View Full Version : Smitfraud-C.generic
woofs2china
2012-02-22, 17:22
Hello, my name is Jennifer Woof. I have not been able to get rid of Smitfraud-C.generic. We tried a system restore first. Then, I used Spybot S&D, tried it in safe mode, safe mode with networking, and finally safe mode again. Here are the logs requested - First is Spybot then the dds, attach is zipped and attached. Hope that is the information that you are looking for to get started.
Jennifer
Smitfraud-C.generic: [SBI $5926A588] Executable (File, nothing done)
C:\Windows\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 20:14:45
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-02-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-01-16 Includes\Adware.sbi (*)
2012-02-07 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2012-01-31 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2012-01-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2012-01-10 Includes\Malware.sbi (*)
2012-02-14 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-12-27 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-12-13 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-01-17 Includes\Spyware.sbi (*)
2012-01-17 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2012-02-14 Includes\TrojansC-02.sbi (*)
2012-02-13 Includes\TrojansC-03.sbi (*)
2012-02-14 Includes\TrojansC-04.sbi (*)
2012-02-10 Includes\TrojansC-05.sbi (*)
2012-02-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Stephen Woof at 10:09:52 on 2012-02-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1578 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\SysWOW64\authServer.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\windows\system32\lxeccoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
-netsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\conhost.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\CE\CovenantEyes.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CE\CovenantEyesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: CESpy.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B869C2AE-3FE7-42CA-8839-9BA1A3583E28} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{B869C2AE-3FE7-42CA-8839-9BA1A3583E28}\75F6F66677962756C6563737 : DhcpNameServer = 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NMSVC] C:\Program Files (x86)\CE\CovenantEyes.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys [2011-12-14 1156216]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\system32\DRIVERS\ctxusbm.sys --> C:\windows\system32\DRIVERS\ctxusbm.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSviA64.sys [2011-12-16 488568]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Auth Service;Auth Service;C:\Windows\System32\authServer.exe [2011-11-17 2219520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 lxec_device;lxec_device;C:\windows\system32\lxeccoms.exe -service --> C:\windows\system32\lxeccoms.exe -service [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-11-17 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-11-17 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-17 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-11-17 2656280]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 138360]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-15 17152]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-17 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxecserv.exe [2011-11-17 45736]
S3 FlyUsb;FLY Fusion;C:\windows\system32\DRIVERS\FlyUsb.sys --> C:\windows\system32\DRIVERS\FlyUsb.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-17 136176]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-22 02:53:07 20480 ----a-w- C:\windows\svchost.exe
2012-02-22 01:26:05 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAA923DF-3A77-4F0B-91FC-FD51641168A2}\mpengine.dll
2012-02-22 00:31:16 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\FD6.tmp
2012-02-22 00:31:16 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\1006.tmp
2012-02-16 17:41:05 1373760 ----a-w- C:\ProgramData\SPLAC64.tmp
2012-02-16 05:05:40 16432 ----a-w- C:\windows\System32\lsdelete.exe
2012-02-16 04:48:00 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2012-02-16 04:46:25 -------- d-----w- C:\Users\Stephen Woof\AppData\Local\adaware
2012-02-16 04:46:24 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-02-16 04:46:22 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-02-16 04:46:18 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-02-16 04:46:07 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2012-02-16 04:46:01 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-15 20:15:12 1373760 ----a-w- C:\ProgramData\SPL5D4B.tmp
2012-02-15 02:07:20 1373760 ----a-w- C:\ProgramData\SPLE2EE.tmp
2012-02-15 02:01:56 1373760 ----a-w- C:\ProgramData\SPLC8E9.tmp
2012-02-14 22:01:57 1373760 ----a-w- C:\ProgramData\SPLD42F.tmp
2012-02-14 21:09:48 1373760 ----a-w- C:\ProgramData\SPL2316.tmp
2012-02-10 21:17:33 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-02-10 21:17:19 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-02-10 21:17:18 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-02-09 14:31:12 -------- d-----w- C:\ProgramData\Lexmark Pro800-Pro900 Series
2012-02-08 21:00:57 -------- d-----w- C:\Users\Stephen Woof\AppData\Local\Microsoft Games
2012-02-04 22:45:53 -------- d-----w- C:\Users\Stephen Woof\AppData\Local\{988DE82F-8C64-4EE8-AD01-AC7920DF64E1}
2012-02-04 22:44:05 -------- d-----w- C:\Users\Stephen Woof\AppData\Local\{BEAE496F-294D-454D-BF7B-3C3AEA96C7B4}
2012-01-31 16:52:13 -------- d-----w- C:\Users\Stephen Woof\AppData\Local\Tific
2012-01-31 16:50:45 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symefa64.sys
2012-01-31 16:50:45 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\srtsp64.sys
2012-01-31 16:50:45 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symds64.sys
2012-01-31 16:50:45 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\srtspx64.sys
2012-01-31 16:50:45 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\symnets.sys
2012-01-31 16:50:45 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207000.00D\ironx64.sys
2012-01-31 16:50:36 -------- d-----w- C:\windows\System32\drivers\NISx64\1207000.00D
.
==================== Find3M ====================
.
2012-01-29 10:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe
2011-12-16 08:47:38 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-12-09 06:43:12 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 10:11:02.01 ===============
Hi and welcome to Safer-Networking, sorry for any delay in answering your request for help, the forum is really busy.
My name is Diver79, and I will be helping you with your malware problems.
Before we start please note the following important guidelines.
The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
Please DO NOT run any other software or scans whilst I am helping you.
Note: If you haven't done so already, please ensure you have read the following article. "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7 (http://www.vista4beginners.com/How-to-backup-your-data)
Looking into your logs now. Will post instructions soon...
diver79.
Hi woofs2china,
Are you also noticing web search redirections?
Remove P2P Programs
I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent
Please read File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
Copy and paste the value below, into the open text entry box:
appwiz.cpl
Locate the program(s) highlighted in red above.
Select the program and click on Uninstall to uninstall it.
While you are there please also uninstall the below programs.
Java(TM) 6 Update 20
Swag Bucks Toolbar
Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Right click on TDSSKiller.exe and select Run as Administrator to launch it.
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller in your root directory C:\
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
DO NOT TRY TO FIX ANYTHING AT THIS POINT
woofs2china
2012-02-23, 01:17
Yes, I have read the instructions before posting. My husband used to use Utorrent. He no longer uses it. Hasn't used it since September/October. We didn't start noticing problems with IE until about 10 days ago. I can't say they are search re-directions though.
IE was flickering in and out. Running slow and minimizing/maximizing windows on it's own. Yesterday, my husband clicked on a link about women's curling on the TSN website and got "blue-screened". That is when I re-ran spybot and adaware and found the Smitfraud.
I will run the scans and such when I get my children in bed (about 2 hrs). No problem with the delay. I understand that you are busy. Thanks for your help.
Jennifer
woofs2china
2012-02-23, 04:52
Uninstalled UTorrent, Java Update 20 and swagbucks toolbar. Here is the tdss scan log. At some point this evening, the computer (windows) automatically updated and the subsequently restarted before I ran the tdss scan.
Jennifer
21:45:30.0155 1072 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
21:45:30.0529 1072 ============================================================
21:45:30.0529 1072 Current date / time: 2012/02/22 21:45:30.0529
21:45:30.0529 1072 SystemInfo:
21:45:30.0529 1072
21:45:30.0529 1072 OS Version: 6.1.7601 ServicePack: 1.0
21:45:30.0529 1072 Product type: Workstation
21:45:30.0529 1072 ComputerName: STEPHENWOOF-PC
21:45:30.0529 1072 UserName: Stephen Woof
21:45:30.0529 1072 Windows directory: C:\windows
21:45:30.0529 1072 System windows directory: C:\windows
21:45:30.0529 1072 Running under WOW64
21:45:30.0529 1072 Processor architecture: Intel x64
21:45:30.0529 1072 Number of processors: 2
21:45:30.0529 1072 Page size: 0x1000
21:45:30.0529 1072 Boot type: Normal boot
21:45:30.0529 1072 ============================================================
21:45:31.0699 1072 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:31.0715 1072 Drive \Device\Harddisk1\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:45:31.0715 1072 \Device\Harddisk0\DR0:
21:45:31.0715 1072 MBR used
21:45:31.0715 1072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
21:45:31.0715 1072 \Device\Harddisk1\DR2:
21:45:31.0715 1072 MBR used
21:45:31.0715 1072 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1D1C4542
21:45:31.0746 1072 Initialize success
21:45:31.0746 1072 ============================================================
21:45:41.0044 5680 ============================================================
21:45:41.0044 5680 Scan started
21:45:41.0044 5680 Mode: Manual;
21:45:41.0044 5680 ============================================================
21:45:44.0039 5680 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:45:44.0039 5680 1394ohci - ok
21:45:44.0164 5680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:45:44.0164 5680 ACPI - ok
21:45:44.0273 5680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:45:44.0273 5680 AcpiPmi - ok
21:45:44.0460 5680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:45:44.0476 5680 adp94xx - ok
21:45:45.0256 5680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:45:45.0256 5680 adpahci - ok
21:45:45.0365 5680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:45:45.0365 5680 adpu320 - ok
21:45:45.0505 5680 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:45:45.0521 5680 AFD - ok
21:45:45.0599 5680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:45:45.0614 5680 agp440 - ok
21:45:45.0724 5680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:45:45.0724 5680 aliide - ok
21:45:45.0833 5680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:45:45.0848 5680 amdide - ok
21:45:46.0628 5680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:45:46.0628 5680 AmdK8 - ok
21:45:46.0706 5680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:45:46.0706 5680 AmdPPM - ok
21:45:46.0800 5680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:45:46.0800 5680 amdsata - ok
21:45:46.0894 5680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:45:46.0909 5680 amdsbs - ok
21:45:47.0003 5680 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:45:47.0003 5680 amdxata - ok
21:45:47.0128 5680 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:45:47.0128 5680 AppID - ok
21:45:47.0268 5680 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:45:47.0268 5680 arc - ok
21:45:47.0845 5680 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:45:47.0845 5680 arcsas - ok
21:45:47.0939 5680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:45:47.0939 5680 AsyncMac - ok
21:45:48.0017 5680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:45:48.0017 5680 atapi - ok
21:45:48.0173 5680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:45:48.0188 5680 b06bdrv - ok
21:45:48.0282 5680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:45:48.0282 5680 b57nd60a - ok
21:45:48.0407 5680 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:45:48.0407 5680 Beep - ok
21:45:48.0984 5680 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
21:45:49.0000 5680 BHDrvx64 - ok
21:45:49.0093 5680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:45:49.0093 5680 blbdrive - ok
21:45:49.0202 5680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:45:49.0218 5680 bowser - ok
21:45:49.0280 5680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:45:49.0280 5680 BrFiltLo - ok
21:45:49.0358 5680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:45:49.0358 5680 BrFiltUp - ok
21:45:49.0436 5680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:45:49.0452 5680 Brserid - ok
21:45:49.0483 5680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:45:49.0483 5680 BrSerWdm - ok
21:45:49.0655 5680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:45:49.0904 5680 BrUsbMdm - ok
21:45:49.0998 5680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:45:49.0998 5680 BrUsbSer - ok
21:45:50.0092 5680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:45:50.0092 5680 BTHMODEM - ok
21:45:50.0216 5680 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:45:50.0232 5680 cdfs - ok
21:45:50.0341 5680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:45:50.0341 5680 cdrom - ok
21:45:50.0466 5680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:45:50.0466 5680 circlass - ok
21:45:50.0591 5680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:45:50.0606 5680 CLFS - ok
21:45:50.0887 5680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:45:50.0887 5680 CmBatt - ok
21:45:51.0012 5680 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:45:51.0012 5680 cmdide - ok
21:45:51.0168 5680 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:45:51.0184 5680 CNG - ok
21:45:51.0355 5680 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
21:45:51.0386 5680 CnxtHdAudService - ok
21:45:51.0480 5680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:45:51.0480 5680 Compbatt - ok
21:45:51.0574 5680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:45:51.0574 5680 CompositeBus - ok
21:45:51.0698 5680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:45:51.0698 5680 crcdisk - ok
21:45:52.0073 5680 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
21:45:52.0073 5680 ctxusbm - ok
21:45:52.0213 5680 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
21:45:52.0229 5680 dc3d - ok
21:45:52.0354 5680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:45:52.0354 5680 DfsC - ok
21:45:52.0447 5680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:45:52.0447 5680 discache - ok
21:45:52.0556 5680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:45:52.0556 5680 Disk - ok
21:45:52.0681 5680 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:45:52.0681 5680 drmkaud - ok
21:45:53.0430 5680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:45:53.0446 5680 DXGKrnl - ok
21:45:53.0664 5680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:45:53.0726 5680 ebdrv - ok
21:45:53.0851 5680 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:45:53.0867 5680 eeCtrl - ok
21:45:54.0007 5680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:45:54.0023 5680 elxstor - ok
21:45:54.0194 5680 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:45:54.0210 5680 EraserUtilRebootDrv - ok
21:45:54.0678 5680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:45:54.0678 5680 ErrDev - ok
21:45:54.0834 5680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:45:54.0834 5680 exfat - ok
21:45:54.0912 5680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:45:54.0928 5680 fastfat - ok
21:45:55.0037 5680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:45:55.0037 5680 fdc - ok
21:45:55.0146 5680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:45:55.0146 5680 FileInfo - ok
21:45:55.0224 5680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:45:55.0224 5680 Filetrace - ok
21:45:55.0255 5680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:45:55.0255 5680 flpydisk - ok
21:45:55.0364 5680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:45:55.0364 5680 FltMgr - ok
21:45:55.0988 5680 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\windows\system32\DRIVERS\FlyUsb.sys
21:45:55.0988 5680 FlyUsb - ok
21:45:56.0129 5680 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:45:56.0129 5680 FsDepends - ok
21:45:56.0222 5680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
21:45:56.0222 5680 Fs_Rec - ok
21:45:56.0332 5680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:45:56.0347 5680 fvevol - ok
21:45:56.0456 5680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:45:56.0456 5680 gagp30kx - ok
21:45:56.0644 5680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:45:56.0644 5680 hcw85cir - ok
21:45:57.0470 5680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:45:57.0470 5680 HdAudAddService - ok
21:45:57.0564 5680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:45:57.0564 5680 HDAudBus - ok
21:45:57.0642 5680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:45:57.0642 5680 HidBatt - ok
21:45:57.0720 5680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:45:57.0720 5680 HidBth - ok
21:45:57.0829 5680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:45:57.0829 5680 HidIr - ok
21:45:57.0985 5680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:45:57.0985 5680 HidUsb - ok
21:45:58.0110 5680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:45:58.0516 5680 HpSAMD - ok
21:45:58.0734 5680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:45:58.0750 5680 HTTP - ok
21:45:58.0828 5680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:45:58.0828 5680 hwpolicy - ok
21:45:58.0952 5680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:45:58.0952 5680 i8042prt - ok
21:45:59.0093 5680 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
21:45:59.0093 5680 iaStor - ok
21:45:59.0218 5680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:45:59.0233 5680 iaStorV - ok
21:45:59.0405 5680 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSvia64.sys
21:45:59.0420 5680 IDSVia64 - ok
21:46:00.0107 5680 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
21:46:00.0356 5680 igfx - ok
21:46:00.0434 5680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:46:00.0434 5680 iirsp - ok
21:46:01.0168 5680 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
21:46:01.0168 5680 IntcDAud - ok
21:46:01.0246 5680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:46:01.0246 5680 intelide - ok
21:46:01.0339 5680 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:46:01.0355 5680 intelppm - ok
21:46:01.0433 5680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:46:01.0433 5680 IpFilterDriver - ok
21:46:01.0526 5680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:46:01.0526 5680 IPMIDRV - ok
21:46:01.0620 5680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:46:01.0620 5680 IPNAT - ok
21:46:01.0729 5680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:46:01.0729 5680 IRENUM - ok
21:46:01.0916 5680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:46:01.0916 5680 isapnp - ok
21:46:02.0618 5680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:46:02.0618 5680 iScsiPrt - ok
21:46:02.0712 5680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:46:02.0712 5680 kbdclass - ok
21:46:02.0821 5680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:46:02.0821 5680 kbdhid - ok
21:46:02.0930 5680 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:46:02.0930 5680 KSecDD - ok
21:46:02.0962 5680 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:46:02.0962 5680 KSecPkg - ok
21:46:03.0071 5680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:46:03.0071 5680 ksthunk - ok
21:46:03.0601 5680 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
21:46:03.0601 5680 L1C - ok
21:46:03.0710 5680 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
21:46:03.0710 5680 Lavasoft Kernexplorer - ok
21:46:03.0804 5680 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys
21:46:03.0804 5680 Lbd - ok
21:46:03.0913 5680 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:46:03.0929 5680 lltdio - ok
21:46:04.0054 5680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:46:04.0054 5680 LSI_FC - ok
21:46:04.0163 5680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:46:04.0163 5680 LSI_SAS - ok
21:46:04.0256 5680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:46:04.0256 5680 LSI_SAS2 - ok
21:46:04.0912 5680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:46:04.0927 5680 LSI_SCSI - ok
21:46:05.0021 5680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:46:05.0036 5680 luafv - ok
21:46:05.0146 5680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:46:05.0146 5680 megasas - ok
21:46:05.0255 5680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:46:05.0270 5680 MegaSR - ok
21:46:05.0364 5680 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
21:46:05.0364 5680 MEIx64 - ok
21:46:05.0411 5680 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:46:05.0411 5680 Modem - ok
21:46:05.0504 5680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:46:05.0504 5680 monitor - ok
21:46:05.0645 5680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:46:05.0645 5680 mouclass - ok
21:46:06.0082 5680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:46:06.0082 5680 mouhid - ok
21:46:06.0175 5680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:46:06.0175 5680 mountmgr - ok
21:46:06.0269 5680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:46:06.0269 5680 mpio - ok
21:46:06.0362 5680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:46:06.0362 5680 mpsdrv - ok
21:46:06.0456 5680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:46:06.0456 5680 MRxDAV - ok
21:46:06.0503 5680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:46:06.0518 5680 mrxsmb - ok
21:46:06.0612 5680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:46:06.0612 5680 mrxsmb10 - ok
21:46:06.0752 5680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:46:06.0752 5680 mrxsmb20 - ok
21:46:06.0986 5680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:46:06.0986 5680 msahci - ok
21:46:07.0033 5680 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:46:07.0033 5680 msdsm - ok
21:46:07.0642 5680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:46:07.0642 5680 Msfs - ok
21:46:07.0751 5680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:46:07.0844 5680 mshidkmdf - ok
21:46:08.0000 5680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:46:08.0094 5680 msisadrv - ok
21:46:08.0203 5680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:46:08.0203 5680 MSKSSRV - ok
21:46:08.0312 5680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:46:08.0312 5680 MSPCLOCK - ok
21:46:08.0422 5680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:46:08.0437 5680 MSPQM - ok
21:46:08.0546 5680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:46:08.0546 5680 MsRPC - ok
21:46:08.0640 5680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:46:08.0640 5680 mssmbios - ok
21:46:08.0765 5680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:46:08.0765 5680 MSTEE - ok
21:46:09.0358 5680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:46:09.0358 5680 MTConfig - ok
21:46:09.0451 5680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:46:09.0451 5680 Mup - ok
21:46:09.0607 5680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:46:09.0607 5680 NativeWifiP - ok
21:46:09.0748 5680 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111216.017\ENG64.SYS
21:46:09.0748 5680 NAVENG - ok
21:46:09.0950 5680 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111216.017\EX64.SYS
21:46:09.0982 5680 NAVEX15 - ok
21:46:10.0668 5680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:46:10.0699 5680 NDIS - ok
21:46:10.0808 5680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:46:10.0808 5680 NdisCap - ok
21:46:10.0918 5680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:46:10.0918 5680 NdisTapi - ok
21:46:11.0027 5680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:46:11.0042 5680 Ndisuio - ok
21:46:11.0152 5680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:46:11.0152 5680 NdisWan - ok
21:46:11.0245 5680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:46:11.0245 5680 NDProxy - ok
21:46:11.0354 5680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:46:11.0354 5680 NetBIOS - ok
21:46:11.0479 5680 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:46:11.0479 5680 NetBT - ok
21:46:12.0134 5680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:46:12.0134 5680 nfrd960 - ok
21:46:12.0197 5680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:46:12.0197 5680 Npfs - ok
21:46:12.0275 5680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:46:12.0290 5680 nsiproxy - ok
21:46:12.0368 5680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:46:12.0400 5680 Ntfs - ok
21:46:12.0540 5680 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\windows\system32\DRIVERS\NuidFltr.sys
21:46:12.0540 5680 NuidFltr - ok
21:46:12.0649 5680 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:46:12.0665 5680 Null - ok
21:46:13.0320 5680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:46:13.0320 5680 nvraid - ok
21:46:13.0414 5680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:46:13.0429 5680 nvstor - ok
21:46:13.0523 5680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:46:13.0523 5680 nv_agp - ok
21:46:13.0616 5680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:46:13.0616 5680 ohci1394 - ok
21:46:13.0757 5680 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:46:13.0757 5680 Parport - ok
21:46:13.0850 5680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:46:13.0850 5680 partmgr - ok
21:46:13.0991 5680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:46:13.0991 5680 pci - ok
21:46:14.0396 5680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:46:14.0396 5680 pciide - ok
21:46:14.0474 5680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:46:14.0490 5680 pcmcia - ok
21:46:14.0584 5680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:46:14.0584 5680 pcw - ok
21:46:14.0693 5680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:46:14.0708 5680 PEAUTH - ok
21:46:14.0818 5680 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:46:14.0818 5680 PGEffect - ok
21:46:14.0958 5680 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
21:46:14.0958 5680 Point64 - ok
21:46:15.0707 5680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:46:15.0722 5680 PptpMiniport - ok
21:46:15.0785 5680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:46:15.0800 5680 Processor - ok
21:46:15.0894 5680 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:46:15.0894 5680 Psched - ok
21:46:16.0019 5680 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:46:16.0019 5680 QIOMem - ok
21:46:16.0144 5680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:46:16.0175 5680 ql2300 - ok
21:46:16.0253 5680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:46:16.0253 5680 ql40xx - ok
21:46:16.0346 5680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:46:16.0346 5680 QWAVEdrv - ok
21:46:16.0440 5680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:46:16.0440 5680 RasAcd - ok
21:46:16.0580 5680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:46:16.0580 5680 RasAgileVpn - ok
21:46:16.0970 5680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:46:16.0986 5680 Rasl2tp - ok
21:46:17.0532 5680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:46:17.0532 5680 RasPppoe - ok
21:46:18.0406 5680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:46:18.0406 5680 RasSstp - ok
21:46:18.0780 5680 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:46:18.0780 5680 rdbss - ok
21:46:19.0420 5680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:46:19.0466 5680 rdpbus - ok
21:46:19.0576 5680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:46:19.0576 5680 RDPCDD - ok
21:46:20.0496 5680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:46:20.0512 5680 RDPENCDD - ok
21:46:20.0636 5680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:46:20.0636 5680 RDPREFMP - ok
21:46:20.0730 5680 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
21:46:20.0730 5680 RDPWD - ok
21:46:20.0855 5680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:46:20.0855 5680 rdyboost - ok
21:46:20.0980 5680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:46:21.0229 5680 rspndr - ok
21:46:21.0401 5680 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
21:46:21.0401 5680 RSUSBSTOR - ok
21:46:21.0510 5680 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
21:46:21.0510 5680 RSUSBVSTOR - ok
21:46:21.0682 5680 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
21:46:21.0697 5680 RTL8192Ce - ok
21:46:21.0822 5680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:46:21.0822 5680 sbp2port - ok
21:46:21.0962 5680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:46:21.0962 5680 scfilter - ok
21:46:22.0087 5680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:46:22.0087 5680 secdrv - ok
21:46:22.0228 5680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:46:22.0774 5680 Serenum - ok
21:46:23.0288 5680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:46:23.0288 5680 Serial - ok
21:46:23.0398 5680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:46:23.0398 5680 sermouse - ok
21:46:23.0507 5680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:46:23.0507 5680 sffdisk - ok
21:46:23.0616 5680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:46:23.0632 5680 sffp_mmc - ok
21:46:23.0928 5680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:46:23.0944 5680 sffp_sd - ok
21:46:24.0037 5680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:46:24.0037 5680 sfloppy - ok
21:46:24.0146 5680 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:46:24.0162 5680 Sftfs - ok
21:46:24.0287 5680 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:46:24.0302 5680 Sftplay - ok
21:46:24.0412 5680 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:46:24.0412 5680 Sftredir - ok
21:46:24.0490 5680 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:46:24.0490 5680 Sftvol - ok
21:46:24.0911 5680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:46:24.0911 5680 SiSRaid2 - ok
21:46:25.0020 5680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:46:25.0020 5680 SiSRaid4 - ok
21:46:25.0129 5680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:46:25.0129 5680 Smb - ok
21:46:25.0270 5680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:46:25.0270 5680 spldr - ok
21:46:25.0457 5680 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
21:46:25.0472 5680 SRTSP - ok
21:46:25.0862 5680 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
21:46:25.0862 5680 SRTSPX - ok
21:46:26.0003 5680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:46:26.0018 5680 srv - ok
21:46:26.0128 5680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:46:26.0128 5680 srv2 - ok
21:46:26.0252 5680 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:46:26.0268 5680 SrvHsfHDA - ok
21:46:26.0455 5680 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:46:26.0486 5680 SrvHsfV92 - ok
21:46:26.0627 5680 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:46:26.0642 5680 SrvHsfWinac - ok
21:46:26.0830 5680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:46:26.0830 5680 srvnet - ok
21:46:27.0220 5680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:46:27.0220 5680 stexstor - ok
21:46:27.0329 5680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:46:27.0344 5680 swenum - ok
21:46:27.0500 5680 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
21:46:27.0516 5680 SymDS - ok
21:46:27.0656 5680 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
21:46:27.0672 5680 SymEFA - ok
21:46:28.0062 5680 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:46:28.0062 5680 SymEvent - ok
21:46:28.0202 5680 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
21:46:28.0202 5680 SymIRON - ok
21:46:28.0327 5680 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
21:46:28.0343 5680 SymNetS - ok
21:46:28.0499 5680 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:46:28.0530 5680 SynTP - ok
21:46:28.0686 5680 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:46:28.0748 5680 Tcpip - ok
21:46:29.0310 5680 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:46:29.0326 5680 TCPIP6 - ok
21:46:29.0419 5680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:46:29.0419 5680 tcpipreg - ok
21:46:29.0528 5680 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:46:29.0528 5680 tdcmdpst - ok
21:46:29.0606 5680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:46:29.0622 5680 TDPIPE - ok
21:46:29.0622 5680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
21:46:29.0622 5680 TDTCP - ok
21:46:29.0653 5680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:46:29.0669 5680 tdx - ok
21:46:29.0731 5680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:46:29.0747 5680 TermDD - ok
21:46:29.0965 5680 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
21:46:29.0965 5680 tos_sps64 - ok
21:46:30.0355 5680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:46:30.0371 5680 tssecsrv - ok
21:46:30.0480 5680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:46:30.0480 5680 TsUsbFlt - ok
21:46:30.0558 5680 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:46:30.0558 5680 TsUsbGD - ok
21:46:30.0667 5680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:46:30.0667 5680 tunnel - ok
21:46:30.0761 5680 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:46:30.0761 5680 TVALZ - ok
21:46:30.0854 5680 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:46:30.0854 5680 TVALZFL - ok
21:46:30.0932 5680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:46:30.0932 5680 uagp35 - ok
21:46:31.0057 5680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:46:31.0135 5680 udfs - ok
21:46:31.0338 5680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:46:31.0354 5680 uliagpkx - ok
21:46:31.0463 5680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:46:31.0478 5680 umbus - ok
21:46:31.0915 5680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:46:31.0931 5680 UmPass - ok
21:46:32.0087 5680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:46:32.0087 5680 usbccgp - ok
21:46:32.0430 5680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:46:32.0430 5680 usbcir - ok
21:46:32.0524 5680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:46:32.0524 5680 usbehci - ok
21:46:32.0570 5680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:46:32.0586 5680 usbhub - ok
21:46:32.0680 5680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:46:32.0680 5680 usbohci - ok
21:46:32.0773 5680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:46:32.0773 5680 usbprint - ok
21:46:32.0867 5680 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
21:46:32.0867 5680 usbscan - ok
21:46:32.0960 5680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
21:46:33.0210 5680 USBSTOR - ok
21:46:33.0491 5680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:46:33.0491 5680 usbuhci - ok
21:46:33.0600 5680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:46:33.0600 5680 usbvideo - ok
21:46:33.0709 5680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:46:33.0709 5680 vdrvroot - ok
21:46:33.0834 5680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:46:33.0834 5680 vga - ok
21:46:33.0928 5680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:46:33.0928 5680 VgaSave - ok
21:46:34.0021 5680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:46:34.0021 5680 vhdmp - ok
21:46:34.0115 5680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:46:34.0115 5680 viaide - ok
21:46:34.0146 5680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:46:34.0146 5680 volmgr - ok
21:46:34.0255 5680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:46:34.0271 5680 volmgrx - ok
21:46:34.0708 5680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:46:34.0708 5680 volsnap - ok
21:46:34.0817 5680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:46:34.0817 5680 vsmraid - ok
21:46:34.0926 5680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:46:34.0926 5680 vwifibus - ok
21:46:35.0066 5680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:46:35.0066 5680 vwififlt - ok
21:46:35.0160 5680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:46:35.0160 5680 WacomPen - ok
21:46:35.0285 5680 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:46:35.0300 5680 WANARP - ok
21:46:35.0316 5680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:46:35.0316 5680 Wanarpv6 - ok
21:46:35.0628 5680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:46:35.0628 5680 Wd - ok
21:46:36.0174 5680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:46:36.0221 5680 Wdf01000 - ok
21:46:36.0470 5680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:46:36.0470 5680 WfpLwf - ok
21:46:36.0548 5680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:46:36.0548 5680 WIMMount - ok
21:46:36.0970 5680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:46:36.0970 5680 WinUsb - ok
21:46:37.0110 5680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:46:37.0110 5680 WmiAcpi - ok
21:46:37.0516 5680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:46:37.0516 5680 ws2ifsl - ok
21:46:37.0625 5680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:46:37.0625 5680 WudfPf - ok
21:46:37.0656 5680 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:46:37.0656 5680 WUDFRd - ok
21:46:37.0703 5680 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
21:46:38.0108 5680 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:46:38.0108 5680 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:46:38.0108 5680 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR2
21:46:38.0124 5680 \Device\Harddisk1\DR2 - ok
21:46:38.0140 5680 Boot (0x1200) (7426320d24cc174df1849927834bd048) \Device\Harddisk0\DR0\Partition0
21:46:38.0140 5680 \Device\Harddisk0\DR0\Partition0 - ok
21:46:38.0452 5680 Boot (0x1200) (cc4f223475ea9aeba424d4bf876255af) \Device\Harddisk1\DR2\Partition0
21:46:38.0452 5680 \Device\Harddisk1\DR2\Partition0 - ok
21:46:38.0452 5680 ============================================================
21:46:38.0452 5680 Scan finished
21:46:38.0452 5680 ============================================================
21:46:38.0483 5076 Detected object count: 1
21:46:38.0483 5076 Actual detected object count: 1
21:47:18.0793 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
21:47:18.0793 5076 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip
Hi woofs2china,
Lets run TDSSKiller again, this time selecting Cure. Instructions below.
Important!: Run this fix once and once only.
First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
Next Right click on TDSSKiller.exe and select Run as Administrator to launch it.
Click on Start Scan, the scan will run.
When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller._version_.MM.YYYY_HH.MM.SS_log.txt .
To find the log go to Start > Computer > C:
Post the contents of that log in your next reply please.
aswMBR Scan
Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) and save it to your Desktop.
Right click aswMBR.exe & choose "Run as Administrator" to run it.
Click Yes to the prompt to download Avast! virus definitions.
(Please be patient whilst the virus definitions download)
With the AVscan set to Quick Scan, click the Scan button.
(Please be patient whilst your computer is scanned.)
After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
Click OK > Exit.
Note: Do not attempt to fix anything at this stage!
Two files will be created, aswMBR.txt & a file named MBR.dat.
MBR.dat is a backup of the MBR(master boot record), do not delete it..
I strongly suggest you keep a copy of this backup stored on an external device.
Copy & Paste the contents of aswMBR.txt into your next reply.
Let me know how the PC is performing after following the above steps.
diver79
woofs2china
2012-02-24, 01:51
Not sure at this point how it is running as I just finished the fix and scans. Will watch it tonight.
Thanks for your help so far!
Jennifer
18:29:05.0928 6512 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:29:06.0209 6512 ============================================================
18:29:06.0209 6512 Current date / time: 2012/02/23 18:29:06.0209
18:29:06.0209 6512 SystemInfo:
18:29:06.0209 6512
18:29:06.0209 6512 OS Version: 6.1.7601 ServicePack: 1.0
18:29:06.0209 6512 Product type: Workstation
18:29:06.0209 6512 ComputerName: STEPHENWOOF-PC
18:29:06.0209 6512 UserName: Stephen Woof
18:29:06.0209 6512 Windows directory: C:\windows
18:29:06.0209 6512 System windows directory: C:\windows
18:29:06.0209 6512 Running under WOW64
18:29:06.0209 6512 Processor architecture: Intel x64
18:29:06.0209 6512 Number of processors: 2
18:29:06.0209 6512 Page size: 0x1000
18:29:06.0209 6512 Boot type: Normal boot
18:29:06.0209 6512 ============================================================
18:29:06.0583 6512 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:29:06.0599 6512 \Device\Harddisk0\DR0:
18:29:06.0599 6512 MBR used
18:29:06.0599 6512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x489F4800
18:29:06.0614 6512 Initialize success
18:29:06.0614 6512 ============================================================
18:29:28.0766 4092 ============================================================
18:29:28.0766 4092 Scan started
18:29:28.0766 4092 Mode: Manual;
18:29:28.0766 4092 ============================================================
18:29:35.0927 4092 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
18:29:35.0927 4092 1394ohci - ok
18:29:36.0161 4092 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
18:29:36.0176 4092 ACPI - ok
18:29:36.0395 4092 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
18:29:36.0426 4092 AcpiPmi - ok
18:29:36.0738 4092 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
18:29:36.0754 4092 adp94xx - ok
18:29:37.0253 4092 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
18:29:37.0268 4092 adpahci - ok
18:29:37.0612 4092 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
18:29:37.0612 4092 adpu320 - ok
18:29:37.0830 4092 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
18:29:37.0846 4092 AFD - ok
18:29:37.0970 4092 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
18:29:37.0970 4092 agp440 - ok
18:29:38.0126 4092 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
18:29:38.0126 4092 aliide - ok
18:29:38.0236 4092 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
18:29:38.0236 4092 amdide - ok
18:29:38.0345 4092 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
18:29:38.0360 4092 AmdK8 - ok
18:29:38.0501 4092 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
18:29:38.0501 4092 AmdPPM - ok
18:29:38.0657 4092 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
18:29:38.0657 4092 amdsata - ok
18:29:38.0828 4092 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
18:29:38.0828 4092 amdsbs - ok
18:29:38.0938 4092 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
18:29:38.0938 4092 amdxata - ok
18:29:39.0094 4092 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
18:29:39.0094 4092 AppID - ok
18:29:39.0312 4092 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
18:29:39.0312 4092 arc - ok
18:29:39.0530 4092 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
18:29:39.0530 4092 arcsas - ok
18:29:39.0671 4092 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
18:29:39.0671 4092 AsyncMac - ok
18:29:39.0827 4092 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
18:29:39.0827 4092 atapi - ok
18:29:39.0998 4092 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
18:29:39.0998 4092 b06bdrv - ok
18:29:40.0092 4092 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
18:29:40.0092 4092 b57nd60a - ok
18:29:40.0201 4092 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
18:29:40.0201 4092 Beep - ok
18:29:40.0466 4092 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111210.003\BHDrvx64.sys
18:29:40.0482 4092 BHDrvx64 - ok
18:29:40.0716 4092 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
18:29:40.0716 4092 blbdrive - ok
18:29:40.0872 4092 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
18:29:40.0872 4092 bowser - ok
18:29:41.0340 4092 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
18:29:41.0340 4092 BrFiltLo - ok
18:29:41.0512 4092 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
18:29:41.0512 4092 BrFiltUp - ok
18:29:41.0652 4092 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
18:29:41.0668 4092 Brserid - ok
18:29:41.0808 4092 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
18:29:41.0808 4092 BrSerWdm - ok
18:29:41.0933 4092 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
18:29:41.0933 4092 BrUsbMdm - ok
18:29:42.0058 4092 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
18:29:42.0058 4092 BrUsbSer - ok
18:29:42.0214 4092 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
18:29:42.0214 4092 BTHMODEM - ok
18:29:42.0323 4092 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
18:29:42.0323 4092 cdfs - ok
18:29:42.0401 4092 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
18:29:42.0416 4092 cdrom - ok
18:29:42.0526 4092 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
18:29:42.0526 4092 circlass - ok
18:29:42.0619 4092 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
18:29:42.0635 4092 CLFS - ok
18:29:42.0760 4092 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
18:29:42.0760 4092 CmBatt - ok
18:29:42.0884 4092 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
18:29:42.0884 4092 cmdide - ok
18:29:43.0025 4092 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
18:29:43.0025 4092 CNG - ok
18:29:43.0228 4092 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
18:29:43.0243 4092 CnxtHdAudService - ok
18:29:43.0368 4092 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
18:29:43.0368 4092 Compbatt - ok
18:29:43.0446 4092 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
18:29:43.0446 4092 CompositeBus - ok
18:29:43.0555 4092 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
18:29:43.0555 4092 crcdisk - ok
18:29:43.0696 4092 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\windows\system32\DRIVERS\ctxusbm.sys
18:29:43.0696 4092 ctxusbm - ok
18:29:43.0805 4092 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
18:29:43.0820 4092 dc3d - ok
18:29:43.0930 4092 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
18:29:43.0930 4092 DfsC - ok
18:29:44.0008 4092 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
18:29:44.0008 4092 discache - ok
18:29:44.0101 4092 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
18:29:44.0101 4092 Disk - ok
18:29:44.0210 4092 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
18:29:44.0210 4092 drmkaud - ok
18:29:44.0304 4092 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
18:29:44.0320 4092 DXGKrnl - ok
18:29:44.0476 4092 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
18:29:44.0554 4092 ebdrv - ok
18:29:44.0678 4092 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
18:29:44.0694 4092 eeCtrl - ok
18:29:44.0819 4092 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
18:29:44.0819 4092 elxstor - ok
18:29:44.0944 4092 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:29:44.0944 4092 EraserUtilRebootDrv - ok
18:29:45.0037 4092 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
18:29:45.0037 4092 ErrDev - ok
18:29:45.0162 4092 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
18:29:45.0162 4092 exfat - ok
18:29:45.0256 4092 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
18:29:45.0256 4092 fastfat - ok
18:29:45.0365 4092 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
18:29:45.0365 4092 fdc - ok
18:29:45.0474 4092 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
18:29:45.0474 4092 FileInfo - ok
18:29:45.0552 4092 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
18:29:45.0552 4092 Filetrace - ok
18:29:45.0661 4092 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
18:29:45.0661 4092 flpydisk - ok
18:29:45.0755 4092 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
18:29:45.0770 4092 FltMgr - ok
18:29:45.0880 4092 FlyUsb (6cd6bb45bd3e0eef6ce496bf52854ff1) C:\windows\system32\DRIVERS\FlyUsb.sys
18:29:45.0880 4092 FlyUsb - ok
18:29:45.0958 4092 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
18:29:45.0973 4092 FsDepends - ok
18:29:45.0989 4092 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
18:29:45.0989 4092 Fs_Rec - ok
18:29:46.0082 4092 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
18:29:46.0098 4092 fvevol - ok
18:29:46.0207 4092 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
18:29:46.0207 4092 gagp30kx - ok
18:29:46.0363 4092 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
18:29:46.0363 4092 hcw85cir - ok
18:29:46.0488 4092 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
18:29:46.0488 4092 HdAudAddService - ok
18:29:46.0597 4092 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
18:29:46.0597 4092 HDAudBus - ok
18:29:46.0675 4092 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
18:29:46.0675 4092 HidBatt - ok
18:29:46.0769 4092 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
18:29:46.0769 4092 HidBth - ok
18:29:46.0847 4092 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
18:29:46.0847 4092 HidIr - ok
18:29:46.0940 4092 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
18:29:46.0940 4092 HidUsb - ok
18:29:47.0096 4092 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
18:29:47.0096 4092 HpSAMD - ok
18:29:47.0237 4092 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
18:29:47.0252 4092 HTTP - ok
18:29:47.0346 4092 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
18:29:47.0346 4092 hwpolicy - ok
18:29:47.0440 4092 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
18:29:47.0440 4092 i8042prt - ok
18:29:47.0549 4092 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
18:29:47.0549 4092 iaStor - ok
18:29:47.0658 4092 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
18:29:47.0674 4092 iaStorV - ok
18:29:47.0845 4092 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20111216.001\IDSvia64.sys
18:29:47.0845 4092 IDSVia64 - ok
18:29:48.0204 4092 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
18:29:48.0485 4092 igfx - ok
18:29:48.0578 4092 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
18:29:48.0578 4092 iirsp - ok
18:29:48.0703 4092 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
18:29:48.0719 4092 IntcDAud - ok
18:29:48.0812 4092 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
18:29:48.0812 4092 intelide - ok
18:29:48.0906 4092 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
18:29:48.0906 4092 intelppm - ok
18:29:49.0000 4092 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:29:49.0000 4092 IpFilterDriver - ok
18:29:49.0109 4092 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
18:29:49.0109 4092 IPMIDRV - ok
18:29:49.0187 4092 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
18:29:49.0202 4092 IPNAT - ok
18:29:49.0296 4092 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
18:29:49.0296 4092 IRENUM - ok
18:29:49.0390 4092 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
18:29:49.0405 4092 isapnp - ok
18:29:49.0499 4092 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
18:29:49.0514 4092 iScsiPrt - ok
18:29:49.0639 4092 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
18:29:49.0639 4092 kbdclass - ok
18:29:49.0748 4092 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
18:29:49.0748 4092 kbdhid - ok
18:29:49.0842 4092 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
18:29:49.0842 4092 KSecDD - ok
18:29:49.0873 4092 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
18:29:49.0873 4092 KSecPkg - ok
18:29:49.0982 4092 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
18:29:49.0982 4092 ksthunk - ok
18:29:50.0092 4092 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys
18:29:50.0092 4092 L1C - ok
18:29:50.0201 4092 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
18:29:50.0201 4092 Lavasoft Kernexplorer - ok
18:29:50.0310 4092 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys
18:29:50.0310 4092 Lbd - ok
18:29:50.0450 4092 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
18:29:50.0450 4092 lltdio - ok
18:29:50.0575 4092 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
18:29:50.0575 4092 LSI_FC - ok
18:29:50.0684 4092 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
18:29:50.0684 4092 LSI_SAS - ok
18:29:50.0778 4092 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
18:29:50.0794 4092 LSI_SAS2 - ok
18:29:50.0872 4092 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
18:29:50.0872 4092 LSI_SCSI - ok
18:29:50.0981 4092 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
18:29:50.0996 4092 luafv - ok
18:29:51.0106 4092 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
18:29:51.0121 4092 megasas - ok
18:29:51.0199 4092 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
18:29:51.0215 4092 MegaSR - ok
18:29:51.0324 4092 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
18:29:51.0324 4092 MEIx64 - ok
18:29:51.0558 4092 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
18:29:51.0574 4092 Modem - ok
18:29:51.0652 4092 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
18:29:51.0652 4092 monitor - ok
18:29:51.0761 4092 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
18:29:51.0761 4092 mouclass - ok
18:29:51.0886 4092 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
18:29:51.0886 4092 mouhid - ok
18:29:51.0995 4092 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
18:29:51.0995 4092 mountmgr - ok
18:29:52.0073 4092 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
18:29:52.0073 4092 mpio - ok
18:29:52.0151 4092 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
18:29:52.0151 4092 mpsdrv - ok
18:29:52.0229 4092 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
18:29:52.0244 4092 MRxDAV - ok
18:29:52.0322 4092 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
18:29:52.0322 4092 mrxsmb - ok
18:29:52.0432 4092 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:29:52.0447 4092 mrxsmb10 - ok
18:29:52.0525 4092 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:29:52.0541 4092 mrxsmb20 - ok
18:29:52.0619 4092 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
18:29:52.0619 4092 msahci - ok
18:29:52.0697 4092 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
18:29:52.0697 4092 msdsm - ok
18:29:52.0837 4092 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
18:29:52.0853 4092 Msfs - ok
18:29:52.0962 4092 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
18:29:52.0962 4092 mshidkmdf - ok
18:29:53.0071 4092 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
18:29:53.0071 4092 msisadrv - ok
18:29:53.0196 4092 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
18:29:53.0196 4092 MSKSSRV - ok
18:29:53.0305 4092 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
18:29:53.0305 4092 MSPCLOCK - ok
18:29:53.0430 4092 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
18:29:53.0430 4092 MSPQM - ok
18:29:53.0508 4092 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
18:29:53.0524 4092 MsRPC - ok
18:29:53.0617 4092 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
18:29:53.0617 4092 mssmbios - ok
18:29:53.0726 4092 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
18:29:53.0726 4092 MSTEE - ok
18:29:53.0836 4092 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
18:29:53.0836 4092 MTConfig - ok
18:29:53.0929 4092 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
18:29:53.0929 4092 Mup - ok
18:29:54.0070 4092 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
18:29:54.0085 4092 NativeWifiP - ok
18:29:54.0194 4092 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111216.017\ENG64.SYS
18:29:54.0194 4092 NAVENG - ok
18:29:54.0569 4092 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20111216.017\EX64.SYS
18:29:54.0647 4092 NAVEX15 - ok
18:29:54.0818 4092 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
18:29:54.0834 4092 NDIS - ok
18:29:54.0974 4092 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
18:29:54.0974 4092 NdisCap - ok
18:29:55.0146 4092 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
18:29:55.0146 4092 NdisTapi - ok
18:29:55.0286 4092 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
18:29:55.0286 4092 Ndisuio - ok
18:29:55.0411 4092 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
18:29:55.0411 4092 NdisWan - ok
18:29:55.0583 4092 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
18:29:55.0583 4092 NDProxy - ok
18:29:55.0708 4092 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
18:29:55.0723 4092 NetBIOS - ok
18:29:55.0879 4092 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
18:29:55.0942 4092 NetBT - ok
18:29:56.0191 4092 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
18:29:56.0191 4092 nfrd960 - ok
18:29:56.0316 4092 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
18:29:56.0316 4092 Npfs - ok
18:29:56.0425 4092 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
18:29:56.0425 4092 nsiproxy - ok
18:29:56.0659 4092 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
18:29:56.0722 4092 Ntfs - ok
18:29:56.0956 4092 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\windows\system32\DRIVERS\NuidFltr.sys
18:29:56.0971 4092 NuidFltr - ok
18:29:57.0112 4092 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
18:29:57.0112 4092 Null - ok
18:29:57.0205 4092 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
18:29:57.0205 4092 nvraid - ok
18:29:57.0314 4092 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
18:29:57.0330 4092 nvstor - ok
18:29:57.0439 4092 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
18:29:57.0439 4092 nv_agp - ok
18:29:57.0548 4092 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
18:29:57.0548 4092 ohci1394 - ok
18:29:57.0673 4092 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
18:29:57.0689 4092 Parport - ok
18:29:57.0751 4092 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
18:29:57.0751 4092 partmgr - ok
18:29:57.0845 4092 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
18:29:57.0845 4092 pci - ok
18:29:57.0954 4092 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
18:29:57.0954 4092 pciide - ok
18:29:58.0001 4092 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
18:29:58.0001 4092 pcmcia - ok
18:29:58.0110 4092 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
18:29:58.0110 4092 pcw - ok
18:29:58.0266 4092 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
18:29:58.0282 4092 PEAUTH - ok
18:29:58.0422 4092 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
18:29:58.0422 4092 PGEffect - ok
18:29:58.0609 4092 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
18:29:58.0609 4092 Point64 - ok
18:29:58.0734 4092 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
18:29:58.0734 4092 PptpMiniport - ok
18:29:58.0859 4092 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
18:29:58.0859 4092 Processor - ok
18:29:59.0046 4092 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
18:29:59.0046 4092 Psched - ok
18:29:59.0186 4092 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
18:29:59.0186 4092 QIOMem - ok
18:29:59.0405 4092 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
18:29:59.0436 4092 ql2300 - ok
18:29:59.0530 4092 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
18:29:59.0530 4092 ql40xx - ok
18:29:59.0654 4092 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
18:29:59.0654 4092 QWAVEdrv - ok
18:29:59.0795 4092 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
18:29:59.0795 4092 RasAcd - ok
18:29:59.0888 4092 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
18:29:59.0888 4092 RasAgileVpn - ok
18:30:00.0029 4092 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
18:30:00.0029 4092 Rasl2tp - ok
18:30:00.0138 4092 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
18:30:00.0138 4092 RasPppoe - ok
18:30:00.0294 4092 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
18:30:00.0294 4092 RasSstp - ok
18:30:00.0372 4092 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
18:30:00.0372 4092 rdbss - ok
18:30:00.0512 4092 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
18:30:00.0512 4092 rdpbus - ok
18:30:00.0622 4092 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
18:30:00.0622 4092 RDPCDD - ok
18:30:00.0762 4092 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
18:30:00.0762 4092 RDPENCDD - ok
18:30:00.0856 4092 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
18:30:00.0856 4092 RDPREFMP - ok
18:30:00.0949 4092 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
18:30:00.0949 4092 RDPWD - ok
18:30:01.0058 4092 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
18:30:01.0058 4092 rdyboost - ok
18:30:01.0214 4092 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
18:30:01.0230 4092 rspndr - ok
18:30:01.0370 4092 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
18:30:01.0370 4092 RSUSBSTOR - ok
18:30:01.0511 4092 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
18:30:01.0526 4092 RSUSBVSTOR - ok
18:30:01.0714 4092 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:30:01.0714 4092 RTL8192Ce - ok
18:30:01.0854 4092 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
18:30:01.0854 4092 sbp2port - ok
18:30:02.0010 4092 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
18:30:02.0010 4092 scfilter - ok
18:30:02.0119 4092 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
18:30:02.0119 4092 secdrv - ok
18:30:02.0275 4092 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
18:30:02.0275 4092 Serenum - ok
18:30:02.0400 4092 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
18:30:02.0400 4092 Serial - ok
18:30:02.0634 4092 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
18:30:02.0634 4092 sermouse - ok
18:30:02.0712 4092 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
18:30:02.0712 4092 sffdisk - ok
18:30:02.0821 4092 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
18:30:02.0821 4092 sffp_mmc - ok
18:30:02.0977 4092 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
18:30:02.0977 4092 sffp_sd - ok
18:30:03.0164 4092 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
18:30:03.0164 4092 sfloppy - ok
18:30:03.0289 4092 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
18:30:03.0289 4092 Sftfs - ok
18:30:03.0445 4092 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
18:30:03.0445 4092 Sftplay - ok
18:30:03.0461 4092 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
18:30:03.0461 4092 Sftredir - ok
18:30:03.0539 4092 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
18:30:03.0539 4092 Sftvol - ok
18:30:03.0648 4092 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
18:30:03.0648 4092 SiSRaid2 - ok
18:30:03.0664 4092 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
18:30:03.0664 4092 SiSRaid4 - ok
18:30:03.0804 4092 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
18:30:03.0804 4092 Smb - ok
18:30:03.0929 4092 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
18:30:03.0929 4092 spldr - ok
18:30:04.0194 4092 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207000.00D\SRTSP64.SYS
18:30:04.0225 4092 SRTSP - ok
18:30:04.0444 4092 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207000.00D\SRTSPX64.SYS
18:30:04.0444 4092 SRTSPX - ok
18:30:04.0522 4092 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
18:30:04.0537 4092 srv - ok
18:30:04.0631 4092 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
18:30:04.0646 4092 srv2 - ok
18:30:04.0865 4092 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
18:30:04.0865 4092 SrvHsfHDA - ok
18:30:05.0458 4092 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
18:30:05.0489 4092 SrvHsfV92 - ok
18:30:05.0645 4092 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
18:30:05.0645 4092 SrvHsfWinac - ok
18:30:05.0754 4092 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
18:30:05.0754 4092 srvnet - ok
18:30:05.0894 4092 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
18:30:05.0894 4092 stexstor - ok
18:30:06.0004 4092 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
18:30:06.0004 4092 swenum - ok
18:30:06.0160 4092 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS
18:30:06.0175 4092 SymDS - ok
18:30:06.0440 4092 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS
18:30:06.0456 4092 SymEFA - ok
18:30:06.0550 4092 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
18:30:06.0550 4092 SymEvent - ok
18:30:06.0628 4092 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS
18:30:06.0628 4092 SymIRON - ok
18:30:06.0768 4092 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS
18:30:06.0768 4092 SymNetS - ok
18:30:07.0018 4092 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
18:30:07.0018 4092 SynTP - ok
18:30:07.0298 4092 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
18:30:07.0361 4092 Tcpip - ok
18:30:07.0610 4092 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
18:30:07.0610 4092 TCPIP6 - ok
18:30:07.0751 4092 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
18:30:07.0751 4092 tcpipreg - ok
18:30:07.0860 4092 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:30:07.0860 4092 tdcmdpst - ok
18:30:07.0954 4092 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
18:30:07.0954 4092 TDPIPE - ok
18:30:08.0032 4092 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
18:30:08.0047 4092 TDTCP - ok
18:30:08.0172 4092 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
18:30:08.0172 4092 tdx - ok
18:30:08.0328 4092 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
18:30:08.0328 4092 TermDD - ok
18:30:08.0546 4092 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
18:30:08.0546 4092 tos_sps64 - ok
18:30:08.0718 4092 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
18:30:08.0718 4092 tssecsrv - ok
18:30:08.0827 4092 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
18:30:08.0843 4092 TsUsbFlt - ok
18:30:08.0936 4092 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
18:30:08.0936 4092 TsUsbGD - ok
18:30:09.0638 4092 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
18:30:09.0638 4092 tunnel - ok
18:30:09.0779 4092 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:30:09.0779 4092 TVALZ - ok
18:30:09.0904 4092 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
18:30:09.0904 4092 TVALZFL - ok
18:30:10.0013 4092 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
18:30:10.0013 4092 uagp35 - ok
18:30:10.0091 4092 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
18:30:10.0106 4092 udfs - ok
18:30:10.0262 4092 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
18:30:10.0262 4092 uliagpkx - ok
18:30:10.0356 4092 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
18:30:10.0356 4092 umbus - ok
18:30:10.0481 4092 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
18:30:10.0481 4092 UmPass - ok
18:30:10.0652 4092 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
18:30:10.0652 4092 usbccgp - ok
18:30:10.0762 4092 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
18:30:10.0762 4092 usbcir - ok
18:30:10.0918 4092 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
18:30:10.0918 4092 usbehci - ok
18:30:11.0042 4092 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
18:30:11.0042 4092 usbhub - ok
18:30:11.0245 4092 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
18:30:11.0245 4092 usbohci - ok
18:30:11.0370 4092 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
18:30:11.0370 4092 usbprint - ok
18:30:11.0526 4092 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
18:30:11.0526 4092 usbscan - ok
18:30:11.0682 4092 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
18:30:11.0682 4092 USBSTOR - ok
18:30:11.0807 4092 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
18:30:11.0807 4092 usbuhci - ok
18:30:11.0916 4092 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
18:30:11.0932 4092 usbvideo - ok
18:30:12.0025 4092 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
18:30:12.0025 4092 vdrvroot - ok
18:30:12.0166 4092 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
18:30:12.0166 4092 vga - ok
18:30:12.0259 4092 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
18:30:12.0259 4092 VgaSave - ok
18:30:12.0400 4092 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
18:30:12.0400 4092 vhdmp - ok
18:30:12.0540 4092 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
18:30:12.0540 4092 viaide - ok
18:30:12.0680 4092 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
18:30:12.0680 4092 volmgr - ok
18:30:12.0836 4092 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
18:30:12.0836 4092 volmgrx - ok
18:30:13.0055 4092 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
18:30:13.0070 4092 volsnap - ok
18:30:13.0538 4092 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
18:30:13.0538 4092 vsmraid - ok
18:30:13.0663 4092 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
18:30:13.0663 4092 vwifibus - ok
18:30:13.0772 4092 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
18:30:13.0772 4092 vwififlt - ok
18:30:13.0882 4092 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
18:30:13.0882 4092 WacomPen - ok
18:30:14.0022 4092 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:30:14.0022 4092 WANARP - ok
18:30:14.0038 4092 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
18:30:14.0038 4092 Wanarpv6 - ok
18:30:14.0178 4092 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
18:30:14.0178 4092 Wd - ok
18:30:14.0396 4092 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
18:30:14.0412 4092 Wdf01000 - ok
18:30:14.0552 4092 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
18:30:14.0552 4092 WfpLwf - ok
18:30:14.0646 4092 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
18:30:14.0646 4092 WIMMount - ok
18:30:14.0833 4092 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
18:30:14.0833 4092 WinUsb - ok
18:30:15.0067 4092 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
18:30:15.0067 4092 WmiAcpi - ok
18:30:15.0785 4092 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
18:30:15.0785 4092 ws2ifsl - ok
18:30:15.0894 4092 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
18:30:15.0894 4092 WudfPf - ok
18:30:16.0081 4092 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
18:30:16.0081 4092 WUDFRd - ok
18:30:16.0159 4092 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
18:30:16.0206 4092 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:30:16.0206 4092 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:30:16.0222 4092 Boot (0x1200) (7426320d24cc174df1849927834bd048) \Device\Harddisk0\DR0\Partition0
18:30:16.0222 4092 \Device\Harddisk0\DR0\Partition0 - ok
18:30:16.0222 4092 ============================================================
18:30:16.0222 4092 Scan finished
18:30:16.0222 4092 ============================================================
18:30:16.0237 6884 Detected object count: 1
18:30:16.0237 6884 Actual detected object count: 1
18:30:32.0851 6884 \Device\Harddisk0\DR0\# - copied to quarantine
18:30:32.0851 6884 \Device\Harddisk0\DR0 - copied to quarantine
18:30:33.0148 6884 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:30:33.0148 6884 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:30:33.0163 6884 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:30:33.0179 6884 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:30:33.0179 6884 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:30:33.0179 6884 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:30:33.0179 6884 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:30:33.0194 6884 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:30:33.0194 6884 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:30:33.0194 6884 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:30:33.0460 6884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:30:33.0460 6884 \Device\Harddisk0\DR0 - ok
18:30:34.0271 6884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:30:46.0392 6520 Deinitialize success
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 18:39:01
-----------------------------
18:39:01.150 OS Version: Windows x64 6.1.7601 Service Pack 1
18:39:01.150 Number of processors: 2 586 0x2A07
18:39:01.150 ComputerName: STEPHENWOOF-PC UserName: Stephen Woof
18:39:03.022 Initialize success
18:39:38.398 AVAST engine defs: 12022301
18:40:04.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:40:04.045 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
18:40:04.092 Disk 0 MBR read successfully
18:40:04.092 Disk 0 MBR scan
18:40:04.107 Disk 0 Windows VISTA default MBR code
18:40:04.139 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:40:04.170 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 594921 MB offset 3074048
18:40:04.217 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14058 MB offset 1221472256
18:40:04.263 Disk 0 scanning C:\windows\system32\drivers
18:40:14.497 Service scanning
18:41:03.840 Modules scanning
18:41:03.855 Disk 0 trace - called modules:
18:41:03.902 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:41:03.918 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b1c060]
18:41:03.933 3 CLASSPNP.SYS[fffff8800194b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049e9050]
18:41:06.211 AVAST engine scan C:\windows
18:41:09.846 AVAST engine scan C:\windows\system32
18:44:23.661 AVAST engine scan C:\windows\system32\drivers
18:44:45.111 AVAST engine scan C:\Users\Stephen Woof
18:48:23.885 Disk 0 MBR has been saved successfully to "C:\Users\Stephen Woof\Desktop\MBR.dat"
18:48:23.901 The log file has been saved successfully to "C:\Users\Stephen Woof\Desktop\aswMBR.txt"
Hi Jennifer,
The infection created a hidden partition which it used to host its files. The infected files have been removed but the hidden partition remains.
In order to remove this you will need create a bootable Gparted CD\DVD.
You may also want to print these instructions as you may not have access to it from Gparted.
Step 1 - Download Gparted
gparted-live-0.12.0-2.iso (http://sourceforge.net/projects/gparted/files/gparted-live-stable/0.12.0-2/gparted-live-0.12.0-2.iso/download) (115 MB)
Step 2 -Download and Install ImgBurn
Click Here (http://download.imgburn.com/SetupImgBurn_2.5.5.0.exe) to download ImgBurn. Save it to your Desktop.
Double click the file to install the program. Accept the default options and let the installation finish.
Once installed follow the steps below to create a bootable disk using the ISO image downloaded earlier.
Create Bootable Gparted Disk
Launch ImgBurn.
Select the Option to Write Image file to disk.
Click on the folder icon next to the text Please select a file.
In the window that appears browse to your desktop and select the file gparted-live-0.12.0-2.iso
Ensure your CD/DVD writer is selected in the Destination drop down menu and that you have a blank CD/DVD in the drive.
Select the Verify checkbox and click the Write icon.
ImgBurn will burn the iso image to the disk and let you know if it was succesful or not.
Step 3 - Boot into GParted CD
Ensure the newly burned disk is inserted into the CD\DVD drive
Restart the computer.
You should arrive to the following screen:
http://img829.imageshack.us/img829/5772/gpartedsplash.th.png (http://img829.imageshack.us/img829/5772/gpartedsplash.png)
Note: If the computer does not boot into Gparted and you end up back in Windows you will need to set the BIOS boot order.
See How to Set BIOS to Boot from CDROM (http://www.hiren.info/pages/bios-boot-cdrom) for information on how to boot from the CD.
Press the ENTER key
By default, "do not touch keymap" is highlighted. Leave this setting alone and press the ENTER key.
http://img404.imageshack.us/img404/9840/gpartedlanguage.th.png (http://img404.imageshack.us/img404/9840/gpartedlanguage.png)
Next, choose your language and press the ENTER key. English is the default setting [33]
http://img140.imageshack.us/img140/7958/gpartedgui.th.png (http://img140.imageshack.us/img140/7958/gpartedgui.png)
Once again, at this prompt, press the ENTER key.
You will now be taken to the main GUI screen below
http://img69.imageshack.us/img69/466/gpartedsamplelayout.th.jpg (http://imageshack.us/photo/my-images/69/gpartedsamplelayout.jpg/)
Please take a picture of this screen (camera or phone pictures will work just fine), and post it here for me to see.
There is quite a bit to do here, but just take each step one at a time. Let me know if you have any problems following the instructions.
Hi Jennifer,
It has been almost three days since my last post. Do you need more time to complete the instructions?
diver79.
woofs2china
2012-02-27, 22:23
I apologize for the delay. I have been sick with Bronchitis and my husband has needed to use the computer for work research while home the last couple of days. I am sitting down to do it now.
No problem, no need to do it now. You can wait until you've recovered, I just needed to know if you were still in need of assistance.
diver79
woofs2china
2012-02-27, 23:42
I am feeling better. The plan was to do it while the children napped today. I have left the computer as is with that screen showing. Here is the picture.
Thats great! Computer looks like its recovered too :bigthumb:
The partition that came with the infection is no longer present.
Please run a scan with Malwarebytes to check for any additional leftovers.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
woofs2china
2012-02-28, 01:55
It said it didn't find anything. Phew!
Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.27.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Stephen Woof :: STEPHENWOOF-PC [administrator]
Protection: Enabled
2/27/2012 6:50:18 PM
mbam-log-2012-02-27 (18-50-18).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193037
Time elapsed: 2 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Excellent, there is still some cleanup left to do before we finish.
Will post instructions for this tomorrow.
diver79.
Hi Jennifer,
Congrats! Your PC is free from infection. Follow the steps below to clean up infected restore points.
Create a new, clean System Restore point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start >> Right click on Computer, and select Properties.
Click on the System Protection link, located on the right hand side menu.
Select Create , type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start >> in the Search Programs and Files search box type cleanmgr and press OK
Select the C: drive and click OK.
Ensure the following boxes are checked; Recycle Bin Temporary Files Temporary Internet Files
Select the Clean Up System Files button.
Select the C: drive again and select OK.
Select the More Options tab and under System Restore and Shadow Copies click the Clean up button.
Select Delete, Press OK and Delete Files to confirm
Additional Security Tips.
Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) - Copyright © Secunia. This app will monitor programs on your computer for known vulnerabilities. You can set it to auto-update for you, or just prompt you if an update is available. I highly recommend it.
F-secure Health Check (http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/health-check/) - Copyright © F-Secure Corporation. F-Secure Health Check is a free application that tells you if your computer is protected and helps you fix possible security issues.
You can now delete any of the programs we installed earlier.
Unless you have any other issues this topic will be closed.
woofs2china
2012-02-29, 04:50
Thank you SO much for all your work and time. Although you did an excellent job, I plan on never needing your services again!
J Woof