Inactive [A] System Check / Security malware logs

[LiveFreeOrDie]

My laptop has been infected by the “system check” malware described on other threads in this forum. After following Julio's instructions, things were looking pretty good; however, upon connecting to the internet to post the logs, another (perhaps related) malware seemed to take root.

This second variant mimicked the windows security center, advising me to “upgrade to a full version of vista security” in order to get rid of supposed trojans. At this point both IE and Firefox were subjected to redirection, so I disconnected from the internet and ran the whole process a second time. The logs below date from this point.

It may not be relevant to the issue, but an additional problem is that program shortcuts and icons no longer function properly: to get a program to run I now have to right-click and select “start” in order to get them moving.

I appreciate any and all assistance and thank you all in advance!

 

[LiveFreeOrDie]

Malware Bytes Log

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.02.06

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
Owner :: OWNER-PC [administrator]

1/3/2012 12:16:25 PM
mbam-log-2012-01-03 (12-16-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 168941
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> 3744 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "%1" %* -> Delete on reboot.

Registry Data Items Detected: 4
HKCR\.exe| (PUM.HijackExefiles) -> Bad: (6f) Good: (exefile) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Windows\system32\config\systemprofile\AppData\Local\pdj.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\config\systemprofile\AppData\Local\pdj.exe (Trojan.ExeShell.Gen) -> Delete on reboot.

(end)

 

[LiveFreeOrDie]

GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-03 12:33:16
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK020M
Running: Gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\uwlcapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

[LiveFreeOrDie]

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_26
Run by Owner at 15:39:03 on 2012-01-03
MicrosoftÆ Windows Vistaô Home Premium 6.0.6000.0.1252.1.1033.18.1917.897 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = proxy.zfn.uni-bremen.de:3128
BHO: MRI_DISABLED - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [njdckcbr] c:\programdata\njdckcbr\nahurkne.exe
uRun: [MDMpLZwqgX] c:\programdata\jazebuxu\bqnglwrk.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/30.59/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{0642EFCB-8E53-40C6-82BB-3788A1190ACD} : DhcpNameServer = 192.168.1.1 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gli3tzql.default\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\real player alternative\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\real player alternative\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2008-7-4 11608]
R2 AntiVirScheduler;Avira AntiVir Personal ñ Free Antivirus Planer;c:\program files\avira\antivir personaledition classic\sched.exe [2008-7-4 68865]
R2 AntiVirService;Avira AntiVir Personal ñ Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2008-7-4 151297]
R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-9-21 93960]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2008-7-4 52056]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-8-22 7168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-9-18 252416]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
.
=============== File Associations ===============
.
.exe=6J
.
=============== Created Last 30 ================
.
2012-01-03 00:16:24 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-01-03 00:16:06 -------- d-----w- c:\programdata\Malwarebytes
2012-01-03 00:16:05 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-30 14:15:08 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{973fb051-cbc9-403b-bb89-bfd20112ce86}\mpengine.dll
2011-12-21 16:39:32 -------- d-----w- c:\users\owner\appdata\local\Apps
.
==================== Find3M ====================
.
2011-12-06 17:49:25 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-30 14:05:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 15:40:17.87 ===============

 

[LiveFreeOrDie]

Attach Log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
MicrosoftÆ Windows Vistaô Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/18/2007 7:21:45 PM
System Uptime: 1/3/2012 1:05:39 PM (2 hours ago)
.
Motherboard: ATI | | SB600
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-58 | Socket M2/S1G1 | 1900/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 185 GiB total, 76.413 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP835: 12/13/2011 9:48:56 PM - Scheduled Checkpoint
RP836: 12/14/2011 10:47:04 PM - Scheduled Checkpoint
RP837: 12/16/2011 1:14:18 PM - Windows Update
RP838: 12/17/2011 3:01:15 AM - Windows Update
RP839: 12/20/2011 11:05:32 AM - Windows Update
RP840: 12/23/2011 8:00:29 AM - Windows Update
RP841: 12/28/2011 2:18:59 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
ArcSoft Panorama Maker 3
Ask Toolbar
ATI Catalyst Install Manager
AutoUpdate
Avi2Dvd 0.4.5 beta
Avira AntiVir Personal - Free Antivirus
AviSynth 2.5
BitTorrent
Bluetooth Monitor 3
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Crossrider Web Apps
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Drivers Install For Linksys Easylink Advisor
Dropbox
DVD MovieFactory for TOSHIBA
ElsterFormular 2007/2008
ElsterFormular 2008/2009
EPSON-Drucker-Software
Facebook Plug-In
Google Toolbar for Internet Explorer
H.264 Decoder
Hi-Speed USB-USB Network Cable
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Linksys EasyLink Advisor 1.6 (0032)
Logitech Vid
Logitech Webcam Software
Malwarebytes Anti-Malware version 1.60.0.1800
ManyCam 2.4 (remove only)
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Close Combat III
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Microsoft XML Parser
MKV Splitter
Move Networks Media Player for Internet Explorer
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nikon FotoShare
Nikon Message Center
OpenOffice.org 2.3
PCLinq2 High-Speed USB Bridge Cable
Picasa 3
PictureProject
QuickBooks Financial Center
QuickTime
Real Alternative 1.8.0 Lite
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB954156)
Shockwave
Shogun - Total War - Gold Edition
Sid Meier's Civilization 4 Gold
SimCity 2000Æ WindowsÆ 95 Interactive Demo
Skins
Skype Click to Call
Skypeô 5.5
Slingbox Platform SDK 1.2.5.15
SlingPlayer
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.4
WeFi 3.6.4.4
Winbond CIR Device Drivers
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR archiver
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
12/30/2011 6:48:41 PM, Error: EventLog [6008] - The previous system shutdown at 6:45:43 PM on 12/30/2011 was unexpected.
12/30/2011 12:48:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
12/28/2011 11:26:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/27/2011 3:47:53 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
12/27/2011 1:37:24 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.198 for the Network Card with network address 00164479D4BF has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/3/2012 9:51:19 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
1/3/2012 9:48:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
1/2/2012 4:27:44 PM, Error: Microsoft-Windows-Windows Defender [1008] - Windows Defender has encountered an error when taking action on spyware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/FakeSysdef&threatid=155638 Scan ID: {31CBC149-2FC3-476F-8C1E-19E315FE0EAA} Scan Type: AntiMalware User: NT AUTHORITY\NETWORK SERVICE Name: Trojan:Win32/FakeSysdef ID: 155638 Severity ID: 5 Category ID: 8 Path: Action: Remove Error Code: 0x80508022 Error description: To finish removing spyware and other potentially unwanted software, restart the computer.
1/2/2012 3:34:37 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/2/2012 3:31:20 PM, Error: Microsoft-Windows-Kernel-WHEA [10] - Machine Check Event reported is a fatal Bus or Interconnect error. Memory Hierarchy Level: 3 Participation: 3 Request Type: 15 Memory/IO: 3 Address: 18446744073709551615
1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 6, function 0. Please contact your system vendor for technical assistance.
1/2/2012 3:30:54 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 4, function 0. Please contact your system vendor for technical assistance.
1/2/2012 3:30:52 PM, Error: ACPI [6] - IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 5, function 0. Please contact your system vendor for technical assistance.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[LiveFreeOrDie]

TDSSKiller Log

21:17:20.0690 2276 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:17:20.0706 2276 ============================================================
21:17:20.0706 2276 Current date / time: 2012/01/03 21:17:20.0706
21:17:20.0706 2276 SystemInfo:
21:17:20.0706 2276
21:17:20.0706 2276 OS Version: 6.0.6000 ServicePack: 0.0
21:17:20.0706 2276 Product type: Workstation
21:17:20.0706 2276 ComputerName: OWNER-PC
21:17:20.0706 2276 UserName: Owner
21:17:20.0706 2276 Windows directory: C:\Windows
21:17:20.0706 2276 System windows directory: C:\Windows
21:17:20.0706 2276 Processor architecture: Intel x86
21:17:20.0706 2276 Number of processors: 2
21:17:20.0706 2276 Page size: 0x1000
21:17:20.0706 2276 Boot type: Normal boot
21:17:20.0706 2276 ============================================================
21:17:26.0525 2276 Initialize success
21:17:44.0855 3796 ============================================================
21:17:44.0855 3796 Scan started
21:17:44.0855 3796 Mode: Manual;
21:17:44.0855 3796 ============================================================
21:17:49.0472 3796 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
21:17:49.0503 3796 ACPI - ok
21:17:50.0190 3796 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:17:50.0221 3796 adp94xx - ok
21:17:50.0393 3796 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:17:50.0393 3796 adpahci - ok
21:17:50.0814 3796 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:17:50.0814 3796 adpu160m - ok
21:17:50.0939 3796 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:17:50.0939 3796 adpu320 - ok
21:17:52.0389 3796 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
21:17:52.0483 3796 AFD - ok
21:17:52.0842 3796 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
21:17:52.0920 3796 AgereSoftModem - ok
21:17:53.0419 3796 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
21:17:53.0435 3796 agp440 - ok
21:17:53.0466 3796 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:17:53.0466 3796 aic78xx - ok
21:17:53.0965 3796 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
21:17:53.0965 3796 aliide - ok
21:17:54.0027 3796 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
21:17:54.0027 3796 amdagp - ok
21:17:54.0105 3796 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
21:17:54.0105 3796 amdide - ok
21:17:54.0183 3796 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:17:54.0183 3796 AmdK7 - ok
21:17:54.0230 3796 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
21:17:54.0230 3796 AmdK8 - ok
21:17:55.0868 3796 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:17:56.0133 3796 arc - ok
21:17:57.0709 3796 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:17:57.0803 3796 arcsas - ok
21:17:59.0363 3796 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:59.0363 3796 AsyncMac - ok
21:17:59.0784 3796 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
21:17:59.0784 3796 atapi - ok
21:18:01.0297 3796 atikmdag (22d300f835600c9c634860cf2912f9cf) C:\Windows\system32\DRIVERS\atikmdag.sys
21:18:02.0280 3796 atikmdag - ok
21:18:03.0403 3796 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
21:18:03.0465 3796 AtiPcie - ok
21:18:04.0417 3796 avgio (87828ecd657f81503465ac705e845076) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
21:18:04.0479 3796 avgio - ok
21:18:05.0259 3796 avgntflt (fcb30820bed1d3feb55e3dd55a3f947f) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
21:18:05.0291 3796 avgntflt - ok
21:18:05.0759 3796 avipbb (0b09df022250fb7ba91fb932eac6ea9b) C:\Windows\system32\DRIVERS\avipbb.sys
21:18:05.0805 3796 avipbb - ok
21:18:06.0086 3796 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
21:18:06.0086 3796 Beep - ok
21:18:06.0273 3796 blbdrive - ok
21:18:06.0929 3796 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
21:18:06.0960 3796 bowser - ok
21:18:07.0116 3796 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:18:07.0178 3796 BrFiltLo - ok
21:18:07.0599 3796 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:18:07.0599 3796 BrFiltUp - ok
21:18:07.0958 3796 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:18:07.0989 3796 Brserid - ok
21:18:08.0520 3796 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:18:08.0520 3796 BrSerWdm - ok
21:18:08.0567 3796 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:18:08.0567 3796 BrUsbMdm - ok
21:18:08.0598 3796 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:18:08.0598 3796 BrUsbSer - ok
21:18:08.0660 3796 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:18:08.0660 3796 BTHMODEM - ok
21:18:08.0723 3796 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
21:18:08.0738 3796 cdfs - ok
21:18:08.0832 3796 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
21:18:08.0832 3796 cdrom - ok
21:18:08.0910 3796 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys
21:18:08.0910 3796 circlass - ok
21:18:08.0957 3796 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
21:18:09.0222 3796 CLFS - ok
21:18:09.0300 3796 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
21:18:09.0300 3796 CmBatt - ok
21:18:09.0362 3796 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
21:18:09.0362 3796 cmdide - ok
21:18:09.0674 3796 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
21:18:09.0674 3796 Compbatt - ok
21:18:10.0283 3796 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:18:10.0439 3796 crcdisk - ok
21:18:11.0499 3796 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:18:11.0515 3796 Crusoe - ok
21:18:11.0936 3796 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
21:18:11.0936 3796 DfsC - ok
21:18:12.0045 3796 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
21:18:12.0061 3796 disk - ok
21:18:12.0123 3796 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
21:18:12.0123 3796 drmkaud - ok
21:18:12.0217 3796 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
21:18:12.0233 3796 DXGKrnl - ok
21:18:12.0295 3796 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:18:12.0295 3796 E1G60 - ok
21:18:12.0389 3796 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
21:18:12.0389 3796 Ecache - ok
21:18:12.0810 3796 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
21:18:12.0825 3796 elagopro - ok
21:18:12.0888 3796 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
21:18:12.0888 3796 elaunidr - ok
21:18:13.0013 3796 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:18:13.0013 3796 elxstor - ok
21:18:13.0200 3796 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
21:18:13.0200 3796 fastfat - ok
21:18:13.0247 3796 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:18:13.0247 3796 fdc - ok
21:18:13.0325 3796 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
21:18:13.0325 3796 FileInfo - ok
21:18:13.0356 3796 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
21:18:13.0356 3796 Filetrace - ok
21:18:13.0387 3796 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:13.0387 3796 flpydisk - ok
21:18:13.0434 3796 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
21:18:13.0449 3796 FltMgr - ok
21:18:13.0543 3796 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
21:18:13.0605 3796 Fs_Rec - ok
21:18:13.0652 3796 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
21:18:13.0652 3796 FwLnk - ok
21:18:13.0699 3796 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:18:13.0699 3796 gagp30kx - ok
21:18:13.0746 3796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:18:13.0761 3796 GEARAspiWDM - ok
21:18:13.0824 3796 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
21:18:13.0855 3796 HdAudAddService - ok
21:18:13.0933 3796 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:18:13.0933 3796 HDAudBus - ok
21:18:13.0980 3796 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:18:13.0980 3796 HidBth - ok
21:18:14.0011 3796 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys
21:18:14.0011 3796 HidIr - ok
21:18:14.0089 3796 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
21:18:14.0089 3796 HidUsb - ok
21:18:14.0120 3796 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:18:14.0120 3796 HpCISSs - ok
21:18:14.0214 3796 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
21:18:14.0245 3796 HTTP - ok
21:18:14.0604 3796 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:18:14.0619 3796 i2omp - ok
21:18:14.0697 3796 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
21:18:14.0697 3796 i8042prt - ok
21:18:14.0729 3796 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:18:14.0744 3796 iaStorV - ok
21:18:15.0384 3796 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:18:15.0384 3796 iirsp - ok
21:18:15.0789 3796 IntcAzAudAddService (97cac2a7e92ffcb30c15101ab002ed30) C:\Windows\system32\drivers\RTKVHDA.sys
21:18:15.0836 3796 IntcAzAudAddService - ok
21:18:15.0945 3796 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
21:18:15.0945 3796 intelide - ok
21:18:16.0008 3796 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
21:18:16.0008 3796 intelppm - ok
21:18:16.0055 3796 IO_Memory - ok
21:18:16.0320 3796 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:16.0320 3796 IpFilterDriver - ok
21:18:16.0335 3796 IpInIp - ok
21:18:16.0382 3796 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:18:16.0382 3796 IPMIDRV - ok
21:18:16.0491 3796 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
21:18:16.0507 3796 IPNAT - ok
21:18:16.0585 3796 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
21:18:16.0585 3796 IRENUM - ok
21:18:16.0601 3796 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
21:18:16.0601 3796 isapnp - ok
21:18:16.0632 3796 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
21:18:16.0647 3796 iScsiPrt - ok
21:18:16.0679 3796 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:18:16.0679 3796 iteatapi - ok
21:18:16.0694 3796 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:18:16.0694 3796 iteraid - ok
21:18:16.0741 3796 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:16.0741 3796 kbdclass - ok
21:18:16.0819 3796 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:16.0819 3796 kbdhid - ok
21:18:16.0913 3796 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
21:18:16.0913 3796 KR10I - ok
21:18:17.0162 3796 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
21:18:17.0162 3796 KR10N - ok
21:18:17.0209 3796 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
21:18:17.0225 3796 KR3NPXP - ok
21:18:17.0303 3796 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
21:18:17.0318 3796 KSecDD - ok
21:18:17.0412 3796 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
21:18:17.0412 3796 lltdio - ok
21:18:17.0474 3796 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:18:17.0474 3796 LSI_FC - ok
21:18:17.0490 3796 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:18:17.0490 3796 LSI_SAS - ok
21:18:17.0521 3796 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:18:17.0537 3796 LSI_SCSI - ok
21:18:17.0552 3796 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
21:18:17.0552 3796 luafv - ok
21:18:17.0630 3796 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:18:17.0630 3796 LVPr2Mon - ok
21:18:17.0693 3796 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
21:18:17.0693 3796 ManyCam - ok
21:18:17.0755 3796 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:18:17.0771 3796 megasas - ok
21:18:17.0849 3796 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
21:18:17.0849 3796 Modem - ok
21:18:17.0895 3796 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
21:18:17.0895 3796 monitor - ok
21:18:17.0927 3796 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
21:18:17.0927 3796 mouclass - ok
21:18:17.0973 3796 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
21:18:17.0973 3796 mouhid - ok
21:18:18.0005 3796 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
21:18:18.0005 3796 MountMgr - ok
21:18:18.0067 3796 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:18:18.0067 3796 mpio - ok
21:18:18.0129 3796 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
21:18:18.0145 3796 mpsdrv - ok
21:18:18.0176 3796 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:18:18.0176 3796 Mraid35x - ok
21:18:18.0207 3796 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
21:18:18.0207 3796 MRxDAV - ok
21:18:18.0285 3796 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:18.0301 3796 mrxsmb - ok
21:18:18.0332 3796 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:18.0348 3796 mrxsmb10 - ok
21:18:18.0441 3796 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:18.0441 3796 mrxsmb20 - ok
21:18:18.0473 3796 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
21:18:18.0473 3796 msahci - ok
21:18:18.0519 3796 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:18:18.0519 3796 msdsm - ok
21:18:18.0582 3796 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
21:18:18.0582 3796 Msfs - ok
21:18:18.0629 3796 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
21:18:18.0629 3796 msisadrv - ok
21:18:18.0660 3796 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
21:18:18.0660 3796 MSKSSRV - ok
21:18:18.0753 3796 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:18.0785 3796 MSPCLOCK - ok
21:18:18.0831 3796 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
21:18:18.0831 3796 MSPQM - ok
21:18:18.0863 3796 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
21:18:18.0863 3796 MsRPC - ok
21:18:18.0925 3796 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
21:18:18.0925 3796 mssmbios - ok
21:18:18.0941 3796 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
21:18:18.0941 3796 MSTEE - ok
21:18:18.0972 3796 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
21:18:18.0987 3796 Mup - ok
21:18:19.0034 3796 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
21:18:19.0034 3796 NativeWifiP - ok
21:18:19.0190 3796 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys
21:18:19.0206 3796 NDIS - ok
21:18:19.0284 3796 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:19.0284 3796 NdisTapi - ok
21:18:19.0315 3796 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:19.0315 3796 Ndisuio - ok
21:18:19.0346 3796 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:19.0346 3796 NdisWan - ok
21:18:19.0424 3796 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
21:18:19.0424 3796 NDProxy - ok
21:18:19.0455 3796 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
21:18:19.0455 3796 NetBIOS - ok
21:18:19.0502 3796 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
21:18:19.0502 3796 netbt - ok
21:18:19.0565 3796 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:18:19.0565 3796 nfrd960 - ok
21:18:19.0643 3796 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
21:18:19.0658 3796 NPF - ok
21:18:19.0721 3796 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
21:18:19.0721 3796 Npfs - ok
21:18:19.0767 3796 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
21:18:19.0783 3796 nsiproxy - ok
21:18:19.0861 3796 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
21:18:20.0095 3796 Ntfs - ok
21:18:20.0735 3796 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:18:20.0735 3796 ntrigdigi - ok
21:18:20.0766 3796 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
21:18:20.0766 3796 Null - ok
21:18:20.0859 3796 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:18:20.0859 3796 nvraid - ok
21:18:20.0891 3796 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
21:18:20.0891 3796 nvstor - ok
21:18:20.0937 3796 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
21:18:20.0937 3796 nv_agp - ok
21:18:20.0953 3796 NwlnkFlt - ok
21:18:20.0969 3796 NwlnkFwd - ok
21:18:21.0249 3796 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
21:18:21.0249 3796 ohci1394 - ok
21:18:21.0515 3796 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:18:21.0515 3796 Parport - ok
21:18:21.0858 3796 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
21:18:21.0858 3796 partmgr - ok
21:18:21.0889 3796 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:18:21.0889 3796 Parvdm - ok
21:18:21.0920 3796 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
21:18:21.0920 3796 pci - ok
21:18:22.0014 3796 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
21:18:22.0014 3796 pciide - ok
21:18:22.0061 3796 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:18:22.0061 3796 pcmcia - ok
21:18:22.0139 3796 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:18:22.0154 3796 PEAUTH - ok
21:18:22.0607 3796 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
21:18:22.0669 3796 PID_PEPI - ok
21:18:22.0950 3796 PptpMiniport (6c359ac71d7b550a0d41f9db4563ce05) C:\Windows\system32\DRIVERS\raspptp.sys
21:18:22.0950 3796 PptpMiniport - ok
21:18:23.0012 3796 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:18:23.0012 3796 Processor - ok
21:18:23.0090 3796 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
21:18:23.0090 3796 PSched - ok
21:18:23.0340 3796 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:18:23.0340 3796 PxHelp20 - ok
21:18:23.0418 3796 QCDonner (b1ad87b4c97b6b59fcd075001e76865f) C:\Windows\system32\DRIVERS\LVCD.sys
21:18:23.0418 3796 QCDonner - ok
21:18:23.0621 3796 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:18:23.0636 3796 ql2300 - ok
21:18:23.0870 3796 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:18:23.0870 3796 ql40xx - ok
21:18:23.0917 3796 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
21:18:23.0917 3796 QWAVEdrv - ok
21:18:23.0948 3796 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
21:18:23.0948 3796 RasAcd - ok
21:18:24.0042 3796 Rasl2tp (88587dd843e2059848995b407b67f6cf) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:24.0042 3796 Rasl2tp - ok
21:18:24.0135 3796 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:24.0135 3796 RasPppoe - ok
21:18:24.0369 3796 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
21:18:24.0369 3796 rdbss - ok
21:18:24.0463 3796 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:24.0463 3796 RDPCDD - ok
21:18:24.0494 3796 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
21:18:24.0510 3796 rdpdr - ok
21:18:24.0557 3796 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
21:18:24.0557 3796 RDPENCDD - ok
21:18:24.0619 3796 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
21:18:24.0619 3796 RDPWD - ok
21:18:24.0650 3796 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
21:18:24.0650 3796 rimmptsk - ok
21:18:24.0681 3796 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
21:18:24.0681 3796 rimsptsk - ok
21:18:24.0759 3796 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:18:24.0759 3796 rismxdp - ok
21:18:24.0853 3796 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
21:18:24.0853 3796 rspndr - ok
21:18:24.0900 3796 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
21:18:24.0900 3796 RTL8169 - ok
21:18:24.0978 3796 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
21:18:24.0978 3796 RTL8187B - ok
21:18:25.0227 3796 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:18:25.0227 3796 sbp2port - ok
21:18:25.0337 3796 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
21:18:25.0337 3796 sdbus - ok
21:18:25.0430 3796 secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\Windows\system32\drivers\secdrv.sys
21:18:25.0446 3796 secdrv - ok
21:18:25.0664 3796 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:18:25.0680 3796 Serenum - ok
21:18:25.0711 3796 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:18:25.0727 3796 Serial - ok
21:18:25.0773 3796 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
21:18:25.0773 3796 sermouse - ok
21:18:25.0929 3796 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
21:18:25.0929 3796 sffdisk - ok
21:18:26.0148 3796 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
21:18:26.0148 3796 sffp_mmc - ok
21:18:26.0241 3796 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:18:26.0241 3796 sffp_sd - ok
21:18:26.0288 3796 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:26.0288 3796 sfloppy - ok
21:18:26.0351 3796 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
21:18:26.0351 3796 sisagp - ok
21:18:26.0382 3796 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:18:26.0382 3796 SiSRaid2 - ok
21:18:26.0647 3796 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:18:26.0647 3796 SiSRaid4 - ok
21:18:26.0741 3796 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
21:18:26.0741 3796 Smb - ok
21:18:26.0787 3796 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
21:18:26.0787 3796 spldr - ok
21:18:26.0897 3796 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
21:18:26.0912 3796 srv - ok
21:18:27.0177 3796 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
21:18:27.0177 3796 srv2 - ok
21:18:27.0209 3796 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
21:18:27.0209 3796 srvnet - ok
21:18:27.0427 3796 ssmdrv (71d609c5dff067906d930bde031c4cfe) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:18:27.0427 3796 ssmdrv - ok
21:18:27.0505 3796 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
21:18:27.0505 3796 swenum - ok
21:18:27.0614 3796 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:18:27.0614 3796 Symc8xx - ok
21:18:27.0661 3796 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:18:27.0661 3796 Sym_hi - ok
21:18:27.0692 3796 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:18:27.0692 3796 Sym_u3 - ok
21:18:27.0770 3796 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys
21:18:27.0770 3796 SynTP - ok
21:18:28.0067 3796 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
21:18:28.0082 3796 Tcpip - ok
21:18:28.0254 3796 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
21:18:28.0254 3796 Tcpip6 - ok
21:18:28.0332 3796 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
21:18:28.0332 3796 tcpipreg - ok
21:18:28.0394 3796 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:18:28.0394 3796 tdcmdpst - ok
21:18:28.0425 3796 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
21:18:28.0425 3796 TDPIPE - ok
21:18:28.0691 3796 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
21:18:28.0691 3796 TDTCP - ok
21:18:28.0722 3796 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
21:18:28.0737 3796 tdx - ok
21:18:28.0753 3796 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
21:18:28.0753 3796 TermDD - ok
21:18:28.0909 3796 Tosrfcom - ok
21:18:28.0987 3796 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
21:18:28.0987 3796 tosrfec - ok
21:18:29.0268 3796 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
21:18:29.0268 3796 tos_sps32 - ok
21:18:29.0315 3796 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:29.0315 3796 tssecsrv - ok
21:18:29.0393 3796 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
21:18:29.0393 3796 tunmp - ok
21:18:29.0408 3796 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
21:18:29.0408 3796 tunnel - ok
21:18:29.0455 3796 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:18:29.0455 3796 TVALZ - ok
21:18:29.0564 3796 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:18:29.0564 3796 uagp35 - ok
21:18:29.0627 3796 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
21:18:29.0627 3796 udfs - ok
21:18:29.0673 3796 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
21:18:29.0673 3796 uliagpkx - ok
21:18:29.0705 3796 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:18:29.0720 3796 uliahci - ok
21:18:29.0970 3796 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:18:30.0001 3796 UlSata - ok
21:18:30.0095 3796 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:18:30.0095 3796 ulsata2 - ok
21:18:30.0235 3796 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
21:18:30.0235 3796 umbus - ok
21:18:30.0297 3796 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
21:18:30.0297 3796 USBAAPL - ok
21:18:30.0360 3796 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys
21:18:30.0360 3796 usbaudio - ok
21:18:30.0422 3796 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
21:18:30.0422 3796 usbccgp - ok
21:18:30.0703 3796 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:18:30.0703 3796 usbcir - ok
21:18:30.0797 3796 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
21:18:30.0797 3796 usbehci - ok
21:18:30.0890 3796 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
21:18:30.0906 3796 usbhub - ok
21:18:30.0937 3796 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
21:18:30.0937 3796 usbohci - ok
21:18:30.0968 3796 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
21:18:30.0968 3796 usbprint - ok
21:18:31.0031 3796 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
21:18:31.0031 3796 usbscan - ok
21:18:31.0077 3796 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:18:31.0077 3796 USBSTOR - ok
21:18:31.0140 3796 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:18:31.0155 3796 usbuhci - ok
21:18:31.0249 3796 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
21:18:31.0249 3796 usbvideo - ok
21:18:31.0296 3796 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
21:18:31.0296 3796 vga - ok
21:18:31.0561 3796 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
21:18:31.0561 3796 VgaSave - ok
21:18:31.0577 3796 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
21:18:31.0592 3796 viaagp - ok
21:18:31.0623 3796 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:18:31.0623 3796 ViaC7 - ok
21:18:31.0670 3796 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
21:18:31.0670 3796 viaide - ok
21:18:31.0717 3796 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
21:18:31.0717 3796 volmgr - ok
21:18:31.0779 3796 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
21:18:31.0795 3796 volmgrx - ok
21:18:31.0889 3796 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
21:18:31.0889 3796 volsnap - ok
21:18:31.0935 3796 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:18:31.0935 3796 vsmraid - ok
21:18:31.0982 3796 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:18:31.0982 3796 WacomPen - ok
21:18:32.0060 3796 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:32.0060 3796 Wanarp - ok
21:18:32.0060 3796 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
21:18:32.0076 3796 Wanarpv6 - ok
21:18:32.0154 3796 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:18:32.0154 3796 Wd - ok
21:18:32.0263 3796 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
21:18:32.0279 3796 Wdf01000 - ok
21:18:32.0341 3796 winbondcir (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
21:18:32.0341 3796 winbondcir - ok
21:18:32.0403 3796 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:18:32.0403 3796 WmiAcpi - ok
21:18:32.0513 3796 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
21:18:32.0513 3796 WpdUsb - ok
21:18:32.0622 3796 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
21:18:32.0622 3796 ws2ifsl - ok
21:18:32.0700 3796 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:32.0700 3796 WUDFRd - ok
21:18:32.0747 3796 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
21:18:32.0778 3796 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
21:18:32.0778 3796 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
21:18:32.0809 3796 Boot (0x1200) (af207aedeb848efeb71f78f286b26df7) \Device\Harddisk0\DR0\Partition0
21:18:32.0809 3796 \Device\Harddisk0\DR0\Partition0 - ok
21:18:32.0809 3796 ============================================================
21:18:32.0809 3796 Scan finished
21:18:32.0809 3796 ============================================================
21:18:32.0825 3412 Detected object count: 1
21:18:32.0825 3412 Actual detected object count: 1
21:18:45.0991 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
21:18:45.0991 3412 \Device\Harddisk0\DR0 - ok
21:18:46.0022 3412 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
21:19:01.0841 6192 Deinitialize success

 

[Broni]

Good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!