knight78

The security center service cannot be started and browser hijack

10 posts in this topic

Hello,

I have been having some problems with my laptop recently. Specifically I cannot turn the security center back on and my computer claims it is disabled. Also my browser is hijacked from google and yahoo to random vendor sites, which is a problem. I ran malware bytes as well as norton power eraser which removed a certain .dll file and some registry entries but the problem persists.

Here is a copy of my most recent hijack this log:

Logfile of HijackThis v1.99.1

Scan saved at 3:50:03 PM, on 3/16/2012

Platform: Unknown Windows (WinNT 6.00.1905 SP1)

MSIE: Internet Explorer v7.00 (7.00.6001.18639)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\vsnp2uvc.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WallpaperSS\WallpaperSS.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wuauclt.exe

C:\FlashDriveDump\Spyware Removal Tools\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"

O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden

O4 - HKCU\..\Run: [WallpaperSS] C:\Program Files\WallpaperSS\WallpaperSS.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Wheels\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: Dropbox.lnk = C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O16 - DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} (CAxH264Dec Class) - http://websp.hsc.wvu.edu/w/static/amc/h264_decoder.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} (CAxAacDecEmb Class) - http://websp.hsc.wvu.edu/w/static/amc/aac_decoder.cab

O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} (CAxMP4Dec Class) - http://websp.hsc.wvu.edu/w/static/amc/mpeg4_decoder.cab

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://websp.hsc.wvu.edu/w/static/amc/amc.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://freetrial.webex.com/client/T27L/webex/ieatgpc1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe

O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Let me know if any further information is needed. Thanks so much for any help.

Share this post


Link to post
Share on other sites

Hello knight78! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

I need more information, so please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files in your next reply.

Share this post


Link to post
Share on other sites

Hello,

I ran malwarebytes before and have attached the log along with the DDS and Attach logs below. I truly appreciate your help. Thank you.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.16.01

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 7.0.6001.18000

Wheels :: WHEELS_LAPTOP [administrator]

3/16/2012 12:09:16 PM

mbam-log-2012-03-16 (12-09-16).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 333029

Time elapsed: 1 hour(s), 54 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETWORKLOG (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKLM\SYSTEM\CurrentControlSet\Services\NetworkLog|ImagePath (Trojan.Downloader) -> Data: C:\Windows\svcs.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svcs.exe (Trojan.Downloader) -> Delete on reboot.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.6001.18000

Run by Wheels at 17:33:09 on 2012-03-16

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1789.801 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\TOSHIBA\IVP\ISM\pinger.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\vsnp2uvc.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WallpaperSS\WallpaperSS.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Wheels\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Windows\system32\wuauclt.exe

\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uLocal Page = \blank.htm

uSearch Page =

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uSearch Bar =

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [TOSCDSPD] TOSCDSPD.EXE

uRun: [Aim6]

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden

uRun: [WallpaperSS] c:\program files\wallpaperss\WallpaperSS.exe

uRun: [Google Update] "c:\users\wheels\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [NDSTray.exe] NDSTray.exe

mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"

mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe

mRun: [cfFncEnabler.exe] cfFncEnabler.exe

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\wheels\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\wheels\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\wheels\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab

DPF: {7340F0E4-AEDA-47C6-8971-9DB314030BD7} - hxxp://websp.hsc.wvu.edu/w/static/amc/h264_decoder.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {BA7A56EB-D1B9-443B-96E9-086532A378F1} - hxxp://websp.hsc.wvu.edu/w/static/amc/aac_decoder.cab

DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} - hxxp://websp.hsc.wvu.edu/w/static/amc/mpeg4_decoder.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://websp.hsc.wvu.edu/w/static/amc/amc.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27L/webex/ieatgpc1.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{7D6FA0D3-7C91-4927-804C-48A45DCE2740} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{B0F31E43-512B-499E-AAA1-E7828F7C5D43} : DhcpNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

mASetup: {C97751B1-BF63-4867-87FB-49B72502DBCD} - c:\program files\microsoft office\office10\OfficeXPFirstRun.vbs

.

============= SERVICES / DRIVERS ===============

.

R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-3-16 83064]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-18 20384]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-2-9 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-2-9 267944]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-2-9 61960]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-26 24652]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-18 954368]

S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-16 19:33:07 20 ----a-w- c:\windows\system32\drivers\SMR250.dat

2012-03-16 19:33:05 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS

2012-03-16 04:03:08 -------- d-----w- c:\users\wheels\appdata\local\ElevatedDiagnostics

2012-03-16 03:48:28 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

2012-03-13 16:49:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2012-03-13 16:49:28 190464 ----a-w- c:\windows\system32\iphlpsvc.dll

.

==================== Find3M ====================

.

2011-12-25 23:19:18 69341552 ----a-w- c:\users\wheels\iTunesSetup.exe

.

============= FINISH: 17:34:26.68 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/18/2009 8:13:16 PM

System Uptime: 3/16/2012 5:15:27 PM (0 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: AMD Athlon X2 Dual-Core QL-64 | Socket M2/S1G1 | 2100/1800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 142 GiB total, 65.665 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

32 Bit HP CIO Components Installer

Adobe Flash Player 10 ActiveX

Adobe Reader 8.1.2

AIM 6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

ATI Catalyst Install Manager

Avira AntiVir Personal - Free Antivirus

AXIS Media Control Embedded

Bonjour

BufferChm

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.0

Canon MP560 series MP Drivers

Canon MP560 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CD/DVD Drive Acoustic Silencer

Comcast Desktop Software (v1.2.0.9)

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CueCard (remove only)

Destinations

DeviceDiscovery

DJ_AIO_05_F4400_Software_Min

Dropbox

F4400

Google Chrome

GPBaseService2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Customer Participation Program 14.0

HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5

HP Imaging Device Functions 14.0

HP Photo Creations

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPPhotoGadget

HPProductAssistant

HPSSupply

iTunes

Java 6 Update 6

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Memeo AutoBackup

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Picasa 2

QuickBooks Financial Center

QuickTime

Realtek 8169 8168 8101E 8102E Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Respondus LockDown Browser

SanctionedMedia

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shop for HP Supplies

Skins

Skype Toolbars

Skype™ 4.2

SmartWebPrinting

SolutionCenter

Status

Synaptics Pointing Device Driver

Toolbox

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Games

TOSHIBA Hardware Setup

TOSHIBA Recovery Disc Creator

Toshiba Registration

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TrayApp

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Uru - Ages Beyond Myst

VC 9.0 Runtime

Viewpoint Media Player

VirtualCloneDrive

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VLC media player 0.9.9

Wallpaper SlideShow LT 1.4.4

WebCam Play II

WebEx

WebReg

ZoneAlarm

.

==== Event Viewer Messages From Past Week ========

.

3/15/2012 4:01:36 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.10.104 for the Network Card with network address 002163FD14DA has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).

3/15/2012 2:08:19 PM, Error: Service Control Manager [7000] - The vsdatant service failed to start due to the following error: The system cannot find the file specified.

3/15/2012 2:08:18 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: The system cannot find the file specified.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

How are things running now?

Share this post


Link to post
Share on other sites

Hello,

Thanks for the suggestion, that may help for the future. I removed viewpoint media player but unfortunately I still have the same problems. The browser is being redirected, the "security center service cannot be started," and my computer just seems sluggish. Any other ideas, or did anything stand out in those logs?

Thanks.

Share this post


Link to post
Share on other sites

Of course. :)

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next reply, post the following log files:

  • TDSSKiller log
  • ComboFix log

Share this post


Link to post
Share on other sites

I ran TDSS killer and have the log file, but I could not get combofix to go beyond the page where it talks about "scanning may take 10 mins or longer." I disabled my antivirus and had no messages or problems with that but it did not make any visible progress on the scan after about 30 minutes.

TDSS seemed to fix up my browser hijack problem and the security center is at least working now. But I still cannot turn on windows firewall. Could this be a problem with my antivirus or is it more infection?

Should I just wait longer for combofix to work or try something else?

Thanks.

12:20:49.0945 4892 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43

12:20:50.0273 4892 ============================================================

12:20:50.0273 4892 Current date / time: 2012/03/18 12:20:50.0273

12:20:50.0273 4892 SystemInfo:

12:20:50.0273 4892

12:20:50.0273 4892 OS Version: 6.0.6001 ServicePack: 1.0

12:20:50.0273 4892 Product type: Workstation

12:20:50.0273 4892 ComputerName: WHEELS_LAPTOP

12:20:50.0273 4892 UserName: Wheels

12:20:50.0273 4892 Windows directory: C:\Windows

12:20:50.0273 4892 System windows directory: C:\Windows

12:20:50.0273 4892 Processor architecture: Intel x86

12:20:50.0273 4892 Number of processors: 2

12:20:50.0273 4892 Page size: 0x1000

12:20:50.0273 4892 Boot type: Normal boot

12:20:50.0273 4892 ============================================================

12:20:53.0440 4892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:20:53.0440 4892 Drive \Device\Harddisk1\DR1 - Size: 0x1DCC00000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:20:53.0440 4892 \Device\Harddisk0\DR0:

12:20:53.0440 4892 MBR used

12:20:53.0440 4892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x11B5F000

12:20:53.0440 4892 \Device\Harddisk1\DR1:

12:20:53.0440 4892 MBR used

12:20:53.0440 4892 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEE4080

12:20:53.0502 4892 Initialize success

12:20:53.0502 4892 ============================================================

12:21:38.0383 5312 ============================================================

12:21:38.0383 5312 Scan started

12:21:38.0383 5312 Mode: Manual; SigCheck; TDLFS;

12:21:38.0383 5312 ============================================================

12:21:39.0241 5312 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

12:21:39.0553 5312 ACPI - ok

12:21:39.0741 5312 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

12:21:39.0819 5312 adp94xx - ok

12:21:39.0959 5312 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

12:21:40.0006 5312 adpahci - ok

12:21:40.0131 5312 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

12:21:40.0162 5312 adpu160m - ok

12:21:40.0209 5312 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

12:21:40.0240 5312 adpu320 - ok

12:21:40.0333 5312 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

12:21:40.0427 5312 AFD - ok

12:21:40.0536 5312 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

12:21:40.0708 5312 AgereSoftModem - ok

12:21:40.0770 5312 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

12:21:40.0801 5312 agp440 - ok

12:21:40.0864 5312 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

12:21:40.0942 5312 aic78xx - ok

12:21:40.0989 5312 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

12:21:41.0004 5312 aliide - ok

12:21:41.0051 5312 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

12:21:41.0082 5312 amdagp - ok

12:21:41.0129 5312 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

12:21:41.0145 5312 amdide - ok

12:21:41.0207 5312 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

12:21:41.0394 5312 AmdK7 - ok

12:21:41.0441 5312 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

12:21:41.0535 5312 AmdK8 - ok

12:21:41.0706 5312 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

12:21:41.0737 5312 arc - ok

12:21:41.0862 5312 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

12:21:41.0878 5312 arcsas - ok

12:21:41.0956 5312 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

12:21:42.0018 5312 AsyncMac - ok

12:21:42.0049 5312 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

12:21:42.0065 5312 atapi - ok

12:21:42.0174 5312 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys

12:21:42.0283 5312 athr - ok

12:21:42.0455 5312 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys

12:21:42.0876 5312 atikmdag - ok

12:21:43.0063 5312 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

12:21:43.0157 5312 AtiPcie - ok

12:21:43.0407 5312 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

12:21:44.0046 5312 avgntflt - ok

12:21:44.0202 5312 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys

12:21:44.0218 5312 avipbb - ok

12:21:44.0296 5312 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

12:21:44.0358 5312 Beep - ok

12:21:44.0405 5312 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

12:21:44.0452 5312 blbdrive - ok

12:21:44.0545 5312 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

12:21:44.0592 5312 bowser - ok

12:21:44.0639 5312 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

12:21:44.0748 5312 BrFiltLo - ok

12:21:44.0764 5312 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

12:21:44.0811 5312 BrFiltUp - ok

12:21:44.0873 5312 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

12:21:45.0185 5312 Brserid - ok

12:21:45.0310 5312 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

12:21:45.0372 5312 BrSerWdm - ok

12:21:45.0528 5312 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

12:21:45.0622 5312 BrUsbMdm - ok

12:21:45.0684 5312 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

12:21:45.0825 5312 BrUsbSer - ok

12:21:45.0903 5312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

12:21:45.0996 5312 BTHMODEM - ok

12:21:46.0152 5312 catchme - ok

12:21:46.0277 5312 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

12:21:46.0371 5312 cdfs - ok

12:21:46.0417 5312 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

12:21:46.0495 5312 cdrom - ok

12:21:46.0527 5312 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

12:21:46.0651 5312 circlass - ok

12:21:46.0729 5312 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

12:21:46.0761 5312 CLFS - ok

12:21:46.0885 5312 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

12:21:46.0963 5312 CmBatt - ok

12:21:47.0026 5312 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

12:21:47.0041 5312 cmdide - ok

12:21:47.0119 5312 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

12:21:47.0135 5312 Compbatt - ok

12:21:47.0182 5312 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

12:21:47.0197 5312 crcdisk - ok

12:21:47.0229 5312 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

12:21:47.0291 5312 Crusoe - ok

12:21:47.0369 5312 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys

12:21:47.0416 5312 DfsC - ok

12:21:47.0463 5312 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

12:21:47.0478 5312 disk - ok

12:21:47.0572 5312 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

12:21:47.0603 5312 Dot4 - ok

12:21:47.0650 5312 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

12:21:47.0728 5312 Dot4Print - ok

12:21:47.0790 5312 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

12:21:47.0899 5312 dot4usb - ok

12:21:47.0962 5312 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

12:21:48.0024 5312 drmkaud - ok

12:21:48.0087 5312 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

12:21:48.0227 5312 DXGKrnl - ok

12:21:48.0321 5312 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

12:21:48.0430 5312 E1G60 - ok

12:21:48.0523 5312 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

12:21:48.0570 5312 Ecache - ok

12:21:48.0726 5312 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys

12:21:48.0757 5312 ElbyCDIO - ok

12:21:48.0804 5312 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

12:21:48.0851 5312 elxstor - ok

12:21:48.0913 5312 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

12:21:49.0023 5312 ErrDev - ok

12:21:49.0085 5312 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

12:21:49.0163 5312 exfat - ok

12:21:49.0241 5312 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

12:21:49.0335 5312 fastfat - ok

12:21:49.0366 5312 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

12:21:49.0444 5312 fdc - ok

12:21:49.0569 5312 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

12:21:49.0600 5312 FileInfo - ok

12:21:49.0631 5312 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

12:21:49.0709 5312 Filetrace - ok

12:21:49.0834 5312 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

12:21:50.0146 5312 flpydisk - ok

12:21:50.0224 5312 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

12:21:50.0286 5312 FltMgr - ok

12:21:50.0349 5312 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

12:21:50.0411 5312 Fs_Rec - ok

12:21:50.0458 5312 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys

12:21:50.0505 5312 FwLnk - ok

12:21:50.0536 5312 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

12:21:50.0567 5312 gagp30kx - ok

12:21:50.0629 5312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

12:21:50.0661 5312 GEARAspiWDM - ok

12:21:50.0754 5312 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

12:21:50.0863 5312 HdAudAddService - ok

12:21:50.0895 5312 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

12:21:50.0957 5312 HDAudBus - ok

12:21:51.0097 5312 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

12:21:51.0207 5312 HidBth - ok

12:21:51.0363 5312 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

12:21:51.0503 5312 HidIr - ok

12:21:51.0597 5312 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

12:21:51.0659 5312 HidUsb - ok

12:21:51.0721 5312 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

12:21:51.0753 5312 HpCISSs - ok

12:21:51.0831 5312 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

12:21:51.0971 5312 HTTP - ok

12:21:52.0018 5312 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

12:21:52.0049 5312 i2omp - ok

12:21:52.0189 5312 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

12:21:52.0283 5312 i8042prt - ok

12:21:52.0330 5312 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

12:21:52.0361 5312 iaStorV - ok

12:21:52.0439 5312 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

12:21:52.0470 5312 iirsp - ok

12:21:52.0720 5312 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys

12:21:52.0954 5312 IntcAzAudAddService - ok

12:21:53.0157 5312 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

12:21:53.0172 5312 intelide - ok

12:21:53.0235 5312 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

12:21:53.0313 5312 intelppm - ok

12:21:53.0359 5312 IO_Memory - ok

12:21:53.0406 5312 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:21:53.0515 5312 IpFilterDriver - ok

12:21:53.0531 5312 IpInIp - ok

12:21:53.0578 5312 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

12:21:53.0656 5312 IPMIDRV - ok

12:21:53.0749 5312 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

12:21:53.0827 5312 IPNAT - ok

12:21:53.0937 5312 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

12:21:53.0999 5312 IRENUM - ok

12:21:54.0046 5312 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

12:21:54.0061 5312 isapnp - ok

12:21:54.0171 5312 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

12:21:54.0186 5312 iScsiPrt - ok

12:21:54.0217 5312 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

12:21:54.0233 5312 iteatapi - ok

12:21:54.0264 5312 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

12:21:54.0280 5312 iteraid - ok

12:21:54.0607 5312 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys

12:21:54.0685 5312 jswpslwf - ok

12:21:54.0795 5312 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

12:21:54.0810 5312 kbdclass - ok

12:21:54.0873 5312 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

12:21:54.0951 5312 kbdhid - ok

12:21:55.0044 5312 KLIF (482748344c42e4d5f604675a11097f0e) C:\Windows\system32\DRIVERS\klif.sys

12:21:55.0075 5312 KLIF - ok

12:21:55.0185 5312 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys

12:21:55.0278 5312 KR10I - ok

12:21:55.0481 5312 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys

12:21:55.0512 5312 KR10N - ok

12:21:55.0575 5312 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

12:21:55.0684 5312 KSecDD - ok

12:21:55.0777 5312 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

12:21:55.0887 5312 lltdio - ok

12:21:55.0996 5312 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

12:21:56.0027 5312 LSI_FC - ok

12:21:56.0058 5312 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

12:21:56.0074 5312 LSI_SAS - ok

12:21:56.0199 5312 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

12:21:56.0214 5312 LSI_SCSI - ok

12:21:56.0245 5312 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

12:21:56.0292 5312 luafv - ok

12:21:56.0339 5312 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

12:21:56.0355 5312 megasas - ok

12:21:56.0401 5312 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

12:21:56.0433 5312 MegaSR - ok

12:21:56.0495 5312 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

12:21:56.0557 5312 Modem - ok

12:21:56.0589 5312 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

12:21:56.0635 5312 monitor - ok

12:21:56.0776 5312 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

12:21:56.0791 5312 mouclass - ok

12:21:56.0823 5312 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

12:21:56.0854 5312 mouhid - ok

12:21:56.0869 5312 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

12:21:56.0885 5312 MountMgr - ok

12:21:56.0932 5312 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

12:21:56.0947 5312 mpio - ok

12:21:56.0963 5312 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

12:21:57.0010 5312 mpsdrv - ok

12:21:57.0072 5312 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

12:21:57.0088 5312 Mraid35x - ok

12:21:57.0119 5312 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

12:21:57.0306 5312 MRxDAV - ok

12:21:57.0431 5312 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

12:21:57.0478 5312 mrxsmb - ok

12:21:57.0571 5312 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:21:57.0618 5312 mrxsmb10 - ok

12:21:57.0634 5312 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:21:57.0712 5312 mrxsmb20 - ok

12:21:57.0759 5312 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

12:21:57.0774 5312 msahci - ok

12:21:57.0805 5312 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

12:21:57.0837 5312 msdsm - ok

12:21:57.0883 5312 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

12:21:57.0961 5312 Msfs - ok

12:21:58.0008 5312 msisadrv (1e00b9b8601f24a96ad71a7d0fc5f136) C:\Windows\system32\drivers\msisadrv.sys

12:21:58.0024 5312 msisadrv - ok

12:21:58.0086 5312 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

12:21:58.0211 5312 MSKSSRV - ok

12:21:58.0305 5312 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

12:21:58.0383 5312 MSPCLOCK - ok

12:21:58.0492 5312 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

12:21:58.0554 5312 MSPQM - ok

12:21:58.0585 5312 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

12:21:58.0617 5312 MsRPC - ok

12:21:58.0663 5312 mssmbios (215634cf935b696e3ebca813d02e9165) C:\Windows\system32\DRIVERS\mssmbios.sys

12:21:58.0679 5312 mssmbios - ok

12:21:58.0710 5312 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

12:21:58.0819 5312 MSTEE - ok

12:21:58.0929 5312 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

12:21:58.0944 5312 Mup - ok

12:21:59.0022 5312 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

12:21:59.0100 5312 NativeWifiP - ok

12:21:59.0147 5312 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

12:21:59.0287 5312 NDIS - ok

12:21:59.0334 5312 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

12:21:59.0397 5312 NdisTapi - ok

12:21:59.0412 5312 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

12:21:59.0475 5312 Ndisuio - ok

12:21:59.0521 5312 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

12:21:59.0599 5312 NdisWan - ok

12:21:59.0677 5312 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

12:21:59.0818 5312 NDProxy - ok

12:21:59.0896 5312 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

12:21:59.0974 5312 NetBIOS - ok

12:22:00.0021 5312 netbt (f353aa9957ee69ad05e7ae695a5dde72) C:\Windows\system32\DRIVERS\netbt.sys

12:22:00.0021 5312 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: f353aa9957ee69ad05e7ae695a5dde72, Fake md5: 7c5fee5b1c5728507cd96fb4a13e7a02

12:22:00.0021 5312 netbt ( Virus.Win32.ZAccess.aml ) - infected

12:22:00.0021 5312 netbt - detected Virus.Win32.ZAccess.aml (0)

12:22:00.0083 5312 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

12:22:00.0099 5312 nfrd960 - ok

12:22:00.0130 5312 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

12:22:00.0208 5312 Npfs - ok

12:22:00.0239 5312 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

12:22:00.0333 5312 nsiproxy - ok

12:22:00.0551 5312 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

12:22:00.0723 5312 Ntfs - ok

12:22:00.0769 5312 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

12:22:00.0879 5312 ntrigdigi - ok

12:22:00.0957 5312 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

12:22:01.0066 5312 Null - ok

12:22:01.0144 5312 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

12:22:01.0175 5312 nvraid - ok

12:22:01.0222 5312 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

12:22:01.0253 5312 nvstor - ok

12:22:01.0284 5312 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

12:22:01.0300 5312 nv_agp - ok

12:22:01.0315 5312 NwlnkFlt - ok

12:22:01.0347 5312 NwlnkFwd - ok

12:22:01.0393 5312 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

12:22:01.0471 5312 ohci1394 - ok

12:22:01.0549 5312 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

12:22:01.0627 5312 Parport - ok

12:22:01.0659 5312 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

12:22:01.0674 5312 partmgr - ok

12:22:01.0705 5312 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

12:22:01.0955 5312 Parvdm - ok

12:22:02.0064 5312 pci (eca39351296d905baa4fa3244c152b00) C:\Windows\system32\drivers\pci.sys

12:22:02.0095 5312 pci - ok

12:22:02.0158 5312 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

12:22:02.0173 5312 pciide - ok

12:22:02.0236 5312 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

12:22:02.0251 5312 pcmcia - ok

12:22:02.0314 5312 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

12:22:02.0439 5312 PEAUTH - ok

12:22:02.0532 5312 pgfilter - ok

12:22:02.0719 5312 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

12:22:02.0782 5312 PptpMiniport - ok

12:22:02.0861 5312 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

12:22:02.0939 5312 Processor - ok

12:22:03.0017 5312 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

12:22:03.0079 5312 PSched - ok

12:22:03.0110 5312 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

12:22:03.0142 5312 PxHelp20 - ok

12:22:03.0298 5312 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

12:22:03.0438 5312 ql2300 - ok

12:22:03.0454 5312 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

12:22:03.0485 5312 ql40xx - ok

12:22:03.0516 5312 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

12:22:03.0547 5312 QWAVEdrv - ok

12:22:03.0594 5312 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

12:22:03.0641 5312 RasAcd - ok

12:22:03.0672 5312 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

12:22:03.0719 5312 Rasl2tp - ok

12:22:03.0766 5312 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

12:22:03.0812 5312 RasPppoe - ok

12:22:03.0828 5312 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

12:22:03.0859 5312 RasSstp - ok

12:22:03.0906 5312 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

12:22:04.0015 5312 rdbss - ok

12:22:04.0046 5312 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

12:22:04.0078 5312 RDPCDD - ok

12:22:04.0124 5312 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

12:22:04.0171 5312 rdpdr - ok

12:22:04.0249 5312 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

12:22:04.0343 5312 RDPENCDD - ok

12:22:04.0436 5312 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

12:22:04.0499 5312 RDPWD - ok

12:22:04.0577 5312 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

12:22:04.0624 5312 rspndr - ok

12:22:04.0686 5312 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys

12:22:04.0733 5312 RTL8169 - ok

12:22:04.0764 5312 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS

12:22:04.0795 5312 RTSTOR - ok

12:22:04.0842 5312 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

12:22:04.0858 5312 sbp2port - ok

12:22:04.0936 5312 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

12:22:05.0076 5312 secdrv - ok

12:22:05.0123 5312 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

12:22:05.0216 5312 Serenum - ok

12:22:05.0294 5312 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

12:22:05.0404 5312 Serial - ok

12:22:05.0450 5312 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

12:22:05.0497 5312 sermouse - ok

12:22:05.0544 5312 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

12:22:05.0575 5312 sffdisk - ok

12:22:05.0622 5312 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

12:22:05.0653 5312 sffp_mmc - ok

12:22:05.0669 5312 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

12:22:05.0700 5312 sffp_sd - ok

12:22:05.0747 5312 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

12:22:05.0809 5312 sfloppy - ok

12:22:05.0857 5312 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

12:22:05.0888 5312 sisagp - ok

12:22:05.0919 5312 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

12:22:05.0919 5312 SiSRaid2 - ok

12:22:05.0951 5312 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

12:22:05.0966 5312 SiSRaid4 - ok

12:22:06.0013 5312 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

12:22:06.0060 5312 Smb - ok

12:22:06.0372 5312 SNP2UVC (facaf54a5547e0a7d9dbefb2f8058d39) C:\Windows\system32\DRIVERS\snp2uvc.sys

12:22:06.0653 5312 SNP2UVC - ok

12:22:06.0824 5312 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

12:22:06.0840 5312 spldr - ok

12:22:06.0933 5312 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

12:22:07.0027 5312 srv - ok

12:22:07.0121 5312 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

12:22:07.0183 5312 srv2 - ok

12:22:07.0261 5312 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

12:22:07.0308 5312 srvnet - ok

12:22:07.0386 5312 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

12:22:07.0401 5312 ssmdrv - ok

12:22:07.0479 5312 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys

12:22:07.0511 5312 SVRPEDRV ( UnsignedFile.Multi.Generic ) - warning

12:22:07.0511 5312 SVRPEDRV - detected UnsignedFile.Multi.Generic (1)

12:22:07.0557 5312 swenum (97e089971a6aba49ad5592bd6298e416) C:\Windows\system32\DRIVERS\swenum.sys

12:22:07.0573 5312 swenum - ok

12:22:07.0635 5312 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

12:22:07.0651 5312 Symc8xx - ok

12:22:07.0713 5312 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

12:22:07.0729 5312 Sym_hi - ok

12:22:07.0760 5312 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

12:22:07.0776 5312 Sym_u3 - ok

12:22:07.0854 5312 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys

12:22:07.0885 5312 SynTP - ok

12:22:07.0994 5312 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys

12:22:08.0072 5312 Tcpip - ok

12:22:08.0119 5312 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys

12:22:08.0166 5312 Tcpip6 - ok

12:22:08.0337 5312 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

12:22:08.0415 5312 tcpipreg - ok

12:22:08.0509 5312 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys

12:22:08.0540 5312 tdcmdpst - ok

12:22:08.0571 5312 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

12:22:08.0649 5312 TDPIPE - ok

12:22:08.0681 5312 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

12:22:08.0727 5312 TDTCP - ok

12:22:08.0774 5312 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

12:22:08.0821 5312 tdx - ok

12:22:08.0883 5312 TermDD (718b2f4355cd8eb2844741addac0e622) C:\Windows\system32\DRIVERS\termdd.sys

12:22:08.0899 5312 TermDD - ok

12:22:09.0086 5312 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

12:22:09.0180 5312 tos_sps32 - ok

12:22:09.0336 5312 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

12:22:09.0398 5312 tssecsrv - ok

12:22:09.0461 5312 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

12:22:09.0507 5312 tunmp - ok

12:22:09.0554 5312 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

12:22:09.0617 5312 tunnel - ok

12:22:09.0648 5312 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

12:22:09.0663 5312 TVALZ - ok

12:22:09.0695 5312 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

12:22:09.0726 5312 uagp35 - ok

12:22:09.0757 5312 udfs (c985b36e127ea9b8a92396120bff52d8) C:\Windows\system32\DRIVERS\udfs.sys

12:22:09.0819 5312 udfs - ok

12:22:09.0882 5312 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

12:22:09.0913 5312 uliagpkx - ok

12:22:09.0960 5312 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

12:22:09.0991 5312 uliahci - ok

12:22:10.0022 5312 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

12:22:10.0053 5312 UlSata - ok

12:22:10.0085 5312 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

12:22:10.0116 5312 ulsata2 - ok

12:22:10.0131 5312 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

12:22:10.0194 5312 umbus - ok

12:22:10.0272 5312 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

12:22:10.0381 5312 USBAAPL - ok

12:22:10.0412 5312 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

12:22:10.0490 5312 usbccgp - ok

12:22:10.0521 5312 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

12:22:10.0646 5312 usbcir - ok

12:22:10.0693 5312 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

12:22:10.0755 5312 usbehci - ok

12:22:10.0818 5312 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

12:22:10.0911 5312 usbhub - ok

12:22:10.0943 5312 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys

12:22:11.0052 5312 usbohci - ok

12:22:11.0177 5312 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

12:22:11.0255 5312 usbprint - ok

12:22:11.0333 5312 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

12:22:11.0411 5312 usbscan - ok

12:22:11.0457 5312 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:22:11.0535 5312 USBSTOR - ok

12:22:11.0582 5312 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

12:22:11.0676 5312 usbuhci - ok

12:22:11.0707 5312 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

12:22:11.0801 5312 usbvideo - ok

12:22:11.0989 5312 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys

12:22:12.0067 5312 VClone - ok

12:22:12.0145 5312 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

12:22:12.0254 5312 vga - ok

12:22:12.0379 5312 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

12:22:12.0426 5312 VgaSave - ok

12:22:12.0457 5312 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

12:22:12.0472 5312 viaagp - ok

12:22:12.0504 5312 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

12:22:12.0535 5312 ViaC7 - ok

12:22:12.0582 5312 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

12:22:12.0597 5312 viaide - ok

12:22:12.0613 5312 volmgr (bdd98bbe7323fc0975a26373d8050471) C:\Windows\system32\drivers\volmgr.sys

12:22:12.0628 5312 volmgr - ok

12:22:12.0660 5312 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

12:22:12.0675 5312 volmgrx - ok

12:22:12.0706 5312 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

12:22:12.0722 5312 volsnap - ok

12:22:12.0738 5312 vsdatant - ok

12:22:12.0816 5312 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

12:22:12.0831 5312 vsmraid - ok

12:22:12.0894 5312 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

12:22:12.0972 5312 WacomPen - ok

12:22:13.0034 5312 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:22:13.0143 5312 Wanarp - ok

12:22:13.0159 5312 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

12:22:13.0190 5312 Wanarpv6 - ok

12:22:13.0237 5312 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

12:22:13.0237 5312 Wd - ok

12:22:13.0284 5312 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

12:22:13.0330 5312 Wdf01000 - ok

12:22:13.0486 5312 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

12:22:13.0518 5312 WmiAcpi - ok

12:22:13.0627 5312 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

12:22:13.0674 5312 WpdUsb - ok

12:22:13.0720 5312 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

12:22:13.0752 5312 ws2ifsl - ok

12:22:13.0798 5312 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

12:22:13.0908 5312 WUDFRd - ok

12:22:13.0954 5312 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

12:22:14.0079 5312 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

12:22:14.0079 5312 \Device\Harddisk0\DR0 - detected TDSS File System (1)

12:22:14.0095 5312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

12:22:18.0151 5312 \Device\Harddisk1\DR1 - ok

12:22:18.0182 5312 Boot (0x1200) (12f100d1d56e795e1b0464f60d86714b) \Device\Harddisk0\DR0\Partition0

12:22:18.0198 5312 \Device\Harddisk0\DR0\Partition0 - ok

12:22:18.0198 5312 Boot (0x1200) (feeb2c46e5c948fa9410dc717a03b9fa) \Device\Harddisk1\DR1\Partition0

12:22:18.0198 5312 \Device\Harddisk1\DR1\Partition0 - ok

12:22:18.0213 5312 ============================================================

12:22:18.0213 5312 Scan finished

12:22:18.0213 5312 ============================================================

12:22:18.0244 5304 Detected object count: 3

12:22:18.0244 5304 Actual detected object count: 3

12:24:15.0683 5304 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine

12:24:15.0855 5304 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbt.sys) error 1813

12:24:40.0846 5304 Backup copy found, using it..

12:24:41.0283 5304 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot

12:24:57.0897 5304 netbt ( Virus.Win32.ZAccess.aml ) - User select action: Cure

12:24:57.0897 5304 SVRPEDRV ( UnsignedFile.Multi.Generic ) - skipped by user

12:24:57.0897 5304 SVRPEDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

12:24:57.0912 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

12:24:57.0912 5304 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

12:25:17.0273 4888 Deinitialize success

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Topic re-opened per member request.

@knight78

You must henceforth follow your helper's guidance in a timely manner.

Do as requested by Maniac in his reply of the 19th.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.