Jump to content

Recommended Posts

Hello, and thanks in advance for this service.

I had whitesmoke issues, webroot security bugs that wouldn't die, and various other nasty things I couldn't identify.

I ran TDSSKiller to get rid of the SVCHost problem. Here is that log:

10:12:38.0013 0764 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27

10:12:38.0372 0764 ============================================================

10:12:38.0372 0764 Current date / time: 2011/10/20 10:12:38.0372

10:12:38.0372 0764 SystemInfo:

10:12:38.0372 0764

10:12:38.0372 0764 OS Version: 6.0.6001 ServicePack: 1.0

10:12:38.0372 0764 Product type: Workstation

10:12:38.0372 0764 ComputerName: ASHLEY

10:12:38.0372 0764 UserName: SUPER USER

10:12:38.0372 0764 Windows directory: C:\Windows

10:12:38.0372 0764 System windows directory: C:\Windows

10:12:38.0372 0764 Processor architecture: Intel x86

10:12:38.0372 0764 Number of processors: 2

10:12:38.0372 0764 Page size: 0x1000

10:12:38.0372 0764 Boot type: Normal boot

10:12:38.0372 0764 ============================================================

10:12:38.0778 0764 Initialize success

10:12:58.0590 1744 ============================================================

10:12:58.0590 1744 Scan started

10:12:58.0590 1744 Mode: Manual;

10:12:58.0590 1744 ============================================================

10:12:58.0948 1744 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

10:12:58.0964 1744 ACPI - ok

10:12:58.0995 1744 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

10:12:58.0995 1744 adp94xx - ok

10:12:59.0026 1744 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

10:12:59.0042 1744 adpahci - ok

10:12:59.0073 1744 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

10:12:59.0073 1744 adpu160m - ok

10:12:59.0089 1744 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

10:12:59.0089 1744 adpu320 - ok

10:12:59.0136 1744 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

10:12:59.0151 1744 AFD - ok

10:12:59.0245 1744 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

10:12:59.0276 1744 AgereSoftModem - ok

10:12:59.0323 1744 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

10:12:59.0323 1744 agp440 - ok

10:12:59.0370 1744 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

10:12:59.0370 1744 aic78xx - ok

10:12:59.0416 1744 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

10:12:59.0416 1744 aliide - ok

10:12:59.0463 1744 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

10:12:59.0463 1744 amdagp - ok

10:12:59.0494 1744 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

10:12:59.0494 1744 amdide - ok

10:12:59.0510 1744 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

10:12:59.0510 1744 AmdK7 - ok

10:12:59.0526 1744 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

10:12:59.0526 1744 AmdK8 - ok

10:12:59.0588 1744 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

10:12:59.0588 1744 arc - ok

10:12:59.0650 1744 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

10:12:59.0650 1744 arcsas - ok

10:12:59.0728 1744 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\Windows\system32\drivers\aspi32.sys

10:12:59.0728 1744 Aspi32 - ok

10:12:59.0775 1744 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

10:12:59.0775 1744 AsyncMac - ok

10:12:59.0806 1744 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

10:12:59.0806 1744 atapi - ok

10:12:59.0884 1744 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys

10:12:59.0884 1744 athr - ok

10:12:59.0962 1744 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

10:12:59.0962 1744 AVGIDSDriver - ok

10:13:00.0009 1744 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

10:13:00.0009 1744 AVGIDSEH - ok

10:13:00.0040 1744 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

10:13:00.0040 1744 AVGIDSFilter - ok

10:13:00.0087 1744 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

10:13:00.0087 1744 AVGIDSShim - ok

10:13:00.0134 1744 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys

10:13:00.0134 1744 Avgldx86 - ok

10:13:00.0165 1744 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

10:13:00.0165 1744 Avgmfx86 - ok

10:13:00.0196 1744 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys

10:13:00.0196 1744 Avgrkx86 - ok

10:13:00.0243 1744 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

10:13:00.0243 1744 Avgtdix - ok

10:13:00.0306 1744 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

10:13:00.0306 1744 Beep - ok

10:13:00.0368 1744 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

10:13:00.0368 1744 blbdrive - ok

10:13:00.0384 1744 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

10:13:00.0399 1744 bowser - ok

10:13:00.0446 1744 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

10:13:00.0446 1744 BrFiltLo - ok

10:13:00.0462 1744 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

10:13:00.0462 1744 BrFiltUp - ok

10:13:00.0508 1744 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

10:13:00.0508 1744 Brserid - ok

10:13:00.0555 1744 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

10:13:00.0555 1744 BrSerWdm - ok

10:13:00.0586 1744 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

10:13:00.0586 1744 BrUsbMdm - ok

10:13:00.0633 1744 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

10:13:00.0633 1744 BrUsbSer - ok

10:13:00.0664 1744 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

10:13:00.0664 1744 BTHMODEM - ok

10:13:00.0711 1744 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

10:13:00.0711 1744 cdfs - ok

10:13:00.0758 1744 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

10:13:00.0758 1744 cdrom - ok

10:13:00.0805 1744 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

10:13:00.0805 1744 circlass - ok

10:13:00.0852 1744 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

10:13:00.0867 1744 CLFS - ok

10:13:00.0914 1744 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

10:13:00.0914 1744 CmBatt - ok

10:13:00.0945 1744 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

10:13:00.0945 1744 cmdide - ok

10:13:00.0961 1744 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

10:13:00.0961 1744 Compbatt - ok

10:13:01.0008 1744 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

10:13:01.0008 1744 crcdisk - ok

10:13:01.0039 1744 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

10:13:01.0039 1744 Crusoe - ok

10:13:01.0070 1744 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

10:13:01.0070 1744 DfsC - ok

10:13:01.0132 1744 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

10:13:01.0132 1744 disk - ok

10:13:01.0179 1744 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

10:13:01.0179 1744 drmkaud - ok

10:13:01.0226 1744 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

10:13:01.0257 1744 DXGKrnl - ok

10:13:01.0304 1744 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

10:13:01.0304 1744 E1G60 - ok

10:13:01.0366 1744 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

10:13:01.0366 1744 Ecache - ok

10:13:01.0429 1744 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

10:13:01.0444 1744 elxstor - ok

10:13:01.0476 1744 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

10:13:01.0476 1744 ErrDev - ok

10:13:01.0522 1744 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

10:13:01.0522 1744 exfat - ok

10:13:01.0554 1744 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

10:13:01.0554 1744 fastfat - ok

10:13:01.0600 1744 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

10:13:01.0600 1744 fdc - ok

10:13:01.0663 1744 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

10:13:01.0663 1744 FileInfo - ok

10:13:01.0694 1744 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

10:13:01.0694 1744 Filetrace - ok

10:13:01.0741 1744 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

10:13:01.0741 1744 flpydisk - ok

10:13:01.0756 1744 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

10:13:01.0772 1744 FltMgr - ok

10:13:01.0803 1744 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

10:13:01.0819 1744 Fs_Rec - ok

10:13:01.0866 1744 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

10:13:01.0866 1744 FwLnk - ok

10:13:01.0912 1744 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

10:13:01.0912 1744 gagp30kx - ok

10:13:01.0944 1744 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:13:01.0944 1744 GEARAspiWDM - ok

10:13:02.0006 1744 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

10:13:02.0006 1744 HdAudAddService - ok

10:13:02.0037 1744 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:13:02.0037 1744 HDAudBus - ok

10:13:02.0084 1744 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

10:13:02.0100 1744 HidBth - ok

10:13:02.0115 1744 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

10:13:02.0115 1744 HidIr - ok

10:13:02.0162 1744 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

10:13:02.0162 1744 HidUsb - ok

10:13:02.0209 1744 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

10:13:02.0209 1744 HpCISSs - ok

10:13:02.0287 1744 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

10:13:02.0287 1744 HTTP - ok

10:13:02.0318 1744 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

10:13:02.0318 1744 i2omp - ok

10:13:02.0365 1744 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

10:13:02.0365 1744 i8042prt - ok

10:13:02.0443 1744 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys

10:13:02.0443 1744 iaStor - ok

10:13:02.0474 1744 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

10:13:02.0474 1744 iaStorV - ok

10:13:02.0599 1744 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:13:02.0661 1744 igfx - ok

10:13:02.0692 1744 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

10:13:02.0692 1744 iirsp - ok

10:13:02.0817 1744 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

10:13:02.0864 1744 IntcAzAudAddService - ok

10:13:02.0942 1744 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

10:13:02.0958 1744 intelide - ok

10:13:02.0989 1744 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

10:13:02.0989 1744 intelppm - ok

10:13:03.0051 1744 IO_Memory - ok

10:13:03.0098 1744 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:13:03.0098 1744 IpFilterDriver - ok

10:13:03.0114 1744 IpInIp - ok

10:13:03.0160 1744 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

10:13:03.0160 1744 IPMIDRV - ok

10:13:03.0192 1744 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

10:13:03.0207 1744 IPNAT - ok

10:13:03.0238 1744 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

10:13:03.0238 1744 IRENUM - ok

10:13:03.0270 1744 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

10:13:03.0270 1744 isapnp - ok

10:13:03.0301 1744 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

10:13:03.0301 1744 iScsiPrt - ok

10:13:03.0332 1744 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

10:13:03.0332 1744 iteatapi - ok

10:13:03.0363 1744 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

10:13:03.0363 1744 iteraid - ok

10:13:03.0426 1744 ivusb (d3a4b37811f7494729eaf0b6c6b87b73) C:\Windows\system32\DRIVERS\ivusb_x86.sys

10:13:03.0426 1744 ivusb - ok

10:13:03.0472 1744 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys

10:13:03.0472 1744 jswpslwf - ok

10:13:03.0504 1744 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:13:03.0504 1744 kbdclass - ok

10:13:03.0535 1744 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

10:13:03.0535 1744 kbdhid - ok

10:13:03.0582 1744 KORGUMDS (322854bdb011b5b87d242422aa4c60bb) C:\Windows\system32\Drivers\KORGUMDS.SYS

10:13:03.0582 1744 KORGUMDS - ok

10:13:03.0613 1744 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys

10:13:03.0613 1744 KR10I - ok

10:13:03.0644 1744 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys

10:13:03.0644 1744 KR10N - ok

10:13:03.0706 1744 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

10:13:03.0722 1744 KSecDD - ok

10:13:03.0738 1744 L6PODHD3 - ok

10:13:03.0769 1744 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

10:13:03.0769 1744 lltdio - ok

10:13:03.0800 1744 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

10:13:03.0800 1744 LSI_FC - ok

10:13:03.0816 1744 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

10:13:03.0816 1744 LSI_SAS - ok

10:13:03.0862 1744 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

10:13:03.0862 1744 LSI_SCSI - ok

10:13:03.0878 1744 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

10:13:03.0878 1744 luafv - ok

10:13:03.0987 1744 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

10:13:03.0987 1744 MBAMProtector - ok

10:13:04.0050 1744 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

10:13:04.0050 1744 megasas - ok

10:13:04.0096 1744 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

10:13:04.0096 1744 MegaSR - ok

10:13:04.0128 1744 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

10:13:04.0128 1744 Modem - ok

10:13:04.0159 1744 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

10:13:04.0159 1744 monitor - ok

10:13:04.0190 1744 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

10:13:04.0190 1744 mouclass - ok

10:13:04.0206 1744 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

10:13:04.0206 1744 mouhid - ok

10:13:04.0237 1744 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

10:13:04.0237 1744 MountMgr - ok

10:13:04.0268 1744 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

10:13:04.0268 1744 mpio - ok

10:13:04.0299 1744 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

10:13:04.0299 1744 mpsdrv - ok

10:13:04.0330 1744 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

10:13:04.0330 1744 Mraid35x - ok

10:13:04.0346 1744 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

10:13:04.0362 1744 MRxDAV - ok

10:13:04.0408 1744 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:13:04.0408 1744 mrxsmb - ok

10:13:04.0440 1744 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:13:04.0440 1744 mrxsmb10 - ok

10:13:04.0455 1744 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:13:04.0455 1744 mrxsmb20 - ok

10:13:04.0518 1744 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

10:13:04.0518 1744 msahci - ok

10:13:04.0533 1744 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

10:13:04.0533 1744 msdsm - ok

10:13:04.0580 1744 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

10:13:04.0580 1744 Msfs - ok

10:13:04.0596 1744 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys

10:13:04.0596 1744 msisadrv - ok

10:13:04.0642 1744 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

10:13:04.0642 1744 MSKSSRV - ok

10:13:04.0658 1744 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

10:13:04.0658 1744 MSPCLOCK - ok

10:13:04.0705 1744 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

10:13:04.0705 1744 MSPQM - ok

10:13:04.0720 1744 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

10:13:04.0720 1744 MsRPC - ok

10:13:04.0783 1744 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys

10:13:04.0783 1744 mssmbios - ok

10:13:04.0830 1744 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

10:13:04.0830 1744 MSTEE - ok

10:13:04.0861 1744 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

10:13:04.0861 1744 Mup - ok

10:13:04.0939 1744 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

10:13:04.0939 1744 NativeWifiP - ok

10:13:05.0001 1744 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

10:13:05.0001 1744 NDIS - ok

10:13:05.0032 1744 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

10:13:05.0032 1744 NdisTapi - ok

10:13:05.0048 1744 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

10:13:05.0048 1744 Ndisuio - ok

10:13:05.0079 1744 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

10:13:05.0079 1744 NdisWan - ok

10:13:05.0095 1744 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

10:13:05.0095 1744 NDProxy - ok

10:13:05.0126 1744 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

10:13:05.0126 1744 NetBIOS - ok

10:13:05.0157 1744 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

10:13:05.0157 1744 netbt - ok

10:13:05.0188 1744 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

10:13:05.0188 1744 nfrd960 - ok

10:13:05.0220 1744 Nmea - ok

10:13:05.0235 1744 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

10:13:05.0235 1744 Npfs - ok

10:13:05.0251 1744 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

10:13:05.0251 1744 nsiproxy - ok

10:13:05.0313 1744 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

10:13:05.0344 1744 Ntfs - ok

10:13:05.0376 1744 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

10:13:05.0376 1744 ntrigdigi - ok

10:13:05.0391 1744 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

10:13:05.0391 1744 Null - ok

10:13:05.0422 1744 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

10:13:05.0422 1744 nvraid - ok

10:13:05.0454 1744 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

10:13:05.0454 1744 nvstor - ok

10:13:05.0485 1744 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

10:13:05.0485 1744 nv_agp - ok

10:13:05.0500 1744 NwlnkFlt - ok

10:13:05.0516 1744 NwlnkFwd - ok

10:13:05.0547 1744 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

10:13:05.0547 1744 ohci1394 - ok

10:13:05.0610 1744 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

10:13:05.0610 1744 Parport - ok

10:13:05.0625 1744 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

10:13:05.0641 1744 partmgr - ok

10:13:05.0672 1744 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

10:13:05.0672 1744 Parvdm - ok

10:13:05.0734 1744 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys

10:13:05.0734 1744 PCASp50 - ok

10:13:05.0766 1744 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys

10:13:05.0766 1744 pci - ok

10:13:05.0797 1744 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys

10:13:05.0797 1744 pciide - ok

10:13:05.0828 1744 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

10:13:05.0828 1744 pcmcia - ok

10:13:05.0844 1744 PCTINDIS5 - ok

10:13:05.0906 1744 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

10:13:05.0922 1744 PEAUTH - ok

10:13:06.0000 1744 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

10:13:06.0000 1744 PptpMiniport - ok

10:13:06.0031 1744 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

10:13:06.0031 1744 Processor - ok

10:13:06.0078 1744 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

10:13:06.0078 1744 PSched - ok

10:13:06.0124 1744 pwipf6 (f36574577dd24bfb9c7fa4c2e2edc4db) C:\Windows\system32\DRIVERS\pwipf6.sys

10:13:06.0124 1744 pwipf6 - ok

10:13:06.0171 1744 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

10:13:06.0171 1744 PxHelp20 - ok

10:13:06.0234 1744 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

10:13:06.0234 1744 ql2300 - ok

10:13:06.0280 1744 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

10:13:06.0280 1744 ql40xx - ok

10:13:06.0296 1744 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

10:13:06.0296 1744 QWAVEdrv - ok

10:13:06.0327 1744 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

10:13:06.0327 1744 RasAcd - ok

10:13:06.0358 1744 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:13:06.0358 1744 Rasl2tp - ok

10:13:06.0374 1744 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

10:13:06.0390 1744 RasPppoe - ok

10:13:06.0405 1744 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

10:13:06.0405 1744 RasSstp - ok

10:13:06.0436 1744 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

10:13:06.0436 1744 rdbss - ok

10:13:06.0452 1744 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:13:06.0452 1744 RDPCDD - ok

10:13:06.0499 1744 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

10:13:06.0499 1744 rdpdr - ok

10:13:06.0514 1744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

10:13:06.0514 1744 RDPENCDD - ok

10:13:06.0546 1744 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

10:13:06.0561 1744 RDPWD - ok

10:13:06.0592 1744 RimUsb - ok

10:13:06.0639 1744 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\Windows\system32\DRIVERS\RimSerial.sys

10:13:06.0639 1744 RimVSerPort - ok

10:13:06.0670 1744 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

10:13:06.0670 1744 ROOTMODEM - ok

10:13:06.0733 1744 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

10:13:06.0733 1744 rspndr - ok

10:13:06.0780 1744 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys

10:13:06.0795 1744 RTL8169 - ok

10:13:06.0826 1744 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS

10:13:06.0826 1744 RTSTOR - ok

10:13:06.0858 1744 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

10:13:06.0858 1744 sbp2port - ok

10:13:06.0904 1744 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:13:06.0904 1744 secdrv - ok

10:13:06.0967 1744 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

10:13:06.0967 1744 Serenum - ok

10:13:06.0982 1744 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

10:13:06.0982 1744 Serial - ok

10:13:07.0014 1744 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

10:13:07.0014 1744 sermouse - ok

10:13:07.0045 1744 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

10:13:07.0045 1744 sffdisk - ok

10:13:07.0060 1744 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

10:13:07.0060 1744 sffp_mmc - ok

10:13:07.0092 1744 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

10:13:07.0092 1744 sffp_sd - ok

10:13:07.0107 1744 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

10:13:07.0107 1744 sfloppy - ok

10:13:07.0138 1744 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

10:13:07.0138 1744 sisagp - ok

10:13:07.0154 1744 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

10:13:07.0170 1744 SiSRaid2 - ok

10:13:07.0185 1744 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

10:13:07.0185 1744 SiSRaid4 - ok

10:13:07.0216 1744 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

10:13:07.0216 1744 Smb - ok

10:13:07.0248 1744 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

10:13:07.0248 1744 spldr - ok

10:13:07.0294 1744 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys

10:13:07.0294 1744 srv - ok

10:13:07.0326 1744 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys

10:13:07.0341 1744 srv2 - ok

10:13:07.0372 1744 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys

10:13:07.0372 1744 srvnet - ok

10:13:07.0450 1744 ssfs0bbc (4479aeb7ec022b75f882c167fe2a7a34) C:\Windows\system32\DRIVERS\ssfs0bbc.sys

10:13:07.0450 1744 ssfs0bbc - ok

10:13:07.0497 1744 sshrmd (58154d7f69a1322d9bd885e2e61cf152) C:\Windows\system32\DRIVERS\sshrmd.sys

10:13:07.0497 1744 sshrmd - ok

10:13:07.0513 1744 ssidrv (e971eee20b8083e57b5529aea065ec51) C:\Windows\system32\DRIVERS\ssidrv.sys

10:13:07.0528 1744 ssidrv - ok

10:13:07.0591 1744 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys

10:13:07.0591 1744 SVRPEDRV - ok

10:13:07.0653 1744 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys

10:13:07.0653 1744 swenum - ok

10:13:07.0716 1744 swmsflt (150ab4fa272130ec55b2a4faebdf47f9) C:\Windows\system32\DRIVERS\swmsflt.sys

10:13:07.0716 1744 swmsflt - ok

10:13:07.0747 1744 swmx00 (2712cc6d42f1c620e3b5d81b215b942d) C:\Windows\system32\DRIVERS\swmx00.sys

10:13:07.0747 1744 swmx00 - ok

10:13:07.0794 1744 SWNC5E00 (47edcd5fdd249e5273cb90e56be97a5d) C:\Windows\system32\DRIVERS\SWNC5E00.sys

10:13:07.0794 1744 SWNC5E00 - ok

10:13:07.0840 1744 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

10:13:07.0840 1744 Symc8xx - ok

10:13:07.0872 1744 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

10:13:07.0872 1744 Sym_hi - ok

10:13:07.0887 1744 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

10:13:07.0887 1744 Sym_u3 - ok

10:13:07.0934 1744 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

10:13:07.0934 1744 SynTP - ok

10:13:08.0028 1744 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

10:13:08.0059 1744 Tcpip - ok

10:13:08.0090 1744 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

10:13:08.0090 1744 Tcpip6 - ok

10:13:08.0106 1744 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

10:13:08.0106 1744 tcpipreg - ok

10:13:08.0137 1744 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys

10:13:08.0137 1744 tdcmdpst - ok

10:13:08.0152 1744 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

10:13:08.0152 1744 TDPIPE - ok

10:13:08.0184 1744 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

10:13:08.0199 1744 TDTCP - ok

10:13:08.0215 1744 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

10:13:08.0215 1744 tdx - ok

10:13:08.0230 1744 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys

10:13:08.0230 1744 TermDD - ok

10:13:08.0324 1744 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys

10:13:08.0324 1744 tos_sps32 - ok

10:13:08.0355 1744 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:13:08.0355 1744 tssecsrv - ok

10:13:08.0386 1744 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

10:13:08.0386 1744 tunmp - ok

10:13:08.0449 1744 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

10:13:08.0449 1744 tunnel - ok

10:13:08.0496 1744 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

10:13:08.0496 1744 TVALZ - ok

10:13:08.0542 1744 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

10:13:08.0558 1744 uagp35 - ok

10:13:08.0574 1744 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys

10:13:08.0574 1744 udfs - ok

10:13:08.0636 1744 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

10:13:08.0636 1744 uliagpkx - ok

10:13:08.0667 1744 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

10:13:08.0667 1744 uliahci - ok

10:13:08.0698 1744 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

10:13:08.0698 1744 UlSata - ok

10:13:08.0714 1744 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

10:13:08.0714 1744 ulsata2 - ok

10:13:08.0776 1744 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

10:13:08.0776 1744 umbus - ok

10:13:08.0839 1744 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

10:13:08.0839 1744 USBAAPL - ok

10:13:08.0886 1744 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys

10:13:08.0886 1744 usbaudio - ok

10:13:08.0901 1744 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

10:13:08.0917 1744 usbccgp - ok

10:13:08.0932 1744 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

10:13:08.0932 1744 usbcir - ok

10:13:08.0995 1744 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

10:13:08.0995 1744 usbehci - ok

10:13:09.0010 1744 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

10:13:09.0026 1744 usbhub - ok

10:13:09.0042 1744 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

10:13:09.0042 1744 usbohci - ok

10:13:09.0073 1744 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

10:13:09.0073 1744 usbprint - ok

10:13:09.0135 1744 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

10:13:09.0135 1744 usbscan - ok

10:13:09.0151 1744 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:13:09.0151 1744 USBSTOR - ok

10:13:09.0182 1744 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

10:13:09.0182 1744 usbuhci - ok

10:13:09.0213 1744 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

10:13:09.0213 1744 usbvideo - ok

10:13:09.0229 1744 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

10:13:09.0244 1744 vga - ok

10:13:09.0260 1744 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

10:13:09.0260 1744 VgaSave - ok

10:13:09.0291 1744 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

10:13:09.0291 1744 viaagp - ok

10:13:09.0307 1744 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

10:13:09.0307 1744 ViaC7 - ok

10:13:09.0322 1744 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

10:13:09.0322 1744 viaide - ok

10:13:09.0354 1744 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys

10:13:09.0354 1744 volmgr - ok

10:13:09.0385 1744 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

10:13:09.0385 1744 volmgrx - ok

10:13:09.0400 1744 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

10:13:09.0400 1744 volsnap - ok

10:13:09.0463 1744 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

10:13:09.0463 1744 vsmraid - ok

10:13:09.0494 1744 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

10:13:09.0494 1744 WacomPen - ok

10:13:09.0525 1744 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:13:09.0525 1744 Wanarp - ok

10:13:09.0541 1744 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:13:09.0541 1744 Wanarpv6 - ok

10:13:09.0588 1744 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

10:13:09.0588 1744 Wd - ok

10:13:09.0619 1744 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

10:13:09.0634 1744 Wdf01000 - ok

10:13:09.0712 1744 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys

10:13:09.0712 1744 WinUSB - ok

10:13:09.0759 1744 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

10:13:09.0775 1744 WmiAcpi - ok

10:13:09.0837 1744 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

10:13:09.0837 1744 WpdUsb - ok

10:13:09.0884 1744 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

10:13:09.0884 1744 ws2ifsl - ok

10:13:09.0946 1744 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:13:09.0946 1744 WUDFRd - ok

10:13:09.0978 1744 MBR (0x1B8) (2eba834febf4b719d36003336ff4dced) \Device\Harddisk0\DR0

10:13:09.0978 1744 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

10:13:09.0978 1744 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

10:13:09.0993 1744 Boot (0x1200) (5bf2fe7ee6c387472df1bcca228532aa) \Device\Harddisk0\DR0\Partition0

10:13:09.0993 1744 \Device\Harddisk0\DR0\Partition0 - ok

10:13:09.0993 1744 ============================================================

10:13:09.0993 1744 Scan finished

10:13:09.0993 1744 ============================================================

10:13:10.0087 4100 Detected object count: 1

10:13:10.0087 4100 Actual detected object count: 1

10:13:58.0540 4100 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

10:13:58.0540 4100 \Device\Harddisk0\DR0 - ok

10:13:58.0540 4100 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

10:14:02.0019 4520 Deinitialize success

I rebooted and the problem has not recurred.

Link to post
Share on other sites

I then ran DDS and the following text files were created:

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by SUPER USER at 10:21:41 on 2011-10-20

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1915.903 [GMT -4:00]

.

AV: Webroot Internet Security Essentials *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}

SP: Webroot Internet Security Essentials *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Webroot Internet Security Essentials *Disabled* {0238B277-0F92-56C4-F418-841859762D46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\rundll32.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\lxddcoms.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\System32\wpcumi.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll

uRun: [TOSCDSPD] TOSCDSPD.EXE

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

mRun: [igfxTray] "c:\windows\system32\igfxtray.exe"

mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"

mRun: [Persistence] "c:\windows\system32\igfxpers.exe"

mRun: [RtHDVCpl] "RtHDVCpl.exe"

mRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"

mRun: [synTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"

mRun: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

mRun: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe"

mRun: [smoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"

mRun: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"

mRun: [NDSTray.exe] NDSTray.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [JP595IR86O] c:\windows\temp\Oh1.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

LSP: c:\windows\system32\wpclsp.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{73D31E00-DC1F-490B-A3EE-B4CA0DAFFBBB} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: acaptuser32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-4-21 29808]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-12-16 20384]

R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\drivers\pwipf6.sys [2009-9-13 101128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-20 366152]

R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]

R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-18 46392]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-20 22216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 ivusb;Initio Driver for 1530 USB Default Controller;c:\windows\system32\drivers\ivusb_x86.sys [2011-9-29 18432]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2008-12-16 954368]

S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2010-12-8 22304]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-4-21 4048240]

S4 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-9-13 1205760]

.

=============== Created Last 30 ================

.

2011-10-20 13:18:29 -------- d-----w- c:\users\super user\appdata\roaming\Malwarebytes

2011-10-20 13:18:24 -------- d-----w- c:\programdata\Malwarebytes

2011-10-20 13:18:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-20 13:18:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-09-29 19:12:17 18432 ----a-w- c:\windows\system32\drivers\ivusb_x86.sys

2011-09-29 19:12:17 -------- d-----w- c:\program files\initio

2011-09-29 17:54:54 -------- d-----w- c:\users\super user\appdata\roaming\AVG2012

2011-09-29 17:54:30 -------- d-----w- c:\programdata\AVG2012

.

==================== Find3M ====================

.

2011-09-29 18:49:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

============= FINISH: 10:22:39.52 ===============

and from Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/16/2008 8:43:19 AM

System Uptime: 10/20/2011 10:15:01 AM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2166/667mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 140 GiB total, 106.582 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

ACID Pro 7.0

Adobe Acrobat 9 Pro Extended - English, Français, Deutsch

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 7.0

Adobe Reader 8.1.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

AVG 2011

AVG 2012

CD & DVD Label Maker 1.2

CD/DVD Drive Acoustic Silencer

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

CutePDF Writer 2.7

DebugMode Wax 2.0

DVD MovieFactory for TOSHIBA

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)

Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)

INI_FCFG_V03.14A05

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

iTunes

iZotope Ozone 4

J2SE Runtime Environment 5.0 Update 6

Jahshaka

Java 6 Update 6

Malwarebytes' Anti-Malware version 1.51.2.1300

Mastering Effects Bundle 2 for Sound Forge Pro

Memorex exPressit Label Design Studio

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office Suite Activation Assistant

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Studio Tools for Applications 2.0 - ENU

Microsoft Visual Studio Tools for Applications 2.0 Runtime

Microsoft Works

Microsoft XML Parser

MSVCRT

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

msxml4

OpenLibraries

PostgreSQL 8.3

QuickBooks Financial Center

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

Sound Forge Pro 10.0

Spy Sweeper Core

Synaptics Pointing Device Driver

T-RackS 3 Deluxe

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Desktop Links

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Service Station

TOSHIBA Software Modem

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Vegas Pro 9.0

Webroot Internet Security Essentials

Windows Essentials Media Codec Pack 2.3d

Windows Live Communications Platform

Windows Live Essentials

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

10/20/2011 10:15:13 AM, Error: netbt [4311] - Initialization failed because the driver device could not be created. Use the string "001E33905F53" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

10/19/2011 9:50:23 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding

10/19/2011 9:15:25 AM, Error: Service Control Manager [7022] - The PostgreSQL Database Server 8.3 service hung on starting.

10/19/2011 9:10:16 AM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

10/19/2011 9:07:14 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC DnsFilter jswpslwf NetBIOS netbt nsiproxy PSched pwipf6 RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/19/2011 10:14:56 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/19/2011 10:14:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/19/2011 10:14:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/19/2011 10:14:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/19/2011 10:14:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/18/2011 5:16:02 PM, Error: EventLog [6008] - The previous system shutdown at 9:28:35 PM on 10/16/2011 was unexpected.

10/16/2011 7:26:01 PM, Error: EventLog [6008] - The previous system shutdown at 6:30:26 PM on 10/16/2011 was unexpected.

10/16/2011 5:29:51 PM, Error: EventLog [6008] - The previous system shutdown at 3:18:31 PM on 10/16/2011 was unexpected.

10/16/2011 3:16:54 PM, Error: PlugPlayManager [12] - The device 'Intel® ICH9 Family PCI Express Root Port 2 - 2942' (PCI\VEN_8086&DEV_2942&SUBSYS_FF661179&REV_03\3&21436425&0&E1) disappeared from the system without first being prepared for removal.

10/16/2011 3:16:54 PM, Error: PlugPlayManager [12] - The device 'Atheros AR5007EG Wireless Network Adapter' (PCI\VEN_168C&DEV_001C&SUBSYS_7128144F&REV_01\4&c8c337f&0&00E1) disappeared from the system without first being prepared for removal.

10/16/2011 2:30:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DnsFilter

10/16/2011 2:30:13 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.

10/16/2011 2:30:13 PM, Error: Service Control Manager [7023] - The ddnsfilter service terminated with the following error: The specified module could not be found.

10/16/2011 2:28:26 PM, Error: EventLog [6008] - The previous system shutdown at 3:19:23 PM on 9/29/2011 was unexpected.

.

==== End Of File ===========================

Cheers,

Greg

Link to post
Share on other sites

FYI, I am still unable to remove Webroot, although I was able to stop the annoying notice from popping up every time IO start windows.

We're putting the Pro version of Malwarebytes on all of our home PCs, by the way. This doesn't replace anti-virus though, right? We still need both?

Link to post
Share on other sites

Hi and Welcome,

Yes, if you have MBAM Pro, you should still have an antivirus, too.

Re: Webroot please follow the directions that pertain here (or are you speaking of a fake program masquerading as a legit antivirus):

http://support.webroot.com/app/answers/detail/a_id/1761 download my Security Check from here or here.

Download SecurityCheck and save it to your desktop:

http://screen317.spywareinfoforum.org/SecurityCheck.exe

  • Right-click SecurityCheck.exe and select "Run as Adminstrator"
  • Follow the onscreen instructions inside of the black box.
  • When it is finished, a Notepad document will open automatically.
  • Please post the contents of that document, checkup.txt in your next reply.

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it beofre proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!
  • If You are running Windows XP, and Combofix asks to install the Recovery Console, please allow it to do so or it WILL NOT perform it's normal malware removal capabilities. This is for your safety !!

1. To Launch Combofix

Right-Click the renamed ComboFix.exe on your desktop and Select "Run as Administrator":

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.