and it was good.

Computer is running good now. I really appreciate all your help. Any further instructions?

diver79
2012-02-07, 21:50
Hi Debbie,

You're most welcome.

No further instructions, as your computer is now clean this log will be closed.

diver79