Jump to content

Recommended Posts

I've tried to remove trojan.agent with malwarebytes, but it comes back upon reboot. I also tried to remove it in safemode and turned off system restore but it still came back. Thanks for taking a look and helping.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Regine at 9:33:08 on 2012-02-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1913.658 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\taskhost.exe

-netsvcs

C:\windows\system32\conhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\windows\system32\igfxext.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\wuauclt.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\RunDll32.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

ustart page = hxxp://www.yahoo.com/

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

dRun: [dplaysvr] C:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe

dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Free YouTube to MP3 Converter - C:\Users\Regine\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/amun/default/mjolauncher.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

TCP: DhcpNameServer = 64.233.217.3 64.233.217.5

TCP: Interfaces\{03D49E4C-A03C-4E26-9E3C-9E65E164EEA2} : DhcpNameServer = 64.233.217.3 64.233.217.5

TCP: Interfaces\{03D49E4C-A03C-4E26-9E3C-9E65E164EEA2}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-20 366640]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-5-12 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-21 13:58:49 20480 ------w- C:\windows\svchost.exe

2012-02-21 04:31:25 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6DE1.tmp

2012-02-21 04:31:25 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6DD1.tmp

2012-02-14 16:35:59 -------- d-----w- C:\Users\Regine\AppData\Roaming\Realore All My Gods

2012-02-14 16:01:04 -------- d-----w- C:\Users\Regine\AppData\Roaming\Mean Hamster

2012-02-14 16:01:04 -------- d-----w- C:\ProgramData\Mean Hamster

2012-02-13 11:52:00 -------- d-----w- C:\Users\Regine\AppData\Roaming\Farm Girl at the Nile

2012-01-26 19:30:19 -------- d-----w- C:\Program Files\iPod

2012-01-26 19:30:18 -------- d-----w- C:\Program Files\iTunes

2012-01-26 19:30:18 -------- d-----w- C:\Program Files (x86)\iTunes

2012-01-26 18:09:09 -------- d-----w- C:\Users\Regine\AppData\Roaming\Alawar Entertainment

.

==================== Find3M ====================

.

2011-12-18 16:41:45 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 04:52:09 3145216 ----a-w- C:\windows\System32\win32k.sys

.

============= FINISH: 9:36:55.26 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/14/2010 9:58:30 PM

System Uptime: 2/21/2012 9:18:36 AM (0 hours ago)

.

Motherboard: TOSHIBA | | NBWAA

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | U2E1 | 2194/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 175.585 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Reader 9.4.7

Apple Application Support

Apple Software Update

Be a King 3 - Golden Empire

Bejeweled 2 Deluxe

Big Fish Games: Game Manager

Blackhawk Striker 2

Compatibility Pack for the 2007 Office system

Faerie Solitaire

Farm Frenzy - Viking Heroes

Farm Girl at the Nile

FATE Undiscovered Realms

Free YouTube to MP3 Converter version 3.10.15.1228

Island Tribe 3

Java 6 Update 14

Junk Mail filter update

Label@Once 1.0

Magic Farm 2

Malwarebytes' Anti-Malware version 1.51.0.1200

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Monopoly

MSVCRT

My Kingdom For The Princess 3

Mystery illness

Mystery P.I. - The Vegas Heist

NetZero Launcher

Polar Bowler

Quickbooks Financial Center

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Royal Envoy CE

Royal Envoy II CE

Safari

Scrabble Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype Launcher

Spelling Dictionaries Support For Adobe Reader 9

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

ToshibaRegistration

Uninstall 1.0.0.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Utility Common Driver

Vampires vs Zombies

Virtual Families

Virtual Villagers - The Secret City

Westward IV - All Aboard v1.004

WildTangent Games

WildTangent ORB Game Console

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Winrar 3.93

Zuma Deluxe RA

.

==== Event Viewer Messages From Past Week ========

.

2/21/2012 9:16:09 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2012 9:14:08 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2012 9:14:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/21/2012 9:14:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/21/2012 9:14:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/21/2012 9:13:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/21/2012 9:13:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6

2/20/2012 10:40:40 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DYANNIELLO_MSI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{03D49E4C-A03C-4E26-9E3C-9E65E164EEA2}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to post
Share on other sites

Thanks, here is the report

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Regine [Admin rights]

Mode: Scan -- Date: 02/21/2012 11:50:00

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] {14C2174D-DF81-4AA9-AE8E-CAA6A61ABF0A}.job : C:\Users\Regine\Desktop\RKUnhookerLE.EXE -> FOUND

[sUSP PATH] {4A62FCEC-ACD4-44C6-81F9-DFCEE016415D}.job : C:\Users\Regine\Desktop\Games\CubisGold_2\Cubis Gold 2\cubis2.exe -> FOUND

[sUSP PATH] {8408CF1C-3793-42EB-B857-C2EF9281C3EC}.job : C:\Users\Regine\Desktop\Games\CubisGold_2\Cubis Gold 2\cubis2.exe -> FOUND

[sUSP PATH] {9A2E4C05-0A41-42C3-A258-905D204425B8}.job : C:\Users\Regine\Desktop\Games\CubisGold_2\Cubis Gold 2\cubis2.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR|ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

¤¤¤ HOSTS File: ¤¤¤

94.63.147.16 www.google.com

94.63.147.17 www.bing.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++

--- User ---

[MBR] 619795957e8c166ad634ffc33c0bda6a

[bSP] 53ee8dd87003e4453a109f701c2d1a41 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227773 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469553152 | Size: 9201 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] d3414a99b5d6974f7746fae981e32ea6

[bSP] bd225ea83810bd6f2dad5752ca6b5289 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227773 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469553152 | Size: 9201 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] d3414a99b5d6974f7746fae981e32ea6

[bSP] bd225ea83810bd6f2dad5752ca6b5289 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227773 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469553152 | Size: 9201 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

MrC

Link to post
Share on other sites

I ran that and here is the log for that. However when it rebooted, I had a new problem, I could not do anything a box popped up saying something about tcd(or something like that)card was corrupted with a wormblaster and I needed to run internet secuirty. So I logged off and I am not in safe mode without that message.

12:13:33.0455 1472 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

12:13:33.0861 1472 ============================================================

12:13:33.0861 1472 Current date / time: 2012/02/21 12:13:33.0861

12:13:33.0861 1472 SystemInfo:

12:13:33.0861 1472

12:13:33.0861 1472 OS Version: 6.1.7601 ServicePack: 1.0

12:13:33.0861 1472 Product type: Workstation

12:13:33.0861 1472 ComputerName: TOSHIBA_R

12:13:33.0861 1472 UserName: Regine

12:13:33.0861 1472 Windows directory: C:\windows

12:13:33.0861 1472 System windows directory: C:\windows

12:13:33.0861 1472 Running under WOW64

12:13:33.0861 1472 Processor architecture: Intel x64

12:13:33.0861 1472 Number of processors: 1

12:13:33.0861 1472 Page size: 0x1000

12:13:33.0877 1472 Boot type: Safe boot with network

12:13:33.0877 1472 ============================================================

12:13:34.0501 1472 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:13:34.0516 1472 \Device\Harddisk0\DR0:

12:13:34.0516 1472 MBR used

12:13:34.0516 1472 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BCDE800

12:13:34.0532 1472 Initialize success

12:13:34.0532 1472 ============================================================

12:14:25.0918 1976 ============================================================

12:14:25.0918 1976 Scan started

12:14:25.0918 1976 Mode: Manual; SigCheck; TDLFS;

12:14:25.0918 1976 ============================================================

12:14:26.0371 1976 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

12:14:26.0495 1976 1394ohci - ok

12:14:26.0651 1976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

12:14:26.0667 1976 ACPI - ok

12:14:26.0839 1976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

12:14:26.0948 1976 AcpiPmi - ok

12:14:27.0151 1976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

12:14:27.0166 1976 adp94xx - ok

12:14:27.0353 1976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

12:14:27.0369 1976 adpahci - ok

12:14:27.0541 1976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

12:14:27.0556 1976 adpu320 - ok

12:14:27.0728 1976 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

12:14:27.0790 1976 AFD - ok

12:14:27.0977 1976 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys

12:14:28.0040 1976 AgereSoftModem - ok

12:14:28.0180 1976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

12:14:28.0196 1976 agp440 - ok

12:14:28.0368 1976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

12:14:28.0368 1976 aliide - ok

12:14:28.0492 1976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

12:14:28.0508 1976 amdide - ok

12:14:28.0633 1976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

12:14:28.0695 1976 AmdK8 - ok

12:14:28.0820 1976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

12:14:28.0851 1976 AmdPPM - ok

12:14:29.0007 1976 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

12:14:29.0007 1976 amdsata - ok

12:14:29.0179 1976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

12:14:29.0194 1976 amdsbs - ok

12:14:29.0319 1976 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

12:14:29.0319 1976 amdxata - ok

12:14:29.0428 1976 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

12:14:29.0600 1976 AppID - ok

12:14:29.0756 1976 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

12:14:29.0772 1976 arc - ok

12:14:29.0896 1976 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

12:14:29.0896 1976 arcsas - ok

12:14:30.0021 1976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

12:14:30.0162 1976 AsyncMac - ok

12:14:30.0271 1976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

12:14:30.0271 1976 atapi - ok

12:14:30.0442 1976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

12:14:30.0489 1976 b06bdrv - ok

12:14:30.0614 1976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

12:14:30.0645 1976 b57nd60a - ok

12:14:30.0770 1976 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

12:14:30.0801 1976 Beep - ok

12:14:30.0910 1976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

12:14:30.0942 1976 blbdrive - ok

12:14:31.0082 1976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

12:14:31.0144 1976 bowser - ok

12:14:31.0254 1976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

12:14:31.0300 1976 BrFiltLo - ok

12:14:31.0410 1976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

12:14:31.0425 1976 BrFiltUp - ok

12:14:31.0519 1976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

12:14:31.0566 1976 Brserid - ok

12:14:31.0659 1976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

12:14:31.0690 1976 BrSerWdm - ok

12:14:31.0800 1976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

12:14:31.0815 1976 BrUsbMdm - ok

12:14:31.0909 1976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

12:14:31.0940 1976 BrUsbSer - ok

12:14:32.0065 1976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

12:14:32.0080 1976 BTHMODEM - ok

12:14:32.0205 1976 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

12:14:32.0268 1976 cdfs - ok

12:14:32.0377 1976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

12:14:32.0424 1976 cdrom - ok

12:14:32.0548 1976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

12:14:32.0595 1976 circlass - ok

12:14:32.0689 1976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

12:14:32.0704 1976 CLFS - ok

12:14:32.0876 1976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

12:14:32.0907 1976 CmBatt - ok

12:14:33.0016 1976 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

12:14:33.0032 1976 cmdide - ok

12:14:33.0157 1976 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

12:14:33.0188 1976 CNG - ok

12:14:33.0313 1976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

12:14:33.0313 1976 Compbatt - ok

12:14:33.0422 1976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

12:14:33.0469 1976 CompositeBus - ok

12:14:33.0594 1976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

12:14:33.0609 1976 crcdisk - ok

12:14:33.0750 1976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

12:14:33.0812 1976 DfsC - ok

12:14:33.0937 1976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

12:14:33.0999 1976 discache - ok

12:14:34.0108 1976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

12:14:34.0124 1976 Disk - ok

12:14:34.0249 1976 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

12:14:34.0280 1976 drmkaud - ok

12:14:34.0389 1976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

12:14:34.0420 1976 DXGKrnl - ok

12:14:34.0592 1976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

12:14:34.0717 1976 ebdrv - ok

12:14:34.0842 1976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

12:14:34.0857 1976 elxstor - ok

12:14:34.0966 1976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

12:14:34.0998 1976 ErrDev - ok

12:14:35.0122 1976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

12:14:35.0185 1976 exfat - ok

12:14:35.0294 1976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

12:14:35.0341 1976 fastfat - ok

12:14:35.0450 1976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

12:14:35.0497 1976 fdc - ok

12:14:35.0637 1976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

12:14:35.0653 1976 FileInfo - ok

12:14:35.0762 1976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

12:14:35.0809 1976 Filetrace - ok

12:14:35.0934 1976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

12:14:35.0949 1976 flpydisk - ok

12:14:36.0058 1976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

12:14:36.0074 1976 FltMgr - ok

12:14:36.0183 1976 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

12:14:36.0183 1976 FsDepends - ok

12:14:36.0277 1976 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

12:14:36.0277 1976 Fs_Rec - ok

12:14:36.0386 1976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

12:14:36.0417 1976 fvevol - ok

12:14:36.0511 1976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

12:14:36.0526 1976 gagp30kx - ok

12:14:36.0651 1976 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

12:14:36.0651 1976 GEARAspiWDM - ok

12:14:36.0760 1976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

12:14:36.0776 1976 hcw85cir - ok

12:14:36.0916 1976 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

12:14:36.0963 1976 HdAudAddService - ok

12:14:37.0072 1976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

12:14:37.0119 1976 HDAudBus - ok

12:14:37.0228 1976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

12:14:37.0260 1976 HidBatt - ok

12:14:37.0369 1976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

12:14:37.0400 1976 HidBth - ok

12:14:37.0525 1976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

12:14:37.0556 1976 HidIr - ok

12:14:37.0743 1976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

12:14:37.0774 1976 HidUsb - ok

12:14:37.0946 1976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

12:14:37.0962 1976 HpSAMD - ok

12:14:38.0071 1976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

12:14:38.0133 1976 HTTP - ok

12:14:38.0227 1976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

12:14:38.0242 1976 hwpolicy - ok

12:14:38.0336 1976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

12:14:38.0352 1976 i8042prt - ok

12:14:38.0476 1976 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys

12:14:38.0492 1976 iaStor - ok

12:14:38.0601 1976 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

12:14:38.0617 1976 iaStorV - ok

12:14:38.0866 1976 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys

12:14:39.0085 1976 igfx - ok

12:14:39.0194 1976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

12:14:39.0194 1976 iirsp - ok

12:14:39.0350 1976 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys

12:14:39.0397 1976 IntcAzAudAddService - ok

12:14:39.0490 1976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

12:14:39.0506 1976 intelide - ok

12:14:39.0615 1976 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

12:14:39.0646 1976 intelppm - ok

12:14:39.0756 1976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

12:14:39.0802 1976 IpFilterDriver - ok

12:14:39.0912 1976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

12:14:39.0943 1976 IPMIDRV - ok

12:14:40.0068 1976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

12:14:40.0114 1976 IPNAT - ok

12:14:40.0270 1976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

12:14:40.0333 1976 IRENUM - ok

12:14:40.0426 1976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

12:14:40.0426 1976 isapnp - ok

12:14:40.0520 1976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

12:14:40.0536 1976 iScsiPrt - ok

12:14:40.0660 1976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

12:14:40.0676 1976 kbdclass - ok

12:14:40.0770 1976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

12:14:40.0785 1976 kbdhid - ok

12:14:40.0910 1976 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

12:14:40.0910 1976 KSecDD - ok

12:14:41.0004 1976 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

12:14:41.0019 1976 KSecPkg - ok

12:14:41.0128 1976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

12:14:41.0175 1976 ksthunk - ok

12:14:41.0300 1976 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

12:14:41.0362 1976 lltdio - ok

12:14:41.0487 1976 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

12:14:41.0503 1976 LPCFilter - ok

12:14:41.0596 1976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

12:14:41.0612 1976 LSI_FC - ok

12:14:41.0706 1976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

12:14:41.0721 1976 LSI_SAS - ok

12:14:41.0830 1976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

12:14:41.0830 1976 LSI_SAS2 - ok

12:14:41.0940 1976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

12:14:41.0955 1976 LSI_SCSI - ok

12:14:42.0064 1976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

12:14:42.0111 1976 luafv - ok

12:14:42.0236 1976 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\windows\system32\drivers\mbam.sys

12:14:42.0236 1976 MBAMProtector - ok

12:14:42.0361 1976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

12:14:42.0376 1976 megasas - ok

12:14:42.0470 1976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

12:14:42.0486 1976 MegaSR - ok

12:14:42.0610 1976 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

12:14:42.0673 1976 Modem - ok

12:14:42.0782 1976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

12:14:42.0813 1976 monitor - ok

12:14:42.0922 1976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

12:14:42.0938 1976 mouclass - ok

12:14:43.0078 1976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

12:14:43.0110 1976 mouhid - ok

12:14:43.0203 1976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

12:14:43.0219 1976 mountmgr - ok

12:14:43.0312 1976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

12:14:43.0328 1976 mpio - ok

12:14:43.0422 1976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

12:14:43.0484 1976 mpsdrv - ok

12:14:43.0562 1976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

12:14:43.0609 1976 MRxDAV - ok

12:14:43.0702 1976 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

12:14:43.0765 1976 mrxsmb - ok

12:14:43.0858 1976 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

12:14:43.0890 1976 mrxsmb10 - ok

12:14:43.0999 1976 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

12:14:43.0999 1976 mrxsmb20 - ok

12:14:44.0124 1976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

12:14:44.0139 1976 msahci - ok

12:14:44.0233 1976 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

12:14:44.0248 1976 msdsm - ok

12:14:44.0358 1976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

12:14:44.0389 1976 Msfs - ok

12:14:44.0498 1976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

12:14:44.0545 1976 mshidkmdf - ok

12:14:44.0654 1976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

12:14:44.0654 1976 msisadrv - ok

12:14:44.0779 1976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

12:14:44.0841 1976 MSKSSRV - ok

12:14:44.0950 1976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

12:14:44.0997 1976 MSPCLOCK - ok

12:14:45.0106 1976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

12:14:45.0184 1976 MSPQM - ok

12:14:45.0278 1976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

12:14:45.0294 1976 MsRPC - ok

12:14:45.0387 1976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

12:14:45.0403 1976 mssmbios - ok

12:14:45.0496 1976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

12:14:45.0559 1976 MSTEE - ok

12:14:45.0652 1976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

12:14:45.0684 1976 MTConfig - ok

12:14:45.0777 1976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

12:14:45.0793 1976 Mup - ok

12:14:45.0933 1976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

12:14:45.0980 1976 NativeWifiP - ok

12:14:46.0105 1976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

12:14:46.0120 1976 NDIS - ok

12:14:46.0230 1976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

12:14:46.0292 1976 NdisCap - ok

12:14:46.0401 1976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

12:14:46.0448 1976 NdisTapi - ok

12:14:46.0557 1976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

12:14:46.0604 1976 Ndisuio - ok

12:14:46.0713 1976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

12:14:46.0760 1976 NdisWan - ok

12:14:46.0854 1976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

12:14:46.0900 1976 NDProxy - ok

12:14:47.0010 1976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

12:14:47.0072 1976 NetBIOS - ok

12:14:47.0166 1976 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

12:14:47.0228 1976 NetBT - ok

12:14:47.0368 1976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

12:14:47.0368 1976 nfrd960 - ok

12:14:47.0478 1976 Normandy - ok

12:14:47.0509 1976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

12:14:47.0556 1976 Npfs - ok

12:14:47.0665 1976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

12:14:47.0727 1976 nsiproxy - ok

12:14:47.0868 1976 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

12:14:47.0899 1976 Ntfs - ok

12:14:47.0992 1976 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

12:14:48.0039 1976 Null - ok

12:14:48.0148 1976 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

12:14:48.0148 1976 nvraid - ok

12:14:48.0273 1976 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

12:14:48.0289 1976 nvstor - ok

12:14:48.0382 1976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

12:14:48.0398 1976 nv_agp - ok

12:14:48.0507 1976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

12:14:48.0538 1976 ohci1394 - ok

12:14:48.0679 1976 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

12:14:48.0694 1976 Parport - ok

12:14:48.0804 1976 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

12:14:48.0804 1976 partmgr - ok

12:14:48.0913 1976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

12:14:48.0928 1976 pci - ok

12:14:49.0006 1976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

12:14:49.0022 1976 pciide - ok

12:14:49.0116 1976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

12:14:49.0131 1976 pcmcia - ok

12:14:49.0225 1976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

12:14:49.0240 1976 pcw - ok

12:14:49.0334 1976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

12:14:49.0396 1976 PEAUTH - ok

12:14:49.0552 1976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

12:14:49.0615 1976 PptpMiniport - ok

12:14:49.0708 1976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

12:14:49.0724 1976 Processor - ok

12:14:49.0833 1976 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

12:14:49.0896 1976 Psched - ok

12:14:50.0020 1976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

12:14:50.0052 1976 ql2300 - ok

12:14:50.0145 1976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

12:14:50.0161 1976 ql40xx - ok

12:14:50.0254 1976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

12:14:50.0286 1976 QWAVEdrv - ok

12:14:50.0395 1976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

12:14:50.0442 1976 RasAcd - ok

12:14:50.0566 1976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

12:14:50.0598 1976 RasAgileVpn - ok

12:14:50.0707 1976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

12:14:50.0769 1976 Rasl2tp - ok

12:14:50.0894 1976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

12:14:50.0956 1976 RasPppoe - ok

12:14:51.0066 1976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

12:14:51.0112 1976 RasSstp - ok

12:14:51.0206 1976 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

12:14:51.0268 1976 rdbss - ok

12:14:51.0378 1976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

12:14:51.0409 1976 rdpbus - ok

12:14:51.0502 1976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

12:14:51.0549 1976 RDPCDD - ok

12:14:51.0674 1976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

12:14:51.0721 1976 RDPENCDD - ok

12:14:51.0814 1976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

12:14:51.0846 1976 RDPREFMP - ok

12:14:51.0939 1976 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

12:14:51.0970 1976 RDPWD - ok

12:14:52.0080 1976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

12:14:52.0095 1976 rdyboost - ok

12:14:52.0236 1976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

12:14:52.0298 1976 rspndr - ok

12:14:52.0376 1976 RSUSBSTOR - ok

12:14:52.0485 1976 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys

12:14:52.0548 1976 RTL8167 - ok

12:14:52.0657 1976 RTL8187B (945ab249d12cbe044782430c6013aa1a) C:\windows\system32\DRIVERS\RTL8187B.sys

12:14:52.0719 1976 RTL8187B - ok

12:14:52.0782 1976 RtsUIR - ok

12:14:52.0828 1976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

12:14:52.0828 1976 sbp2port - ok

12:14:52.0922 1976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

12:14:52.0984 1976 scfilter - ok

12:14:53.0094 1976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

12:14:53.0156 1976 secdrv - ok

12:14:53.0265 1976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

12:14:53.0281 1976 Serenum - ok

12:14:53.0406 1976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

12:14:53.0421 1976 Serial - ok

12:14:53.0515 1976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

12:14:53.0530 1976 sermouse - ok

12:14:53.0655 1976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

12:14:53.0686 1976 sffdisk - ok

12:14:53.0796 1976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

12:14:53.0827 1976 sffp_mmc - ok

12:14:53.0920 1976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

12:14:53.0952 1976 sffp_sd - ok

12:14:54.0045 1976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

12:14:54.0076 1976 sfloppy - ok

12:14:54.0201 1976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

12:14:54.0201 1976 SiSRaid2 - ok

12:14:54.0310 1976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

12:14:54.0310 1976 SiSRaid4 - ok

12:14:54.0435 1976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

12:14:54.0482 1976 Smb - ok

12:14:54.0607 1976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

12:14:54.0622 1976 spldr - ok

12:14:54.0732 1976 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

12:14:54.0794 1976 srv - ok

12:14:54.0888 1976 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

12:14:54.0903 1976 srv2 - ok

12:14:54.0997 1976 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

12:14:55.0028 1976 srvnet - ok

12:14:55.0137 1976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

12:14:55.0153 1976 stexstor - ok

12:14:55.0262 1976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

12:14:55.0278 1976 swenum - ok

12:14:55.0402 1976 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys

12:14:55.0402 1976 SynTP - ok

12:14:55.0574 1976 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

12:14:55.0636 1976 Tcpip - ok

12:14:55.0777 1976 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

12:14:55.0808 1976 TCPIP6 - ok

12:14:55.0902 1976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

12:14:55.0964 1976 tcpipreg - ok

12:14:56.0073 1976 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

12:14:56.0089 1976 tdcmdpst - ok

12:14:56.0182 1976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

12:14:56.0245 1976 TDPIPE - ok

12:14:56.0338 1976 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

12:14:56.0385 1976 TDTCP - ok

12:14:56.0510 1976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

12:14:56.0541 1976 tdx - ok

12:14:56.0635 1976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

12:14:56.0635 1976 TermDD - ok

12:14:56.0822 1976 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

12:14:56.0838 1976 tos_sps64 - ok

12:14:56.0947 1976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

12:14:57.0009 1976 tssecsrv - ok

12:14:57.0134 1976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

12:14:57.0134 1976 TsUsbFlt - ok

12:14:57.0243 1976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

12:14:57.0306 1976 tunnel - ok

12:14:57.0415 1976 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

12:14:57.0415 1976 TVALZ - ok

12:14:57.0524 1976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

12:14:57.0524 1976 uagp35 - ok

12:14:57.0664 1976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

12:14:57.0711 1976 udfs - ok

12:14:57.0820 1976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

12:14:57.0836 1976 uliagpkx - ok

12:14:57.0961 1976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

12:14:57.0992 1976 umbus - ok

12:14:58.0101 1976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

12:14:58.0117 1976 UmPass - ok

12:14:58.0242 1976 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys

12:14:58.0273 1976 USBAAPL64 - ok

12:14:58.0366 1976 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

12:14:58.0382 1976 usbccgp - ok

12:14:58.0444 1976 USBCCID - ok

12:14:58.0600 1976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

12:14:58.0632 1976 usbcir - ok

12:14:58.0741 1976 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

12:14:58.0772 1976 usbehci - ok

12:14:58.0897 1976 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

12:14:58.0912 1976 usbhub - ok

12:14:59.0037 1976 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

12:14:59.0068 1976 usbohci - ok

12:14:59.0162 1976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

12:14:59.0193 1976 usbprint - ok

12:14:59.0302 1976 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

12:14:59.0334 1976 USBSTOR - ok

12:14:59.0427 1976 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

12:14:59.0458 1976 usbuhci - ok

12:14:59.0583 1976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

12:14:59.0599 1976 vdrvroot - ok

12:14:59.0724 1976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

12:14:59.0739 1976 vga - ok

12:14:59.0848 1976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

12:14:59.0895 1976 VgaSave - ok

12:15:00.0004 1976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

12:15:00.0020 1976 vhdmp - ok

12:15:00.0098 1976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

12:15:00.0114 1976 viaide - ok

12:15:00.0207 1976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

12:15:00.0207 1976 volmgr - ok

12:15:00.0301 1976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

12:15:00.0316 1976 volmgrx - ok

12:15:00.0441 1976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

12:15:00.0457 1976 volsnap - ok

12:15:00.0535 1976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

12:15:00.0550 1976 vsmraid - ok

12:15:00.0644 1976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys

12:15:00.0675 1976 vwifibus - ok

12:15:00.0784 1976 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

12:15:00.0831 1976 vwififlt - ok

12:15:00.0940 1976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

12:15:00.0972 1976 WacomPen - ok

12:15:01.0065 1976 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:15:01.0112 1976 WANARP - ok

12:15:01.0143 1976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

12:15:01.0174 1976 Wanarpv6 - ok

12:15:01.0299 1976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

12:15:01.0315 1976 Wd - ok

12:15:01.0408 1976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

12:15:01.0440 1976 Wdf01000 - ok

12:15:01.0580 1976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

12:15:01.0627 1976 WfpLwf - ok

12:15:01.0720 1976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

12:15:01.0736 1976 WIMMount - ok

12:15:01.0876 1976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

12:15:01.0892 1976 WmiAcpi - ok

12:15:02.0032 1976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

12:15:02.0064 1976 ws2ifsl - ok

12:15:02.0173 1976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

12:15:02.0220 1976 WudfPf - ok

12:15:02.0344 1976 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

12:15:02.0407 1976 WUDFRd - ok

12:15:02.0454 1976 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0

12:15:02.0516 1976 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

12:15:02.0516 1976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

12:15:03.0280 1976 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

12:15:03.0280 1976 \Device\Harddisk0\DR0 - detected TDSS File System (1)

12:15:03.0327 1976 Boot (0x1200) (d081f37bd3d62809c092d0aea6ad5670) \Device\Harddisk0\DR0\Partition0

12:15:03.0327 1976 \Device\Harddisk0\DR0\Partition0 - ok

12:15:03.0327 1976 ============================================================

12:15:03.0327 1976 Scan finished

12:15:03.0327 1976 ============================================================

12:15:03.0343 1864 Detected object count: 2

12:15:03.0343 1864 Actual detected object count: 2

12:18:53.0162 1864 \Device\Harddisk0\DR0\# - copied to quarantine

12:18:53.0162 1864 \Device\Harddisk0\DR0 - copied to quarantine

12:18:53.0974 1864 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

12:18:53.0974 1864 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

12:18:53.0989 1864 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

12:18:54.0005 1864 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

12:18:54.0083 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

12:18:54.0083 1864 \Device\Harddisk0\DR0 - ok

12:18:54.0317 1864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

12:18:54.0317 1864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:18:54.0317 1864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

12:18:57.0764 1416 Deinitialize success

Link to post
Share on other sites

Shut down several times and it still has the problem. Program called Internet Security pops up and starts running a scan. Then another box pops up that says TcrdMain.exe can not start its infected by w32/blaster.worm, please activate internet security. I can't do anything, like open task manager or internet exploxer they will immediately close and the box starts flashing that says TcrdMain.exe error. So I am back in safe mode.

Link to post
Share on other sites

I'm sorry, I missed something i the RogueKiller log.

You have a couple of nasty infections.

¤¤¤ Infection : Root.MBR|ZeroAccess ¤¤¤

[ZeroAccess] sys32\consrv.dll present!

Read this warning and let me know what you would like to do.

Cleaning this infection may kill the ability to access the internet.

------------------------

If you want to continue.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

You may have to run it several times, let me now.

MrC

Link to post
Share on other sites

I read all the information and ran combofix as instructed. It saved the log file, however I could not do anything on the computer, a box would pop up that said what I was trying to use is being deleted. So I turned off the computer and restarted it and now it won't boot up. It prompted to me do start up repair, so I ran that, but it won't repair. I can't post the combofix log file as I can't boot at this point.

So as of now at a stand still.

Link to post
Share on other sites

Wanted to let you know that we just ended up doing a whole reformat. After my husband read the warning on the link you posted and then the crash, thought it best to start fresh. He wanted to partition different anyways putting the operating software on a separate one from the files. Had gotten a trojan about 2 months ago, and I should have come here then, cause I don't think things were clean from that one. I know better to come after cleaning and have the logs checked out. Somehow between that time and this one, my anti virus program just disappeared.

So thanks for the help, working on setting this one up right and getting my anti virus program along with malwarebytes back on and working.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.