BOO/TDss.M Help

View previous topic View next topic Go down

BOO/TDss.M Help

Post by jordiev on 29th October 2011, 4:24 am

I have used the aswMBR.exe and was wondering if you could please check these log files.


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-29 17:19:26
-----------------------------
17:19:26.640 OS Version: Windows 6.1.7600
17:19:26.640 Number of processors: 2 586 0x170A
17:19:26.642 ComputerName: CAELAN-LAPTOP UserName: Caelan
17:19:30.069 Initialize success
17:20:59.133 AVAST engine defs: 11102802
17:21:45.315 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:21:45.319 Disk 0 Vendor: TOSHIBA_ GC00 Size: 305245MB BusType: 3
17:21:45.334 Disk 0 MBR read successfully
17:21:45.337 Disk 0 MBR scan
17:21:45.598 Disk 0 MBR:Alureon-G [Rtk]
17:21:45.604 Disk 0 TDL4@MBR code has been found
17:21:45.609 Disk 0 MBR hidden
17:21:45.613 Disk 0 MBR [TDL4] **ROOTKIT**
17:21:45.617 Disk 0 trace - called modules:
17:21:45.621 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x868fe4d0]<<
17:21:45.626 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868c47a0]
17:21:45.632 3 CLASSPNP.SYS[88d8c59e] -> nt!IofCallDriver -> [0x869c5028]
17:21:45.638 \Driver\iaStor[0x868cd400] -> IRP_MJ_CREATE -> 0x868fe4d0
17:21:45.980 AVAST engine scan
17:21:45.988 Scan finished successfully
17:21:55.067 Disk 0 MBR has been saved successfully to "E:\Desktop\MBR.dat"
17:21:55.097 The log file has been saved successfully to "E:\Desktop\aswMBR.txt"


jordiev
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-10-29
OS OS : 2007 Home Premium
Points Points : 18733
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by Superdave on 29th October 2011, 6:56 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by jordiev on 30th October 2011, 7:58 am

Thanks Dave, this is the report.


20:49:44.0535 5876 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
20:49:45.0455 5876 ============================================================
20:49:45.0455 5876 Current date / time: 2011/10/30 20:49:45.0455
20:49:45.0455 5876 SystemInfo:
20:49:45.0455 5876
20:49:45.0455 5876 OS Version: 6.1.7600 ServicePack: 0.0
20:49:45.0455 5876 Product type: Workstation
20:49:45.0455 5876 ComputerName: CAELAN-LAPTOP
20:49:45.0455 5876 UserName: Caelan
20:49:45.0455 5876 Windows directory: C:\windows
20:49:45.0455 5876 System windows directory: C:\windows
20:49:45.0455 5876 Processor architecture: Intel x86
20:49:45.0455 5876 Number of processors: 2
20:49:45.0455 5876 Page size: 0x1000
20:49:45.0455 5876 Boot type: Normal boot
20:49:45.0455 5876 ============================================================
20:49:46.0235 5876 Initialize success
20:50:04.0518 2052 ============================================================
20:50:04.0518 2052 Scan started
20:50:04.0518 2052 Mode: Manual;
20:50:04.0518 2052 ============================================================
20:50:04.0924 2052 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
20:50:04.0924 2052 1394ohci - ok
20:50:04.0955 2052 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
20:50:04.0955 2052 ACPI - ok
20:50:05.0064 2052 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
20:50:05.0080 2052 AcpiPmi - ok
20:50:05.0204 2052 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
20:50:05.0220 2052 adp94xx - ok
20:50:05.0345 2052 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
20:50:05.0345 2052 adpahci - ok
20:50:05.0454 2052 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
20:50:05.0470 2052 adpu320 - ok
20:50:05.0594 2052 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
20:50:05.0610 2052 AFD - ok
20:50:05.0704 2052 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
20:50:05.0704 2052 agp440 - ok
20:50:05.0828 2052 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
20:50:05.0844 2052 aic78xx - ok
20:50:05.0969 2052 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
20:50:05.0969 2052 aliide - ok
20:50:06.0078 2052 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
20:50:06.0078 2052 amdagp - ok
20:50:06.0187 2052 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
20:50:06.0187 2052 amdide - ok
20:50:06.0296 2052 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
20:50:06.0296 2052 AmdK8 - ok
20:50:06.0421 2052 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
20:50:06.0421 2052 AmdPPM - ok
20:50:06.0530 2052 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
20:50:06.0530 2052 amdsata - ok
20:50:06.0640 2052 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
20:50:06.0655 2052 amdsbs - ok
20:50:06.0686 2052 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
20:50:06.0686 2052 amdxata - ok
20:50:06.0874 2052 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
20:50:06.0874 2052 AppID - ok
20:50:06.0998 2052 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
20:50:07.0014 2052 arc - ok
20:50:07.0045 2052 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
20:50:07.0045 2052 arcsas - ok
20:50:07.0201 2052 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
20:50:07.0201 2052 AsyncMac - ok
20:50:07.0326 2052 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
20:50:07.0326 2052 atapi - ok
20:50:07.0498 2052 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
20:50:07.0513 2052 athr - ok
20:50:07.0685 2052 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\windows\system32\DRIVERS\avgntflt.sys
20:50:07.0685 2052 avgntflt - ok
20:50:07.0810 2052 avipbb (912d23140cd05980f6cdae790ddafc8d) C:\windows\system32\DRIVERS\avipbb.sys
20:50:07.0825 2052 avipbb - ok
20:50:07.0934 2052 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\windows\system32\DRIVERS\avkmgr.sys
20:50:07.0934 2052 avkmgr - ok
20:50:08.0075 2052 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
20:50:08.0090 2052 b06bdrv - ok
20:50:08.0200 2052 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
20:50:08.0231 2052 b57nd60x - ok
20:50:08.0371 2052 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
20:50:08.0371 2052 Beep - ok
20:50:08.0527 2052 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
20:50:08.0527 2052 blbdrive - ok
20:50:08.0668 2052 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
20:50:08.0668 2052 bowser - ok
20:50:08.0777 2052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:50:08.0777 2052 BrFiltLo - ok
20:50:08.0886 2052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:50:08.0886 2052 BrFiltUp - ok
20:50:09.0011 2052 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
20:50:09.0011 2052 Brserid - ok
20:50:09.0104 2052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
20:50:09.0104 2052 BrSerWdm - ok
20:50:09.0214 2052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
20:50:09.0214 2052 BrUsbMdm - ok
20:50:09.0229 2052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
20:50:09.0229 2052 BrUsbSer - ok
20:50:09.0260 2052 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
20:50:09.0260 2052 BTHMODEM - ok
20:50:09.0385 2052 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
20:50:09.0385 2052 cdfs - ok
20:50:09.0510 2052 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
20:50:09.0510 2052 cdrom - ok
20:50:09.0650 2052 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
20:50:09.0650 2052 circlass - ok
20:50:09.0744 2052 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
20:50:09.0744 2052 CLFS - ok
20:50:09.0900 2052 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
20:50:09.0900 2052 CmBatt - ok
20:50:09.0916 2052 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
20:50:09.0916 2052 cmdide - ok
20:50:10.0025 2052 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
20:50:10.0040 2052 CNG - ok
20:50:10.0181 2052 CnxtHdAudService (38b2b74dd1515cf70e8e33ab3a16ca07) C:\windows\system32\drivers\CHDRT32.sys
20:50:10.0181 2052 CnxtHdAudService - ok
20:50:10.0306 2052 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
20:50:10.0306 2052 Compbatt - ok
20:50:10.0415 2052 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
20:50:10.0415 2052 CompositeBus - ok
20:50:10.0555 2052 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
20:50:10.0555 2052 crcdisk - ok
20:50:10.0696 2052 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
20:50:10.0696 2052 DfsC - ok
20:50:10.0805 2052 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
20:50:10.0805 2052 discache - ok
20:50:10.0914 2052 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
20:50:10.0914 2052 Disk - ok
20:50:11.0070 2052 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
20:50:11.0070 2052 Dot4 - ok
20:50:11.0179 2052 Dot4Print (c25fea07a8e7767e8b89ab96a3b96519) C:\windows\system32\DRIVERS\Dot4Prt.sys
20:50:11.0195 2052 Dot4Print - ok
20:50:11.0288 2052 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
20:50:11.0288 2052 dot4usb - ok
20:50:11.0413 2052 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
20:50:11.0413 2052 drmkaud - ok
20:50:11.0554 2052 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
20:50:11.0554 2052 DXGKrnl - ok
20:50:11.0663 2052 EagleXNt - ok
20:50:11.0912 2052 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
20:50:12.0053 2052 ebdrv - ok
20:50:12.0193 2052 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
20:50:12.0193 2052 elxstor - ok
20:50:12.0302 2052 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
20:50:12.0302 2052 ErrDev - ok
20:50:12.0427 2052 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
20:50:12.0427 2052 exfat - ok
20:50:12.0521 2052 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
20:50:12.0521 2052 fastfat - ok
20:50:12.0646 2052 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
20:50:12.0646 2052 fdc - ok
20:50:12.0755 2052 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
20:50:12.0755 2052 FileInfo - ok
20:50:12.0864 2052 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
20:50:12.0880 2052 Filetrace - ok
20:50:12.0989 2052 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
20:50:12.0989 2052 flpydisk - ok
20:50:13.0098 2052 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
20:50:13.0098 2052 FltMgr - ok
20:50:13.0223 2052 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
20:50:13.0223 2052 FsDepends - ok
20:50:13.0332 2052 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
20:50:13.0332 2052 Fs_Rec - ok
20:50:13.0457 2052 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
20:50:13.0472 2052 fvevol - ok
20:50:13.0582 2052 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
20:50:13.0582 2052 FwLnk - ok
20:50:13.0691 2052 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
20:50:13.0691 2052 gagp30kx - ok
20:50:13.0847 2052 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
20:50:13.0847 2052 hcw85cir - ok
20:50:13.0956 2052 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
20:50:13.0956 2052 HdAudAddService - ok
20:50:14.0065 2052 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
20:50:14.0065 2052 HDAudBus - ok
20:50:14.0174 2052 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
20:50:14.0174 2052 HidBatt - ok
20:50:14.0284 2052 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
20:50:14.0284 2052 HidBth - ok
20:50:14.0393 2052 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
20:50:14.0393 2052 HidIr - ok
20:50:14.0533 2052 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
20:50:14.0533 2052 HidUsb - ok
20:50:14.0689 2052 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
20:50:14.0689 2052 HpSAMD - ok
20:50:14.0830 2052 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
20:50:14.0830 2052 HTTP - ok
20:50:14.0923 2052 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
20:50:14.0923 2052 hwpolicy - ok
20:50:15.0048 2052 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
20:50:15.0064 2052 i8042prt - ok
20:50:15.0188 2052 iaStor (01446278d4563b3013c92830ae6cbb26) C:\windows\system32\DRIVERS\iaStor.sys
20:50:15.0188 2052 iaStor - ok
20:50:15.0298 2052 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
20:50:15.0313 2052 iaStorV - ok
20:50:15.0703 2052 igfx (b3a313080b0f73f4c8292290606fc15d) C:\windows\system32\DRIVERS\igdkmd32.sys
20:50:15.0953 2052 igfx - ok
20:50:16.0062 2052 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
20:50:16.0062 2052 iirsp - ok
20:50:16.0171 2052 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
20:50:16.0171 2052 intelide - ok
20:50:16.0280 2052 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
20:50:16.0280 2052 intelppm - ok
20:50:16.0390 2052 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:50:16.0390 2052 IpFilterDriver - ok
20:50:16.0530 2052 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
20:50:16.0530 2052 IPMIDRV - ok
20:50:16.0639 2052 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
20:50:16.0639 2052 IPNAT - ok
20:50:16.0748 2052 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
20:50:16.0748 2052 IRENUM - ok
20:50:16.0858 2052 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
20:50:16.0858 2052 isapnp - ok
20:50:16.0967 2052 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
20:50:16.0967 2052 iScsiPrt - ok
20:50:17.0092 2052 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
20:50:17.0092 2052 kbdclass - ok
20:50:17.0201 2052 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
20:50:17.0201 2052 kbdhid - ok
20:50:17.0310 2052 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
20:50:17.0310 2052 KSecDD - ok
20:50:17.0357 2052 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
20:50:17.0357 2052 KSecPkg - ok
20:50:17.0466 2052 L1C (ed8227578b0a3a3f8545388fb11782c1) C:\windows\system32\DRIVERS\L1C62x86.sys
20:50:17.0466 2052 L1C - ok
20:50:17.0622 2052 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
20:50:17.0622 2052 lltdio - ok
20:50:17.0747 2052 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
20:50:17.0747 2052 LSI_FC - ok
20:50:17.0856 2052 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
20:50:17.0856 2052 LSI_SAS - ok
20:50:17.0981 2052 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:50:17.0981 2052 LSI_SAS2 - ok
20:50:18.0074 2052 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:50:18.0090 2052 LSI_SCSI - ok
20:50:18.0199 2052 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
20:50:18.0199 2052 luafv - ok
20:50:18.0308 2052 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
20:50:18.0308 2052 megasas - ok
20:50:18.0433 2052 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
20:50:18.0433 2052 MegaSR - ok
20:50:18.0527 2052 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
20:50:18.0542 2052 Modem - ok
20:50:18.0652 2052 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
20:50:18.0652 2052 monitor - ok
20:50:18.0761 2052 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
20:50:18.0761 2052 mouclass - ok
20:50:18.0854 2052 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
20:50:18.0870 2052 mouhid - ok
20:50:18.0964 2052 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
20:50:18.0979 2052 mountmgr - ok
20:50:19.0088 2052 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
20:50:19.0088 2052 mpio - ok
20:50:19.0198 2052 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
20:50:19.0198 2052 mpsdrv - ok
20:50:19.0307 2052 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
20:50:19.0307 2052 MRxDAV - ok
20:50:19.0432 2052 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
20:50:19.0432 2052 mrxsmb - ok
20:50:19.0541 2052 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:50:19.0541 2052 mrxsmb10 - ok
20:50:19.0650 2052 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:50:19.0650 2052 mrxsmb20 - ok
20:50:19.0759 2052 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
20:50:19.0759 2052 msahci - ok
20:50:19.0853 2052 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
20:50:19.0853 2052 msdsm - ok
20:50:19.0900 2052 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
20:50:19.0900 2052 Msfs - ok
20:50:20.0009 2052 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
20:50:20.0009 2052 mshidkmdf - ok
20:50:20.0102 2052 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
20:50:20.0102 2052 msisadrv - ok
20:50:20.0227 2052 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
20:50:20.0227 2052 MSKSSRV - ok
20:50:20.0336 2052 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
20:50:20.0336 2052 MSPCLOCK - ok
20:50:20.0446 2052 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
20:50:20.0446 2052 MSPQM - ok
20:50:20.0555 2052 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
20:50:20.0555 2052 MsRPC - ok
20:50:20.0664 2052 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
20:50:20.0664 2052 mssmbios - ok
20:50:20.0804 2052 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
20:50:20.0804 2052 MSTEE - ok
20:50:20.0914 2052 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
20:50:20.0914 2052 MTConfig - ok
20:50:21.0023 2052 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
20:50:21.0023 2052 Mup - ok
20:50:21.0163 2052 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
20:50:21.0163 2052 NativeWifiP - ok
20:50:21.0319 2052 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
20:50:21.0319 2052 NDIS - ok
20:50:21.0444 2052 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
20:50:21.0444 2052 NdisCap - ok
20:50:21.0538 2052 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
20:50:21.0538 2052 NdisTapi - ok
20:50:21.0662 2052 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
20:50:21.0662 2052 Ndisuio - ok
20:50:21.0772 2052 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
20:50:21.0772 2052 NdisWan - ok
20:50:21.0881 2052 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
20:50:21.0881 2052 NDProxy - ok
20:50:21.0990 2052 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
20:50:21.0990 2052 NetBIOS - ok
20:50:22.0021 2052 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
20:50:22.0021 2052 NetBT - ok
20:50:22.0208 2052 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
20:50:22.0208 2052 nfrd960 - ok
20:50:22.0318 2052 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
20:50:22.0318 2052 Npfs - ok
20:50:22.0427 2052 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
20:50:22.0427 2052 nsiproxy - ok
20:50:22.0567 2052 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
20:50:22.0583 2052 Ntfs - ok
20:50:22.0692 2052 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
20:50:22.0692 2052 Null - ok
20:50:22.0801 2052 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
20:50:22.0817 2052 nvraid - ok
20:50:22.0926 2052 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
20:50:22.0926 2052 nvstor - ok
20:50:23.0035 2052 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
20:50:23.0035 2052 nv_agp - ok
20:50:23.0144 2052 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
20:50:23.0160 2052 ohci1394 - ok
20:50:23.0285 2052 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
20:50:23.0285 2052 Parport - ok
20:50:23.0394 2052 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
20:50:23.0394 2052 partmgr - ok
20:50:23.0488 2052 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
20:50:23.0488 2052 Parvdm - ok
20:50:23.0612 2052 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
20:50:23.0612 2052 pci - ok
20:50:23.0722 2052 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
20:50:23.0737 2052 pciide - ok
20:50:23.0846 2052 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
20:50:23.0846 2052 pcmcia - ok
20:50:23.0940 2052 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
20:50:23.0940 2052 pcw - ok
20:50:24.0065 2052 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
20:50:24.0065 2052 PEAUTH - ok
20:50:24.0190 2052 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
20:50:24.0190 2052 PGEffect - ok
20:50:24.0346 2052 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
20:50:24.0346 2052 PptpMiniport - ok
20:50:24.0439 2052 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
20:50:24.0455 2052 Processor - ok
20:50:24.0564 2052 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
20:50:24.0564 2052 Psched - ok
20:50:24.0720 2052 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
20:50:24.0736 2052 ql2300 - ok
20:50:24.0860 2052 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
20:50:24.0860 2052 ql40xx - ok
20:50:24.0970 2052 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
20:50:24.0970 2052 QWAVEdrv - ok
20:50:25.0063 2052 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
20:50:25.0063 2052 RasAcd - ok
20:50:25.0172 2052 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
20:50:25.0188 2052 RasAgileVpn - ok
20:50:25.0297 2052 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
20:50:25.0297 2052 Rasl2tp - ok
20:50:25.0422 2052 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
20:50:25.0422 2052 RasPppoe - ok
20:50:25.0516 2052 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
20:50:25.0531 2052 RasSstp - ok
20:50:25.0625 2052 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
20:50:25.0640 2052 rdbss - ok
20:50:25.0734 2052 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
20:50:25.0734 2052 rdpbus - ok
20:50:25.0859 2052 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
20:50:25.0859 2052 RDPCDD - ok
20:50:25.0968 2052 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
20:50:25.0968 2052 RDPENCDD - ok
20:50:26.0077 2052 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
20:50:26.0077 2052 RDPREFMP - ok
20:50:26.0202 2052 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
20:50:26.0202 2052 RDPWD - ok
20:50:26.0327 2052 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
20:50:26.0327 2052 rdyboost - ok
20:50:26.0467 2052 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
20:50:26.0483 2052 rspndr - ok
20:50:26.0592 2052 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\windows\system32\Drivers\RtsUStor.sys
20:50:26.0592 2052 RSUSBSTOR - ok
20:50:26.0717 2052 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
20:50:26.0732 2052 sbp2port - ok
20:50:26.0826 2052 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
20:50:26.0842 2052 scfilter - ok
20:50:26.0998 2052 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
20:50:26.0998 2052 Serenum - ok
20:50:27.0107 2052 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
20:50:27.0107 2052 Serial - ok
20:50:27.0138 2052 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
20:50:27.0138 2052 sermouse - ok
20:50:27.0278 2052 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
20:50:27.0278 2052 sffdisk - ok
20:50:27.0388 2052 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
20:50:27.0388 2052 sffp_mmc - ok
20:50:27.0497 2052 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
20:50:27.0497 2052 sffp_sd - ok
20:50:27.0606 2052 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
20:50:27.0606 2052 sfloppy - ok
20:50:27.0731 2052 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
20:50:27.0731 2052 sisagp - ok
20:50:27.0856 2052 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:50:27.0856 2052 SiSRaid2 - ok
20:50:27.0965 2052 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
20:50:27.0965 2052 SiSRaid4 - ok
20:50:28.0074 2052 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
20:50:28.0090 2052 Smb - ok
20:50:28.0230 2052 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
20:50:28.0230 2052 spldr - ok
20:50:28.0370 2052 SQTECH905C (b9ac9023207149a206a9ea037d76cfce) C:\windows\system32\Drivers\Capt905c.sys
20:50:28.0386 2052 SQTECH905C - ok
20:50:28.0604 2052 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
20:50:28.0604 2052 srv - ok
20:50:28.0714 2052 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
20:50:28.0714 2052 srv2 - ok
20:50:28.0823 2052 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
20:50:28.0838 2052 srvnet - ok
20:50:28.0979 2052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
20:50:28.0979 2052 ssmdrv - ok
20:50:29.0088 2052 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
20:50:29.0088 2052 stexstor - ok
20:50:29.0213 2052 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
20:50:29.0213 2052 StillCam - ok
20:50:29.0322 2052 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
20:50:29.0322 2052 swenum - ok
20:50:29.0478 2052 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
20:50:29.0478 2052 SynTP - ok
20:50:29.0650 2052 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys
20:50:29.0665 2052 Tcpip - ok
20:50:29.0821 2052 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys
20:50:29.0837 2052 TCPIP6 - ok
20:50:29.0930 2052 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
20:50:29.0946 2052 tcpipreg - ok
20:50:30.0055 2052 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
20:50:30.0055 2052 tdcmdpst - ok
20:50:30.0164 2052 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
20:50:30.0164 2052 TDPIPE - ok
20:50:30.0274 2052 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
20:50:30.0274 2052 TDTCP - ok
20:50:30.0367 2052 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
20:50:30.0367 2052 tdx - ok
20:50:30.0476 2052 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
20:50:30.0476 2052 TermDD - ok
20:50:30.0695 2052 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
20:50:30.0695 2052 tssecsrv - ok
20:50:30.0820 2052 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
20:50:30.0820 2052 tunnel - ok
20:50:30.0944 2052 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:50:30.0944 2052 TVALZ - ok
20:50:31.0054 2052 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
20:50:31.0054 2052 uagp35 - ok
20:50:31.0163 2052 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
20:50:31.0163 2052 udfs - ok
20:50:31.0303 2052 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
20:50:31.0319 2052 uliagpkx - ok
20:50:31.0428 2052 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
20:50:31.0428 2052 umbus - ok
20:50:31.0537 2052 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
20:50:31.0537 2052 UmPass - ok
20:50:31.0662 2052 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\windows\system32\DRIVERS\usbccgp.sys
20:50:31.0662 2052 usbccgp - ok
20:50:31.0787 2052 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
20:50:31.0787 2052 usbcir - ok
20:50:31.0927 2052 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\windows\system32\DRIVERS\usbehci.sys
20:50:31.0927 2052 usbehci - ok
20:50:31.0958 2052 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\windows\system32\DRIVERS\usbhub.sys
20:50:31.0974 2052 usbhub - ok
20:50:32.0099 2052 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\windows\system32\drivers\usbohci.sys
20:50:32.0099 2052 usbohci - ok
20:50:32.0224 2052 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
20:50:32.0224 2052 usbprint - ok
20:50:32.0333 2052 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
20:50:32.0333 2052 usbscan - ok
20:50:32.0426 2052 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
20:50:32.0442 2052 USBSTOR - ok
20:50:32.0551 2052 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\windows\system32\DRIVERS\usbuhci.sys
20:50:32.0551 2052 usbuhci - ok
20:50:32.0676 2052 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
20:50:32.0676 2052 usbvideo - ok
20:50:32.0816 2052 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
20:50:32.0816 2052 vdrvroot - ok
20:50:32.0926 2052 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
20:50:32.0926 2052 vga - ok
20:50:32.0957 2052 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
20:50:32.0957 2052 VgaSave - ok
20:50:33.0066 2052 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
20:50:33.0066 2052 vhdmp - ok
20:50:33.0175 2052 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
20:50:33.0175 2052 viaagp - ok
20:50:33.0284 2052 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
20:50:33.0284 2052 ViaC7 - ok
20:50:33.0394 2052 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
20:50:33.0394 2052 viaide - ok
20:50:33.0503 2052 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
20:50:33.0503 2052 volmgr - ok
20:50:33.0628 2052 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
20:50:33.0628 2052 volmgrx - ok
20:50:33.0674 2052 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
20:50:33.0674 2052 volsnap - ok
20:50:33.0799 2052 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
20:50:33.0799 2052 vsmraid - ok
20:50:33.0908 2052 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
20:50:33.0908 2052 vwifibus - ok
20:50:34.0033 2052 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
20:50:34.0033 2052 vwififlt - ok
20:50:34.0142 2052 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
20:50:34.0142 2052 WacomPen - ok
20:50:34.0252 2052 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:50:34.0267 2052 WANARP - ok
20:50:34.0267 2052 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
20:50:34.0267 2052 Wanarpv6 - ok
20:50:34.0408 2052 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
20:50:34.0408 2052 Wd - ok
20:50:34.0532 2052 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
20:50:34.0548 2052 Wdf01000 - ok
20:50:34.0688 2052 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
20:50:34.0688 2052 WfpLwf - ok
20:50:34.0813 2052 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
20:50:34.0813 2052 WIMMount - ok
20:50:34.0985 2052 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
20:50:34.0985 2052 WinUsb - ok
20:50:35.0110 2052 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
20:50:35.0110 2052 WmiAcpi - ok
20:50:35.0250 2052 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
20:50:35.0250 2052 ws2ifsl - ok
20:50:35.0375 2052 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
20:50:35.0375 2052 WSDPrintDevice - ok
20:50:35.0500 2052 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
20:50:35.0515 2052 WudfPf - ok
20:50:35.0624 2052 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
20:50:35.0624 2052 WUDFRd - ok
20:50:35.0780 2052 xusb21 (c26c68bcbac1f33f890c226769759209) C:\windows\system32\DRIVERS\xusb21.sys
20:50:35.0780 2052 xusb21 - ok
20:50:35.0827 2052 MBR (0x1B8) (464f726ab218b795952c4bedb6be8acd) \Device\Harddisk0\DR0
20:50:35.0827 2052 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
20:50:35.0827 2052 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
20:50:35.0843 2052 Boot (0x1200) (078c52204d80657e68725ea1b9898f05) \Device\Harddisk0\DR0\Partition0
20:50:35.0843 2052 \Device\Harddisk0\DR0\Partition0 - ok
20:50:35.0858 2052 Boot (0x1200) (82c81746528059c5da5ad1d319f75198) \Device\Harddisk0\DR0\Partition1
20:50:35.0858 2052 \Device\Harddisk0\DR0\Partition1 - ok
20:50:35.0890 2052 Boot (0x1200) (105d42d6b1687e4edd12b03343ee76fd) \Device\Harddisk0\DR0\Partition2
20:50:35.0890 2052 \Device\Harddisk0\DR0\Partition2 - ok
20:50:35.0890 2052 ============================================================
20:50:35.0890 2052 Scan finished
20:50:35.0890 2052 ============================================================
20:50:35.0905 1080 Detected object count: 1
20:50:35.0905 1080 Actual detected object count: 1
20:50:46.0139 1080 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
20:50:46.0186 1080 \Device\Harddisk0\DR0 - ok
20:50:46.0186 1080 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
20:50:50.0195 3980 Deinitialize success

Also i have split my drive into 3 sections and the scan only covered C:\ drive. The malware is being detected in the boot sector of the other two drives as well. What should I do about that?

jordiev
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-10-29
OS OS : 2007 Home Premium
Points Points : 18733
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by Superdave on 30th October 2011, 6:32 pm

The malware is being detected in the boot sector of the other two drives as well. What should I do about that?.
Please run aswMBR.exe again and post the log along with these other logs.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download [You must be registered and logged in to see this link.]
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*************************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*******************************************************
Download DDS from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control [You must be registered and logged in to see this link.].Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by jordiev on 11th November 2011, 10:52 pm

Hi, the first 2 malware scanners kept crashing before they could finish the scan. This happened even when i had disabled my anti-virus system and disconected from the internet. But the DDS ran well and here is the log files:

This is from DDS.txt
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Caelan at 11:46:10 on 2011-11-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.1916.716 [GMT 13:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\windows\system32\DllHost.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Caelan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caelan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Caelan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Users\Caelan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\rundll32.exe
C:\Users\Caelan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride =
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\caelan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: []
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1D1513B-9505-4A37-855A-E6001035AAFD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1D1513B-9505-4A37-855A-E6001035AAFD}\4505D2C494E4B4 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1D1513B-9505-4A37-855A-E6001035AAFD}\4505D2C494E4B4F564143445F42595 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1D1513B-9505-4A37-855A-E6001035AAFD}\4586F6D637F6E6336414230334 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C1D1513B-9505-4A37-855A-E6001035AAFD}\4656661657C647 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-19 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-19 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-19 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-10-19 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-19 74640]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-2 366152]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-3-25 490280]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-23 7680]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-4-19 69232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-2 22216]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-23 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-23 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-7 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-7 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-22 182304]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-12 1343400]
.
=============== Created Last 30 ================
.
2011-11-09 22:10:59 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 22:10:58 708608 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-09 22:10:57 2339840 ----a-w- c:\windows\system32\win32k.sys
2011-11-02 07:05:30 -------- d-----w- c:\users\caelan\appdata\roaming\Malwarebytes
2011-11-02 07:05:24 -------- d-----w- c:\programdata\Malwarebytes
2011-11-02 07:05:21 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-02 07:05:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-31 03:49:18 -------- d-----w- c:\users\caelan\appdata\roaming\SUPERAntiSpyware.com
2011-10-31 03:49:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-10-31 03:49:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-19 08:31:57 -------- d-----w- c:\users\caelan\appdata\roaming\Avira
2011-10-19 08:31:25 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 08:31:25 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-19 08:31:19 -------- d-----w- c:\programdata\Avira
2011-10-19 08:31:19 -------- d-----w- c:\program files\Avira
2011-10-15 02:52:27 -------- d-----w- c:\users\caelan\Bukkit Server
2011-10-13 15:50:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-13 07:01:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-13 05:08:14 1 ----a-w- c:\windows\system32\sav87312.sys
2011-10-13 05:02:06 -------- d-----w- c:\program files\3D Space Tour
.
==================== Find3M ====================
.
2011-09-18 19:54:12 1216 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-27 04:43:07 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-08-17 04:26:02 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- c:\windows\system32\MSNP.ax
.
============= FINISH: 11:47:33.55 ===============

and this is from Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2010 6:37:15 p.m.
System Uptime: 12/11/2011 10:15:24 a.m. (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | CPU | 1196/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 79 GiB total, 25.262 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 90 GiB total, 76.864 GiB free.
F: is FIXED (NTFS) - 102 GiB total, 6.737 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart B110 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart B110 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart B110 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
3D Galaxy Journey Screensaver
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Ask Toolbar
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Avira Free Antivirus
B110
BitComet 1.27
BufferChm
Business Contact Manager for Outlook 2007 SP2
Click to Call with Skype
Combat Arms
Conexant HD Audio
Coupon Printer for Windows
Destinations
DeviceDiscovery
Galaxy 3D Space Tour screensaver v1.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
High-Definition Video Playback 10
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPAppStudio
HPDiagnosticAlert
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Small Basic v1.0
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
MyDSC2
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 7 Premium
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Network
Nexon Game Manager
Notepad++
OpenAL
Pando Media Booster
PlayReady PC Runtime x86
PS_AIO_07_B110_SW_Min
QuickTransfer
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Shop for HP Supplies
Skies of War
Skype™ 5.5
SmartWebPrinting
Smilebox
SolutionCenter
SPORE™
Status
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TrayApp
Unity Web Player
Unity Web Player (All users)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Ventrilo Client
Warcraft III
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinZip 14.5
.
==== Event Viewer Messages From Past Week ========
.
12/11/2011 11:44:45 a.m., Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/11/2011 10:16:45 a.m., Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================

jordiev
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-10-29
OS OS : 2007 Home Premium
Points Points : 18733
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by Superdave on 11th November 2011, 11:31 pm

I strongly recommend that you remove Ask from your computer because it;

•Promotes its toolbars on sites targeted to kids.

•Promotes its toolbars through ads that appear to be part of other companies' sites.

•Promotes its toolbars through other companies' spyware.

•Installs without any disclosure whatsoever and without any consent whatsoever.

•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.

•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

See [You must be registered and logged in to see this link.] for more info.

If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

AskBarDis or anything related to Ask

Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
*******************************************************
P2P - I see you have P2P software installed on your machine. (BitComet 1.27)We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
**************************************************
Download [You must be registered and logged in to see this link.] to your desktop.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:
:OTL

uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

:COMMANDS
[resethosts]
[purity]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
************************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click [You must be registered and logged in to see this link.] to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by jordiev on 16th December 2011, 10:11 am

The malware has just disappeared by itself and i have not used OTL or ComboFix. I have had the Ask files removed via an alternate operating system (Ubuntu 11.04). That was the only way I would have the ability to remove the files. But my problem has been solved, Thanks and if I have any problems I will get in contact with you.

jordiev
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-10-29
OS OS : 2007 Home Premium
Points Points : 18733
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by jordiev on 16th December 2011, 10:12 am

The malware has just disappeared by itself and i have not used OTL or ComboFix. I have had the Ask files removed via an alternate operating system (Ubuntu 11.04). That was the only way I would have the ability to remove the files. But my problem has been solved, Thanks and if I have any problems I will get in contact with you.

jordiev
Novice
Novice

Posts Posts : 5
Joined Joined : 2011-10-29
OS OS : 2007 Home Premium
Points Points : 18733
# Likes # Likes : 0

View user profile

Back to top Go down

Re: BOO/TDss.M Help

Post by Superdave on 16th December 2011, 7:05 pm

[You must be registered and logged in to see this link.] wrote:The malware has just disappeared by itself and i have not used OTL or ComboFix. I have had the Ask files removed via an alternate operating system (Ubuntu 11.04). That was the only way I would have the ability to remove the files. But my problem has been solved, Thanks and if I have any problems I will get in contact with you.
I seriously doubt if it has been removed.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83201
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum