Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing a Nasty Rootkit/Trojan


  • Please log in to reply
8 replies to this topic

#1 Rayzen

Rayzen

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 29 September 2011 - 06:32 PM

I need help getting rid of a really nasty trojan on my neighbor's computer. She is running Windows XP Home Edition on a Dell 32-bit desktop. She is seeing the following symptoms: a) very slow operation, b) all of her antivirus software is shut down, c) constant redirects, when surfing on Google. I have tried to use system restore, but it won't work, no matter how far back in time I go. I have tried installing a brand new Kaspersky security suite disk, but it shuts down about 1/3 of the way through the installation process. I have tried running SUPERantispyware, Malwarebytes, and AVG (all in safe mode), but none of them can see it. The only program that recognized it was Kaspersky's Virus Removal Tool, which I downloaded from the internet onto a thumb drive from my own computer, which I then brought over to her computer and ran in safe mode. It identified the trojan as a "afd.sys" trojan. I followed their instruction, but was told that I could not delete it. I was then offered the choice of quarantining it, which seemed to work, as I was able to then surf the net on Google without being redirected, but then, upon rebooting, it was back again. Is there any way to get rid of this thing? Any help would be greatly appreciated.

Edited by hamluis, 29 September 2011 - 07:29 PM.
Moved from XP to Am I infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:10 AM

Posted 29 September 2011 - 07:43 PM

Welcome aboard Posted Image

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Rayzen

Rayzen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 02 October 2011 - 03:39 PM

Hi Broni,

Okay, I'll give it a try, today. I've been so busy the last few days, I haven't had a chance to even get near my computer. Thanks a bunch for your reply and help. I'll post the log as soon as I can.

Thanks again!

#4 Rayzen

Rayzen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 02 October 2011 - 05:17 PM

Hi Bron. Okay, here's the log:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
0xF758743C Unknown page with executable code, 3012 bytes
0xF758728A Unknown page with executable code, 3446 bytes
0x89FF5F3B Unknown page with executable code, 197 bytes
0x89FF8B7F Unknown page with executable code, 1153 bytes
WARNING: Virus alike driver modification [afd.sys]
==============================================
>Stealth
==============================================
0x89FF8B7F Unknown page with executable code, 1153 bytes
WARNING: Virus alike driver modification [afd.sys]
0x89FF5F3B Unknown page with executable code, 197 bytes
0xF758743C Unknown page with executable code, 3012 bytes
0xF758728A Unknown page with executable code, 3446 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:10 AM

Posted 02 October 2011 - 08:31 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 Rayzen

Rayzen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 04 October 2011 - 10:18 PM

Hey Broni, that did the trick!! My neighbor's computer is now up and running again, thanks to you. We really appreciate your help. It's sure nice to know that there are people like you around, who actually are willing to help others, instead of there just being jerks who come up with all of these viruses, spending their time just trying to make life miserable; what the hell's with that, anyway? Don't they have anything better to do with their lives?

I forgot to copy the log, though, so I can't send it to you. After days of trying to figure that thing out, I was so excited to see it actually go away that I forgot to copy and send the log.

Thanks again. Like the Aussies say, "Good on yah!"

--Ray

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:10 AM

Posted 04 October 2011 - 10:33 PM

I'm glad to see good news, but we should run some more checks on that computer.

Firstly I'd like to see TDSSKiller log.

the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 Rayzen

Rayzen
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:10 AM

Posted 10 October 2011 - 06:02 PM

Hi Broni. I'm a little slow to respond, here, but, like they say, "better late than never." Okay, I went next door and found that log, so here it is. What's the deal? Might there possibly still be some residual stuff left on her computer from that trojan?

Thanks again, for all of your help!

--Ray

*****************************************************************************************************************************************************************




19:47:39.0546 1224 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
19:47:39.0609 1224 ============================================================
19:47:39.0609 1224 Current date / time: 2011/10/03 19:47:39.0609
19:47:39.0609 1224 SystemInfo:
19:47:39.0609 1224
19:47:39.0609 1224 OS Version: 5.1.2600 ServicePack: 3.0
19:47:39.0609 1224 Product type: Workstation
19:47:39.0609 1224 ComputerName: NORBERG
19:47:39.0609 1224 UserName: Administrator
19:47:39.0609 1224 Windows directory: C:\WINDOWS
19:47:39.0609 1224 System windows directory: C:\WINDOWS
19:47:39.0609 1224 Processor architecture: Intel x86
19:47:39.0609 1224 Number of processors: 2
19:47:39.0609 1224 Page size: 0x1000
19:47:39.0609 1224 Boot type: Safe boot
19:47:39.0609 1224 ============================================================
19:47:44.0265 1224 Initialize success
19:48:03.0140 1248 ============================================================
19:48:03.0140 1248 Scan started
19:48:03.0140 1248 Mode: Manual;
19:48:03.0140 1248 ============================================================
19:48:05.0046 1248 99cfda47 (07cbdaa4b3cc6e2c62b7a83cce5ccbf8) C:\WINDOWS\1205522329:1714431416.exe
19:48:06.0640 1248 Suspicious file (Hidden): C:\WINDOWS\1205522329:1714431416.exe. md5: 07cbdaa4b3cc6e2c62b7a83cce5ccbf8
19:48:06.0640 1248 99cfda47 ( HiddenFile.Multi.Generic ) - warning
19:48:06.0640 1248 99cfda47 - detected HiddenFile.Multi.Generic (1)
19:48:06.0859 1248 Abiosdsk - ok
19:48:07.0062 1248 abp480n5 - ok
19:48:07.0359 1248 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:48:07.0421 1248 ACPI - ok
19:48:07.0656 1248 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:48:07.0671 1248 ACPIEC - ok
19:48:07.0875 1248 adpu160m - ok
19:48:08.0187 1248 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:48:08.0234 1248 aec - ok
19:48:08.0515 1248 AFD (4f25d575a79ff134f0213aebb824f317) C:\WINDOWS\System32\drivers\afd.sys
19:48:08.0546 1248 AFD ( Rootkit.Win32.ZAccess.e ) - infected
19:48:08.0546 1248 AFD - detected Rootkit.Win32.ZAccess.e (0)
19:48:08.0812 1248 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
19:48:08.0828 1248 AFS2K - ok
19:48:09.0046 1248 Aha154x - ok
19:48:09.0265 1248 aic78u2 - ok
19:48:09.0468 1248 aic78xx - ok
19:48:09.0718 1248 AliIde - ok
19:48:09.0937 1248 amsint - ok
19:48:10.0234 1248 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:48:10.0265 1248 Arp1394 - ok
19:48:10.0468 1248 asc - ok
19:48:10.0687 1248 asc3350p - ok
19:48:10.0906 1248 asc3550 - ok
19:48:11.0234 1248 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:48:11.0234 1248 AsyncMac - ok
19:48:11.0484 1248 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:48:11.0484 1248 atapi - ok
19:48:11.0703 1248 Atdisk - ok
19:48:12.0296 1248 ati2mtag (5b9320783e76a46ef97734f113a82ad8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:48:12.0609 1248 ati2mtag - ok
19:48:12.0875 1248 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:12.0890 1248 Atmarpc - ok
19:48:13.0140 1248 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:13.0140 1248 audstub - ok
19:48:13.0390 1248 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:48:13.0390 1248 Beep - ok
19:48:13.0671 1248 black (8e6619bad8506923266f1e378dc3d930) C:\WINDOWS\System32\drivers\BlackDrv.sys
19:48:13.0718 1248 black - ok
19:48:13.0953 1248 BlackBox (32790d68ddcf79c990622564585ca546) C:\WINDOWS\system32\drivers\BlackBox.sys
19:48:13.0968 1248 BlackBox - ok
19:48:14.0250 1248 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
19:48:14.0250 1248 bvrp_pci - ok
19:48:14.0359 1248 catchme - ok
19:48:14.0609 1248 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:48:14.0625 1248 cbidf2k - ok
19:48:14.0828 1248 cd20xrnt - ok
19:48:15.0062 1248 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:48:15.0078 1248 Cdaudio - ok
19:48:15.0328 1248 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:48:15.0343 1248 Cdfs - ok
19:48:15.0593 1248 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:48:15.0609 1248 Cdrom - ok
19:48:15.0828 1248 Changer - ok
19:48:16.0109 1248 CmdIde - ok
19:48:16.0390 1248 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
19:48:16.0437 1248 COMMONFX.DLL - ok
19:48:16.0687 1248 Cpqarray - ok
19:48:16.0984 1248 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
19:48:17.0031 1248 CT20XUT.DLL - ok
19:48:17.0421 1248 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
19:48:17.0578 1248 ctac32k - ok
19:48:17.0968 1248 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
19:48:18.0140 1248 ctaud2k - ok
19:48:18.0500 1248 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
19:48:18.0671 1248 CTAUDFX.DLL - ok
19:48:19.0031 1248 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
19:48:19.0140 1248 ctdvda2k - ok
19:48:19.0406 1248 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
19:48:19.0453 1248 CTEAPSFX.DLL - ok
19:48:19.0734 1248 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
19:48:19.0812 1248 CTEDSPFX.DLL - ok
19:48:20.0062 1248 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
19:48:20.0093 1248 CTEDSPIO.DLL - ok
19:48:20.0390 1248 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
19:48:20.0484 1248 CTEDSPSY.DLL - ok
19:48:20.0734 1248 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
19:48:20.0765 1248 CTERFXFX.DLL - ok
19:48:21.0343 1248 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
19:48:21.0734 1248 CTEXFIFX.DLL - ok
19:48:21.0953 1248 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
19:48:21.0984 1248 CTHWIUT.DLL - ok
19:48:22.0203 1248 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
19:48:22.0203 1248 ctprxy2k - ok
19:48:22.0578 1248 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
19:48:22.0750 1248 CTSBLFX.DLL - ok
19:48:23.0015 1248 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
19:48:23.0062 1248 ctsfm2k - ok
19:48:23.0281 1248 dac2w2k - ok
19:48:23.0484 1248 dac960nt - ok
19:48:23.0796 1248 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:48:23.0812 1248 Disk - ok
19:48:24.0281 1248 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:48:24.0515 1248 dmboot - ok
19:48:24.0781 1248 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:48:24.0828 1248 dmio - ok
19:48:25.0046 1248 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:48:25.0046 1248 dmload - ok
19:48:25.0281 1248 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:48:25.0312 1248 DMusic - ok
19:48:25.0546 1248 dpti2o - ok
19:48:25.0796 1248 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:48:25.0796 1248 drmkaud - ok
19:48:26.0093 1248 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:48:26.0125 1248 drvmcdb - ok
19:48:26.0359 1248 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
19:48:26.0375 1248 drvnddm - ok
19:48:26.0656 1248 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:48:26.0703 1248 E100B - ok
19:48:27.0078 1248 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
19:48:27.0109 1248 emupia - ok
19:48:27.0437 1248 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:48:27.0468 1248 Fastfat - ok
19:48:27.0734 1248 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:48:27.0750 1248 Fdc - ok
19:48:27.0968 1248 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:48:27.0984 1248 Fips - ok
19:48:28.0250 1248 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:48:28.0265 1248 Flpydisk - ok
19:48:28.0531 1248 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:48:28.0578 1248 FltMgr - ok
19:48:28.0843 1248 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:48:28.0859 1248 fssfltr - ok
19:48:29.0296 1248 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:48:29.0296 1248 Fs_Rec - ok
19:48:29.0578 1248 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:48:29.0625 1248 Ftdisk - ok
19:48:29.0875 1248 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
19:48:29.0890 1248 gameenum - ok
19:48:30.0156 1248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:48:30.0156 1248 GEARAspiWDM - ok
19:48:30.0421 1248 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:48:30.0437 1248 Gpc - ok
19:48:30.0968 1248 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
19:48:31.0187 1248 ha10kx2k - ok
19:48:31.0468 1248 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
19:48:31.0531 1248 hap16v2k - ok
19:48:31.0828 1248 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
19:48:31.0875 1248 hap17v2k - ok
19:48:32.0156 1248 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:48:32.0156 1248 hidusb - ok
19:48:32.0375 1248 hpn - ok
19:48:32.0656 1248 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:48:32.0671 1248 HPZid412 - ok
19:48:32.0890 1248 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:48:32.0906 1248 HPZipr12 - ok
19:48:33.0125 1248 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:48:33.0125 1248 HPZius12 - ok
19:48:33.0453 1248 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
19:48:33.0515 1248 HSFHWBS2 - ok
19:48:34.0046 1248 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
19:48:34.0359 1248 HSF_DP - ok
19:48:34.0796 1248 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:48:34.0875 1248 HTTP - ok
19:48:35.0093 1248 i2omgmt - ok
19:48:35.0312 1248 i2omp - ok
19:48:35.0562 1248 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:48:35.0578 1248 i8042prt - ok
19:48:35.0875 1248 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:48:35.0890 1248 Imapi - ok
19:48:36.0109 1248 ini910u - ok
19:48:36.0375 1248 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:48:36.0375 1248 IntelIde - ok
19:48:36.0640 1248 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:48:36.0640 1248 intelppm - ok
19:48:36.0890 1248 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:48:36.0906 1248 Ip6Fw - ok
19:48:37.0156 1248 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:48:37.0171 1248 IpFilterDriver - ok
19:48:37.0406 1248 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:48:37.0421 1248 IpInIp - ok
19:48:37.0718 1248 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:48:37.0765 1248 IpNat - ok
19:48:38.0031 1248 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:48:38.0062 1248 IPSec - ok
19:48:38.0296 1248 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:48:38.0296 1248 IRENUM - ok
19:48:38.0546 1248 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:48:38.0546 1248 isapnp - ok
19:48:38.0828 1248 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:48:38.0828 1248 Kbdclass - ok
19:48:39.0062 1248 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:48:39.0062 1248 kbdhid - ok
19:48:39.0343 1248 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:48:39.0390 1248 kmixer - ok
19:48:39.0656 1248 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:48:39.0703 1248 KSecDD - ok
19:48:39.0937 1248 lbrtfdc - ok
19:48:40.0234 1248 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
19:48:40.0234 1248 mdmxsdk - ok
19:48:40.0500 1248 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:48:40.0515 1248 mnmdd - ok
19:48:40.0796 1248 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:48:40.0796 1248 Modem - ok
19:48:41.0046 1248 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:48:41.0062 1248 MODEMCSA - ok
19:48:41.0281 1248 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:48:41.0281 1248 Mouclass - ok
19:48:41.0546 1248 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:48:41.0546 1248 mouhid - ok
19:48:41.0812 1248 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:48:41.0828 1248 MountMgr - ok
19:48:42.0046 1248 mraid35x - ok
19:48:42.0328 1248 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:48:42.0375 1248 MRxDAV - ok
19:48:42.0765 1248 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:48:42.0890 1248 MRxSmb - ok
19:48:43.0140 1248 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:48:43.0140 1248 Msfs - ok
19:48:43.0390 1248 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:48:43.0406 1248 MSKSSRV - ok
19:48:43.0609 1248 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:48:43.0625 1248 MSPCLOCK - ok
19:48:43.0828 1248 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:48:43.0843 1248 MSPQM - ok
19:48:44.0093 1248 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:48:44.0093 1248 mssmbios - ok
19:48:44.0390 1248 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:48:44.0421 1248 Mup - ok
19:48:44.0734 1248 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:48:44.0781 1248 NDIS - ok
19:48:45.0031 1248 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:48:45.0046 1248 NdisTapi - ok
19:48:45.0296 1248 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:48:45.0296 1248 Ndisuio - ok
19:48:45.0578 1248 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:48:45.0593 1248 NdisWan - ok
19:48:45.0859 1248 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:48:45.0875 1248 NDProxy - ok
19:48:46.0109 1248 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:48:46.0125 1248 NetBIOS - ok
19:48:46.0390 1248 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:48:46.0437 1248 NetBT - ok
19:48:46.0796 1248 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:48:46.0828 1248 NIC1394 - ok
19:48:47.0078 1248 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:48:47.0093 1248 Npfs - ok
19:48:47.0468 1248 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:48:47.0640 1248 Ntfs - ok
19:48:48.0218 1248 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:48:48.0218 1248 Null - ok
19:48:48.0468 1248 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:48:48.0468 1248 NwlnkFlt - ok
19:48:48.0703 1248 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:48:48.0718 1248 NwlnkFwd - ok
19:48:48.0968 1248 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:48:49.0000 1248 ohci1394 - ok
19:48:49.0312 1248 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
19:48:49.0359 1248 ossrv - ok
19:48:49.0640 1248 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:48:49.0671 1248 Parport - ok
19:48:49.0921 1248 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:48:49.0921 1248 PartMgr - ok
19:48:50.0156 1248 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:48:50.0156 1248 ParVdm - ok
19:48:50.0421 1248 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:48:50.0437 1248 PCI - ok
19:48:50.0640 1248 PCIDump - ok
19:48:50.0890 1248 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:48:50.0890 1248 PCIIde - ok
19:48:51.0156 1248 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:48:51.0203 1248 Pcmcia - ok
19:48:51.0406 1248 PDCOMP - ok
19:48:51.0609 1248 PDFRAME - ok
19:48:51.0843 1248 PDRELI - ok
19:48:52.0062 1248 PDRFRAME - ok
19:48:52.0281 1248 perc2 - ok
19:48:52.0484 1248 perc2hib - ok
19:48:52.0796 1248 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys
19:48:52.0796 1248 PfModNT - ok
19:48:53.0093 1248 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:48:53.0109 1248 PptpMiniport - ok
19:48:53.0359 1248 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:48:53.0390 1248 PSched - ok
19:48:53.0609 1248 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:48:53.0609 1248 Ptilink - ok
19:48:53.0859 1248 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:48:53.0875 1248 PxHelp20 - ok
19:48:54.0078 1248 ql1080 - ok
19:48:54.0296 1248 Ql10wnt - ok
19:48:54.0515 1248 ql12160 - ok
19:48:54.0734 1248 ql1240 - ok
19:48:54.0937 1248 ql1280 - ok
19:48:55.0187 1248 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:48:55.0187 1248 RasAcd - ok
19:48:55.0468 1248 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:48:55.0484 1248 Rasl2tp - ok
19:48:55.0718 1248 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:48:55.0734 1248 RasPppoe - ok
19:48:55.0968 1248 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:48:55.0984 1248 Raspti - ok
19:48:56.0250 1248 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:48:56.0296 1248 Rdbss - ok
19:48:56.0515 1248 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:48:56.0515 1248 RDPCDD - ok
19:48:56.0812 1248 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:48:56.0859 1248 RDPWD - ok
19:48:57.0125 1248 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:48:57.0140 1248 redbook - ok
19:48:57.0390 1248 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:48:57.0390 1248 SASDIFSV - ok
19:48:57.0468 1248 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:48:57.0500 1248 SASKUTIL - ok
19:48:57.0812 1248 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:48:57.0812 1248 Secdrv - ok
19:48:58.0093 1248 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:48:58.0093 1248 serenum - ok
19:48:58.0359 1248 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:48:58.0390 1248 Serial - ok
19:48:58.0656 1248 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:48:58.0656 1248 Sfloppy - ok
19:48:58.0890 1248 Simbad - ok
19:48:59.0109 1248 Sparrow - ok
19:48:59.0359 1248 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:48:59.0359 1248 splitter - ok
19:48:59.0625 1248 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:48:59.0656 1248 sr - ok
19:49:00.0031 1248 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:49:00.0140 1248 Srv - ok
19:49:00.0359 1248 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:49:00.0359 1248 sscdbhk5 - ok
19:49:00.0593 1248 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
19:49:00.0609 1248 ssrtln - ok
19:49:00.0875 1248 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:49:00.0875 1248 swenum - ok
19:49:01.0109 1248 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:49:01.0125 1248 swmidi - ok
19:49:01.0359 1248 symc810 - ok
19:49:01.0578 1248 symc8xx - ok
19:49:01.0796 1248 sym_hi - ok
19:49:02.0031 1248 sym_u3 - ok
19:49:02.0281 1248 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:49:02.0296 1248 sysaudio - ok
19:49:02.0656 1248 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:49:02.0765 1248 Tcpip - ok
19:49:03.0015 1248 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:49:03.0015 1248 TDPIPE - ok
19:49:03.0250 1248 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:49:03.0250 1248 TDTCP - ok
19:49:03.0500 1248 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:49:03.0515 1248 TermDD - ok
19:49:03.0781 1248 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
19:49:03.0796 1248 tfsnboio - ok
19:49:04.0015 1248 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
19:49:04.0031 1248 tfsncofs - ok
19:49:04.0250 1248 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
19:49:04.0250 1248 tfsndrct - ok
19:49:04.0468 1248 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
19:49:04.0468 1248 tfsndres - ok
19:49:04.0703 1248 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
19:49:04.0718 1248 tfsnifs - ok
19:49:04.0921 1248 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
19:49:04.0937 1248 tfsnopio - ok
19:49:05.0125 1248 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
19:49:05.0140 1248 tfsnpool - ok
19:49:05.0359 1248 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
19:49:05.0390 1248 tfsnudf - ok
19:49:05.0625 1248 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:49:05.0656 1248 tfsnudfa - ok
19:49:05.0890 1248 TosIde - ok
19:49:06.0296 1248 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:49:06.0312 1248 Udfs - ok
19:49:06.0546 1248 ultra - ok
19:49:06.0906 1248 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:49:07.0031 1248 Update - ok
19:49:07.0296 1248 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:49:07.0312 1248 usbccgp - ok
19:49:07.0562 1248 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:49:07.0578 1248 usbehci - ok
19:49:07.0812 1248 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:49:07.0828 1248 usbhub - ok
19:49:08.0062 1248 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:49:08.0078 1248 usbprint - ok
19:49:08.0328 1248 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:49:08.0328 1248 usbscan - ok
19:49:08.0546 1248 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:49:08.0546 1248 USBSTOR - ok
19:49:08.0796 1248 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:49:08.0796 1248 usbuhci - ok
19:49:09.0046 1248 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:49:09.0062 1248 VgaSave - ok
19:49:09.0265 1248 ViaIde - ok
19:49:09.0531 1248 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:49:09.0546 1248 VolSnap - ok
19:49:09.0843 1248 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:49:09.0859 1248 Wanarp - ok
19:49:10.0062 1248 WDICA - ok
19:49:10.0343 1248 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:49:10.0359 1248 wdmaud - ok
19:49:10.0843 1248 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
19:49:11.0031 1248 winachsf - ok
19:49:11.0437 1248 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:49:11.0468 1248 WudfPf - ok
19:49:11.0718 1248 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:49:11.0750 1248 WudfRd - ok
19:49:11.0843 1248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:49:12.0046 1248 \Device\Harddisk0\DR0 - ok
19:49:12.0046 1248 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR4
19:49:12.0062 1248 \Device\Harddisk2\DR4 - ok
19:49:12.0078 1248 Boot (0x1200) (420a743c970ed33b372aab079c6fb2d1) \Device\Harddisk0\DR0\Partition0
19:49:12.0078 1248 \Device\Harddisk0\DR0\Partition0 - ok
19:49:12.0093 1248 Boot (0x1200) (dbd8b475bad64d60ad5802d87b4a522a) \Device\Harddisk2\DR4\Partition0
19:49:12.0093 1248 \Device\Harddisk2\DR4\Partition0 - ok
19:49:12.0093 1248 ============================================================
19:49:12.0093 1248 Scan finished
19:49:12.0093 1248 ============================================================
19:49:12.0156 1240 Detected object count: 2
19:49:12.0156 1240 Actual detected object count: 2
19:49:30.0703 1240 99cfda47 ( HiddenFile.Multi.Generic ) - skipped by user
19:49:30.0703 1240 99cfda47 ( HiddenFile.Multi.Generic ) - User select action: Skip
19:49:30.0984 1240 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
19:49:34.0140 1240 Backup copy found, using it..
19:49:34.0203 1240 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
19:49:34.0203 1240 AFD ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
19:49:49.0156 1220 Deinitialize success

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:10 AM

Posted 10 October 2011 - 08:03 PM

It looks like we're dealing with ZeroAccess rootkit there so I'll have to send you "upstairs".

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users