Jump to content


Photo
- - - - -

The security center service cannot be started and browser hijack


  • This topic is locked This topic is locked
9 replies to this topic

#1 knight78

knight78

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 March 2012 - 02:57 PM

Hello,

I have been having some problems with my laptop recently. Specifically I cannot turn the security center back on and my computer claims it is disabled. Also my browser is hijacked from google and yahoo to random vendor sites, which is a problem. I ran malware bytes as well as norton power eraser which removed a certain .dll file and some registry entries but the problem persists.

Here is a copy of my most recent hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:50:03 PM, on 3/16/2012
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
C:\FlashDriveDump\Spyware Removal Tools\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Wheels\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} (CAxH264Dec Class) - http://websp.hsc.wvu...264_decoder.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} (CAxAacDecEmb Class) - http://websp.hsc.wvu...aac_decoder.cab
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://websp.hsc.wvu...eg4_decoder.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://websp.hsc.wvu...tic/amc/amc.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.we...ex/ieatgpc1.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Let me know if any further information is needed. Thanks so much for any help.

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 March 2012 - 03:04 PM

Hello knight78! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I need more information, so please follow the instructions here:
http://forums.malwar...?showtopic=9573

Post the log files in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 knight78

knight78

    New Member

  • Members
  • Pip
  • 11 posts

Posted 16 March 2012 - 04:51 PM

Hello,

I ran malwarebytes before and have attached the log along with the DDS and Attach logs below. I truly appreciate your help. Thank you.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.16.01
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Wheels :: WHEELS_LAPTOP [administrator]
3/16/2012 12:09:16 PM
mbam-log-2012-03-16 (12-09-16).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 333029
Time elapsed: 1 hour(s), 54 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\Windows\svcs.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svcs.exe (Trojan.Downloader) -> Delete on reboot.
(end)


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by Wheels at 17:33:09 on 2012-03-16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.801 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vsnp2uvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WallpaperSS\WallpaperSS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wuauclt.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = \blank.htm
uSearch Page =
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar =
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Aim6]
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe
uRun: [Google Update] "c:\users\wheels\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NDSTray.exe] NDSTray.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\wheels\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wheels\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\wheels\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://websp.hsc.wvu.edu/w/static/amc/h264_decoder.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} - hxxp://websp.hsc.wvu.edu/w/static/amc/aac_decoder.cab
DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://websp.hsc.wvu.edu/w/static/amc/mpeg4_decoder.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://websp.hsc.wvu.edu/w/static/amc/amc.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{7D6FA0D3-7C91-4927-804C-48A45DCE2740} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43} : DhcpNameServer = 192.168.10.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-3-16 83064]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-18 20384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-9 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-9 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-9 61960]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-26 24652]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-18 954368]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-16 19:33:07 20 ----a-w- c:\windows\system32\drivers\SMR250.dat
2012-03-16 19:33:05 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-03-16 04:03:08 -------- d-----w- c:\users\wheels\appdata\local\ElevatedDiagnostics
2012-03-16 03:48:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-13 16:49:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-03-13 16:49:28 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
.
==================== Find3M ====================
.
2011-12-25 23:19:18 69341552 ----a-w- c:\users\wheels\iTunesSetup.exe
.
============= FINISH: 17:34:26.68 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/18/2009 8:13:16 PM
System Uptime: 3/16/2012 5:15:27 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 65.665 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
ATI Catalyst Install Manager
Avira AntiVir Personal - Free Antivirus
AXIS Media Control Embedded
Bonjour
BufferChm
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CD/DVD Drive Acoustic Silencer
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Copy
Coupon Printer for Windows
CueCard (remove only)
Destinations
DeviceDiscovery
DJ_AIO_05_F4400_Software_Min
Dropbox
F4400
Google Chrome
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
iTunes
Java™ 6 Update 6
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Memeo AutoBackup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Picasa 2
QuickBooks Financial Center
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Respondus LockDown Browser
SanctionedMedia
Scan
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Shop for HP Supplies
Skins
Skype Toolbars
Skype™ 4.2
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Games
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Uru - Ages Beyond Myst
VC 9.0 Runtime
Viewpoint Media Player
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 0.9.9
Wallpaper SlideShow LT 1.4.4
WebCam Play II
WebEx
WebReg
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
3/15/2012 4:01:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.10.104 for the Network Card with network address 002163FD14DA has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
3/15/2012 2:08:19 PM, Error: Service Control Manager [7000] - The vsdatant service failed to start due to the following error: The system cannot find the file specified.
3/15/2012 2:08:18 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: The system cannot find the file specified.
.
==== End Of File ===========================

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 16 March 2012 - 04:59 PM

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

How are things running now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 knight78

knight78

    New Member

  • Members
  • Pip
  • 11 posts

Posted 17 March 2012 - 08:07 PM

Hello,

Thanks for the suggestion, that may help for the future. I removed viewpoint media player but unfortunately I still have the same problems. The browser is being redirected, the "security center service cannot be started," and my computer just seems sluggish. Any other ideas, or did anything stand out in those logs?
Thanks.

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 18 March 2012 - 04:10 AM

Of course. :)


Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


In your next reply, post the following log files:

  • TDSSKiller log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 knight78

knight78

    New Member

  • Members
  • Pip
  • 11 posts

Posted 18 March 2012 - 08:35 PM

I ran TDSS killer and have the log file, but I could not get combofix to go beyond the page where it talks about "scanning may take 10 mins or longer." I disabled my antivirus and had no messages or problems with that but it did not make any visible progress on the scan after about 30 minutes.

TDSS seemed to fix up my browser hijack problem and the security center is at least working now. But I still cannot turn on windows firewall. Could this be a problem with my antivirus or is it more infection?

Should I just wait longer for combofix to work or try something else?

Thanks.

12:20:49.0945 4892 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
12:20:50.0273 4892 ============================================================
12:20:50.0273 4892 Current date / time: 2012/03/18 12:20:50.0273
12:20:50.0273 4892 SystemInfo:
12:20:50.0273 4892
12:20:50.0273 4892 OS Version: 6.0.6001 ServicePack: 1.0
12:20:50.0273 4892 Product type: Workstation
12:20:50.0273 4892 ComputerName: WHEELS_LAPTOP
12:20:50.0273 4892 UserName: Wheels
12:20:50.0273 4892 Windows directory: C:\Windows
12:20:50.0273 4892 System windows directory: C:\Windows
12:20:50.0273 4892 Processor architecture: Intel x86
12:20:50.0273 4892 Number of processors: 2
12:20:50.0273 4892 Page size: 0x1000
12:20:50.0273 4892 Boot type: Normal boot
12:20:50.0273 4892 ============================================================
12:20:53.0440 4892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:20:53.0440 4892 Drive \Device\Harddisk1\DR1 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:20:53.0440 4892 \Device\Harddisk0\DR0:
12:20:53.0440 4892 MBR used
12:20:53.0440 4892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x11B5F000
12:20:53.0440 4892 \Device\Harddisk1\DR1:
12:20:53.0440 4892 MBR used
12:20:53.0440 4892 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE4080
12:20:53.0502 4892 Initialize success
12:20:53.0502 4892 ============================================================
12:21:38.0383 5312 ============================================================
12:21:38.0383 5312 Scan started
12:21:38.0383 5312 Mode: Manual; SigCheck; TDLFS;
12:21:38.0383 5312 ============================================================
12:21:39.0241 5312 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
12:21:39.0553 5312 ACPI - ok
12:21:39.0741 5312 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
12:21:39.0819 5312 adp94xx - ok
12:21:39.0959 5312 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
12:21:40.0006 5312 adpahci - ok
12:21:40.0131 5312 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
12:21:40.0162 5312 adpu160m - ok
12:21:40.0209 5312 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
12:21:40.0240 5312 adpu320 - ok
12:21:40.0333 5312 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
12:21:40.0427 5312 AFD - ok
12:21:40.0536 5312 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
12:21:40.0708 5312 AgereSoftModem - ok
12:21:40.0770 5312 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
12:21:40.0801 5312 agp440 - ok
12:21:40.0864 5312 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:21:40.0942 5312 aic78xx - ok
12:21:40.0989 5312 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
12:21:41.0004 5312 aliide - ok
12:21:41.0051 5312 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
12:21:41.0082 5312 amdagp - ok
12:21:41.0129 5312 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
12:21:41.0145 5312 amdide - ok
12:21:41.0207 5312 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
12:21:41.0394 5312 AmdK7 - ok
12:21:41.0441 5312 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
12:21:41.0535 5312 AmdK8 - ok
12:21:41.0706 5312 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
12:21:41.0737 5312 arc - ok
12:21:41.0862 5312 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
12:21:41.0878 5312 arcsas - ok
12:21:41.0956 5312 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:21:42.0018 5312 AsyncMac - ok
12:21:42.0049 5312 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
12:21:42.0065 5312 atapi - ok
12:21:42.0174 5312 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
12:21:42.0283 5312 athr - ok
12:21:42.0455 5312 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
12:21:42.0876 5312 atikmdag - ok
12:21:43.0063 5312 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:21:43.0157 5312 AtiPcie - ok
12:21:43.0407 5312 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
12:21:44.0046 5312 avgntflt - ok
12:21:44.0202 5312 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
12:21:44.0218 5312 avipbb - ok
12:21:44.0296 5312 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:21:44.0358 5312 Beep - ok
12:21:44.0405 5312 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
12:21:44.0452 5312 blbdrive - ok
12:21:44.0545 5312 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
12:21:44.0592 5312 bowser - ok
12:21:44.0639 5312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:21:44.0748 5312 BrFiltLo - ok
12:21:44.0764 5312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:21:44.0811 5312 BrFiltUp - ok
12:21:44.0873 5312 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:21:45.0185 5312 Brserid - ok
12:21:45.0310 5312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:21:45.0372 5312 BrSerWdm - ok
12:21:45.0528 5312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:21:45.0622 5312 BrUsbMdm - ok
12:21:45.0684 5312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:21:45.0825 5312 BrUsbSer - ok
12:21:45.0903 5312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:21:45.0996 5312 BTHMODEM - ok
12:21:46.0152 5312 catchme - ok
12:21:46.0277 5312 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:21:46.0371 5312 cdfs - ok
12:21:46.0417 5312 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
12:21:46.0495 5312 cdrom - ok
12:21:46.0527 5312 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
12:21:46.0651 5312 circlass - ok
12:21:46.0729 5312 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
12:21:46.0761 5312 CLFS - ok
12:21:46.0885 5312 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:21:46.0963 5312 CmBatt - ok
12:21:47.0026 5312 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
12:21:47.0041 5312 cmdide - ok
12:21:47.0119 5312 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:21:47.0135 5312 Compbatt - ok
12:21:47.0182 5312 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
12:21:47.0197 5312 crcdisk - ok
12:21:47.0229 5312 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
12:21:47.0291 5312 Crusoe - ok
12:21:47.0369 5312 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
12:21:47.0416 5312 DfsC - ok
12:21:47.0463 5312 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
12:21:47.0478 5312 disk - ok
12:21:47.0572 5312 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
12:21:47.0603 5312 Dot4 - ok
12:21:47.0650 5312 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:21:47.0728 5312 Dot4Print - ok
12:21:47.0790 5312 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
12:21:47.0899 5312 dot4usb - ok
12:21:47.0962 5312 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:21:48.0024 5312 drmkaud - ok
12:21:48.0087 5312 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
12:21:48.0227 5312 DXGKrnl - ok
12:21:48.0321 5312 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:21:48.0430 5312 E1G60 - ok
12:21:48.0523 5312 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
12:21:48.0570 5312 Ecache - ok
12:21:48.0726 5312 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:21:48.0757 5312 ElbyCDIO - ok
12:21:48.0804 5312 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
12:21:48.0851 5312 elxstor - ok
12:21:48.0913 5312 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
12:21:49.0023 5312 ErrDev - ok
12:21:49.0085 5312 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
12:21:49.0163 5312 exfat - ok
12:21:49.0241 5312 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
12:21:49.0335 5312 fastfat - ok
12:21:49.0366 5312 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
12:21:49.0444 5312 fdc - ok
12:21:49.0569 5312 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:21:49.0600 5312 FileInfo - ok
12:21:49.0631 5312 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:21:49.0709 5312 Filetrace - ok
12:21:49.0834 5312 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:21:50.0146 5312 flpydisk - ok
12:21:50.0224 5312 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
12:21:50.0286 5312 FltMgr - ok
12:21:50.0349 5312 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:21:50.0411 5312 Fs_Rec - ok
12:21:50.0458 5312 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
12:21:50.0505 5312 FwLnk - ok
12:21:50.0536 5312 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
12:21:50.0567 5312 gagp30kx - ok
12:21:50.0629 5312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:21:50.0661 5312 GEARAspiWDM - ok
12:21:50.0754 5312 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
12:21:50.0863 5312 HdAudAddService - ok
12:21:50.0895 5312 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:21:50.0957 5312 HDAudBus - ok
12:21:51.0097 5312 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:21:51.0207 5312 HidBth - ok
12:21:51.0363 5312 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:21:51.0503 5312 HidIr - ok
12:21:51.0597 5312 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
12:21:51.0659 5312 HidUsb - ok
12:21:51.0721 5312 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
12:21:51.0753 5312 HpCISSs - ok
12:21:51.0831 5312 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
12:21:51.0971 5312 HTTP - ok
12:21:52.0018 5312 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
12:21:52.0049 5312 i2omp - ok
12:21:52.0189 5312 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:21:52.0283 5312 i8042prt - ok
12:21:52.0330 5312 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
12:21:52.0361 5312 iaStorV - ok
12:21:52.0439 5312 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:21:52.0470 5312 iirsp - ok
12:21:52.0720 5312 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
12:21:52.0954 5312 IntcAzAudAddService - ok
12:21:53.0157 5312 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:21:53.0172 5312 intelide - ok
12:21:53.0235 5312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:21:53.0313 5312 intelppm - ok
12:21:53.0359 5312 IO_Memory - ok
12:21:53.0406 5312 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:21:53.0515 5312 IpFilterDriver - ok
12:21:53.0531 5312 IpInIp - ok
12:21:53.0578 5312 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
12:21:53.0656 5312 IPMIDRV - ok
12:21:53.0749 5312 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:21:53.0827 5312 IPNAT - ok
12:21:53.0937 5312 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:21:53.0999 5312 IRENUM - ok
12:21:54.0046 5312 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
12:21:54.0061 5312 isapnp - ok
12:21:54.0171 5312 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
12:21:54.0186 5312 iScsiPrt - ok
12:21:54.0217 5312 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:21:54.0233 5312 iteatapi - ok
12:21:54.0264 5312 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:21:54.0280 5312 iteraid - ok
12:21:54.0607 5312 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
12:21:54.0685 5312 jswpslwf - ok
12:21:54.0795 5312 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:21:54.0810 5312 kbdclass - ok
12:21:54.0873 5312 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
12:21:54.0951 5312 kbdhid - ok
12:21:55.0044 5312 KLIF (482748344c42e4d5f604675a11097f0e) C:\Windows\system32\DRIVERS\klif.sys
12:21:55.0075 5312 KLIF - ok
12:21:55.0185 5312 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
12:21:55.0278 5312 KR10I - ok
12:21:55.0481 5312 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
12:21:55.0512 5312 KR10N - ok
12:21:55.0575 5312 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
12:21:55.0684 5312 KSecDD - ok
12:21:55.0777 5312 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:21:55.0887 5312 lltdio - ok
12:21:55.0996 5312 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
12:21:56.0027 5312 LSI_FC - ok
12:21:56.0058 5312 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
12:21:56.0074 5312 LSI_SAS - ok
12:21:56.0199 5312 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
12:21:56.0214 5312 LSI_SCSI - ok
12:21:56.0245 5312 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:21:56.0292 5312 luafv - ok
12:21:56.0339 5312 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
12:21:56.0355 5312 megasas - ok
12:21:56.0401 5312 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
12:21:56.0433 5312 MegaSR - ok
12:21:56.0495 5312 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:21:56.0557 5312 Modem - ok
12:21:56.0589 5312 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:21:56.0635 5312 monitor - ok
12:21:56.0776 5312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:21:56.0791 5312 mouclass - ok
12:21:56.0823 5312 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:21:56.0854 5312 mouhid - ok
12:21:56.0869 5312 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:21:56.0885 5312 MountMgr - ok
12:21:56.0932 5312 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
12:21:56.0947 5312 mpio - ok
12:21:56.0963 5312 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:21:57.0010 5312 mpsdrv - ok
12:21:57.0072 5312 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:21:57.0088 5312 Mraid35x - ok
12:21:57.0119 5312 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
12:21:57.0306 5312 MRxDAV - ok
12:21:57.0431 5312 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:21:57.0478 5312 mrxsmb - ok
12:21:57.0571 5312 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:21:57.0618 5312 mrxsmb10 - ok
12:21:57.0634 5312 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:21:57.0712 5312 mrxsmb20 - ok
12:21:57.0759 5312 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
12:21:57.0774 5312 msahci - ok
12:21:57.0805 5312 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
12:21:57.0837 5312 msdsm - ok
12:21:57.0883 5312 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:21:57.0961 5312 Msfs - ok
12:21:58.0008 5312 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys
12:21:58.0024 5312 msisadrv - ok
12:21:58.0086 5312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:21:58.0211 5312 MSKSSRV - ok
12:21:58.0305 5312 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:21:58.0383 5312 MSPCLOCK - ok
12:21:58.0492 5312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:21:58.0554 5312 MSPQM - ok
12:21:58.0585 5312 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
12:21:58.0617 5312 MsRPC - ok
12:21:58.0663 5312 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys
12:21:58.0679 5312 mssmbios - ok
12:21:58.0710 5312 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:21:58.0819 5312 MSTEE - ok
12:21:58.0929 5312 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
12:21:58.0944 5312 Mup - ok
12:21:59.0022 5312 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
12:21:59.0100 5312 NativeWifiP - ok
12:21:59.0147 5312 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
12:21:59.0287 5312 NDIS - ok
12:21:59.0334 5312 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:21:59.0397 5312 NdisTapi - ok
12:21:59.0412 5312 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:21:59.0475 5312 Ndisuio - ok
12:21:59.0521 5312 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
12:21:59.0599 5312 NdisWan - ok
12:21:59.0677 5312 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:21:59.0818 5312 NDProxy - ok
12:21:59.0896 5312 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:21:59.0974 5312 NetBIOS - ok
12:22:00.0021 5312 netbt (f353aa9957ee69ad05e7ae695a5dde72) C:\Windows\system32\DRIVERS\netbt.sys
12:22:00.0021 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: f353aa9957ee69ad05e7ae695a5dde72, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02
12:22:00.0021 5312 netbt ( Virus.Win32.ZAccess.aml ) - infected
12:22:00.0021 5312 netbt - detected Virus.Win32.ZAccess.aml (0)
12:22:00.0083 5312 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:22:00.0099 5312 nfrd960 - ok
12:22:00.0130 5312 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
12:22:00.0208 5312 Npfs - ok
12:22:00.0239 5312 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:22:00.0333 5312 nsiproxy - ok
12:22:00.0551 5312 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
12:22:00.0723 5312 Ntfs - ok
12:22:00.0769 5312 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:22:00.0879 5312 ntrigdigi - ok
12:22:00.0957 5312 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:22:01.0066 5312 Null - ok
12:22:01.0144 5312 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
12:22:01.0175 5312 nvraid - ok
12:22:01.0222 5312 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
12:22:01.0253 5312 nvstor - ok
12:22:01.0284 5312 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
12:22:01.0300 5312 nv_agp - ok
12:22:01.0315 5312 NwlnkFlt - ok
12:22:01.0347 5312 NwlnkFwd - ok
12:22:01.0393 5312 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
12:22:01.0471 5312 ohci1394 - ok
12:22:01.0549 5312 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:22:01.0627 5312 Parport - ok
12:22:01.0659 5312 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
12:22:01.0674 5312 partmgr - ok
12:22:01.0705 5312 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:22:01.0955 5312 Parvdm - ok
12:22:02.0064 5312 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys
12:22:02.0095 5312 pci - ok
12:22:02.0158 5312 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
12:22:02.0173 5312 pciide - ok
12:22:02.0236 5312 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:22:02.0251 5312 pcmcia - ok
12:22:02.0314 5312 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:22:02.0439 5312 PEAUTH - ok
12:22:02.0532 5312 pgfilter - ok
12:22:02.0719 5312 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:22:02.0782 5312 PptpMiniport - ok
12:22:02.0861 5312 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
12:22:02.0939 5312 Processor - ok
12:22:03.0017 5312 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
12:22:03.0079 5312 PSched - ok
12:22:03.0110 5312 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
12:22:03.0142 5312 PxHelp20 - ok
12:22:03.0298 5312 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
12:22:03.0438 5312 ql2300 - ok
12:22:03.0454 5312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:22:03.0485 5312 ql40xx - ok
12:22:03.0516 5312 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:22:03.0547 5312 QWAVEdrv - ok
12:22:03.0594 5312 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:22:03.0641 5312 RasAcd - ok
12:22:03.0672 5312 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:22:03.0719 5312 Rasl2tp - ok
12:22:03.0766 5312 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
12:22:03.0812 5312 RasPppoe - ok
12:22:03.0828 5312 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
12:22:03.0859 5312 RasSstp - ok
12:22:03.0906 5312 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
12:22:04.0015 5312 rdbss - ok
12:22:04.0046 5312 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:22:04.0078 5312 RDPCDD - ok
12:22:04.0124 5312 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
12:22:04.0171 5312 rdpdr - ok
12:22:04.0249 5312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:22:04.0343 5312 RDPENCDD - ok
12:22:04.0436 5312 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
12:22:04.0499 5312 RDPWD - ok
12:22:04.0577 5312 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:22:04.0624 5312 rspndr - ok
12:22:04.0686 5312 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
12:22:04.0733 5312 RTL8169 - ok
12:22:04.0764 5312 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
12:22:04.0795 5312 RTSTOR - ok
12:22:04.0842 5312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:22:04.0858 5312 sbp2port - ok
12:22:04.0936 5312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:22:05.0076 5312 secdrv - ok
12:22:05.0123 5312 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
12:22:05.0216 5312 Serenum - ok
12:22:05.0294 5312 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:22:05.0404 5312 Serial - ok
12:22:05.0450 5312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:22:05.0497 5312 sermouse - ok
12:22:05.0544 5312 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
12:22:05.0575 5312 sffdisk - ok
12:22:05.0622 5312 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
12:22:05.0653 5312 sffp_mmc - ok
12:22:05.0669 5312 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
12:22:05.0700 5312 sffp_sd - ok
12:22:05.0747 5312 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:22:05.0809 5312 sfloppy - ok
12:22:05.0857 5312 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
12:22:05.0888 5312 sisagp - ok
12:22:05.0919 5312 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
12:22:05.0919 5312 SiSRaid2 - ok
12:22:05.0951 5312 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
12:22:05.0966 5312 SiSRaid4 - ok
12:22:06.0013 5312 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
12:22:06.0060 5312 Smb - ok
12:22:06.0372 5312 SNP2UVC (facaf54a5547e0a7d9dbefb2f8058d39) C:\Windows\system32\DRIVERS\snp2uvc.sys
12:22:06.0653 5312 SNP2UVC - ok
12:22:06.0824 5312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:22:06.0840 5312 spldr - ok
12:22:06.0933 5312 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
12:22:07.0027 5312 srv - ok
12:22:07.0121 5312 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
12:22:07.0183 5312 srv2 - ok
12:22:07.0261 5312 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
12:22:07.0308 5312 srvnet - ok
12:22:07.0386 5312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:22:07.0401 5312 ssmdrv - ok
12:22:07.0479 5312 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
12:22:07.0511 5312 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning
12:22:07.0511 5312 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)
12:22:07.0557 5312 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys
12:22:07.0573 5312 swenum - ok
12:22:07.0635 5312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:22:07.0651 5312 Symc8xx - ok
12:22:07.0713 5312 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:22:07.0729 5312 Sym_hi - ok
12:22:07.0760 5312 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:22:07.0776 5312 Sym_u3 - ok
12:22:07.0854 5312 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
12:22:07.0885 5312 SynTP - ok
12:22:07.0994 5312 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
12:22:08.0072 5312 Tcpip - ok
12:22:08.0119 5312 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
12:22:08.0166 5312 Tcpip6 - ok
12:22:08.0337 5312 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
12:22:08.0415 5312 tcpipreg - ok
12:22:08.0509 5312 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:22:08.0540 5312 tdcmdpst - ok
12:22:08.0571 5312 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:22:08.0649 5312 TDPIPE - ok
12:22:08.0681 5312 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:22:08.0727 5312 TDTCP - ok
12:22:08.0774 5312 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
12:22:08.0821 5312 tdx - ok
12:22:08.0883 5312 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys
12:22:08.0899 5312 TermDD - ok
12:22:09.0086 5312 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
12:22:09.0180 5312 tos_sps32 - ok
12:22:09.0336 5312 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:22:09.0398 5312 tssecsrv - ok
12:22:09.0461 5312 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:22:09.0507 5312 tunmp - ok
12:22:09.0554 5312 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
12:22:09.0617 5312 tunnel - ok
12:22:09.0648 5312 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:22:09.0663 5312 TVALZ - ok
12:22:09.0695 5312 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
12:22:09.0726 5312 uagp35 - ok
12:22:09.0757 5312 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys
12:22:09.0819 5312 udfs - ok
12:22:09.0882 5312 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
12:22:09.0913 5312 uliagpkx - ok
12:22:09.0960 5312 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
12:22:09.0991 5312 uliahci - ok
12:22:10.0022 5312 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:22:10.0053 5312 UlSata - ok
12:22:10.0085 5312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:22:10.0116 5312 ulsata2 - ok
12:22:10.0131 5312 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:22:10.0194 5312 umbus - ok
12:22:10.0272 5312 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:22:10.0381 5312 USBAAPL - ok
12:22:10.0412 5312 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:22:10.0490 5312 usbccgp - ok
12:22:10.0521 5312 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:22:10.0646 5312 usbcir - ok
12:22:10.0693 5312 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
12:22:10.0755 5312 usbehci - ok
12:22:10.0818 5312 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
12:22:10.0911 5312 usbhub - ok
12:22:10.0943 5312 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
12:22:11.0052 5312 usbohci - ok
12:22:11.0177 5312 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:22:11.0255 5312 usbprint - ok
12:22:11.0333 5312 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:22:11.0411 5312 usbscan - ok
12:22:11.0457 5312 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:22:11.0535 5312 USBSTOR - ok
12:22:11.0582 5312 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:22:11.0676 5312 usbuhci - ok
12:22:11.0707 5312 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
12:22:11.0801 5312 usbvideo - ok
12:22:11.0989 5312 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys
12:22:12.0067 5312 VClone - ok
12:22:12.0145 5312 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
12:22:12.0254 5312 vga - ok
12:22:12.0379 5312 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:22:12.0426 5312 VgaSave - ok
12:22:12.0457 5312 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
12:22:12.0472 5312 viaagp - ok
12:22:12.0504 5312 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
12:22:12.0535 5312 ViaC7 - ok
12:22:12.0582 5312 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
12:22:12.0597 5312 viaide - ok
12:22:12.0613 5312 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys
12:22:12.0628 5312 volmgr - ok
12:22:12.0660 5312 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
12:22:12.0675 5312 volmgrx - ok
12:22:12.0706 5312 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
12:22:12.0722 5312 volsnap - ok
12:22:12.0738 5312 vsdatant - ok
12:22:12.0816 5312 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
12:22:12.0831 5312 vsmraid - ok
12:22:12.0894 5312 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:22:12.0972 5312 WacomPen - ok
12:22:13.0034 5312 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:22:13.0143 5312 Wanarp - ok
12:22:13.0159 5312 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:22:13.0190 5312 Wanarpv6 - ok
12:22:13.0237 5312 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
12:22:13.0237 5312 Wd - ok
12:22:13.0284 5312 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:22:13.0330 5312 Wdf01000 - ok
12:22:13.0486 5312 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
12:22:13.0518 5312 WmiAcpi - ok
12:22:13.0627 5312 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
12:22:13.0674 5312 WpdUsb - ok
12:22:13.0720 5312 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:22:13.0752 5312 ws2ifsl - ok
12:22:13.0798 5312 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:22:13.0908 5312 WUDFRd - ok
12:22:13.0954 5312 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:22:14.0079 5312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:22:14.0079 5312 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:22:14.0095 5312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:22:18.0151 5312 \Device\Harddisk1\DR1 - ok
12:22:18.0182 5312 Boot (0x1200) (12f100d1d56e795e1b0464f60d86714b) \Device\Harddisk0\DR0\Partition0
12:22:18.0198 5312 \Device\Harddisk0\DR0\Partition0 - ok
12:22:18.0198 5312 Boot (0x1200) (feeb2c46e5c948fa9410dc717a03b9fa) \Device\Harddisk1\DR1\Partition0
12:22:18.0198 5312 \Device\Harddisk1\DR1\Partition0 - ok
12:22:18.0213 5312 ============================================================
12:22:18.0213 5312 Scan finished
12:22:18.0213 5312 ============================================================
12:22:18.0244 5304 Detected object count: 3
12:22:18.0244 5304 Actual detected object count: 3
12:24:15.0683 5304 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
12:24:15.0855 5304 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813
12:24:40.0846 5304 Backup copy found, using it..
12:24:41.0283 5304 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
12:24:57.0897 5304 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Cure
12:24:57.0897 5304 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:57.0897 5304 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:24:57.0912 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:24:57.0912 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:25:17.0273 4888 Deinitialize success

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,405 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 19 March 2012 - 08:08 AM

I think your system is still infected.

Please manually delete your ComboFix, download a new fresh one and boot in Safe Mode.
http://windows.micro...er-in-safe-mode

Try to run it there.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 26 March 2012 - 10:12 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 30 March 2012 - 04:14 PM

Topic re-opened per member request.

@knight78
You must henceforth follow your helper's guidance in a timely manner.

Do as requested by Maniac in his reply of the 19th.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users