Cannot remove SmitFraud-C.gp

**pgdaly** · 2011-11-30, 02:03

I have used Spybot in normal, administrator (normal), administrator (safe mode) and Spybot claims to fix the bug, but upon re-run of program bug still exists. Prior to and after these procedures, I performed a factory image restore, and bug still exists. I have used muliple anti virus/malware programs and one (besides Spybot) detected it, but it also did not remove the bug(Malwarebytes). Below is the log you've requested and below that log I've pasted the Spybot brief details of the infection. I did not back up my registry as recommended using ERUNT; it claimed to be compatible with only XP and Vista, and I am running Win7sp1. I have disabled the Spybot tea timer and will await your assistance. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pamela at 18:41:51 on 2011-11-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.1428 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
-netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\Users\Pamela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8FB89F68-6D08-4FC3-91A9-3F50A11A97ED} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [ISTray] "C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe" /hideGUI
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\system32\Drivers\PCTSD64.sys --> C:\Windows\system32\Drivers\PCTSD64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-12-17 89600]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-28 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe [2011-11-28 402336]
R2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe [2011-11-28 1117624]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-17 656624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-30 00:30:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD44E0F1-2B04-4FBF-8527-A64F13582487}\offreg.dll
2011-11-30 00:30:05 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD44E0F1-2B04-4FBF-8527-A64F13582487}\mpengine.dll
2011-11-29 17:10:52 -------- d-----w- C:\Users\Pamela\AppData\Local\Threat Expert
2011-11-29 03:56:30 337048 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2011-11-29 03:56:30 141312 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2011-11-29 03:56:17 14776 ----a-w- C:\Windows\System32\drivers\pctBTFix64.sys
2011-11-29 03:56:06 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2011-11-29 03:55:17 -------- d-----w- C:\Program Files (x86)\PC Tools
2011-11-29 03:45:46 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2011-11-29 03:45:46 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2011-11-29 03:45:41 367912 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2011-11-29 03:45:36 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-11-29 03:45:33 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-29 03:44:27 -------- d-----w- C:\ProgramData\PC Tools
2011-11-29 03:44:25 -------- d-----w- C:\Users\Pamela\AppData\Roaming\TestApp
2011-11-28 23:57:19 -------- d-----w- C:\Users\Pamela\AppData\Local\adaware
2011-11-28 23:57:13 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-11-28 23:57:08 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-11-28 23:56:55 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-11-28 23:56:28 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-28 19:32:13 -------- d-----w- C:\Users\Pamela\AppData\Roaming\Malwarebytes
2011-11-28 19:32:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-28 19:31:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-28 18:54:25 -------- d-----w- C:\Users\Pamela\AppData\Local\Solid State Networks
2011-11-28 17:13:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-28 17:13:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-28 03:20:21 -------- d-----w- C:\Users\Pamela\AppData\Local\Apple Computer
2011-11-28 03:19:03 -------- d-----w- C:\Program Files\iPod
2011-11-28 03:19:02 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-28 03:19:02 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-27 19:57:46 -------- d-----w- C:\Windows\System32\SPReview
2011-11-27 19:34:00 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-11-27 19:33:51 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-11-27 19:33:29 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-11-27 19:33:26 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-11-27 19:14:59 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2011-11-27 19:13:59 261632 ----a-w- C:\Windows\System32\drivers\netbt.sys
2011-11-27 19:12:59 850944 ----a-w- C:\Windows\System32\mmsys.cpl
2011-11-27 19:11:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll
2011-11-27 19:04:22 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-27 18:59:49 -------- d-----w- C:\Windows\System32\catroot2
2011-11-22 21:44:44 -------- d-----w- C:\Users\Pamela\AppData\Local\Diagnostics
2011-11-22 14:54:57 -------- d-----w- C:\Users\Pamela\AppData\Local\ElevatedDiagnostics
2011-11-22 04:45:09 -------- d-----w- C:\Users\Pamela\AppData\Local\Adobe
2011-11-22 01:08:15 -------- d-----w- C:\Windows\CheckSur
2011-11-21 23:56:17 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-21 21:03:29 -------- d-----w- C:\Intel
2011-11-21 21:01:23 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-21 20:49:27 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-21 20:49:26 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-21 20:49:26 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-21 20:49:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-21 20:49:26 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-21 20:25:28 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-21 20:25:28 -------- d-----w- C:\Windows\System32\Wat
2011-11-21 19:00:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-11-21 19:00:43 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-11-21 19:00:43 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-11-21 19:00:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-11-21 19:00:42 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-11-21 19:00:42 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-11-21 19:00:42 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-11-21 19:00:42 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-11-21 18:57:58 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-21 18:56:52 2871808 ----a-w- C:\Windows\explorer.exe
2011-11-21 18:55:55 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-11-21 18:55:55 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-11-21 18:48:15 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-21 18:48:09 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-21 18:48:09 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-21 18:48:09 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-21 18:48:09 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-21 18:47:51 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-21 18:47:49 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-21 18:47:48 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-21 17:15:01 -------- d-----w- C:\Users\Pamela\AppData\Local\Apple
2011-11-21 17:07:59 -------- d-----w- C:\Program Files\Bonjour
2011-11-21 17:07:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-21 16:53:22 -------- d-----w- C:\Program Files\Dell Support Center
2011-11-21 16:48:05 -------- d-----w- C:\Users\Pamela\AppData\Roaming\PCDr
2011-11-21 16:45:12 -------- d-----w- C:\Users\Pamela\AppData\Local\Microsoft Help
2011-11-21 16:35:04 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-11-21 16:35:04 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-11-21 16:23:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-11-21 16:21:51 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-11-21 16:19:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-21 16:19:32 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-11-21 16:08:35 -------- d-----w- C:\Users\Pamela\My Backup Files
2011-11-21 16:00:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-21 15:57:36 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A51BFBB-E054-4E35-862E-BCD503E46B72}\gapaengine.dll
2011-11-21 15:46:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-21 15:45:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-21 15:26:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-11-21 15:19:26 -------- d-----w- C:\Users\Pamela\AppData\Roaming\Dell
2011-11-21 15:19:10 -------- d-----w- C:\Users\Pamela\AppData\Local\DataSafeOnline
2011-11-21 15:19:02 -------- d-----w- C:\Users\Pamela\AppData\Local\Stardock_Corporation
2011-11-21 15:18:47 -------- d-----w- C:\Users\Pamela\AppData\Local\SupportSoft
2011-11-21 15:17:51 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-21 15:17:48 -------- d-----w- C:\Users\Pamela\AppData\Local\VirtualStore
2011-11-21 14:10:36 20480 ----a-w- C:\Windows\svchost.exe
2011-11-21 14:09:24 -------- d-----w- C:\Emergency
2011-11-21 13:56:23 -------- d-----w- C:\Windows\SMINST
.
==================== Find3M ====================
.
2011-11-29 23:40:05 691 ----a-w- C:\Users\Pamela\AppData\Roaming\GetValue.vbs
2011-11-29 23:40:05 35 ----a-w- C:\Users\Pamela\AppData\Roaming\SetValue.bat
2011-11-29 23:40:05 2716 ----a-w- C:\Windows\SysWow64\tmp.reg
2011-11-27 19:50:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-27 19:50:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 18:44:35.50 ===============

(Spybot brief)
--- Search result list ---
Smitfraud-C.gp: [SBI $8E7F06B8] Executable (File, nothing done)
C:\WINDOWS\svchost.exe
Properties.size=20480
Properties.md5=2CEFF13ACE25A40BD8D97654944297CD
Properties.filedate=1247534086
Properties.filedatetext=2009-07-13 19:14:45

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

**Blade81** · 2011-12-02, 17:55

Hi,

Please post attach.txt contents too.

**pgdaly** · 2011-12-02, 19:53

I could not find the first attach.txt file ran a couple days ago, so I ran it again today, which is the zip attached. Thank you.

**Blade81** · 2011-12-02, 20:12

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**pgdaly** · 2011-12-03, 19:56

Attached is the Combofix log file from the scan. Upon completion of the log, I saved it to the desktop but upon attempting to re-open it I encountered an error for that file, and the same error when trying to open Internet Explorer:

"Illegal operation on a registry key that has been marked for deletion"

I next attempted to run a "Restore to an earlier version" which was unsuccessful with no error message, the program simply failed to start.

I then enterered into Safe Mode "Directory Services Restore" and I am able to access these files while running in this mode.

**Blade81** · 2011-12-03, 22:13

Upon completion of the log, I saved it to the desktop but upon attempting to re-open it I encountered an error for that file, and the same error when trying to open Internet Explorer:

"Illegal operation on a registry key that has been marked for deletion"

Reboot should fix that. It's normal message after ComboFix run. Please post fresh DDS logs too.

**pgdaly** · 2011-12-04, 00:50

You were correct

both programs are running on re-boot, thank you. Below is the fresh dds log and I've attached the zip as well.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pamela at 17:41:55 on 2011-12-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4058.2093 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Program Files (x86)\internet explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Pamela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 12.127.16.68 12.127.17.72
TCP: Interfaces\{8FB89F68-6D08-4FC3-91A9-3F50A11A97ED} : DhcpNameServer = 12.127.16.68 12.127.17.72
TCP: Interfaces\{8FB89F68-6D08-4FC3-91A9-3F50A11A97ED}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8FB89F68-6D08-4FC3-91A9-3F50A11A97ED}\B456E6E6973702E6564777F627B6 : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-12-17 89600]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-28 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-17 656624]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe --> C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [?]
S3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe --> C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-03 23:34:01 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32AD2B53-A1AB-4985-B9EA-5210D940319B}\offreg.dll
2011-12-03 18:35:41 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{32AD2B53-A1AB-4985-B9EA-5210D940319B}\mpengine.dll
2011-12-03 18:25:39 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-03 18:14:49 98816 ----a-w- C:\Windows\sed.exe
2011-12-03 18:14:49 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-03 18:14:49 256000 ----a-w- C:\Windows\PEV.exe
2011-12-03 18:14:49 208896 ----a-w- C:\Windows\MBR.exe
2011-11-29 23:25:57 691 ----a-w- C:\Users\Pamela\AppData\Roaming\GetValue.vbs
2011-11-29 23:25:57 35 ----a-w- C:\Users\Pamela\AppData\Roaming\SetValue.bat
2011-11-29 17:10:52 -------- d-----w- C:\Users\Pamela\AppData\Local\Threat Expert
2011-11-29 03:55:17 -------- d-----w- C:\Program Files (x86)\PC Tools
2011-11-29 03:45:36 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2011-11-29 03:45:33 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2011-11-29 03:44:27 -------- d-----w- C:\ProgramData\PC Tools
2011-11-29 03:44:25 -------- d-----w- C:\Users\Pamela\AppData\Roaming\TestApp
2011-11-28 23:57:19 -------- d-----w- C:\Users\Pamela\AppData\Local\adaware
2011-11-28 23:57:13 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2011-11-28 23:57:08 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2011-11-28 23:56:55 -------- d-----w- C:\Program Files (x86)\adawaretb
2011-11-28 23:56:28 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-11-28 19:32:13 -------- d-----w- C:\Users\Pamela\AppData\Roaming\Malwarebytes
2011-11-28 19:32:00 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-28 19:31:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-28 18:54:25 -------- d-----w- C:\Users\Pamela\AppData\Local\Solid State Networks
2011-11-28 17:13:54 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-28 17:13:54 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-28 03:20:21 -------- d-----w- C:\Users\Pamela\AppData\Local\Apple Computer
2011-11-28 03:19:03 -------- d-----w- C:\Program Files\iPod
2011-11-28 03:19:02 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-28 03:19:02 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-27 19:57:46 -------- d-----w- C:\Windows\System32\SPReview
2011-11-27 19:34:00 2560 ----a-w- C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2011-11-27 19:33:51 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2011-11-27 19:33:29 6144 ----a-w- C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2011-11-27 19:33:26 4608 ----a-w- C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2011-11-27 19:14:59 611840 ----a-w- C:\Windows\System32\wpd_ci.dll
2011-11-27 19:13:59 261632 ----a-w- C:\Windows\System32\drivers\netbt.sys
2011-11-27 19:12:59 850944 ----a-w- C:\Windows\System32\mmsys.cpl
2011-11-27 19:11:59 65536 ----a-w- C:\Windows\System32\RpcRtRemote.dll
2011-11-27 19:04:22 -------- d-----w- C:\Windows\System32\EventProviders
2011-11-27 18:59:49 -------- d-----w- C:\Windows\System32\catroot2
2011-11-22 21:44:44 -------- d-----w- C:\Users\Pamela\AppData\Local\Diagnostics
2011-11-22 14:54:57 -------- d-----w- C:\Users\Pamela\AppData\Local\ElevatedDiagnostics
2011-11-22 04:45:09 -------- d-----w- C:\Users\Pamela\AppData\Local\Adobe
2011-11-22 01:08:15 -------- d-----w- C:\Windows\CheckSur
2011-11-21 23:56:17 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-21 21:03:29 -------- d-----w- C:\Intel
2011-11-21 21:01:23 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-21 20:49:27 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-11-21 20:49:26 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-11-21 20:49:26 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-11-21 20:49:26 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-11-21 20:49:26 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-11-21 20:25:28 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-21 20:25:28 -------- d-----w- C:\Windows\System32\Wat
2011-11-21 19:00:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-11-21 19:00:43 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-11-21 19:00:43 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-11-21 19:00:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-11-21 19:00:42 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-11-21 19:00:42 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-11-21 19:00:42 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-11-21 19:00:42 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-11-21 18:57:58 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-11-21 18:56:52 2871808 ----a-w- C:\Windows\explorer.exe
2011-11-21 18:55:55 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-11-21 18:55:55 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-11-21 18:48:15 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-11-21 18:48:09 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-11-21 18:48:09 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-11-21 18:48:09 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-11-21 18:48:09 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-11-21 18:47:51 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-11-21 18:47:49 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-11-21 18:47:48 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-11-21 17:15:01 -------- d-----w- C:\Users\Pamela\AppData\Local\Apple
2011-11-21 17:07:59 -------- d-----w- C:\Program Files\Bonjour
2011-11-21 17:07:59 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-21 16:53:22 -------- d-----w- C:\Program Files\Dell Support Center
2011-11-21 16:48:05 -------- d-----w- C:\Users\Pamela\AppData\Roaming\PCDr
2011-11-21 16:45:12 -------- d-----w- C:\Users\Pamela\AppData\Local\Microsoft Help
2011-11-21 16:35:04 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-11-21 16:35:04 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-11-21 16:23:22 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-11-21 16:21:51 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-11-21 16:19:56 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-21 16:19:32 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-11-21 16:08:35 -------- d-----w- C:\Users\Pamela\My Backup Files
2011-11-21 16:00:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-21 15:57:36 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4A51BFBB-E054-4E35-862E-BCD503E46B72}\gapaengine.dll
2011-11-21 15:46:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-21 15:45:57 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-21 15:26:01 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-11-21 15:19:26 -------- d-----w- C:\Users\Pamela\AppData\Roaming\Dell
2011-11-21 15:19:10 -------- d-----w- C:\Users\Pamela\AppData\Local\DataSafeOnline
2011-11-21 15:19:02 -------- d-----w- C:\Users\Pamela\AppData\Local\Stardock_Corporation
2011-11-21 15:18:47 -------- d-----w- C:\Users\Pamela\AppData\Local\SupportSoft
2011-11-21 15:17:48 -------- d-----w- C:\Users\Pamela\AppData\Local\VirtualStore
2011-11-21 14:10:36 20480 ----a-w- C:\Windows\svchost.exe
2011-11-21 14:09:24 -------- d-----w- C:\Emergency
2011-11-21 13:56:23 -------- d-----w- C:\Windows\SMINST
.
==================== Find3M ====================
.
2011-11-27 19:50:14 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-27 19:50:14 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 17:44:38.15 ===============

**Blade81** · 2011-12-04, 10:50

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

**pgdaly** · 2011-12-04, 16:00

08:52:46.0834 4116 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
08:52:47.0318 4116 ============================================================
08:52:47.0318 4116 Current date / time: 2011/12/04 08:52:47.0318
08:52:47.0318 4116 SystemInfo:
08:52:47.0318 4116
08:52:47.0318 4116 OS Version: 6.1.7601 ServicePack: 1.0
08:52:47.0318 4116 Product type: Workstation
08:52:47.0318 4116 ComputerName: PAMELA-PC
08:52:47.0318 4116 UserName: Pamela
08:52:47.0318 4116 Windows directory: C:\Windows
08:52:47.0318 4116 System windows directory: C:\Windows
08:52:47.0318 4116 Running under WOW64
08:52:47.0318 4116 Processor architecture: Intel x64
08:52:47.0318 4116 Number of processors: 2
08:52:47.0318 4116 Page size: 0x1000
08:52:47.0318 4116 Boot type: Normal boot
08:52:47.0318 4116 ============================================================
08:52:48.0550 4116 Initialize success
08:52:51.0202 2620 ============================================================
08:52:51.0202 2620 Scan started
08:52:51.0202 2620 Mode: Manual;
08:52:51.0202 2620 ============================================================
08:52:53.0355 2620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:52:53.0355 2620 1394ohci - ok
08:52:53.0418 2620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:52:53.0433 2620 ACPI - ok
08:52:53.0480 2620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:52:53.0480 2620 AcpiPmi - ok
08:52:53.0606 2620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:52:53.0621 2620 adp94xx - ok
08:52:53.0668 2620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:52:53.0684 2620 adpahci - ok
08:52:53.0715 2620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:52:53.0715 2620 adpu320 - ok
08:52:53.0793 2620 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
08:52:53.0809 2620 AFD - ok
08:52:53.0871 2620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:52:53.0871 2620 agp440 - ok
08:52:53.0918 2620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:52:53.0918 2620 aliide - ok
08:52:53.0933 2620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:52:53.0933 2620 amdide - ok
08:52:53.0980 2620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:52:53.0980 2620 AmdK8 - ok
08:52:54.0011 2620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:52:54.0011 2620 AmdPPM - ok
08:52:54.0058 2620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:52:54.0074 2620 amdsata - ok
08:52:54.0121 2620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:52:54.0121 2620 amdsbs - ok
08:52:54.0136 2620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:52:54.0136 2620 amdxata - ok
08:52:54.0199 2620 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:52:54.0199 2620 ApfiltrService - ok
08:52:54.0245 2620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:52:54.0245 2620 AppID - ok
08:52:54.0370 2620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:52:54.0386 2620 arc - ok
08:52:54.0401 2620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:52:54.0401 2620 arcsas - ok
08:52:54.0448 2620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:52:54.0448 2620 AsyncMac - ok
08:52:54.0479 2620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:52:54.0479 2620 atapi - ok
08:52:54.0542 2620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:52:54.0542 2620 b06bdrv - ok
08:52:54.0636 2620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:52:54.0636 2620 b57nd60a - ok
08:52:54.0699 2620 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
08:52:54.0699 2620 BCM42RLY - ok
08:52:54.0839 2620 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
08:52:54.0870 2620 BCM43XX - ok
08:52:54.0980 2620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:52:54.0980 2620 Beep - ok
08:52:55.0089 2620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:52:55.0104 2620 blbdrive - ok
08:52:55.0151 2620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:52:55.0151 2620 bowser - ok
08:52:55.0198 2620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:52:55.0198 2620 BrFiltLo - ok
08:52:55.0276 2620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:52:55.0276 2620 BrFiltUp - ok
08:52:55.0338 2620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:52:55.0338 2620 Brserid - ok
08:52:55.0370 2620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:52:55.0385 2620 BrSerWdm - ok
08:52:55.0448 2620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:52:55.0448 2620 BrUsbMdm - ok
08:52:55.0463 2620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:52:55.0463 2620 BrUsbSer - ok
08:52:55.0510 2620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:52:55.0510 2620 BTHMODEM - ok
08:52:55.0526 2620 catchme - ok
08:52:55.0557 2620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:52:55.0557 2620 cdfs - ok
08:52:55.0635 2620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:52:55.0635 2620 cdrom - ok
08:52:55.0713 2620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:52:55.0713 2620 circlass - ok
08:52:55.0791 2620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:52:55.0806 2620 CLFS - ok
08:52:55.0853 2620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:52:55.0853 2620 CmBatt - ok
08:52:55.0884 2620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:52:55.0884 2620 cmdide - ok
08:52:55.0931 2620 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
08:52:55.0931 2620 CNG - ok
08:52:55.0978 2620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:52:55.0978 2620 Compbatt - ok
08:52:56.0025 2620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:52:56.0025 2620 CompositeBus - ok
08:52:56.0103 2620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:52:56.0103 2620 crcdisk - ok
08:52:56.0150 2620 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
08:52:56.0150 2620 CtClsFlt - ok
08:52:56.0228 2620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:52:56.0243 2620 DfsC - ok
08:52:56.0290 2620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:52:56.0306 2620 discache - ok
08:52:56.0368 2620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:52:56.0368 2620 Disk - ok
08:52:56.0493 2620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:52:56.0493 2620 drmkaud - ok
08:52:56.0555 2620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:52:56.0571 2620 DXGKrnl - ok
08:52:56.0664 2620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:52:56.0774 2620 ebdrv - ok
08:52:56.0836 2620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:52:56.0867 2620 elxstor - ok
08:52:56.0898 2620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:52:56.0898 2620 ErrDev - ok
08:52:56.0961 2620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:52:56.0961 2620 exfat - ok
08:52:57.0008 2620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:52:57.0008 2620 fastfat - ok
08:52:57.0054 2620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:52:57.0054 2620 fdc - ok
08:52:57.0101 2620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:52:57.0101 2620 FileInfo - ok
08:52:57.0101 2620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:52:57.0117 2620 Filetrace - ok
08:52:57.0132 2620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:52:57.0132 2620 flpydisk - ok
08:52:57.0210 2620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:52:57.0210 2620 FltMgr - ok
08:52:57.0257 2620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:52:57.0257 2620 FsDepends - ok
08:52:57.0288 2620 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
08:52:57.0288 2620 Fs_Rec - ok
08:52:57.0351 2620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:52:57.0366 2620 fvevol - ok
08:52:57.0398 2620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:52:57.0398 2620 gagp30kx - ok
08:52:57.0460 2620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:52:57.0476 2620 hcw85cir - ok
08:52:57.0522 2620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:52:57.0538 2620 HdAudAddService - ok
08:52:57.0601 2620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:52:57.0601 2620 HDAudBus - ok
08:52:57.0633 2620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:52:57.0633 2620 HidBatt - ok
08:52:57.0679 2620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:52:57.0679 2620 HidBth - ok
08:52:57.0726 2620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:52:57.0742 2620 HidIr - ok
08:52:57.0789 2620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:52:57.0804 2620 HidUsb - ok
08:52:57.0867 2620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:52:57.0867 2620 HpSAMD - ok
08:52:58.0038 2620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:52:58.0054 2620 HTTP - ok
08:52:58.0350 2620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:52:58.0350 2620 hwpolicy - ok
08:52:58.0491 2620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:52:58.0491 2620 i8042prt - ok
08:52:58.0569 2620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:52:58.0584 2620 iaStorV - ok
08:52:58.0943 2620 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:52:59.0177 2620 igfx - ok
08:52:59.0395 2620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:52:59.0395 2620 iirsp - ok
08:52:59.0473 2620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:52:59.0473 2620 intelide - ok
08:52:59.0520 2620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:52:59.0520 2620 intelppm - ok
08:52:59.0567 2620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:52:59.0567 2620 IpFilterDriver - ok
08:52:59.0614 2620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:52:59.0614 2620 IPMIDRV - ok
08:52:59.0645 2620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:52:59.0661 2620 IPNAT - ok
08:52:59.0692 2620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:52:59.0692 2620 IRENUM - ok
08:52:59.0723 2620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:52:59.0723 2620 isapnp - ok
08:52:59.0770 2620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:52:59.0770 2620 iScsiPrt - ok
08:52:59.0832 2620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:52:59.0832 2620 kbdclass - ok
08:52:59.0879 2620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:52:59.0879 2620 kbdhid - ok
08:52:59.0926 2620 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
08:52:59.0926 2620 KSecDD - ok
08:53:00.0019 2620 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
08:53:00.0019 2620 KSecPkg - ok
08:53:00.0066 2620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:53:00.0082 2620 ksthunk - ok
08:53:00.0144 2620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:53:00.0160 2620 lltdio - ok
08:53:00.0191 2620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:53:00.0191 2620 LSI_FC - ok
08:53:00.0207 2620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:53:00.0207 2620 LSI_SAS - ok
08:53:00.0238 2620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:53:00.0238 2620 LSI_SAS2 - ok
08:53:00.0285 2620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:53:00.0285 2620 LSI_SCSI - ok
08:53:00.0331 2620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:53:00.0331 2620 luafv - ok
08:53:00.0409 2620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:53:00.0409 2620 megasas - ok
08:53:00.0425 2620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:53:00.0441 2620 MegaSR - ok
08:53:00.0472 2620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:53:00.0487 2620 Modem - ok
08:53:00.0519 2620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:53:00.0519 2620 monitor - ok
08:53:00.0565 2620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:53:00.0565 2620 mouclass - ok
08:53:00.0597 2620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:53:00.0612 2620 mouhid - ok
08:53:00.0675 2620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:53:00.0675 2620 mountmgr - ok
08:53:00.0706 2620 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
08:53:00.0721 2620 MpFilter - ok
08:53:00.0753 2620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:53:00.0753 2620 mpio - ok
08:53:00.0799 2620 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
08:53:00.0799 2620 MpNWMon - ok
08:53:00.0846 2620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:53:00.0862 2620 mpsdrv - ok
08:53:00.0909 2620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:53:00.0909 2620 MRxDAV - ok
08:53:00.0955 2620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:53:00.0955 2620 mrxsmb - ok
08:53:00.0987 2620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:53:00.0987 2620 mrxsmb10 - ok
08:53:01.0018 2620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:53:01.0018 2620 mrxsmb20 - ok
08:53:01.0049 2620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:53:01.0049 2620 msahci - ok
08:53:01.0127 2620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:53:01.0127 2620 msdsm - ok
08:53:01.0174 2620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:53:01.0174 2620 Msfs - ok
08:53:01.0189 2620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:53:01.0205 2620 mshidkmdf - ok
08:53:01.0236 2620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:53:01.0236 2620 msisadrv - ok
08:53:01.0299 2620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:53:01.0299 2620 MSKSSRV - ok
08:53:01.0330 2620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:53:01.0330 2620 MSPCLOCK - ok
08:53:01.0361 2620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:53:01.0361 2620 MSPQM - ok
08:53:01.0392 2620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:53:01.0408 2620 MsRPC - ok
08:53:01.0439 2620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:53:01.0439 2620 mssmbios - ok
08:53:01.0533 2620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:53:01.0533 2620 MSTEE - ok
08:53:01.0564 2620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:53:01.0564 2620 MTConfig - ok
08:53:01.0595 2620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:53:01.0595 2620 Mup - ok
08:53:01.0642 2620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:53:01.0642 2620 NativeWifiP - ok
08:53:01.0720 2620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:53:01.0751 2620 NDIS - ok
08:53:01.0814 2620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:53:01.0814 2620 NdisCap - ok
08:53:01.0860 2620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:53:01.0876 2620 NdisTapi - ok
08:53:01.0923 2620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:53:01.0923 2620 Ndisuio - ok
08:53:01.0985 2620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:53:01.0985 2620 NdisWan - ok
08:53:02.0032 2620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:53:02.0032 2620 NDProxy - ok
08:53:02.0110 2620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:53:02.0110 2620 NetBIOS - ok
08:53:02.0157 2620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:53:02.0172 2620 NetBT - ok
08:53:02.0250 2620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:53:02.0250 2620 nfrd960 - ok
08:53:02.0313 2620 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
08:53:02.0313 2620 NisDrv - ok
08:53:02.0344 2620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:53:02.0344 2620 Npfs - ok
08:53:02.0375 2620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:53:02.0375 2620 nsiproxy - ok
08:53:02.0500 2620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:53:02.0562 2620 Ntfs - ok
08:53:02.0625 2620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:53:02.0625 2620 Null - ok
08:53:02.0718 2620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:53:02.0718 2620 nvraid - ok
08:53:02.0812 2620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:53:02.0812 2620 nvstor - ok
08:53:02.0906 2620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:53:02.0921 2620 nv_agp - ok
08:53:02.0984 2620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:53:02.0984 2620 ohci1394 - ok
08:53:03.0077 2620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:53:03.0093 2620 Parport - ok
08:53:03.0140 2620 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:53:03.0140 2620 partmgr - ok
08:53:03.0186 2620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:53:03.0186 2620 pci - ok
08:53:03.0218 2620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:53:03.0218 2620 pciide - ok
08:53:03.0264 2620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:53:03.0264 2620 pcmcia - ok
08:53:03.0311 2620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:53:03.0311 2620 pcw - ok
08:53:03.0342 2620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:53:03.0358 2620 PEAUTH - ok
08:53:03.0467 2620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:53:03.0467 2620 PptpMiniport - ok
08:53:03.0498 2620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:53:03.0498 2620 Processor - ok
08:53:03.0561 2620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:53:03.0561 2620 Psched - ok
08:53:03.0608 2620 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:53:03.0608 2620 PxHlpa64 - ok
08:53:03.0670 2620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:53:03.0717 2620 ql2300 - ok
08:53:03.0732 2620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:53:03.0748 2620 ql40xx - ok
08:53:03.0764 2620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:53:03.0764 2620 QWAVEdrv - ok
08:53:03.0795 2620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:53:03.0795 2620 RasAcd - ok
08:53:03.0857 2620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:53:03.0873 2620 RasAgileVpn - ok
08:53:03.0920 2620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:53:03.0920 2620 Rasl2tp - ok
08:53:03.0966 2620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:53:03.0966 2620 RasPppoe - ok
08:53:03.0982 2620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:53:03.0998 2620 RasSstp - ok
08:53:04.0013 2620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:53:04.0013 2620 rdbss - ok
08:53:04.0029 2620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:53:04.0029 2620 rdpbus - ok
08:53:04.0060 2620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:53:04.0060 2620 RDPCDD - ok
08:53:04.0091 2620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:53:04.0091 2620 RDPENCDD - ok
08:53:04.0107 2620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:53:04.0107 2620 RDPREFMP - ok
08:53:04.0154 2620 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
08:53:04.0154 2620 RDPWD - ok
08:53:04.0232 2620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:53:04.0232 2620 rdyboost - ok
08:53:04.0325 2620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:53:04.0325 2620 rspndr - ok
08:53:04.0356 2620 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\System32\Drivers\RtsUStor.sys
08:53:04.0356 2620 RSUSBSTOR - ok
08:53:04.0419 2620 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:53:04.0419 2620 RTL8167 - ok
08:53:04.0528 2620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:53:04.0528 2620 sbp2port - ok
08:53:04.0637 2620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:53:04.0637 2620 scfilter - ok
08:53:04.0715 2620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:53:04.0715 2620 secdrv - ok
08:53:04.0762 2620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:53:04.0762 2620 Serenum - ok
08:53:04.0809 2620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:53:04.0824 2620 Serial - ok
08:53:04.0871 2620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:53:04.0871 2620 sermouse - ok
08:53:04.0934 2620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:53:04.0934 2620 sffdisk - ok
08:53:04.0965 2620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:53:04.0965 2620 sffp_mmc - ok
08:53:04.0980 2620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:53:04.0980 2620 sffp_sd - ok
08:53:05.0012 2620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:53:05.0012 2620 sfloppy - ok
08:53:05.0074 2620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:53:05.0074 2620 SiSRaid2 - ok
08:53:05.0105 2620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:53:05.0105 2620 SiSRaid4 - ok
08:53:05.0152 2620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:53:05.0152 2620 Smb - ok
08:53:05.0183 2620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:53:05.0183 2620 spldr - ok
08:53:05.0230 2620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:53:05.0246 2620 srv - ok
08:53:05.0261 2620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:53:05.0277 2620 srv2 - ok
08:53:05.0324 2620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:53:05.0324 2620 srvnet - ok
08:53:05.0386 2620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:53:05.0386 2620 stexstor - ok
08:53:05.0448 2620 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
08:53:05.0464 2620 STHDA - ok
08:53:05.0495 2620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:53:05.0495 2620 swenum - ok
08:53:05.0589 2620 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:53:05.0651 2620 Tcpip - ok
08:53:05.0729 2620 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:53:05.0745 2620 TCPIP6 - ok
08:53:05.0792 2620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:53:05.0792 2620 tcpipreg - ok
08:53:05.0854 2620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:53:05.0854 2620 TDPIPE - ok
08:53:05.0870 2620 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
08:53:05.0870 2620 TDTCP - ok
08:53:05.0916 2620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:53:05.0916 2620 tdx - ok
08:53:05.0948 2620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:53:05.0963 2620 TermDD - ok
08:53:06.0010 2620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:53:06.0010 2620 tssecsrv - ok
08:53:06.0072 2620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:53:06.0072 2620 TsUsbFlt - ok
08:53:06.0135 2620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:53:06.0150 2620 tunnel - ok
08:53:06.0166 2620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:53:06.0182 2620 uagp35 - ok
08:53:06.0228 2620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:53:06.0228 2620 udfs - ok
08:53:06.0291 2620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:53:06.0291 2620 uliagpkx - ok
08:53:06.0338 2620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
08:53:06.0353 2620 umbus - ok
08:53:06.0400 2620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:53:06.0400 2620 UmPass - ok
08:53:06.0462 2620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:53:06.0478 2620 usbccgp - ok
08:53:06.0525 2620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:53:06.0525 2620 usbcir - ok
08:53:06.0572 2620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:53:06.0572 2620 usbehci - ok
08:53:06.0634 2620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:53:06.0650 2620 usbhub - ok
08:53:06.0681 2620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:53:06.0681 2620 usbohci - ok
08:53:06.0728 2620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:53:06.0728 2620 usbprint - ok
08:53:06.0759 2620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
08:53:06.0774 2620 USBSTOR - ok
08:53:06.0821 2620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:53:06.0821 2620 usbuhci - ok
08:53:06.0868 2620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:53:06.0884 2620 usbvideo - ok
08:53:06.0930 2620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:53:06.0946 2620 vdrvroot - ok
08:53:06.0977 2620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:53:06.0977 2620 vga - ok
08:53:07.0008 2620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:53:07.0008 2620 VgaSave - ok
08:53:07.0055 2620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:53:07.0055 2620 vhdmp - ok
08:53:07.0102 2620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:53:07.0102 2620 viaide - ok
08:53:07.0149 2620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:53:07.0149 2620 volmgr - ok
08:53:07.0196 2620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:53:07.0211 2620 volmgrx - ok
08:53:07.0242 2620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:53:07.0258 2620 volsnap - ok
08:53:07.0305 2620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:53:07.0320 2620 vsmraid - ok
08:53:07.0336 2620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:53:07.0336 2620 vwifibus - ok
08:53:07.0383 2620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:53:07.0383 2620 vwififlt - ok
08:53:07.0430 2620 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:53:07.0430 2620 vwifimp - ok
08:53:07.0461 2620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:53:07.0476 2620 WacomPen - ok
08:53:07.0523 2620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:53:07.0523 2620 WANARP - ok
08:53:07.0539 2620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:53:07.0539 2620 Wanarpv6 - ok
08:53:07.0586 2620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:53:07.0586 2620 Wd - ok
08:53:07.0632 2620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:53:07.0664 2620 Wdf01000 - ok
08:53:07.0710 2620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:53:07.0726 2620 WfpLwf - ok
08:53:07.0773 2620 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:53:07.0773 2620 WimFltr - ok
08:53:07.0820 2620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:53:07.0820 2620 WIMMount - ok
08:53:07.0898 2620 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:53:07.0913 2620 WinUsb - ok
08:53:07.0944 2620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:53:07.0944 2620 WmiAcpi - ok
08:53:07.0991 2620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:53:07.0991 2620 ws2ifsl - ok
08:53:08.0038 2620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:53:08.0038 2620 WudfPf - ok
08:53:08.0116 2620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:53:08.0116 2620 WUDFRd - ok
08:53:08.0147 2620 MBR (0x1B8) (109e7f610bbf3fa6cffd21bf8dee2826) \Device\Harddisk0\DR0
08:53:08.0147 2620 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
08:53:08.0147 2620 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
08:53:08.0163 2620 Boot (0x1200) (ce1660b4a78827026eab557be1bfe095) \Device\Harddisk0\DR0\Partition0
08:53:08.0163 2620 \Device\Harddisk0\DR0\Partition0 - ok
08:53:08.0178 2620 Boot (0x1200) (b7918e8220530df59279d9336222d500) \Device\Harddisk0\DR0\Partition1
08:53:08.0194 2620 \Device\Harddisk0\DR0\Partition1 - ok
08:53:08.0194 2620 ============================================================
08:53:08.0194 2620 Scan finished
08:53:08.0194 2620 ============================================================
08:53:08.0194 3580 Detected object count: 1
08:53:08.0194 3580 Actual detected object count: 1
08:53:23.0934 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
08:53:23.0934 3580 \Device\Harddisk0\DR0 - ok
08:53:23.0934 3580 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

**Blade81** · 2011-12-04, 16:04

Hi,

Please run TDSSKiller again after a reboot and post back the log.

Thread: Cannot remove SmitFraud-C.gp

Thread Tools

Display

Cannot remove SmitFraud-C.gp

Posting Permissions