also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot
Register now for a live online demo to see how the Office 365 suite of tools
- professional email, calendars, video conferencing, and file sharing -

[Inactive] [A] System Check / Security malware logs

Discussion in 'Virus and Malware Removal' started by LiveFreeOrDie, Jan 3, 2012.

Thread Status:
Not open for further replies.

  1. LiveFreeOrDie Newcomer, in training

    My laptop has been infected by the “system check” malware described on other threads in this forum. After following Julio's instructions, things were looking pretty good; however, upon connecting to the internet to post the logs, another (perhaps related) malware seemed to take root.

    This second variant mimicked the windows security center, advising me to “upgrade to a full version of vista security” in order to get rid of supposed trojans. At this point both IE and Firefox were subjected to redirection, so I disconnected from the internet and ran the whole process a second time. The logs below date from this point.

    It may not be relevant to the issue, but an additional problem is that program shortcuts and icons no longer function properly: to get a program to run I now have to right-click and select “start” in order to get them moving.

    I appreciate any and all assistance and thank you all in advance!
    LiveFreeOrDie, Jan 3, 2012
    #1

  2. LiveFreeOrDie Newcomer, in training

    Malware Bytes Log

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.02.06

    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.17037
    Owner :: OWNER-PC [administrator]

    1/3/2012 12:16:25 PM
    mbam-log-2012-01-03 (12-16-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 168941
    Time elapsed: 9 minute(s), 19 second(s)

    Memory Processes Detected: 1
    C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> 3744 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "%1" %* -> Delete on reboot.

    Registry Data Items Detected: 4
    HKCR\.exe| (PUM.HijackExefiles) -> Bad: (6f) Good: (exefile) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> Delete on reboot.

    (end)
    LiveFreeOrDie, Jan 3, 2012
    #2

  3. LiveFreeOrDie Newcomer, in training

    GMER Log

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-03 12:33:16
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK020M
    Running: Gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwlcapow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    LiveFreeOrDie, Jan 3, 2012
    #3

  4. LiveFreeOrDie Newcomer, in training

    DDS Log

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 15:39:03 on 2012-01-03
    MicrosoftÆ Windows Vistaô Home Premium 6.0.6000.0.1252.1.1033.18.1917.897 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Toshiba\IVP\ISM\pinger.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.toshibadirect.com/dpdstart
    uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = <local>;*.local
    uInternet Settings,ProxyServer = proxy.zfn.uni-bremen.de:3128
    BHO: MRI_DISABLED - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [TOSCDSPD] TOSCDSPD.EXE
    uRun: [njdckcbr] c:\programdata\njdckcbr\nahurkne.exe
    uRun: [MDMpLZwqgX] c:\programdata\jazebuxu\bqnglwrk.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
    uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.59/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{0642EFCB-8E53-40C6-82BB-3788A1190ACD} : DhcpNameServer = 192.168.1.1 192.168.1.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gli3tzql.default\
    FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\real player alternative\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\real player alternative\browser\plugins\nprpjplug.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-7-4 11608]
    R2 AntiVirScheduler;Avira AntiVir Personal ñ Free Antivirus Planer;c:\program files\avira\antivir personaledition classic\sched.exe [2008-7-4 68865]
    R2 AntiVirService;Avira AntiVir Personal ñ Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-7-4 151297]
    R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-9-21 93960]
    R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-7-4 52056]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
    .
    =============== File Associations ===============
    .
    .exe=6J
    .
    =============== Created Last 30 ================
    .
    2012-01-03 00:16:24 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
    2012-01-03 00:16:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-03 00:16:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-30 14:15:08 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{973fb051-cbc9-403b-bb89-bfd20112ce86}\mpengine.dll
    2011-12-21 16:39:32 -------- d-----w- c:\users\owner\appdata\local\Apps
    .
    ==================== Find3M ====================
    .
    2011-12-06 17:49:25 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-30 14:05:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 15:40:17.87 ===============
    LiveFreeOrDie, Jan 3, 2012
    #4

  5. LiveFreeOrDie Newcomer, in training

    Attach Log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    MicrosoftÆ Windows Vistaô Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/18/2007 7:21:45 PM
    System Uptime: 1/3/2012 1:05:39 PM (2 hours ago)
    .
    Motherboard: ATI | | SB600
    Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 185 GiB total, 76.413 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP835: 12/13/2011 9:48:56 PM - Scheduled Checkpoint
    RP836: 12/14/2011 10:47:04 PM - Scheduled Checkpoint
    RP837: 12/16/2011 1:14:18 PM - Windows Update
    RP838: 12/17/2011 3:01:15 AM - Windows Update
    RP839: 12/20/2011 11:05:32 AM - Windows Update
    RP840: 12/23/2011 8:00:29 AM - Windows Update
    RP841: 12/28/2011 2:18:59 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    AAC Decoder
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.3.1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    ArcSoft Panorama Maker 3
    Ask Toolbar
    ATI Catalyst Install Manager
    AutoUpdate
    Avi2Dvd 0.4.5 beta
    Avira AntiVir Personal - Free Antivirus
    AviSynth 2.5
    BitTorrent
    Bluetooth Monitor 3
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Crossrider Web Apps
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Drivers Install For Linksys Easylink Advisor
    Dropbox
    DVD MovieFactory for TOSHIBA
    ElsterFormular 2007/2008
    ElsterFormular 2008/2009
    EPSON-Drucker-Software
    Facebook Plug-In
    Google Toolbar for Internet Explorer
    H.264 Decoder
    Hi-Speed USB-USB Network Cable
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Linksys EasyLink Advisor 1.6 (0032)
    Logitech Vid
    Logitech Webcam Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    ManyCam 2.4 (remove only)
    Medieval II Total War
    Medieval II Total War : Kingdoms : Americas
    Medieval II Total War : Kingdoms : Britannia
    Medieval II Total War : Kingdoms : Crusades
    Medieval II Total War : Kingdoms : Teutonic
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Close Combat III
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual J# .NET Redistributable Package 1.1
    Microsoft Works
    Microsoft XML Parser
    MKV Splitter
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nikon FotoShare
    Nikon Message Center
    OpenOffice.org 2.3
    PCLinq2 High-Speed USB Bridge Cable
    Picasa 3
    PictureProject
    QuickBooks Financial Center
    QuickTime
    Real Alternative 1.8.0 Lite
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    REALTEK RTL8187B Wireless LAN Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB954156)
    Shockwave
    Shogun - Total War - Gold Edition
    Sid Meier's Civilization 4 Gold
    SimCity 2000Æ WindowsÆ 95 Interactive Demo
    Skins
    Skype Click to Call
    Skypeô 5.5
    Slingbox Platform SDK 1.2.5.15
    SlingPlayer
    Synaptics Pointing Device Driver
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Hardware Setup
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.762
    VLC media player 1.1.4
    WeFi 3.6.4.4
    Winbond CIR Device Drivers
    Windows Live installer
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinPcap 4.1.2
    WinRAR archiver
    Xfire (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2011 6:48:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:45:43 PM on 12/30/2011 was unexpected.
    12/30/2011 12:48:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
    12/28/2011 11:26:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    12/27/2011 3:47:53 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    12/27/2011 1:37:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 00164479D4BF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    1/3/2012 9:51:19 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    1/3/2012 9:48:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    1/2/2012 4:27:44 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=155638 Scan ID: {31CBC149-2FC3-476F-8C1E-19E315FE0EAA} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/FakeSysdef ID: 155638 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
    1/2/2012 3:34:37 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/2/2012 3:31:20 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18446744073709551615
    1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
    1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
    1/2/2012 3:30:52 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
    .
    ==== End Of File ===========================
    LiveFreeOrDie, Jan 3, 2012
    #5

  6. Broni Malware Annihilator

    Welcome aboard [IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================================================

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    Broni, Jan 3, 2012
    #6

  7. LiveFreeOrDie Newcomer, in training

    TDSSKiller Log

    21:17:20.0690 2276 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    21:17:20.0706 2276 ============================================================
    21:17:20.0706 2276 Current date / time: 2012/01/03 21:17:20.0706
    21:17:20.0706 2276 SystemInfo:
    21:17:20.0706 2276
    21:17:20.0706 2276 OS Version: 6.0.6000 ServicePack: 0.0
    21:17:20.0706 2276 Product type: Workstation
    21:17:20.0706 2276 ComputerName: OWNER-PC
    21:17:20.0706 2276 UserName: Owner
    21:17:20.0706 2276 Windows directory: C:\Windows
    21:17:20.0706 2276 System windows directory: C:\Windows
    21:17:20.0706 2276 Processor architecture: Intel x86
    21:17:20.0706 2276 Number of processors: 2
    21:17:20.0706 2276 Page size: 0x1000
    21:17:20.0706 2276 Boot type: Normal boot
    21:17:20.0706 2276 ============================================================
    21:17:26.0525 2276 Initialize success
    21:17:44.0855 3796 ============================================================
    21:17:44.0855 3796 Scan started
    21:17:44.0855 3796 Mode: Manual;
    21:17:44.0855 3796 ============================================================
    21:17:49.0472 3796 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
    21:17:49.0503 3796 ACPI - ok
    21:17:50.0190 3796 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    21:17:50.0221 3796 adp94xx - ok
    21:17:50.0393 3796 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    21:17:50.0393 3796 adpahci - ok
    21:17:50.0814 3796 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    21:17:50.0814 3796 adpu160m - ok
    21:17:50.0939 3796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    21:17:50.0939 3796 adpu320 - ok
    21:17:52.0389 3796 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
    21:17:52.0483 3796 AFD - ok
    21:17:52.0842 3796 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
    21:17:52.0920 3796 AgereSoftModem - ok
    21:17:53.0419 3796 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    21:17:53.0435 3796 agp440 - ok
    21:17:53.0466 3796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    21:17:53.0466 3796 aic78xx - ok
    21:17:53.0965 3796 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    21:17:53.0965 3796 aliide - ok
    21:17:54.0027 3796 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    21:17:54.0027 3796 amdagp - ok
    21:17:54.0105 3796 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    21:17:54.0105 3796 amdide - ok
    21:17:54.0183 3796 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    21:17:54.0183 3796 AmdK7 - ok
    21:17:54.0230 3796 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
    21:17:54.0230 3796 AmdK8 - ok
    21:17:55.0868 3796 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    21:17:56.0133 3796 arc - ok
    21:17:57.0709 3796 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    21:17:57.0803 3796 arcsas - ok
    21:17:59.0363 3796 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:17:59.0363 3796 AsyncMac - ok
    21:17:59.0784 3796 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
    21:17:59.0784 3796 atapi - ok
    21:18:01.0297 3796 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
    21:18:02.0280 3796 atikmdag - ok
    21:18:03.0403 3796 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
    21:18:03.0465 3796 AtiPcie - ok
    21:18:04.0417 3796 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
    21:18:04.0479 3796 avgio - ok
    21:18:05.0259 3796 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
    21:18:05.0291 3796 avgntflt - ok
    21:18:05.0759 3796 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
    21:18:05.0805 3796 avipbb - ok
    21:18:06.0086 3796 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
    21:18:06.0086 3796 Beep - ok
    21:18:06.0273 3796 blbdrive - ok
    21:18:06.0929 3796 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
    21:18:06.0960 3796 bowser - ok
    21:18:07.0116 3796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    21:18:07.0178 3796 BrFiltLo - ok
    21:18:07.0599 3796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    21:18:07.0599 3796 BrFiltUp - ok
    21:18:07.0958 3796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    21:18:07.0989 3796 Brserid - ok
    21:18:08.0520 3796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    21:18:08.0520 3796 BrSerWdm - ok
    21:18:08.0567 3796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    21:18:08.0567 3796 BrUsbMdm - ok
    21:18:08.0598 3796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    21:18:08.0598 3796 BrUsbSer - ok
    21:18:08.0660 3796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    21:18:08.0660 3796 BTHMODEM - ok
    21:18:08.0723 3796 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
    21:18:08.0738 3796 cdfs - ok
    21:18:08.0832 3796 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
    21:18:08.0832 3796 cdrom - ok
    21:18:08.0910 3796 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
    21:18:08.0910 3796 circlass - ok
    21:18:08.0957 3796 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
    21:18:09.0222 3796 CLFS - ok
    21:18:09.0300 3796 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:18:09.0300 3796 CmBatt - ok
    21:18:09.0362 3796 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    21:18:09.0362 3796 cmdide - ok
    21:18:09.0674 3796 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
    21:18:09.0674 3796 Compbatt - ok
    21:18:10.0283 3796 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    21:18:10.0439 3796 crcdisk - ok
    21:18:11.0499 3796 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    21:18:11.0515 3796 Crusoe - ok
    21:18:11.0936 3796 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
    21:18:11.0936 3796 DfsC - ok
    21:18:12.0045 3796 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
    21:18:12.0061 3796 disk - ok
    21:18:12.0123 3796 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
    21:18:12.0123 3796 drmkaud - ok
    21:18:12.0217 3796 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
    21:18:12.0233 3796 DXGKrnl - ok
    21:18:12.0295 3796 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    21:18:12.0295 3796 E1G60 - ok
    21:18:12.0389 3796 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
    21:18:12.0389 3796 Ecache - ok
    21:18:12.0810 3796 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
    21:18:12.0825 3796 elagopro - ok
    21:18:12.0888 3796 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
    21:18:12.0888 3796 elaunidr - ok
    21:18:13.0013 3796 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    21:18:13.0013 3796 elxstor - ok
    21:18:13.0200 3796 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
    21:18:13.0200 3796 fastfat - ok
    21:18:13.0247 3796 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    21:18:13.0247 3796 fdc - ok
    21:18:13.0325 3796 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
    21:18:13.0325 3796 FileInfo - ok
    21:18:13.0356 3796 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
    21:18:13.0356 3796 Filetrace - ok
    21:18:13.0387 3796 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:18:13.0387 3796 flpydisk - ok
    21:18:13.0434 3796 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
    21:18:13.0449 3796 FltMgr - ok
    21:18:13.0543 3796 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
    21:18:13.0605 3796 Fs_Rec - ok
    21:18:13.0652 3796 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
    21:18:13.0652 3796 FwLnk - ok
    21:18:13.0699 3796 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    21:18:13.0699 3796 gagp30kx - ok
    21:18:13.0746 3796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    21:18:13.0761 3796 GEARAspiWDM - ok
    21:18:13.0824 3796 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    21:18:13.0855 3796 HdAudAddService - ok
    21:18:13.0933 3796 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:18:13.0933 3796 HDAudBus - ok
    21:18:13.0980 3796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    21:18:13.0980 3796 HidBth - ok
    21:18:14.0011 3796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
    21:18:14.0011 3796 HidIr - ok
    21:18:14.0089 3796 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
    21:18:14.0089 3796 HidUsb - ok
    21:18:14.0120 3796 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    21:18:14.0120 3796 HpCISSs - ok
    21:18:14.0214 3796 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
    21:18:14.0245 3796 HTTP - ok
    21:18:14.0604 3796 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    21:18:14.0619 3796 i2omp - ok
    21:18:14.0697 3796 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:18:14.0697 3796 i8042prt - ok
    21:18:14.0729 3796 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    21:18:14.0744 3796 iaStorV - ok
    21:18:15.0384 3796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    21:18:15.0384 3796 iirsp - ok
    21:18:15.0789 3796 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
    21:18:15.0836 3796 IntcAzAudAddService - ok
    21:18:15.0945 3796 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    21:18:15.0945 3796 intelide - ok
    21:18:16.0008 3796 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    21:18:16.0008 3796 intelppm - ok
    21:18:16.0055 3796 IO_Memory - ok
    21:18:16.0320 3796 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:18:16.0320 3796 IpFilterDriver - ok
    21:18:16.0335 3796 IpInIp - ok
    21:18:16.0382 3796 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    21:18:16.0382 3796 IPMIDRV - ok
    21:18:16.0491 3796 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
    21:18:16.0507 3796 IPNAT - ok
    21:18:16.0585 3796 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
    21:18:16.0585 3796 IRENUM - ok
    21:18:16.0601 3796 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    21:18:16.0601 3796 isapnp - ok
    21:18:16.0632 3796 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:18:16.0647 3796 iScsiPrt - ok
    21:18:16.0679 3796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    21:18:16.0679 3796 iteatapi - ok
    21:18:16.0694 3796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    21:18:16.0694 3796 iteraid - ok
    21:18:16.0741 3796 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:18:16.0741 3796 kbdclass - ok
    21:18:16.0819 3796 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:18:16.0819 3796 kbdhid - ok
    21:18:16.0913 3796 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
    21:18:16.0913 3796 KR10I - ok
    21:18:17.0162 3796 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
    21:18:17.0162 3796 KR10N - ok
    21:18:17.0209 3796 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
    21:18:17.0225 3796 KR3NPXP - ok
    21:18:17.0303 3796 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
    21:18:17.0318 3796 KSecDD - ok
    21:18:17.0412 3796 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
    21:18:17.0412 3796 lltdio - ok
    21:18:17.0474 3796 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    21:18:17.0474 3796 LSI_FC - ok
    21:18:17.0490 3796 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    21:18:17.0490 3796 LSI_SAS - ok
    21:18:17.0521 3796 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    21:18:17.0537 3796 LSI_SCSI - ok
    21:18:17.0552 3796 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
    21:18:17.0552 3796 luafv - ok
    21:18:17.0630 3796 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    21:18:17.0630 3796 LVPr2Mon - ok
    21:18:17.0693 3796 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
    21:18:17.0693 3796 ManyCam - ok
    21:18:17.0755 3796 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    21:18:17.0771 3796 megasas - ok
    21:18:17.0849 3796 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
    21:18:17.0849 3796 Modem - ok
    21:18:17.0895 3796 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
    21:18:17.0895 3796 monitor - ok
    21:18:17.0927 3796 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
    21:18:17.0927 3796 mouclass - ok
    21:18:17.0973 3796 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
    21:18:17.0973 3796 mouhid - ok
    21:18:18.0005 3796 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
    21:18:18.0005 3796 MountMgr - ok
    21:18:18.0067 3796 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    21:18:18.0067 3796 mpio - ok
    21:18:18.0129 3796 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
    21:18:18.0145 3796 mpsdrv - ok
    21:18:18.0176 3796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    21:18:18.0176 3796 Mraid35x - ok
    21:18:18.0207 3796 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
    21:18:18.0207 3796 MRxDAV - ok
    21:18:18.0285 3796 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:18:18.0301 3796 mrxsmb - ok
    21:18:18.0332 3796 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:18:18.0348 3796 mrxsmb10 - ok
    21:18:18.0441 3796 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:18:18.0441 3796 mrxsmb20 - ok
    21:18:18.0473 3796 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    21:18:18.0473 3796 msahci - ok
    21:18:18.0519 3796 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    21:18:18.0519 3796 msdsm - ok
    21:18:18.0582 3796 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
    21:18:18.0582 3796 Msfs - ok
    21:18:18.0629 3796 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
    21:18:18.0629 3796 msisadrv - ok
    21:18:18.0660 3796 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
    21:18:18.0660 3796 MSKSSRV - ok
    21:18:18.0753 3796 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:18:18.0785 3796 MSPCLOCK - ok
    21:18:18.0831 3796 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
    21:18:18.0831 3796 MSPQM - ok
    21:18:18.0863 3796 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
    21:18:18.0863 3796 MsRPC - ok
    21:18:18.0925 3796 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:18:18.0925 3796 mssmbios - ok
    21:18:18.0941 3796 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
    21:18:18.0941 3796 MSTEE - ok
    21:18:18.0972 3796 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
    21:18:18.0987 3796 Mup - ok
    21:18:19.0034 3796 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
    21:18:19.0034 3796 NativeWifiP - ok
    21:18:19.0190 3796 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
    21:18:19.0206 3796 NDIS - ok
    21:18:19.0284 3796 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
    21:18:19.0284 3796 NdisTapi - ok
    21:18:19.0315 3796 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
    21:18:19.0315 3796 Ndisuio - ok
    21:18:19.0346 3796 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
    21:18:19.0346 3796 NdisWan - ok
    21:18:19.0424 3796 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
    21:18:19.0424 3796 NDProxy - ok
    21:18:19.0455 3796 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
    21:18:19.0455 3796 NetBIOS - ok
    21:18:19.0502 3796 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
    21:18:19.0502 3796 netbt - ok
    21:18:19.0565 3796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    21:18:19.0565 3796 nfrd960 - ok
    21:18:19.0643 3796 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
    21:18:19.0658 3796 NPF - ok
    21:18:19.0721 3796 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
    21:18:19.0721 3796 Npfs - ok
    21:18:19.0767 3796 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
    21:18:19.0783 3796 nsiproxy - ok
    21:18:19.0861 3796 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
    21:18:20.0095 3796 Ntfs - ok
    21:18:20.0735 3796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    21:18:20.0735 3796 ntrigdigi - ok
    21:18:20.0766 3796 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
    21:18:20.0766 3796 Null - ok
    21:18:20.0859 3796 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    21:18:20.0859 3796 nvraid - ok
    21:18:20.0891 3796 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    21:18:20.0891 3796 nvstor - ok
    21:18:20.0937 3796 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    21:18:20.0937 3796 nv_agp - ok
    21:18:20.0953 3796 NwlnkFlt - ok
    21:18:20.0969 3796 NwlnkFwd - ok
    21:18:21.0249 3796 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:18:21.0249 3796 ohci1394 - ok
    21:18:21.0515 3796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    21:18:21.0515 3796 Parport - ok
    21:18:21.0858 3796 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
    21:18:21.0858 3796 partmgr - ok
    21:18:21.0889 3796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    21:18:21.0889 3796 Parvdm - ok
    21:18:21.0920 3796 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
    21:18:21.0920 3796 pci - ok
    21:18:22.0014 3796 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
    21:18:22.0014 3796 pciide - ok
    21:18:22.0061 3796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    21:18:22.0061 3796 pcmcia - ok
    21:18:22.0139 3796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    21:18:22.0154 3796 PEAUTH - ok
    21:18:22.0607 3796 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
    21:18:22.0669 3796 PID_PEPI - ok
    21:18:22.0950 3796 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
    21:18:22.0950 3796 PptpMiniport - ok
    21:18:23.0012 3796 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    21:18:23.0012 3796 Processor - ok
    21:18:23.0090 3796 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
    21:18:23.0090 3796 PSched - ok
    21:18:23.0340 3796 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    21:18:23.0340 3796 PxHelp20 - ok
    21:18:23.0418 3796 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
    21:18:23.0418 3796 QCDonner - ok
    21:18:23.0621 3796 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    21:18:23.0636 3796 ql2300 - ok
    21:18:23.0870 3796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    21:18:23.0870 3796 ql40xx - ok
    21:18:23.0917 3796 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
    21:18:23.0917 3796 QWAVEdrv - ok
    21:18:23.0948 3796 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
    21:18:23.0948 3796 RasAcd - ok
    21:18:24.0042 3796 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:18:24.0042 3796 Rasl2tp - ok
    21:18:24.0135 3796 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:18:24.0135 3796 RasPppoe - ok
    21:18:24.0369 3796 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
    21:18:24.0369 3796 rdbss - ok
    21:18:24.0463 3796 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:18:24.0463 3796 RDPCDD - ok
    21:18:24.0494 3796 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    21:18:24.0510 3796 rdpdr - ok
    21:18:24.0557 3796 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
    21:18:24.0557 3796 RDPENCDD - ok
    21:18:24.0619 3796 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
    21:18:24.0619 3796 RDPWD - ok
    21:18:24.0650 3796 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
    21:18:24.0650 3796 rimmptsk - ok
    21:18:24.0681 3796 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
    21:18:24.0681 3796 rimsptsk - ok
    21:18:24.0759 3796 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
    21:18:24.0759 3796 rismxdp - ok
    21:18:24.0853 3796 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
    21:18:24.0853 3796 rspndr - ok
    21:18:24.0900 3796 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
    21:18:24.0900 3796 RTL8169 - ok
    21:18:24.0978 3796 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
    21:18:24.0978 3796 RTL8187B - ok
    21:18:25.0227 3796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    21:18:25.0227 3796 sbp2port - ok
    21:18:25.0337 3796 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
    21:18:25.0337 3796 sdbus - ok
    21:18:25.0430 3796 secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\secdrv.sys
    21:18:25.0446 3796 secdrv - ok
    21:18:25.0664 3796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    21:18:25.0680 3796 Serenum - ok
    21:18:25.0711 3796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    21:18:25.0727 3796 Serial - ok
    21:18:25.0773 3796 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
    21:18:25.0773 3796 sermouse - ok
    21:18:25.0929 3796 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
    21:18:25.0929 3796 sffdisk - ok
    21:18:26.0148 3796 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    21:18:26.0148 3796 sffp_mmc - ok
    21:18:26.0241 3796 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
    21:18:26.0241 3796 sffp_sd - ok
    21:18:26.0288 3796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:18:26.0288 3796 sfloppy - ok
    21:18:26.0351 3796 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    21:18:26.0351 3796 sisagp - ok
    21:18:26.0382 3796 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    21:18:26.0382 3796 SiSRaid2 - ok
    21:18:26.0647 3796 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    21:18:26.0647 3796 SiSRaid4 - ok
    21:18:26.0741 3796 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
    21:18:26.0741 3796 Smb - ok
    21:18:26.0787 3796 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
    21:18:26.0787 3796 spldr - ok
    21:18:26.0897 3796 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
    21:18:26.0912 3796 srv - ok
    21:18:27.0177 3796 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
    21:18:27.0177 3796 srv2 - ok
    21:18:27.0209 3796 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
    21:18:27.0209 3796 srvnet - ok
    21:18:27.0427 3796 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
    21:18:27.0427 3796 ssmdrv - ok
    21:18:27.0505 3796 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
    21:18:27.0505 3796 swenum - ok
    21:18:27.0614 3796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    21:18:27.0614 3796 Symc8xx - ok
    21:18:27.0661 3796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    21:18:27.0661 3796 Sym_hi - ok
    21:18:27.0692 3796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    21:18:27.0692 3796 Sym_u3 - ok
    21:18:27.0770 3796 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys
    21:18:27.0770 3796 SynTP - ok
    21:18:28.0067 3796 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
    21:18:28.0082 3796 Tcpip - ok
    21:18:28.0254 3796 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
    21:18:28.0254 3796 Tcpip6 - ok
    21:18:28.0332 3796 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
    21:18:28.0332 3796 tcpipreg - ok
    21:18:28.0394 3796 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
    21:18:28.0394 3796 tdcmdpst - ok
    21:18:28.0425 3796 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
    21:18:28.0425 3796 TDPIPE - ok
    21:18:28.0691 3796 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
    21:18:28.0691 3796 TDTCP - ok
    21:18:28.0722 3796 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
    21:18:28.0737 3796 tdx - ok
    21:18:28.0753 3796 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
    21:18:28.0753 3796 TermDD - ok
    21:18:28.0909 3796 Tosrfcom - ok
    21:18:28.0987 3796 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
    21:18:28.0987 3796 tosrfec - ok
    21:18:29.0268 3796 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
    21:18:29.0268 3796 tos_sps32 - ok
    21:18:29.0315 3796 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:18:29.0315 3796 tssecsrv - ok
    21:18:29.0393 3796 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
    21:18:29.0393 3796 tunmp - ok
    21:18:29.0408 3796 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
    21:18:29.0408 3796 tunnel - ok
    21:18:29.0455 3796 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    21:18:29.0455 3796 TVALZ - ok
    21:18:29.0564 3796 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    21:18:29.0564 3796 uagp35 - ok
    21:18:29.0627 3796 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
    21:18:29.0627 3796 udfs - ok
    21:18:29.0673 3796 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    21:18:29.0673 3796 uliagpkx - ok
    21:18:29.0705 3796 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    21:18:29.0720 3796 uliahci - ok
    21:18:29.0970 3796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    21:18:30.0001 3796 UlSata - ok
    21:18:30.0095 3796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    21:18:30.0095 3796 ulsata2 - ok
    21:18:30.0235 3796 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
    21:18:30.0235 3796 umbus - ok
    21:18:30.0297 3796 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    21:18:30.0297 3796 USBAAPL - ok
    21:18:30.0360 3796 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
    21:18:30.0360 3796 usbaudio - ok
    21:18:30.0422 3796 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:18:30.0422 3796 usbccgp - ok
    21:18:30.0703 3796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    21:18:30.0703 3796 usbcir - ok
    21:18:30.0797 3796 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
    21:18:30.0797 3796 usbehci - ok
    21:18:30.0890 3796 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
    21:18:30.0906 3796 usbhub - ok
    21:18:30.0937 3796 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
    21:18:30.0937 3796 usbohci - ok
    21:18:30.0968 3796 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
    21:18:30.0968 3796 usbprint - ok
    21:18:31.0031 3796 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
    21:18:31.0031 3796 usbscan - ok
    21:18:31.0077 3796 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:18:31.0077 3796 USBSTOR - ok
    21:18:31.0140 3796 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:18:31.0155 3796 usbuhci - ok
    21:18:31.0249 3796 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
    21:18:31.0249 3796 usbvideo - ok
    21:18:31.0296 3796 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:18:31.0296 3796 vga - ok
    21:18:31.0561 3796 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
    21:18:31.0561 3796 VgaSave - ok
    21:18:31.0577 3796 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    21:18:31.0592 3796 viaagp - ok
    21:18:31.0623 3796 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    21:18:31.0623 3796 ViaC7 - ok
    21:18:31.0670 3796 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    21:18:31.0670 3796 viaide - ok
    21:18:31.0717 3796 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
    21:18:31.0717 3796 volmgr - ok
    21:18:31.0779 3796 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
    21:18:31.0795 3796 volmgrx - ok
    21:18:31.0889 3796 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
    21:18:31.0889 3796 volsnap - ok
    21:18:31.0935 3796 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    21:18:31.0935 3796 vsmraid - ok
    21:18:31.0982 3796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    21:18:31.0982 3796 WacomPen - ok
    21:18:32.0060 3796 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    21:18:32.0060 3796 Wanarp - ok
    21:18:32.0060 3796 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
    21:18:32.0076 3796 Wanarpv6 - ok
    21:18:32.0154 3796 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    21:18:32.0154 3796 Wd - ok
    21:18:32.0263 3796 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
    21:18:32.0279 3796 Wdf01000 - ok
    21:18:32.0341 3796 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
    21:18:32.0341 3796 winbondcir - ok
    21:18:32.0403 3796 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    21:18:32.0403 3796 WmiAcpi - ok
    21:18:32.0513 3796 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
    21:18:32.0513 3796 WpdUsb - ok
    21:18:32.0622 3796 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
    21:18:32.0622 3796 ws2ifsl - ok
    21:18:32.0700 3796 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:18:32.0700 3796 WUDFRd - ok
    21:18:32.0747 3796 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
    21:18:32.0778 3796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    21:18:32.0778 3796 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    21:18:32.0809 3796 Boot (0x1200) (af207aedeb848efeb71f78f286b26df7) \Device\Harddisk0\DR0\Partition0
    21:18:32.0809 3796 \Device\Harddisk0\DR0\Partition0 - ok
    21:18:32.0809 3796 ============================================================
    21:18:32.0809 3796 Scan finished
    21:18:32.0809 3796 ============================================================
    21:18:32.0825 3412 Detected object count: 1
    21:18:32.0825 3412 Actual detected object count: 1
    21:18:45.0991 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
    21:18:45.0991 3412 \Device\Harddisk0\DR0 - ok
    21:18:46.0022 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
    21:19:01.0841 6192 Deinitialize success
    LiveFreeOrDie, Jan 3, 2012
    #7

  8. Broni Malware Annihilator

    Good :)

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =============================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.

    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Jan 3, 2012
    #8
Thread Status:
Not open for further replies.