Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible virus/malware help


  • This topic is locked This topic is locked
29 replies to this topic

#1 scaredycat

scaredycat

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 03 September 2011 - 07:28 AM

I so wish I could help you but alas... Im here for the same problem(googled it & arrived here)!!!!
If anyone out there can help you, maybe they can help me at the same time???
Bad news though of things to come (for me anyway) is that it progresses to not allowing internet connection at all, AVG is now having 'no components',
the 'my computer' is searched for endlessly.
This is on another computer so Im using this one to try to get help because again, we cannot connect to the internet!
Its a Windows XP home & have a wireless connection (when disabled by me I can get to control panel etc)
Spybot will run & shows much the same as yours Win32.AVKillsvc.e which it will fix and then its right back in:
Documents Settings\Local service\local settings\temp
" "\Network services\Local Settings\Temp
" "\Owner\Local Settings\Temp

AVG ...when it worked, had found- Trojan Horse Backdoor.Generic.UFQ & Win32\Cryptor
There was also a popup of something like- Microsoft Feeds Update needed or something?
and there was a message something like- "Windows is not your operating program"?

If I need to start a new thread please let me know & sorry if I stepped on any shoes writing here. Just figured to try to kill two birds! :)
Thanks for any & all help from both of us!!

BC AdBot (Login to Remove)

 


#2 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 03 September 2011 - 01:36 PM

THANK YOU!!!!!!!
...hanging on :)
In the meantime downloaded Malwarebytes to CD and tried loading that way (started in safemode)
used the quick scan which ran about 15 seconds then shut down. Tried reloading, wouldnt take.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 03 September 2011 - 07:53 PM

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe


* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Try to run MBAM right away.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 September 2011 - 01:14 AM

Hi, So far tried two of the three Rkill links listed with no luck.
Im using Malwarebytes which I downloaded to a CD (virus blocking wireless internet connection)
Using USB flashdrive for Rkill link download. A few questions to be sure Im doing it correctly?

Should I totally disconnect or diable wireless connection prior? or being working in safemode?

After download of 1st Rkill link from flash & then downloading of MB off CD, MB closes @ 10seconds,
Ive been using uninstall for MB after each failed attempt & before the next Rkill link download
for a fresh start. Is this necessary or just use the 1st downloaded version of MB for each Rkill
link attempt? ...hope that made sense? :)
Also, should I be uninstalling the prior Rkill version before downloading next? The DOS screen flashes twice
then pops up and stays for a while saying running, be patient etc. then a notepad log pops up.
Thanks, still have last link to try... (you stated 4 versions but 3 showing, is there another?)

Edited by scaredycat, 04 September 2011 - 01:15 AM.


#5 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 04 September 2011 - 03:51 AM

No go. Keeps shutting down on finish/run full scan and when accessing from desktop shortcut,
error msg:
"Windows cannot access the specified device,path or file. You may not have the
apprepriate permissions to access the item"
I even tried disabling windows firewall & spybot S&D, also disconnecting wireless connection
AVG cannot be accessed at all.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 04 September 2011 - 10:51 AM

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 05 September 2011 - 04:25 PM

here's the log from the GMER scan....

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-09-05 17:07:16
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-22JHA0 rev.05.01C05
Running: obvw54f6.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fxtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ATMhelpr.SYS (Windows NT Font Driver Helper/Adobe Systems Incorporated)

---- Threads - GMER 1.0.15 ----

Thread System [4:112] 87CCEFD5
Thread System [4:116] F65E6FC0
Thread System [4:120] 87CCEFD5

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 05 September 2011 - 04:41 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 05 September 2011 - 06:13 PM

2011/09/05 18:53:05.0156 0704 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 18:53:05.0312 0704 ================================================================================
2011/09/05 18:53:05.0312 0704 SystemInfo:
2011/09/05 18:53:05.0312 0704
2011/09/05 18:53:05.0312 0704 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/05 18:53:05.0312 0704 Product type: Workstation
2011/09/05 18:53:05.0312 0704 ComputerName: MARTY
2011/09/05 18:53:05.0312 0704 UserName: Owner
2011/09/05 18:53:05.0312 0704 Windows directory: C:\WINDOWS
2011/09/05 18:53:05.0312 0704 System windows directory: C:\WINDOWS
2011/09/05 18:53:05.0312 0704 Processor architecture: Intel x86
2011/09/05 18:53:05.0312 0704 Number of processors: 1
2011/09/05 18:53:05.0312 0704 Page size: 0x1000
2011/09/05 18:53:05.0312 0704 Boot type: Normal boot
2011/09/05 18:53:05.0312 0704 ================================================================================
2011/09/05 18:53:07.0343 0704 Initialize success
2011/09/05 18:54:24.0390 3532 ================================================================================
2011/09/05 18:54:24.0390 3532 Scan started
2011/09/05 18:54:24.0390 3532 Mode: Manual;
2011/09/05 18:54:24.0390 3532 ================================================================================
2011/09/05 18:54:24.0937 3532 57cc6e7b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2070858839:2821951876.exe
2011/09/05 18:54:24.0937 3532 Suspicious file (Hidden): C:\WINDOWS\2070858839:2821951876.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/05 18:54:24.0953 3532 57cc6e7b - detected HiddenFile.Multi.Generic (1)
2011/09/05 18:54:25.0781 3532 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/05 18:54:26.0343 3532 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/05 18:54:26.0843 3532 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/05 18:54:27.0343 3532 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/05 18:54:27.0875 3532 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/05 18:54:28.0375 3532 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/05 18:54:28.0906 3532 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/05 18:54:29.0421 3532 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/05 18:54:29.0875 3532 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/05 18:54:30.0312 3532 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/05 18:54:30.0781 3532 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/05 18:54:31.0281 3532 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/05 18:54:31.0718 3532 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/05 18:54:32.0187 3532 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/05 18:54:32.0671 3532 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/05 18:54:33.0140 3532 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/09/05 18:54:33.0593 3532 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/05 18:54:34.0187 3532 AR5523 (5af581bb431fb7a952216ad01795ef4e) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2011/09/05 18:54:34.0703 3532 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/05 18:54:35.0140 3532 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/05 18:54:35.0578 3532 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/05 18:54:36.0062 3532 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/05 18:54:36.0531 3532 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/05 18:54:37.0046 3532 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/05 18:54:37.0953 3532 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/05 18:54:38.0421 3532 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/09/05 18:54:38.0906 3532 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/05 18:54:39.0406 3532 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/05 18:54:39.0906 3532 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/05 18:54:40.0375 3532 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/05 18:54:40.0875 3532 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/05 18:54:41.0453 3532 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/05 18:54:42.0000 3532 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/05 18:54:42.0468 3532 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/05 18:54:43.0359 3532 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/05 18:54:43.0812 3532 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/09/05 18:54:44.0234 3532 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/05 18:54:44.0687 3532 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/05 18:54:45.0156 3532 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/05 18:54:45.0640 3532 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/05 18:54:46.0078 3532 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/05 18:54:46.0562 3532 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/05 18:54:47.0078 3532 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/05 18:54:47.0937 3532 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/05 18:54:48.0390 3532 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/05 18:54:48.0859 3532 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/05 18:54:49.0328 3532 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/05 18:54:49.0812 3532 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/09/05 18:54:50.0281 3532 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/09/05 18:54:50.0750 3532 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/09/05 18:54:51.0203 3532 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/09/05 18:54:51.0703 3532 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/09/05 18:54:52.0203 3532 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/05 18:54:52.0906 3532 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/05 18:54:53.0609 3532 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/05 18:54:54.0093 3532 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/05 18:54:54.0562 3532 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/05 18:54:55.0046 3532 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/05 18:54:55.0500 3532 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/05 18:54:56.0046 3532 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/09/05 18:54:56.0593 3532 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/05 18:54:57.0093 3532 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/05 18:54:57.0562 3532 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/05 18:54:58.0046 3532 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/05 18:54:58.0531 3532 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/05 18:54:59.0031 3532 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/05 18:54:59.0484 3532 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/05 18:55:00.0015 3532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/05 18:55:00.0484 3532 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/05 18:55:00.0984 3532 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/05 18:55:01.0468 3532 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/05 18:55:02.0000 3532 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/05 18:55:02.0812 3532 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/05 18:55:03.0656 3532 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/05 18:55:04.0187 3532 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/05 18:55:04.0656 3532 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/05 18:55:05.0125 3532 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/05 18:55:05.0609 3532 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/05 18:55:06.0093 3532 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/05 18:55:06.0578 3532 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/05 18:55:07.0078 3532 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/05 18:55:07.0531 3532 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/05 18:55:08.0000 3532 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/05 18:55:08.0500 3532 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/05 18:55:09.0000 3532 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/05 18:55:09.0468 3532 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/05 18:55:09.0921 3532 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/05 18:55:10.0390 3532 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/05 18:55:10.0875 3532 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/05 18:55:11.0390 3532 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/05 18:55:11.0953 3532 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/05 18:55:12.0890 3532 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/05 18:55:13.0328 3532 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/05 18:55:13.0812 3532 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/05 18:55:14.0281 3532 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/05 18:55:14.0750 3532 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/05 18:55:15.0218 3532 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/05 18:55:15.0656 3532 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/05 18:55:16.0187 3532 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/05 18:55:16.0875 3532 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/05 18:55:17.0468 3532 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/05 18:55:17.0921 3532 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/05 18:55:18.0343 3532 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/05 18:55:18.0781 3532 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/05 18:55:19.0265 3532 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/05 18:55:19.0703 3532 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/05 18:55:20.0203 3532 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/05 18:55:20.0687 3532 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/09/05 18:55:21.0187 3532 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/05 18:55:21.0484 3532 NAVENG (758ddb94f34add247e2499f557480116) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051214.017\NAVENG.Sys
2011/09/05 18:55:22.0031 3532 NAVEX15 (7fa3f4df4d63e0eb6371fe6152f75ca4) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051214.017\NavEx15.Sys
2011/09/05 18:55:22.0765 3532 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/05 18:55:23.0281 3532 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/05 18:55:23.0734 3532 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/05 18:55:24.0218 3532 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/05 18:55:24.0687 3532 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/05 18:55:25.0203 3532 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/05 18:55:25.0671 3532 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/05 18:55:26.0218 3532 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/05 18:55:26.0781 3532 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/05 18:55:27.0437 3532 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/05 18:55:28.0109 3532 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/05 18:55:28.0578 3532 nuvaud2 (9a973553a0f4107c3a5e7a466b113836) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
2011/09/05 18:55:29.0062 3532 NUVision (923809daf96cd3a9fabcdebc735b21b6) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2011/09/05 18:55:30.0281 3532 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/05 18:55:31.0437 3532 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
2011/09/05 18:55:31.0937 3532 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/05 18:55:32.0390 3532 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/05 18:55:32.0968 3532 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
2011/09/05 18:55:33.0546 3532 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/09/05 18:55:34.0000 3532 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/05 18:55:34.0453 3532 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/05 18:55:34.0921 3532 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/05 18:55:35.0421 3532 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/05 18:55:35.0906 3532 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/05 18:55:36.0343 3532 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/05 18:55:36.0843 3532 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/05 18:55:37.0734 3532 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/05 18:55:38.0234 3532 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/05 18:55:40.0406 3532 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/05 18:55:40.0875 3532 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/05 18:55:41.0375 3532 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/05 18:55:41.0875 3532 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/05 18:55:42.0375 3532 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/05 18:55:42.0843 3532 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/09/05 18:55:43.0328 3532 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/05 18:55:43.0796 3532 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/05 18:55:44.0312 3532 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/05 18:55:44.0781 3532 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/05 18:55:45.0250 3532 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/05 18:55:45.0718 3532 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/05 18:55:46.0203 3532 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/05 18:55:46.0687 3532 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/05 18:55:47.0187 3532 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/05 18:55:47.0671 3532 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/05 18:55:48.0187 3532 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/05 18:55:48.0687 3532 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/05 18:55:49.0218 3532 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/05 18:55:49.0750 3532 redbook (6598aff952cb1adbe127a1d4bb237f35) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/05 18:55:49.0781 3532 redbook - detected Rootkit.Win32.ZAccess.e (0)
2011/09/05 18:55:50.0062 3532 SAVRT (5ef4742265dc55dcc672afa45e49f415) C:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/09/05 18:55:50.0281 3532 SAVRTPEL (ec81597b7c7bcc28ce4912c36e5e12a6) C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/09/05 18:55:50.0750 3532 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/05 18:55:51.0218 3532 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/05 18:55:51.0703 3532 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/05 18:55:52.0187 3532 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/05 18:55:53.0093 3532 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/05 18:55:53.0531 3532 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/05 18:55:54.0000 3532 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/05 18:55:54.0265 3532 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/05 18:55:54.0828 3532 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/05 18:55:55.0296 3532 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/05 18:55:55.0875 3532 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/05 18:55:56.0437 3532 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/05 18:55:56.0890 3532 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/09/05 18:55:57.0390 3532 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2011/09/05 18:55:58.0250 3532 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/05 18:55:58.0718 3532 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/05 18:55:59.0203 3532 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/05 18:55:59.0671 3532 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/05 18:56:00.0140 3532 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/09/05 18:56:00.0359 3532 SymEvent (b6020caf9ea58532dd78490a3f28ead2) C:\Program Files\Symantec\SYMEVENT.SYS
2011/09/05 18:56:00.0906 3532 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/09/05 18:56:01.0437 3532 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/09/05 18:56:01.0718 3532 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100804.001\symidsco.sys
2011/09/05 18:56:02.0281 3532 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/09/05 18:56:02.0750 3532 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/05 18:56:03.0296 3532 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/05 18:56:03.0828 3532 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/05 18:56:04.0296 3532 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/05 18:56:04.0750 3532 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/05 18:56:05.0375 3532 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/05 18:56:05.0937 3532 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/05 18:56:06.0437 3532 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/05 18:56:06.0890 3532 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/05 18:56:07.0390 3532 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/05 18:56:07.0859 3532 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/05 18:56:08.0343 3532 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/05 18:56:08.0968 3532 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/05 18:56:09.0515 3532 USBAAPL (7c9f1503245402b01c79bdfa8731cb2a) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/05 18:56:09.0984 3532 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/05 18:56:10.0453 3532 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/05 18:56:10.0921 3532 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/05 18:56:11.0406 3532 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/05 18:56:11.0890 3532 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/05 18:56:12.0375 3532 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/05 18:56:12.0812 3532 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/05 18:56:13.0265 3532 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/05 18:56:13.0734 3532 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/05 18:56:14.0187 3532 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/05 18:56:14.0656 3532 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/05 18:56:15.0125 3532 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/05 18:56:15.0593 3532 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/05 18:56:16.0093 3532 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/05 18:56:17.0437 3532 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/05 18:56:18.0125 3532 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/05 18:56:18.0843 3532 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/05 18:56:19.0328 3532 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/05 18:56:19.0812 3532 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/05 18:56:20.0312 3532 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/05 18:56:20.0421 3532 MBR (0x1B8) (cacfafa3f1c963161b6866e1ee1b7d2e) \Device\Harddisk0\DR0
2011/09/05 18:56:20.0453 3532 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR15
2011/09/05 18:56:20.0500 3532 Boot (0x1200) (195e14685445941187837b6b64b423cb) \Device\Harddisk0\DR0\Partition0
2011/09/05 18:56:20.0515 3532 Boot (0x1200) (58af4954cdd1ae8967eb8c8f0b8a1a40) \Device\Harddisk0\DR0\Partition1
2011/09/05 18:56:20.0546 3532 Boot (0x1200) (1a39659491ce8654b57f63d0262effd9) \Device\Harddisk5\DR15\Partition0
2011/09/05 18:56:20.0562 3532 ================================================================================
2011/09/05 18:56:20.0562 3532 Scan finished
2011/09/05 18:56:20.0562 3532 ================================================================================
2011/09/05 18:56:20.0578 2164 Detected object count: 2
2011/09/05 18:56:20.0578 2164 Actual detected object count: 2
2011/09/05 18:59:06.0296 2164 HiddenFile.Multi.Generic(57cc6e7b) - User select action: Skip
2011/09/05 18:59:06.0765 2164 redbook (6598aff952cb1adbe127a1d4bb237f35) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/05 18:59:06.0781 2164 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
2011/09/05 18:59:23.0468 2164 Backup copy found, using it..
2011/09/05 18:59:23.0546 2164 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2011/09/05 18:59:23.0546 2164 Rootkit.Win32.ZAccess.e(redbook) - User select action: Cure
2011/09/05 19:00:23.0968 3832 Deinitialize success

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 05 September 2011 - 06:43 PM

Re-run the tool, but this time when you got to this item:
57cc6e7b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2070858839:2821951876.exe
instead of skipping it, delete it.

Post new log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 05 September 2011 - 07:28 PM

ok, did that here is the second report:

2011/09/05 19:57:48.0531 4020 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09
2011/09/05 19:57:48.0609 4020 ================================================================================
2011/09/05 19:57:48.0609 4020 SystemInfo:
2011/09/05 19:57:48.0609 4020
2011/09/05 19:57:48.0609 4020 OS Version: 5.1.2600 ServicePack: 2.0
2011/09/05 19:57:48.0609 4020 Product type: Workstation
2011/09/05 19:57:48.0609 4020 ComputerName: MARTY
2011/09/05 19:57:48.0609 4020 UserName: Owner
2011/09/05 19:57:48.0609 4020 Windows directory: C:\WINDOWS
2011/09/05 19:57:48.0609 4020 System windows directory: C:\WINDOWS
2011/09/05 19:57:48.0609 4020 Processor architecture: Intel x86
2011/09/05 19:57:48.0609 4020 Number of processors: 1
2011/09/05 19:57:48.0609 4020 Page size: 0x1000
2011/09/05 19:57:48.0609 4020 Boot type: Normal boot
2011/09/05 19:57:48.0609 4020 ================================================================================
2011/09/05 19:57:50.0421 4020 Initialize success
2011/09/05 19:57:56.0000 1284 ================================================================================
2011/09/05 19:57:56.0000 1284 Scan started
2011/09/05 19:57:56.0000 1284 Mode: Manual;
2011/09/05 19:57:56.0000 1284 ================================================================================
2011/09/05 19:57:58.0671 1284 57cc6e7b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2070858839:2821951876.exe
2011/09/05 19:58:00.0640 1284 Suspicious file (Hidden): C:\WINDOWS\2070858839:2821951876.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/09/05 19:58:00.0656 1284 57cc6e7b - detected HiddenFile.Multi.Generic (1)
2011/09/05 19:58:01.0484 1284 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/05 19:58:02.0000 1284 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/05 19:58:02.0468 1284 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/09/05 19:58:02.0921 1284 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/05 19:58:03.0437 1284 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/05 19:58:03.0921 1284 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/09/05 19:58:04.0406 1284 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/09/05 19:58:04.0906 1284 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/05 19:58:05.0359 1284 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/05 19:58:05.0781 1284 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/05 19:58:06.0250 1284 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/05 19:58:06.0718 1284 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/05 19:58:07.0171 1284 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/05 19:58:07.0640 1284 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/05 19:58:08.0109 1284 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/05 19:58:08.0718 1284 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/09/05 19:58:09.0171 1284 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/05 19:58:09.0765 1284 AR5523 (5af581bb431fb7a952216ad01795ef4e) C:\WINDOWS\system32\DRIVERS\ar5523.sys
2011/09/05 19:58:10.0281 1284 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/05 19:58:10.0718 1284 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/05 19:58:11.0140 1284 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/05 19:58:11.0625 1284 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/09/05 19:58:12.0093 1284 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/05 19:58:12.0562 1284 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/05 19:58:13.0437 1284 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/05 19:58:13.0906 1284 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
2011/09/05 19:58:14.0328 1284 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/05 19:58:14.0859 1284 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/05 19:58:15.0375 1284 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/05 19:58:15.0843 1284 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/05 19:58:16.0390 1284 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/05 19:58:16.0953 1284 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/05 19:58:17.0500 1284 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/05 19:58:17.0968 1284 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/05 19:58:18.0859 1284 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/05 19:58:19.0328 1284 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/09/05 19:58:19.0765 1284 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/05 19:58:20.0187 1284 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/05 19:58:20.0640 1284 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/05 19:58:21.0093 1284 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/05 19:58:21.0500 1284 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/05 19:58:21.0984 1284 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/05 19:58:22.0437 1284 Cdrom (ce12b7a74531bde26b7533ac43bd16fa) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/05 19:58:22.0468 1284 Cdrom - detected Rootkit.Win32.ZAccess.c (0)
2011/09/05 19:58:23.0312 1284 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/05 19:58:23.0765 1284 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/05 19:58:24.0281 1284 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/05 19:58:24.0750 1284 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/05 19:58:25.0218 1284 DcCam (b1ad007f9a7dd8cfc981958d5c167d2d) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/09/05 19:58:25.0703 1284 DcFpoint (5fd20284caaf112201311619ff89fa44) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/09/05 19:58:26.0203 1284 DCFS2K (867f7e6841b15d32481c3f1b83364e3a) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/09/05 19:58:26.0796 1284 DcLps (1b889ac45faf088ff2af690779368956) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/09/05 19:58:27.0281 1284 DcPTP (47b1ccec23aec5ae6a2005d1a0d8ed65) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/09/05 19:58:27.0765 1284 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/05 19:58:28.0437 1284 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/05 19:58:29.0140 1284 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/05 19:58:29.0625 1284 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/05 19:58:30.0093 1284 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/05 19:58:30.0531 1284 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/05 19:58:30.0984 1284 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/05 19:58:31.0515 1284 Exportit (20ff28fb3b268e7c76b10841a9f81ba4) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/09/05 19:58:32.0078 1284 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/05 19:58:32.0562 1284 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/09/05 19:58:33.0031 1284 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/05 19:58:33.0484 1284 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/09/05 19:58:33.0984 1284 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/09/05 19:58:34.0437 1284 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/05 19:58:34.0890 1284 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/05 19:58:35.0390 1284 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/09/05 19:58:35.0875 1284 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/05 19:58:36.0421 1284 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/05 19:58:36.0859 1284 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/05 19:58:37.0406 1284 HSFHWBS2 (33dfc0afa95f9a2c753ff2adb7d4a21f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/09/05 19:58:38.0234 1284 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/09/05 19:58:39.0078 1284 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/05 19:58:39.0593 1284 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/05 19:58:40.0046 1284 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/05 19:58:40.0515 1284 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/05 19:58:41.0000 1284 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/05 19:58:41.0453 1284 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/05 19:58:41.0921 1284 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/05 19:58:42.0406 1284 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/09/05 19:58:42.0843 1284 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/05 19:58:43.0328 1284 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/05 19:58:43.0828 1284 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/05 19:58:44.0343 1284 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/05 19:58:44.0812 1284 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/05 19:58:45.0281 1284 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/05 19:58:45.0734 1284 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/05 19:58:46.0203 1284 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/09/05 19:58:46.0718 1284 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/05 19:58:47.0296 1284 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/05 19:58:48.0203 1284 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/09/05 19:58:48.0625 1284 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/05 19:58:49.0093 1284 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/05 19:58:49.0562 1284 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/05 19:58:50.0031 1284 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/05 19:58:50.0500 1284 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/05 19:58:50.0921 1284 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/05 19:58:51.0468 1284 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/05 19:58:52.0093 1284 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/05 19:58:52.0687 1284 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/05 19:58:53.0125 1284 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/05 19:58:53.0578 1284 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/05 19:58:54.0015 1284 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/05 19:58:54.0484 1284 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/05 19:58:54.0937 1284 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/05 19:58:55.0406 1284 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/05 19:58:55.0875 1284 mxnic (e1cdf20697d992cf83ff86dd04df1285) C:\WINDOWS\system32\DRIVERS\mxnic.sys
2011/09/05 19:58:56.0343 1284 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/05 19:58:56.0656 1284 NAVENG (758ddb94f34add247e2499f557480116) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051214.017\NAVENG.Sys
2011/09/05 19:58:57.0125 1284 NAVEX15 (7fa3f4df4d63e0eb6371fe6152f75ca4) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20051214.017\NavEx15.Sys
2011/09/05 19:58:57.0656 1284 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/05 19:58:58.0140 1284 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/05 19:58:58.0593 1284 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/05 19:58:59.0046 1284 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/05 19:58:59.0546 1284 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/05 19:59:00.0031 1284 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/05 19:59:00.0546 1284 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/05 19:59:01.0046 1284 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/05 19:59:01.0593 1284 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/05 19:59:02.0218 1284 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/05 19:59:02.0843 1284 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/05 19:59:03.0296 1284 nuvaud2 (9a973553a0f4107c3a5e7a466b113836) C:\WINDOWS\system32\DRIVERS\nuvaud2.sys
2011/09/05 19:59:03.0781 1284 NUVision (923809daf96cd3a9fabcdebc735b21b6) C:\WINDOWS\system32\DRIVERS\nuvvid2.sys
2011/09/05 19:59:05.0015 1284 nv (c43d9d777d53d668d1fe683947c9ffe1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/09/05 19:59:06.0234 1284 nvax (47b3852808dd579a463fce7085b77413) C:\WINDOWS\system32\drivers\nvax.sys
2011/09/05 19:59:06.0718 1284 NVENETFD (23297b3c2ff3510e2e760714fc6f094e) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/09/05 19:59:07.0187 1284 nvnetbus (bcc3722a2db99ad6f367344997c26654) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/09/05 19:59:07.0843 1284 nvnforce (adbcba116496229a163193bbe0bb28ce) C:\WINDOWS\system32\drivers\nvapu.sys
2011/09/05 19:59:08.0406 1284 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2011/09/05 19:59:08.0843 1284 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/05 19:59:09.0281 1284 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/05 19:59:09.0750 1284 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
2011/09/05 19:59:10.0234 1284 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/09/05 19:59:10.0718 1284 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/05 19:59:11.0156 1284 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/05 19:59:11.0609 1284 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/05 19:59:12.0500 1284 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/05 19:59:13.0000 1284 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/09/05 19:59:15.0171 1284 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/05 19:59:15.0640 1284 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/05 19:59:16.0156 1284 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/05 19:59:16.0640 1284 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/05 19:59:17.0125 1284 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/05 19:59:17.0578 1284 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/09/05 19:59:18.0015 1284 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/05 19:59:18.0515 1284 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/05 19:59:18.0984 1284 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/05 19:59:19.0453 1284 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/05 19:59:19.0921 1284 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/05 19:59:20.0390 1284 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/05 19:59:20.0875 1284 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/05 19:59:21.0375 1284 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/05 19:59:21.0843 1284 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/05 19:59:22.0359 1284 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/05 19:59:22.0843 1284 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/05 19:59:23.0359 1284 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/05 19:59:23.0906 1284 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/05 19:59:24.0390 1284 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/05 19:59:24.0687 1284 SAVRT (5ef4742265dc55dcc672afa45e49f415) C:\Program Files\Norton AntiVirus\SAVRT.SYS
2011/09/05 19:59:24.0859 1284 SAVRTPEL (ec81597b7c7bcc28ce4912c36e5e12a6) C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS
2011/09/05 19:59:25.0343 1284 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/05 19:59:25.0812 1284 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/05 19:59:26.0296 1284 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/09/05 19:59:26.0750 1284 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/05 19:59:27.0640 1284 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/05 19:59:28.0093 1284 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/05 19:59:28.0609 1284 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/05 19:59:28.0890 1284 SPBBCDrv (924e82d6dec26f82036e69b8d3f04216) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/09/05 19:59:29.0453 1284 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/05 19:59:29.0921 1284 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/05 19:59:30.0500 1284 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/05 19:59:31.0046 1284 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/05 19:59:31.0500 1284 SunkFilt (9152dc78005a58a17e79390aa0853bb1) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2011/09/05 19:59:31.0953 1284 SunkFilt39 (ed67900e1553b2fc56daa64aab4b304f) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2011/09/05 19:59:32.0859 1284 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/05 19:59:33.0343 1284 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/05 19:59:33.0812 1284 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/05 19:59:34.0281 1284 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/05 19:59:34.0734 1284 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
2011/09/05 19:59:34.0937 1284 SymEvent (b6020caf9ea58532dd78490a3f28ead2) C:\Program Files\Symantec\SYMEVENT.SYS
2011/09/05 19:59:35.0468 1284 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
2011/09/05 19:59:35.0984 1284 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
2011/09/05 19:59:36.0281 1284 SYMIDSCO (14316306984f8ae6b6090b29a5f097b6) C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20100804.001\symidsco.sys
2011/09/05 19:59:36.0812 1284 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
2011/09/05 19:59:37.0281 1284 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/09/05 19:59:37.0843 1284 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/09/05 19:59:38.0375 1284 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/05 19:59:38.0859 1284 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/05 19:59:39.0343 1284 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/05 19:59:39.0937 1284 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/05 19:59:40.0468 1284 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/05 19:59:40.0906 1284 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/05 19:59:41.0390 1284 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/05 19:59:41.0859 1284 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/05 19:59:42.0343 1284 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/05 19:59:42.0843 1284 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/05 19:59:43.0437 1284 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/05 19:59:44.0000 1284 USBAAPL (7c9f1503245402b01c79bdfa8731cb2a) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/05 19:59:44.0468 1284 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/09/05 19:59:44.0921 1284 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/05 19:59:45.0390 1284 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/05 19:59:45.0859 1284 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/05 19:59:46.0343 1284 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/05 19:59:46.0859 1284 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/05 19:59:47.0296 1284 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/05 19:59:47.0765 1284 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/05 19:59:48.0250 1284 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/05 19:59:48.0703 1284 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/05 19:59:49.0171 1284 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/05 19:59:49.0671 1284 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/05 19:59:50.0140 1284 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/05 19:59:50.0656 1284 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/05 19:59:51.0984 1284 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/05 19:59:52.0703 1284 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/09/05 19:59:53.0406 1284 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/05 19:59:53.0875 1284 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/05 19:59:54.0359 1284 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/05 19:59:54.0843 1284 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/05 19:59:54.0953 1284 MBR (0x1B8) (cacfafa3f1c963161b6866e1ee1b7d2e) \Device\Harddisk0\DR0
2011/09/05 19:59:54.0968 1284 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk5\DR13
2011/09/05 19:59:55.0031 1284 Boot (0x1200) (195e14685445941187837b6b64b423cb) \Device\Harddisk0\DR0\Partition0
2011/09/05 19:59:55.0046 1284 Boot (0x1200) (58af4954cdd1ae8967eb8c8f0b8a1a40) \Device\Harddisk0\DR0\Partition1
2011/09/05 19:59:55.0078 1284 Boot (0x1200) (1a39659491ce8654b57f63d0262effd9) \Device\Harddisk5\DR13\Partition0
2011/09/05 19:59:55.0093 1284 ================================================================================
2011/09/05 19:59:55.0093 1284 Scan finished
2011/09/05 19:59:55.0093 1284 ================================================================================
2011/09/05 19:59:55.0109 3052 Detected object count: 2
2011/09/05 19:59:55.0109 3052 Actual detected object count: 2
2011/09/05 20:00:21.0578 3052 HKLM\SYSTEM\ControlSet002\services\57cc6e7b - will be deleted after reboot
2011/09/05 20:00:21.0609 3052 HKLM\SYSTEM\ControlSet003\services\57cc6e7b - will be deleted after reboot
2011/09/05 20:00:21.0609 3052 HKLM\SYSTEM\ControlSet004\services\57cc6e7b - will be deleted after reboot
2011/09/05 20:00:21.0609 3052 C:\WINDOWS\2070858839:2821951876.exe - will be deleted after reboot
2011/09/05 20:00:21.0609 3052 HiddenFile.Multi.Generic(57cc6e7b) - User select action: Delete
2011/09/05 20:00:22.0093 3052 Cdrom (ce12b7a74531bde26b7533ac43bd16fa) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/05 20:00:22.0093 3052 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\cdrom.sys) error 1813
2011/09/05 20:00:29.0656 3052 Backup copy found, using it..
2011/09/05 20:00:29.0765 3052 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured after reboot
2011/09/05 20:00:29.0765 3052 Rootkit.Win32.ZAccess.c(Cdrom) - User select action: Cure
2011/09/05 20:00:46.0281 3444 Deinitialize success

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 05 September 2011 - 07:37 PM

Re-run it one more time please.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 05 September 2011 - 07:47 PM

I ran it again & shows 2 again:
one looks the same malicious - Rootkit.Win32.ZAccess.e
the other suspicious- svs name 57cc6e7b Kernal driver(0x1) Demand (0x3)
File C windows\2070858839:2821951876.exe

Should I cure 1st & skip 2nd?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 05 September 2011 - 08:04 PM

Let's check something first.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :filefind
    consrv.dll
    winsrv.dll
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 scaredycat

scaredycat
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 05 September 2011 - 08:27 PM

This is the system look log

SystemLook 30.07.11 by jpshortstuff
Log created at 21:20 on 05/09/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "consrv.dll"
No files found.

Searching for "winsrv.dll"
C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\winsrv.dll --a---- 291328 bytes [18:19 02/03/2005] [18:19 02/03/2005] 0F292F96B5967F31793C74007A0368AB
C:\WINDOWS\$hf_mig$\KB900725\SP2QFE\winsrv.dll --a---- 291840 bytes [01:44 01/09/2005] [01:44 01/09/2005] 3642C99D14EC986DDE123C9D2846427D
C:\WINDOWS\$hf_mig$\KB930178\SP2QFE\winsrv.dll --a---- 292864 bytes [13:45 17/03/2007] [13:45 17/03/2007] 3E958EBBE7DA5691E8B08429A7EDB44B
C:\WINDOWS\$NtServicePackUninstall$\winsrv.dll -----c- 292864 bytes [15:58 25/06/2010] [13:43 17/03/2007] 3D21B3BE0C5768E76FD9780E9CF9E07C
C:\WINDOWS\$NtUninstallKB890859$\winsrv.dll -----c- 290816 bytes [12:48 26/09/2005] [19:00 04/08/2004] 442D0EAD5534E4ADCF6D4469043C82C0
C:\WINDOWS\$NtUninstallKB900725$\winsrv.dll -----c- 291328 bytes [12:04 17/10/2005] [18:09 02/03/2005] 4C6A223A9E8571073EC033E4A06D0131
C:\WINDOWS\$NtUninstallKB930178$\winsrv.dll -----c- 291840 bytes [07:01 11/04/2007] [01:41 01/09/2005] 31F2735965A8AD1EB56F774D703DDAF9
C:\WINDOWS\ServicePackFiles\i386\winsrv.dll ------- 293376 bytes [06:07 24/09/2008] [00:12 14/04/2008] 1618F36D4F7F6CCCEB3EE44BA95BE85C
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winsrv.dll --a---- 293376 bytes [23:18 25/08/2011] [00:12 14/04/2008] 1618F36D4F7F6CCCEB3EE44BA95BE85C
C:\WINDOWS\system32\winsrv.dll ------- 292864 bytes [16:12 26/08/2004] [13:43 17/03/2007] 3D21B3BE0C5768E76FD9780E9CF9E07C

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Debug"=""
"Kmode"="%SystemRoot%\system32\win32k.sys"
"Optional"="Posix"
"Posix"="%SystemRoot%\system32\psxss.exe"
"Required"="Debug Windows"
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
"CsrSrvSharedSectionBase"= 0x007f6f0000 (2137980928)


-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users