Tech Support banner

Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
8 Posts
Discussion Starter #1
i had antivir the anti virus programe but on start up it would come up with an error of i think a file missing possible cause by an already existing virus so i removed it using Your Uninstaller! 2010 as it would not be removed. at the same time i was getting blue screen of death errors at random times which have seemed to become less frequent but more random i/e watching youtube or playing command and conquer campaing with nothing else running each time except itunes. i scaned my computer using Microsoft Windows Malicious Software Removal Tool and it found Virus:win32/alureon.G (Win32/Alureon.G) it was only partialy removed -so i found this fourm and have posted here. I also had to run gmer in safe mode (i dont know if this is a problem) because while running it i was getting blue screen of death in the first 10-20 sec. The BSOD code was 0x0000008e (0xc0000005_0x8bc41p1b_0x8fc23a10_0x00000000 ; i have been receiving another code consistanly all the other times it has apeared which i do not have a copy of. I bought this laptop with windows 7 already installed and do not have a disc although my manager friend from harvey norman may be able to suply one. It is the legit version of windows



DDS (Ver_10-03-17.01) - NTFSx86
Run by sperson at 17:49:35.86 on Thu 24/06/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3056.2282 [GMT 8:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\sperson\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.bing.com/?pc=AVBR
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [<NO NAME>]
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosVolRegulator] c:\windows\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: nmklo

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100520.001\IDSvix86.sys [2009-10-29 343088]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1107000.00c\symtdiv.sys [2010-5-25 339504]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-5-21 60936]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-2-2 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-2-2 49152]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-2-2 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\drivers\hidshim.sys [2009-9-1 5632]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 125696]
R3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\drivers\nuvotonhidcir.sys [2009-9-1 23040]
R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\drivers\nuvotonir.sys [2009-9-1 67072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-22 66592]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-2-2 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-2 230912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-2 862208]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-29 1343400]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-5-21 135336]
S4 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-5-21 267432]
S4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-28 185712]
S4 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-2-2 13336]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-2 51512]
S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-29 185712]
S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-11-6 111960]
S4 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-11-11 677232]
S4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-2-2 2314240]

=============== Created Last 30 ================

2010-06-24 09:03:01 0 d-----w- c:\users\sperson\appdata\roaming\Command & Conquer 3 Tiberium Wars
2010-06-24 09:01:24 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2010-06-23 20:26:09 432664 ----a-w- c:\windows\system32\drivers\nroheqen.sys
2010-06-23 18:18:50 0 d-----w- c:\windows\system32\MpEngineStore
2010-06-23 08:59:57 0 d-----w- c:\program files\EA Games
2010-06-17 03:51:58 0 d-----w- c:\windows\pss
2010-06-16 19:13:28 0 d-----w- c:\program files\Registry Easy
2010-06-16 18:51:08 0 d-----w- c:\users\sperson\appdata\roaming\URSoft
2010-06-16 18:51:05 0 d-----w- c:\program files\Your Uninstaller 2010
2010-06-16 18:22:26 524288 --sha-w- c:\users\sperson\ntuser.dat{2ee994fc-7973-11df-a343-0023187d3b58}.TMContainer00000000000000000002.regtrans-ms
2010-06-16 18:22:25 65536 --sha-w- c:\users\sperson\ntuser.dat{2ee994fc-7973-11df-a343-0023187d3b58}.TM.blf
2010-06-16 18:22:25 524288 --sha-w- c:\users\sperson\ntuser.dat{2ee994fc-7973-11df-a343-0023187d3b58}.TMContainer00000000000000000001.regtrans-ms
2010-06-16 18:16:12 524288 --sha-w- c:\users\sperson\ntuser.dat{eaa7639b-7971-11df-8050-0023187d3b58}.TMContainer00000000000000000002.regtrans-ms
2010-06-16 18:16:12 524288 --sha-w- c:\users\sperson\ntuser.dat{eaa7639b-7971-11df-8050-0023187d3b58}.TMContainer00000000000000000001.regtrans-ms
2010-06-16 18:16:11 65536 --sha-w- c:\users\sperson\ntuser.dat{eaa7639b-7971-11df-8050-0023187d3b58}.TM.blf
2010-06-16 16:20:29 317403676 ----a-w- c:\windows\MEMORY.DMP
2010-06-16 12:52:57 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-06-15 16:44:37 65024 ----a-w- c:\windows\system32\h7t.wt
2010-06-15 16:44:37 32768 ----a-w- c:\windows\system32\hgtd.ruy
2010-06-15 16:44:34 135168 ----a-w- c:\windows\system32\nmklo.dll
2010-06-15 16:44:33 154624 ----a-w- c:\windows\system32\cooper.mine
2010-06-09 16:43:01 65536 --sha-w- c:\users\sperson\ntuser.dat{f46c0c7b-6f23-11df-a96d-0023187d3b58}.TM.blf
2010-06-09 16:43:01 524288 --sha-w- c:\users\sperson\ntuser.dat{f46c0c7b-6f23-11df-a96d-0023187d3b58}.TMContainer00000000000000000002.regtrans-ms
2010-06-09 16:43:01 524288 --sha-w- c:\users\sperson\ntuser.dat{f46c0c7b-6f23-11df-a96d-0023187d3b58}.TMContainer00000000000000000001.regtrans-ms
2010-05-30 09:22:40 0 d-----w- c:\programdata\Avira
2010-05-30 09:22:38 65536 --sha-w- c:\users\sperson\ntuser.dat{16ff51a1-6bc6-11df-bb23-0023187d3b58}.TM.blf
2010-05-30 09:22:38 524288 --sha-w- c:\users\sperson\ntuser.dat{16ff51a1-6bc6-11df-bb23-0023187d3b58}.TMContainer00000000000000000002.regtrans-ms
2010-05-30 09:22:38 524288 --sha-w- c:\users\sperson\ntuser.dat{16ff51a1-6bc6-11df-bb23-0023187d3b58}.TMContainer00000000000000000001.regtrans-ms
2010-05-29 15:00:55 0 d-----w- c:\program files\Audacity
2010-05-25 16:29:42 0 d-----w- c:\program files\uTorrent

==================== Find3M ====================

2010-06-16 20:48:26 432664 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-05-21 07:15:38 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-21 07:15:38 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-21 07:15:38 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-16 00:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 05:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 05:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-05 12:55:13 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:50:23.52 ===============
 

Attachments

·
Registered
Joined
·
8 Posts
Discussion Starter #2 (Edited)
Simple solution: (for Toshiba Users)
WOW guys it apears to be a TOSHIBA FAULT perhaps bought on by antivir anti virus ( thats my guess) the problem is a power setting and not a harddrive fail or anything else like a virus what you need to do is
1) start > controll pannel
2)search mobile pc
3)open power options ( this can be done alternatively by right clicking your desktop and going to personalize then screen saver)
4) chose balance or eco which ever you are using currenlty
5) click change plan settings
6)click change advance power settings
7) find processor power management
8)set all of the values on both minimum and maximum to 100%
9) reboot your pc
0) ADDITIONAL: if you go from blue screen of death to either reboot or fan working but no response from screen or anything else take out battery then power cord. replugg the cord and not the battery confirm the settings are at 100% then shut down and reconnect battery (possible remove power cord before replugging both)
Worked for me :)
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello emcurrent,

While that may be working for you, I see a hijacked hard disk controller in your gmer log.

Download this file and extract TDSSKiller.exe to your Desktop.

  • Disable your onboard Anti Virus
  • Right click to run as admin, the TDSSKiller.exe to run the tool.
  • You may be prompted to restart your machine. Type Y at the prompt
Once complete, a log will be produced at the root drive which is typically C:\.

For example, C:\TDSSKiller.2.3.0.0_24.05.2010_15.31.43_log.txt. Please post that log in your next reply.

================================

Once it has completed, download mbr.exe and save it to your desktop.

Open Notepad and copy/paste the contents in the quote box below, into Notepad.


@echo off
@mbr -t
@start mbr.log
Save this as look.bat Choose to "Save type as - All Files"

t should look like this:


Right click on look.bat & run as administrator. Please post the log it produces along with the log from TDSSKiller.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #4
14:38:59:041 2828 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
14:38:59:041 2828 ================================================================================
14:38:59:041 2828 SystemInfo:

14:38:59:041 2828 OS Version: 6.1.7600 ServicePack: 0.0
14:38:59:041 2828 Product type: Workstation
14:38:59:041 2828 ComputerName: SPERSON-PC
14:38:59:042 2828 UserName: sperson
14:38:59:042 2828 Windows directory: C:\windows
14:38:59:042 2828 Processor architecture: Intel x86
14:38:59:042 2828 Number of processors: 4
14:38:59:042 2828 Page size: 0x1000
14:38:59:043 2828 Boot type: Normal boot
14:38:59:043 2828 ================================================================================
14:39:00:715 2828 Initialize success
14:39:00:717 2828
14:39:00:717 2828 Scanning Services ...
14:39:27:042 2828 Raw services enum returned 500 services
14:39:27:042 2828
14:39:27:057 2828 Scanning Drivers ...
14:39:29:522 2828 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
14:39:29:647 2828 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
14:39:29:803 2828 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
14:39:30:021 2828 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
14:39:30:162 2828 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
14:39:30:318 2828 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
14:39:30:427 2828 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
14:39:30:661 2828 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
14:39:30:910 2828 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
14:39:31:129 2828 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
14:39:31:238 2828 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
14:39:31:394 2828 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
14:39:31:488 2828 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
14:39:31:550 2828 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
14:39:32:143 2828 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
14:39:32:439 2828 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
14:39:32:611 2828 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
14:39:32:626 2828 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
14:39:32:814 2828 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
14:39:33:063 2828 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
14:39:33:188 2828 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
14:39:33:375 2828 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
14:39:33:594 2828 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
14:39:33:796 2828 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\windows\system32\DRIVERS\avgntflt.sys
14:39:33:984 2828 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\windows\system32\DRIVERS\avipbb.sys
14:39:34:124 2828 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
14:39:34:264 2828 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
14:39:34:389 2828 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
14:39:34:592 2828 BHDrvx86 (42c9ab61989e29953ce2d266f891ea50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
14:39:34:701 2828 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
14:39:34:764 2828 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
14:39:34:920 2828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:39:35:060 2828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:39:35:216 2828 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
14:39:35:310 2828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
14:39:35:481 2828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
14:39:35:590 2828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
14:39:35:731 2828 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
14:39:35:934 2828 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys
14:39:36:074 2828 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
14:39:36:152 2828 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
14:39:36:292 2828 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
14:39:36:495 2828 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
14:39:36:604 2828 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
14:39:36:854 2828 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
14:39:37:197 2828 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
14:39:37:416 2828 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
14:39:37:665 2828 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
14:39:37:806 2828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
14:39:38:024 2828 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
14:39:38:320 2828 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
14:39:38:554 2828 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
14:39:38:726 2828 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
14:39:38:944 2828 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
14:39:39:366 2828 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
14:39:39:600 2828 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:39:39:896 2828 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
14:39:40:083 2828 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
14:39:40:411 2828 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
14:39:40:676 2828 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
14:39:40:738 2828 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
14:39:40:801 2828 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
14:39:40:848 2828 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
14:39:40:910 2828 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
14:39:41:004 2828 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
14:39:41:082 2828 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
14:39:41:175 2828 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
14:39:41:238 2828 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
14:39:41:331 2828 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
14:39:41:409 2828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
14:39:41:472 2828 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
14:39:41:565 2828 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
14:39:41:690 2828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
14:39:41:815 2828 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
14:39:41:893 2828 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
14:39:41:955 2828 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
14:39:42:080 2828 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
14:39:42:127 2828 hidshim (4a8f08cd6d990dfbc36bf3bf59816bb7) C:\windows\system32\DRIVERS\hidshim.sys
14:39:42:205 2828 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
14:39:42:298 2828 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
14:39:42:408 2828 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
14:39:42:501 2828 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
14:39:42:548 2828 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
14:39:42:642 2828 iaStor (fdd3b730b07169dc7f65882e675f49b7) C:\windows\system32\DRIVERS\iaStor.sys
14:39:42:642 2828 Suspicious file (Forged): C:\windows\system32\DRIVERS\iaStor.sys. Real md5: fdd3b730b07169dc7f65882e675f49b7, Fake md5: d5edb998656e6ecf1a17c78dab019a3c
14:39:42:642 2828 File "C:\windows\system32\DRIVERS\iaStor.sys" infected by TDSS rootkit ... 14:39:42:688 2828 Backup copy found, using it..
14:39:42:704 2828 will be cured on next reboot
14:39:42:751 2828 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
14:39:42:876 2828 IDSVix86 (785b0ab77d977445d58b02ea63c11fb2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100520.001\IDSvix86.sys
14:39:43:016 2828 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
14:39:43:063 2828 Impcd (2db41ba61d5e44d0667cf126d35dcf34) C:\windows\system32\DRIVERS\Impcd.sys
14:39:43:156 2828 IntcAzAudAddService (0687a7ebc6e18df690455a5da19c00de) C:\windows\system32\drivers\RTKVHDA.sys
14:39:43:250 2828 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
14:39:43:266 2828 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
14:39:43:344 2828 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:39:43:375 2828 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:39:43:390 2828 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
14:39:43:500 2828 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
14:39:43:562 2828 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
14:39:43:578 2828 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
14:39:43:671 2828 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
14:39:43:734 2828 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
14:39:43:765 2828 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\windows\system32\drivers\klmd.sys
14:39:43:858 2828 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
14:39:43:921 2828 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
14:39:43:968 2828 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
14:39:44:046 2828 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
14:39:44:124 2828 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
14:39:44:202 2828 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:39:44:280 2828 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:39:44:358 2828 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
14:39:44:373 2828 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
14:39:44:451 2828 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
14:39:44:545 2828 mod7700 (8aeeb5397543568860c6f681e2ed6686) C:\windows\system32\Drivers\dvb7700all.sys
14:39:44:623 2828 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
14:39:44:670 2828 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
14:39:44:701 2828 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
14:39:44:763 2828 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
14:39:44:794 2828 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
14:39:44:872 2828 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
14:39:44:950 2828 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
14:39:44:997 2828 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
14:39:45:044 2828 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
14:39:45:122 2828 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:39:45:200 2828 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:39:45:231 2828 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
14:39:45:294 2828 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
14:39:45:340 2828 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
14:39:45:403 2828 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
14:39:45:418 2828 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
14:39:45:481 2828 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
14:39:45:512 2828 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
14:39:45:574 2828 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
14:39:45:590 2828 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
14:39:45:668 2828 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
14:39:45:684 2828 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
14:39:45:762 2828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
14:39:45:793 2828 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
14:39:45:855 2828 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
14:39:46:105 2828 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
14:39:46:167 2828 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
14:39:46:183 2828 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
14:39:46:230 2828 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
14:39:46:292 2828 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
14:39:46:354 2828 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
14:39:46:401 2828 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
14:39:46:432 2828 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
14:39:46:510 2828 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
14:39:46:588 2828 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
14:39:46:604 2828 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
14:39:46:682 2828 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
14:39:46:760 2828 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
14:39:46:791 2828 nuvotonhidcir (52045a8df26b84016a0494fb271d3728) C:\windows\system32\DRIVERS\nuvotonhidcir.sys
14:39:46:900 2828 nuvotonir (2fe8fe8bfd64e91b4e0a9992645e68c8) C:\windows\system32\DRIVERS\nuvotonir.sys
14:39:46:994 2828 NVHDA (a82534d453425f5fee4b6a583fdcf3eb) C:\windows\system32\drivers\nvhda32v.sys
14:39:47:790 2828 nvlddmkm (3ef3e53bb8b1a076ca0148e973dd5f8d) C:\windows\system32\DRIVERS\nvlddmkm.sys
14:39:48:024 2828 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
14:39:48:133 2828 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
14:39:48:226 2828 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
14:39:48:289 2828 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
14:39:48:336 2828 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
14:39:48:382 2828 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
14:39:48:492 2828 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
14:39:48:554 2828 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
14:39:48:585 2828 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
14:39:48:648 2828 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
14:39:48:710 2828 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
14:39:48:772 2828 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
14:39:48:850 2828 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
14:39:48:944 2828 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
14:39:49:038 2828 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
14:39:49:100 2828 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
14:39:49:178 2828 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
14:39:49:287 2828 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
14:39:49:334 2828 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
14:39:49:396 2828 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
14:39:49:428 2828 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
14:39:49:599 2828 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
14:39:49:740 2828 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
14:39:49:849 2828 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
14:39:50:083 2828 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
14:39:50:223 2828 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
14:39:50:364 2828 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
14:39:50:535 2828 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
14:39:50:676 2828 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
14:39:50:785 2828 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
14:39:50:910 2828 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
14:39:51:050 2828 regi (001b4278407f4303efc902a2b16f2453) C:\windows\system32\drivers\regi.sys
14:39:51:206 2828 rimspci (af213955c4d952c914620e8db0cd0cf7) C:\windows\system32\DRIVERS\rimspe86.sys
14:39:51:346 2828 risdpcie (fbc8e547487323cef0582a468d9f46e1) C:\windows\system32\DRIVERS\risdpe86.sys
14:39:51:534 2828 rixdpcie (764c1f3453e779724ba647327de7ddd4) C:\windows\system32\DRIVERS\rixdpe86.sys
14:39:51:877 2828 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
14:39:52:048 2828 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys
14:39:52:236 2828 rtl8192se (44b7739f2d623ad6fb46755bb60351a4) C:\windows\system32\DRIVERS\rtl8192se.sys
14:39:52:438 2828 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
14:39:52:579 2828 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
14:39:52:813 2828 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
14:39:52:938 2828 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
14:39:53:156 2828 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
14:39:53:328 2828 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
14:39:53:484 2828 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
14:39:53:593 2828 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
14:39:53:780 2828 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:39:53:952 2828 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
14:39:54:139 2828 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
14:39:54:279 2828 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
14:39:54:420 2828 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:39:54:529 2828 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
14:39:54:638 2828 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
14:39:54:794 2828 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
14:39:55:012 2828 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS
14:39:55:137 2828 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
14:39:55:231 2828 srv (50a83ca406c808bd35ac9141a0c7618f) C:\windows\system32\DRIVERS\srv.sys
14:39:55:558 2828 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
14:39:55:590 2828 srvnet (bd1433a32792fd0dc450479094fc435a) C:\windows\system32\DRIVERS\srvnet.sys
14:39:55:714 2828 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
14:39:55:792 2828 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
14:39:55:964 2828 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
14:39:56:120 2828 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS
14:39:56:245 2828 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS
14:39:56:323 2828 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
14:39:56:463 2828 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS
14:39:56:650 2828 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS
14:39:56:744 2828 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys
14:39:56:931 2828 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\drivers\tcpip.sys
14:39:57:040 2828 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\DRIVERS\tcpip.sys
14:39:57:181 2828 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
14:39:57:243 2828 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
14:39:57:274 2828 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
14:39:57:352 2828 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
14:39:57:399 2828 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
14:39:57:571 2828 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
14:39:57:696 2828 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
14:39:57:820 2828 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
14:39:57:930 2828 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\windows\system32\DRIVERS\tosporte.sys
14:39:58:086 2828 tosrfbd (51d7f024a66814f8bee33e4be394a03e) C:\windows\system32\DRIVERS\tosrfbd.sys
14:39:58:195 2828 tosrfbnp (74392bab3f0d4810da8436ec79d6955d) C:\windows\system32\Drivers\tosrfbnp.sys
14:39:58:257 2828 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\windows\system32\Drivers\tosrfcom.sys
14:39:58:382 2828 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
14:39:58:522 2828 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\windows\system32\DRIVERS\Tosrfhid.sys
14:39:58:554 2828 tosrfnds (b2a1a6538245fd69578224bbf2fd4677) C:\windows\system32\DRIVERS\tosrfnds.sys
14:39:58:632 2828 TosRfSnd (f1ca74cca8241d8b8a024aecc643c547) C:\windows\system32\drivers\tosrfsnd.sys
14:39:58:694 2828 Tosrfusb (cab2ab2916dcb86df6ae034f319c0238) C:\windows\system32\DRIVERS\tosrfusb.sys
14:39:58:756 2828 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
14:39:58:834 2828 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
14:39:58:866 2828 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
14:39:58:990 2828 TVALZ (6e614df4e1110dcf61b335ee02a34954) C:\windows\system32\DRIVERS\TVALZ.SYS
14:39:59:022 2828 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
14:39:59:146 2828 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
14:39:59:209 2828 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
14:39:59:256 2828 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
14:39:59:349 2828 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
14:39:59:412 2828 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
14:39:59:458 2828 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys
14:39:59:536 2828 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
14:39:59:614 2828 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
14:39:59:630 2828 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
14:39:59:708 2828 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
14:39:59:817 2828 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
14:39:59:942 2828 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
14:40:00:051 2828 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
14:40:00:145 2828 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
14:40:00:192 2828 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
14:40:00:301 2828 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
14:40:00:379 2828 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
14:40:00:426 2828 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
14:40:00:519 2828 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
14:40:00:597 2828 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
14:40:00:613 2828 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
14:40:00:722 2828 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
14:40:00:800 2828 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
14:40:00:847 2828 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
14:40:00:956 2828 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
14:40:00:987 2828 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
14:40:01:034 2828 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
14:40:01:112 2828 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
14:40:01:143 2828 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
14:40:01:221 2828 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
14:40:01:237 2828 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
14:40:01:315 2828 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
14:40:01:408 2828 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
14:40:01:502 2828 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
14:40:01:580 2828 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
14:40:01:611 2828 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
14:40:01:689 2828 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
14:40:01:705 2828 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
14:40:01:830 2828 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
14:40:01:876 2828 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
14:40:01:939 2828 Reboot required for cure complete..
14:40:03:046 2828 Cure on reboot scheduled successfully
14:40:03:046 2828
14:40:03:046 2828 Completed
14:40:03:046 2828
14:40:03:046 2828 Results:
14:40:03:046 2828 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:40:03:046 2828 File objects infected / cured / cured on reboot: 1 / 0 / 1
14:40:03:046 2828
14:40:03:046 2828 KLMD(ARK) unloaded successfully




Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK



yeah well i was tired last night and thought it fixed but all i fixed was alowing me to reboot after blue screen of death with out going to blank screen and fan running which needed me to unconnect and reconect to the power
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
TDSSKiller appears to have successfully replaced the file. How is the system behaving now?
 

·
Registered
Joined
·
8 Posts
Discussion Starter #6
yes i think we have cured the sickness. good job guys. i was now able to install windows updates a whole 26 of them and my volume +/- hardware light is now light up which i was wondering about before. thanx to all you guys. id say most usefull fourm on the internet. and i shall stay connected not to post but the read on tips etc.
one more thing do you recomed a antivirus a link to other page is fine. cause i havent been using one and last time i tryed i got big errors.
having a good run i will inform you guys if i get another bsod which im sure wont happen.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #8
kernal-power critical error event id 41 task category (63) am looking on microsft websight for solutions,..
 

·
Registered
Joined
·
8 Posts
Discussion Starter #9
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 3081

Additional information about the problem:
BCCode: f4
BCP1: 00000003
BCP2: 89BF1650
BCP3: 89BF17BC
BCP4: 83437D90
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

may be usefull
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Those errors could truly be OS issues and not malware. Download Malwarebytes' Anti-Malware to your desktop.


  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Save it to your desktop.
Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.
 

·
Registered
Joined
·
8 Posts
Discussion Starter #11
I'm going to take my laptop to the shop tomorow as it is only like 5 months old they should fix it underwarenty I'm pretty sure I haven't voided it. Maleware removal apparently takes 8min and my computer can only run it for like 2.30 before a BSOD $2,000 laptop being used as an iPod touch powerer/charger :)
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
If it's still under warranty, by all means take it in. :sayyes:
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top