Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Virus


  • Please log in to reply
16 replies to this topic

#1 pepsez

pepsez

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 11:21 AM

hey all! gotta love malware! so i'm still having major issues. i have run tdsskiller and malwarebytes which have gotten rid of a lot of stuff and my firefox works. but i still can't run a normal scan of malwarebytes (as in i have to do it in safe mode) and everytime i reboot i get these errors saying macafee had to shut down and my windows security center tells me i have to update my malware protection etc etc... i'm not sure what to do next. i was going to use combofix but decided not too before exhausting all options. ohh and my google searches are all re-directed to scour.com aswell. i have no idea what happened as i have not been browsing any sites out of the ordinary. thanks

Edited by hamluis, 04 October 2011 - 11:56 AM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 03:16 PM

i have had a look on the forum and it seems i may have this re-direct virus as well but i cant get rid of it. i also cannot run and AV software without going into safe mode. then both malwarebytes and super anti spyware detect numerous threats but after rebooting i still have same issues...

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 PM

Posted 04 October 2011 - 08:30 PM

Hello, please do thsse,try from Normal mode first.

Post the last MBAM log
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal Instructions

If it finds something make sure Cure is selected
Next click Continue then Reboot now
A log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 09:14 PM

hi. thanks for your assistance, i really appreciate it. here is my Result.txt from minitoolbox

MiniToolBox by Farbar
Ran by Jose (administrator) on 05-10-2011 at 13:09:06
Windows Vista ™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localho,t,127.0.0.1,*.local"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================





127.0.0.1 localhost

========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : XPS-420
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-1E-4C-E6-55-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82566DC-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-1E-C9-4F-0F-5C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc90:b589:44a1:ee02%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Wednesday, 5 October 2011 1:02:32 PM
Lease Expires . . . . . . . . . . : Wednesday, 5 October 2011 11:02:32 PM
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 251666121
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0F-E6-17-9B-00-1E-C9-4F-0F-5C
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c03:27c6:91df:36e6(Preferred)
Link-local IPv6 Address . . . . . : fe80::1c03:27c6:91df:36e6%10(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{0C97C08F-8446-4A85-8811-BEAB58E2DA7D}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{9624C759-B8BD-440B-B569-15F04FBEE247}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.237.16] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 74.125.237.16:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 1e 4c e6 55 4d ...... Bluetooth Device (Personal Area Network)
11 ...00 1e c9 4f 0f 5c ...... Intel® 82566DC-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
15 ...00 00 00 00 00 00 00 e0 isatap.{0C97C08F-8446-4A85-8811-BEAB58E2DA7D}
16 ...00 00 00 00 00 00 00 e0 isatap.{9624C759-B8BD-440B-B569-15F04FBEE247}
17 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.2 20
10.0.0.0 255.0.0.0 On-link 10.1.1.2 276
10.1.1.2 255.255.255.255 On-link 10.1.1.2 276
10.255.255.255 255.255.255.255 On-link 10.1.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 10.1.1.2 296
169.254.255.255 255.255.255.255 On-link 10.1.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 18 ::/0 On-link
1 306 ::1/128 On-link
10 18 2001::/32 On-link
10 266 2001:0:4137:9e76:1c03:27c6:91df:36e6/128
On-link
11 276 fe80::/64 On-link
10 266 fe80::/64 On-link
10 266 fe80::1c03:27c6:91df:36e6/128
On-link
11 276 fe80::dc90:b589:44a1:ee02/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/05/2011 01:10:45 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1608, application start time 0xnslookup.exe0.

Error: (10/05/2011 01:10:23 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xca4, application start time 0xnslookup.exe0.

Error: (10/05/2011 00:59:04 PM) (Source: Application Error) (User: )
Description: Faulting application mfevtps.exe, version 14.2.0.964, time stamp 0x4d6e7238, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00409b1d,
process id 0x15c4, application start time 0xmfevtps.exe0.

Error: (10/05/2011 00:57:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2011 00:56:33 PM) (Source: Application Error) (User: )
Description: Faulting application mfevtps.exe, version 14.2.0.964, time stamp 0x4d6e7238, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00409b1d,
process id 0x918, application start time 0xmfevtps.exe0.

Error: (10/05/2011 00:56:25 PM) (Source: Application Error) (User: )
Description: Faulting application SASCORE.EXE, version 1.0.0.1066, time stamp 0x4e441778, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x004096da,
process id 0x288, application start time 0xSASCORE.EXE0.

Error: (10/05/2011 07:03:42 AM) (Source: Application Error) (User: )
Description: Faulting application mfevtps.exe, version 14.2.0.964, time stamp 0x4d6e7238, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00409b1d,
process id 0x1780, application start time 0xmfevtps.exe0.

Error: (10/05/2011 07:01:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/05/2011 07:01:33 AM) (Source: Application Error) (User: )
Description: Faulting application mfevtps.exe, version 14.2.0.964, time stamp 0x4d6e7238, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00409b1d,
process id 0x630, application start time 0xmfevtps.exe0.

Error: (10/05/2011 07:01:29 AM) (Source: Application Error) (User: )
Description: Faulting application SASCORE.EXE, version 1.0.0.1066, time stamp 0x4e441778, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x004096da,
process id 0xa5c, application start time 0xSASCORE.EXE0.


System errors:
=============
Error: (10/05/2011 01:00:04 PM) (Source: Service Control Manager) (User: )
Description: McAfee Services%%193

Error: (10/05/2011 00:59:55 PM) (Source: Service Control Manager) (User: )
Description: McAfee Services%%193

Error: (10/05/2011 00:59:07 PM) (Source: Service Control Manager) (User: )
Description: McAfee Network AgentMcAfee Firewall Core Service%%1068

Error: (10/05/2011 00:59:07 PM) (Source: Service Control Manager) (User: )
Description: McAfee Firewall Core ServiceMcAfee Validation Trust Protection Service%%1053

Error: (10/05/2011 00:59:07 PM) (Source: Service Control Manager) (User: )
Description: McAfee Validation Trust Protection Service%%1053

Error: (10/05/2011 00:59:07 PM) (Source: Service Control Manager) (User: )
Description: 30000McAfee Validation Trust Protection Service

Error: (10/05/2011 00:59:04 PM) (Source: Service Control Manager) (User: )
Description: McAfee VirusScan Announcer%%193

Error: (10/05/2011 00:59:04 PM) (Source: Service Control Manager) (User: )
Description: McAfee Services%%193

Error: (10/05/2011 00:58:53 PM) (Source: Service Control Manager) (User: )
Description: McAfee Services%%193

Error: (10/05/2011 00:58:53 PM) (Source: DCOM) (User: )
Description: 193mcmscsvc{9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

(Version: 6.9.1)
926plv32 (Version: 1.0.0)
Adobe AIR (Version: 2.5.1.17730)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Audition CS5.5 (Version: 4.0)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Community Help (Version: 3.4.980)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Elements Studio Launcher (Version: 1.00.0000)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 10 Plugin (Version: 10.3.183.10)
Adobe Help Viewer CS3 (Version: 1)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop Elements 6.0 (Version: 6.0)
Adobe Premiere Elements 4.0 (Version: 4.0)
Adobe Premiere Elements 4.0 Templates (Version: 4.0.0)
Adobe Reader 8.1.3 (Version: 8.1.3)
Adobe Setup (Version: 1.0)
Adobe Shockwave Player 11 (Version: 11)
Adobe Soundbooth CS3 (Version: 1)
Adobe Soundbooth CS3 Codecs (Version: 3)
Adobe Soundbooth CS3 Scores (Version: 1)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 2.4.1.7)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Control Center (Version: 2.008.0221.1450)
Bonjour (Version: 1.0.106)
Browser Address Error Redirector (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0221.1451.26442)
Catalyst Control Center Graphics Full Existing (Version: 2008.0221.1451.26442)
Catalyst Control Center Graphics Full New (Version: 2008.0221.1451.26442)
Catalyst Control Center Graphics Light (Version: 2008.0221.1451.26442)
Catalyst Control Center Graphics Previews Common (Version: 2008.0221.1451.26442)
Catalyst Control Center Graphics Previews Vista (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization French (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization German (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Hungarian (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Italian (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Japanese (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Korean (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Polish (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Portuguese (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Spanish (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Thai (Version: 2008.0221.1451.26442)
Catalyst Control Center Localization Turkish (Version: 2008.0221.1451.26442)
ccc-core-static (Version: 2008.0221.1451.26442)
ccc-utility (Version: 2008.0221.1451.26442)
CCC Help Chinese Standard (Version: 2008.0221.1450.26442)
CCC Help Chinese Traditional (Version: 2008.0221.1450.26442)
CCC Help English (Version: 2008.0221.1450.26442)
CCC Help French (Version: 2008.0221.1450.26442)
CCC Help German (Version: 2008.0221.1450.26442)
CCC Help Hungarian (Version: 2008.0221.1450.26442)
CCC Help Italian (Version: 2008.0221.1450.26442)
CCC Help Japanese (Version: 2008.0221.1450.26442)
CCC Help Korean (Version: 2008.0221.1450.26442)
CCC Help Polish (Version: 2008.0221.1450.26442)
CCC Help Portuguese (Version: 2008.0221.1450.26442)
CCC Help Spanish (Version: 2008.0221.1450.26442)
CCC Help Thai (Version: 2008.0221.1450.26442)
CCC Help Turkish (Version: 2008.0221.1450.26442)
CDDRV_Installer (Version: 1.00.0000)
Creative ALchemy (X-Fi Edition)
Creative ALchemy for X-Fi (Shared Components) (Version: 2.80.12)
Creative MediaSource 5 (Version: 5.00)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.51)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 3.1.5830.17)
DirectXInstallService (Version: 9.0.2)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.8)
DivX Version Checker (Version: 7.1.0.9)
e-tax 2010 (Version: 1.0.648)
e-tax 2011 (Version: 9.1.650)
EDocs
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
GEAR 32bit Driver Installer (Version: 2.005.1)
Google Desktop (Version: 5.7.0806.10245)
Intel® Matrix Storage Manager
Intel® PRO Network Connections 12.1.12.4 (Version: )
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
KhalSetup (Version: 3.22.50)
Live 8.2
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee SecurityCenter (Version: 10.5.239)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
MixMeister Pro 6 (Version: 6.1.6.0)
MixMeister Studio 7.2.2
MobileMe Control Panel (Version: 2.4.1.7)
Mozilla Firefox 7.0.1 (x86 en-US) (Version: 7.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenAL
QuickTime (Version: 7.70.80.34)
Roxio Activation Module (Version: 1.0)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator Premier (Version: 10.1)
Roxio Creator Premier (Version: 3.7.0)
Roxio Creator Premier 10 (Version: 1.1.010)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler (Version: 3.2)
Roxio Update Manager (Version: 6.0.0)
SetPoint (Version: 3.22)
Skins (Version: 2008.0221.1451.26442)
SoulSeek 157 NS 13e
SoulSeek Client 156c
Sound Blaster X-Fi (Version: 1.0)
SUPERAntiSpyware (Version: 5.0.1128)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
WIDCOMM Bluetooth Software 6.0.1.4300 (Version: 6.0.1.4300)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 2045.22 MB
Available physical RAM: 1256.78 MB
Total Pagefile: 4337.45 MB
Available Pagefile: 3300.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.37 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:450.71 GB) (Free:172.96 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:4.17 GB) NTFS
5 Drive g: (My Passport) (Fixed) (Total:931.49 GB) (Free:304.37 GB) NTFS

========================= Users: ========================================

User accounts for \\XPS-420

Administrator Guest Jose
Pepito

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#5 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 09:30 PM

hi again. now ive used tdsskiller more than once and every time it finds new threats. i'll post the most recent log below. the biggest problem is everytime i do it achieves very little and i am still unable to run malwarebytes or any other antivirus software in normal mode.

13:20:07.0062 5352 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
13:20:09.0071 5352 ============================================================
13:20:09.0071 5352 Current date / time: 2011/10/05 13:20:09.0071
13:20:09.0071 5352 SystemInfo:
13:20:09.0072 5352
13:20:09.0072 5352 OS Version: 6.0.6002 ServicePack: 2.0
13:20:09.0072 5352 Product type: Workstation
13:20:09.0072 5352 ComputerName: XPS-420
13:20:09.0072 5352 UserName: Jose
13:20:09.0072 5352 Windows directory: C:\Windows
13:20:09.0072 5352 System windows directory: C:\Windows
13:20:09.0072 5352 Processor architecture: Intel x86
13:20:09.0072 5352 Number of processors: 4
13:20:09.0072 5352 Page size: 0x1000
13:20:09.0072 5352 Boot type: Normal boot
13:20:09.0072 5352 ============================================================
13:20:14.0826 5352 Initialize success
13:20:45.0292 5980 ============================================================
13:20:45.0292 5980 Scan started
13:20:45.0292 5980 Mode: Manual; TDLFS;
13:20:45.0292 5980 ============================================================
13:20:45.0780 5980 09994029 (89fdba391985968401f51a5c577933cd) C:\Windows\system32\drivers\02925987.sys
13:20:45.0781 5980 09994029 - ok
13:20:45.0842 5980 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:20:45.0844 5980 ACPI - ok
13:20:45.0989 5980 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:20:45.0992 5980 adp94xx - ok
13:20:46.0018 5980 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:20:46.0020 5980 adpahci - ok
13:20:46.0035 5980 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:20:46.0036 5980 adpu160m - ok
13:20:46.0061 5980 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:20:46.0062 5980 adpu320 - ok
13:20:46.0111 5980 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:20:46.0115 5980 AFD - ok
13:20:46.0156 5980 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:20:46.0157 5980 agp440 - ok
13:20:46.0194 5980 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:20:46.0195 5980 aic78xx - ok
13:20:46.0216 5980 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:20:46.0217 5980 aliide - ok
13:20:46.0231 5980 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:20:46.0232 5980 amdagp - ok
13:20:46.0244 5980 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:20:46.0245 5980 amdide - ok
13:20:46.0269 5980 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:20:46.0270 5980 AmdK7 - ok
13:20:46.0288 5980 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:20:46.0289 5980 AmdK8 - ok
13:20:46.0346 5980 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:20:46.0348 5980 arc - ok
13:20:46.0386 5980 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:20:46.0387 5980 arcsas - ok
13:20:46.0414 5980 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:20:46.0414 5980 AsyncMac - ok
13:20:46.0448 5980 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
13:20:46.0448 5980 atapi - ok
13:20:46.0547 5980 atikmdag (42f8560fc8af7a34d39f746936d14b55) C:\Windows\system32\DRIVERS\atikmdag.sys
13:20:46.0605 5980 atikmdag - ok
13:20:46.0646 5980 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:20:46.0647 5980 Beep - ok
13:20:46.0676 5980 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:20:46.0677 5980 blbdrive - ok
13:20:46.0713 5980 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:20:46.0714 5980 bowser - ok
13:20:46.0728 5980 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:20:46.0729 5980 BrFiltLo - ok
13:20:46.0741 5980 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:20:46.0742 5980 BrFiltUp - ok
13:20:46.0771 5980 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:20:46.0772 5980 Brserid - ok
13:20:46.0788 5980 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:20:46.0789 5980 BrSerWdm - ok
13:20:46.0800 5980 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:20:46.0801 5980 BrUsbMdm - ok
13:20:46.0815 5980 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:20:46.0815 5980 BrUsbSer - ok
13:20:46.0906 5980 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:20:46.0906 5980 BthEnum - ok
13:20:46.0949 5980 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
13:20:46.0951 5980 BTHMODEM - ok
13:20:47.0063 5980 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:20:47.0064 5980 BthPan - ok
13:20:47.0141 5980 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:20:47.0156 5980 BTHPORT - ok
13:20:47.0203 5980 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:20:47.0204 5980 BTHUSB - ok
13:20:47.0257 5980 btwaudio (fc23e3a7ae18b02dcc1a34cbef3f80af) C:\Windows\system32\drivers\btwaudio.sys
13:20:47.0259 5980 btwaudio - ok
13:20:47.0285 5980 btwavdt (5e14c92763e51130bfb9a670afd7eddf) C:\Windows\system32\drivers\btwavdt.sys
13:20:47.0287 5980 btwavdt - ok
13:20:47.0315 5980 btwrchid (ac3fd5a3bbfa114098f75b80c4c1f3e7) C:\Windows\system32\DRIVERS\btwrchid.sys
13:20:47.0316 5980 btwrchid - ok
13:20:47.0372 5980 catchme - ok
13:20:47.0416 5980 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:20:47.0417 5980 cdfs - ok
13:20:47.0455 5980 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:20:47.0457 5980 cdrom - ok
13:20:47.0496 5980 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\Windows\system32\drivers\cfwids.sys
13:20:47.0497 5980 cfwids - ok
13:20:47.0511 5980 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:20:47.0512 5980 circlass - ok
13:20:47.0545 5980 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:20:47.0548 5980 CLFS - ok
13:20:47.0580 5980 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:20:47.0581 5980 cmdide - ok
13:20:47.0597 5980 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:20:47.0598 5980 Compbatt - ok
13:20:47.0606 5980 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:20:47.0607 5980 crcdisk - ok
13:20:47.0651 5980 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:20:47.0652 5980 Crusoe - ok
13:20:47.0686 5980 CT20XUT.DLL (051504ddfcee835a40de87a9545e1b6c) C:\Windows\system32\CT20XUT.DLL
13:20:47.0689 5980 CT20XUT.DLL - ok
13:20:47.0727 5980 ctac32k (477e387810a23262bc603d17b7b4caa4) C:\Windows\system32\drivers\ctac32k.sys
13:20:47.0734 5980 ctac32k - ok
13:20:47.0755 5980 ctaud2k (4b66a27f71ccef67b965684fc45938d8) C:\Windows\system32\drivers\ctaud2k.sys
13:20:47.0770 5980 ctaud2k - ok
13:20:47.0819 5980 CTEXFIFX.DLL (ab979a050e271aabf172094f1c438f8e) C:\Windows\system32\CTEXFIFX.DLL
13:20:47.0845 5980 CTEXFIFX.DLL - ok
13:20:47.0880 5980 CTHWIUT.DLL (dc176661547fd934efa2642df63da43b) C:\Windows\system32\CTHWIUT.DLL
13:20:47.0882 5980 CTHWIUT.DLL - ok
13:20:47.0892 5980 ctprxy2k (6012a4e9323849d597ac1914abb3a881) C:\Windows\system32\drivers\ctprxy2k.sys
13:20:47.0893 5980 ctprxy2k - ok
13:20:47.0908 5980 ctsfm2k (0a43da6490a706ba854562093400b22c) C:\Windows\system32\drivers\ctsfm2k.sys
13:20:47.0910 5980 ctsfm2k - ok
13:20:47.0961 5980 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:20:47.0962 5980 DfsC - ok
13:20:48.0036 5980 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:20:48.0037 5980 disk - ok
13:20:48.0193 5980 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:20:48.0193 5980 drmkaud - ok
13:20:48.0260 5980 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:20:48.0278 5980 DXGKrnl - ok
13:20:48.0322 5980 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
13:20:48.0325 5980 e1express - ok
13:20:48.0367 5980 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:20:48.0369 5980 E1G60 - ok
13:20:48.0422 5980 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:20:48.0424 5980 Ecache - ok
13:20:48.0470 5980 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:20:48.0474 5980 elxstor - ok
13:20:48.0496 5980 emupia (918efc50fbd1a9452f76c040cfc38f76) C:\Windows\system32\drivers\emupia2k.sys
13:20:48.0498 5980 emupia - ok
13:20:48.0518 5980 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:20:48.0519 5980 ErrDev - ok
13:20:48.0567 5980 esgiguard - ok
13:20:48.0615 5980 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:20:48.0617 5980 exfat - ok
13:20:48.0666 5980 f4be94c7 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3348414196:188836664.exe
13:20:48.0667 5980 Suspicious file (Hidden): C:\Windows\3348414196:188836664.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
13:20:48.0667 5980 f4be94c7 ( HiddenFile.Multi.Generic ) - warning
13:20:48.0667 5980 f4be94c7 - detected HiddenFile.Multi.Generic (1)
13:20:48.0694 5980 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:20:48.0697 5980 fastfat - ok
13:20:48.0718 5980 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:20:48.0719 5980 fdc - ok
13:20:48.0754 5980 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:20:48.0756 5980 FileInfo - ok
13:20:48.0775 5980 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:20:48.0776 5980 Filetrace - ok
13:20:48.0791 5980 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:20:48.0792 5980 flpydisk - ok
13:20:48.0827 5980 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:20:48.0829 5980 FltMgr - ok
13:20:48.0869 5980 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:20:48.0870 5980 Fs_Rec - ok
13:20:48.0891 5980 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:20:48.0892 5980 gagp30kx - ok
13:20:48.0942 5980 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:20:48.0944 5980 GEARAspiWDM - ok
13:20:49.0007 5980 ha20x2k (1a1e82cbcf6b4e200f14137ec870c22a) C:\Windows\system32\drivers\ha20x2k.sys
13:20:49.0033 5980 ha20x2k - ok
13:20:49.0087 5980 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:20:49.0091 5980 HdAudAddService - ok
13:20:49.0116 5980 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:20:49.0122 5980 HDAudBus - ok
13:20:49.0148 5980 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
13:20:49.0150 5980 HidBth - ok
13:20:49.0175 5980 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:20:49.0176 5980 HidIr - ok
13:20:49.0197 5980 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:20:49.0198 5980 HidUsb - ok
13:20:49.0232 5980 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:20:49.0233 5980 HpCISSs - ok
13:20:49.0320 5980 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:20:49.0326 5980 HTTP - ok
13:20:49.0392 5980 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:20:49.0394 5980 i2omp - ok
13:20:49.0438 5980 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:20:49.0440 5980 i8042prt - ok
13:20:49.0532 5980 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\drivers\iastor.sys
13:20:49.0534 5980 iaStor - ok
13:20:49.0552 5980 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:20:49.0555 5980 iaStorV - ok
13:20:49.0587 5980 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:20:49.0588 5980 iirsp - ok
13:20:49.0610 5980 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:20:49.0611 5980 intelide - ok
13:20:49.0634 5980 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:20:49.0635 5980 intelppm - ok
13:20:49.0656 5980 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:20:49.0658 5980 IpFilterDriver - ok
13:20:49.0666 5980 IpInIp - ok
13:20:49.0695 5980 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:20:49.0696 5980 IPMIDRV - ok
13:20:49.0720 5980 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:20:49.0722 5980 IPNAT - ok
13:20:49.0750 5980 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:20:49.0751 5980 IRENUM - ok
13:20:49.0771 5980 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:20:49.0772 5980 isapnp - ok
13:20:49.0809 5980 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:20:49.0811 5980 iScsiPrt - ok
13:20:49.0825 5980 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:20:49.0826 5980 iteatapi - ok
13:20:49.0856 5980 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:20:49.0857 5980 iteraid - ok
13:20:49.0876 5980 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:20:49.0878 5980 kbdclass - ok
13:20:49.0902 5980 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:20:49.0903 5980 kbdhid - ok
13:20:49.0943 5980 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:20:49.0949 5980 KSecDD - ok
13:20:50.0002 5980 LHidFilt (ea57f9a93042d53256db4e2222b93b37) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:20:50.0003 5980 LHidFilt - ok
13:20:50.0026 5980 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:20:50.0027 5980 lltdio - ok
13:20:50.0045 5980 LMouFilt (8bd61e1f686d352b318b025524542128) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:20:50.0047 5980 LMouFilt - ok
13:20:50.0072 5980 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:20:50.0074 5980 LSI_FC - ok
13:20:50.0094 5980 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:20:50.0096 5980 LSI_SAS - ok
13:20:50.0141 5980 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:20:50.0143 5980 LSI_SCSI - ok
13:20:50.0169 5980 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:20:50.0171 5980 luafv - ok
13:20:50.0219 5980 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:20:50.0221 5980 megasas - ok
13:20:50.0254 5980 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:20:50.0259 5980 MegaSR - ok
13:20:50.0291 5980 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\Windows\system32\drivers\mfeapfk.sys
13:20:50.0293 5980 mfeapfk - ok
13:20:50.0330 5980 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\Windows\system32\drivers\mfeavfk.sys
13:20:50.0332 5980 mfeavfk - ok
13:20:50.0372 5980 mfebopk (a528b15e330edb83ea649be318d841d5) C:\Windows\system32\drivers\mfebopk.sys
13:20:50.0373 5980 mfebopk - ok
13:20:50.0480 5980 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\Windows\system32\drivers\mfefirek.sys
13:20:50.0485 5980 mfefirek - ok
13:20:50.0639 5980 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\Windows\system32\drivers\mfehidk.sys
13:20:50.0644 5980 mfehidk - ok
13:20:50.0708 5980 mfenlfk (3a1aa28066785449da570462e0532d0c) C:\Windows\system32\DRIVERS\mfenlfk.sys
13:20:50.0709 5980 mfenlfk - ok
13:20:50.0751 5980 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\Windows\system32\drivers\mferkdet.sys
13:20:50.0753 5980 mferkdet - ok
13:20:50.0792 5980 mfewfpk (b2baac6bbedda3e26e82db13fa0e5bee) C:\Windows\system32\drivers\mfewfpk.sys
13:20:50.0794 5980 mfewfpk - ok
13:20:50.0818 5980 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:20:50.0819 5980 Modem - ok
13:20:50.0834 5980 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:20:50.0835 5980 monitor - ok
13:20:50.0845 5980 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:20:50.0846 5980 mouclass - ok
13:20:50.0861 5980 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:20:50.0862 5980 mouhid - ok
13:20:50.0873 5980 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:20:50.0875 5980 MountMgr - ok
13:20:50.0938 5980 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:20:50.0941 5980 mpio - ok
13:20:50.0966 5980 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:20:50.0968 5980 mpsdrv - ok
13:20:50.0989 5980 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:20:50.0990 5980 Mraid35x - ok
13:20:51.0024 5980 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:20:51.0026 5980 MRxDAV - ok
13:20:51.0077 5980 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:20:51.0079 5980 mrxsmb - ok
13:20:51.0130 5980 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:20:51.0133 5980 mrxsmb10 - ok
13:20:51.0153 5980 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:20:51.0155 5980 mrxsmb20 - ok
13:20:51.0176 5980 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:20:51.0177 5980 msahci - ok
13:20:51.0213 5980 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:20:51.0215 5980 msdsm - ok
13:20:51.0260 5980 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:20:51.0267 5980 Msfs - ok
13:20:51.0283 5980 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:20:51.0284 5980 msisadrv - ok
13:20:51.0381 5980 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:20:51.0383 5980 MSKSSRV - ok
13:20:51.0434 5980 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:20:51.0435 5980 MSPCLOCK - ok
13:20:51.0455 5980 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:20:51.0456 5980 MSPQM - ok
13:20:51.0488 5980 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:20:51.0490 5980 MsRPC - ok
13:20:51.0552 5980 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:20:51.0553 5980 mssmbios - ok
13:20:51.0637 5980 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:20:51.0639 5980 MSTEE - ok
13:20:51.0702 5980 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:20:51.0704 5980 Mup - ok
13:20:51.0792 5980 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:20:51.0794 5980 NativeWifiP - ok
13:20:51.0873 5980 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:20:51.0880 5980 NDIS - ok
13:20:51.0984 5980 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:20:51.0985 5980 NdisTapi - ok
13:20:52.0068 5980 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:20:52.0069 5980 Ndisuio - ok
13:20:52.0143 5980 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:20:52.0146 5980 NdisWan - ok
13:20:52.0222 5980 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:20:52.0223 5980 NDProxy - ok
13:20:52.0285 5980 NetBIOS (15cb3c169743023473c43b4595a75997) C:\Windows\system32\DRIVERS\netbios.sys
13:20:52.0286 5980 NetBIOS ( Rootkit.Win32.ZAccess.e ) - infected
13:20:52.0286 5980 NetBIOS - detected Rootkit.Win32.ZAccess.e (0)
13:20:52.0349 5980 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:20:52.0351 5980 netbt - ok
13:20:52.0432 5980 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:20:52.0434 5980 nfrd960 - ok
13:20:52.0528 5980 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:20:52.0529 5980 Npfs - ok
13:20:52.0603 5980 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:20:52.0604 5980 nsiproxy - ok
13:20:52.0714 5980 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:20:52.0741 5980 Ntfs - ok
13:20:52.0841 5980 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:20:52.0843 5980 ntrigdigi - ok
13:20:52.0936 5980 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:20:52.0937 5980 Null - ok
13:20:53.0022 5980 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:20:53.0024 5980 nvraid - ok
13:20:53.0138 5980 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:20:53.0139 5980 nvstor - ok
13:20:53.0219 5980 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:20:53.0222 5980 nv_agp - ok
13:20:53.0281 5980 NwlnkFlt - ok
13:20:53.0323 5980 NwlnkFwd - ok
13:20:53.0412 5980 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:20:53.0413 5980 ohci1394 - ok
13:20:53.0557 5980 ossrv (497fd1df7eab8bb9d03f749a57ddcec6) C:\Windows\system32\drivers\ctoss2k.sys
13:20:53.0559 5980 ossrv - ok
13:20:53.0625 5980 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:20:53.0627 5980 Parport - ok
13:20:53.0708 5980 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:20:53.0709 5980 partmgr - ok
13:20:53.0780 5980 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:20:53.0781 5980 Parvdm - ok
13:20:53.0861 5980 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:20:53.0863 5980 pci - ok
13:20:53.0932 5980 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:20:53.0933 5980 pciide - ok
13:20:54.0020 5980 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:20:54.0023 5980 pcmcia - ok
13:20:54.0111 5980 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:20:54.0128 5980 PEAUTH - ok
13:20:54.0215 5980 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:20:54.0216 5980 PptpMiniport - ok
13:20:54.0285 5980 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:20:54.0286 5980 Processor - ok
13:20:54.0367 5980 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:20:54.0368 5980 PSched - ok
13:20:54.0453 5980 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
13:20:54.0454 5980 PxHelp20 - ok
13:20:54.0547 5980 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:20:54.0573 5980 ql2300 - ok
13:20:54.0651 5980 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:20:54.0653 5980 ql40xx - ok
13:20:54.0719 5980 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:20:54.0720 5980 QWAVEdrv - ok
13:20:54.0846 5980 R300 (42f8560fc8af7a34d39f746936d14b55) C:\Windows\system32\DRIVERS\atikmdag.sys
13:20:54.0866 5980 R300 - ok
13:20:54.0950 5980 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:20:54.0951 5980 RasAcd - ok
13:20:55.0012 5980 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:20:55.0014 5980 Rasl2tp - ok
13:20:55.0085 5980 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:20:55.0087 5980 RasPppoe - ok
13:20:55.0147 5980 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:20:55.0149 5980 RasSstp - ok
13:20:55.0218 5980 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:20:55.0221 5980 rdbss - ok
13:20:55.0279 5980 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:20:55.0280 5980 RDPCDD - ok
13:20:55.0351 5980 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:20:55.0355 5980 rdpdr - ok
13:20:55.0421 5980 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:20:55.0422 5980 RDPENCDD - ok
13:20:55.0546 5980 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:20:55.0549 5980 RDPWD - ok
13:20:55.0664 5980 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:20:55.0667 5980 RFCOMM - ok
13:20:55.0736 5980 RMCAST (eec7ee5675294b03e88aa868540007c1) C:\Windows\system32\DRIVERS\RMCAST.sys
13:20:55.0738 5980 RMCAST - ok
13:20:55.0826 5980 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:20:55.0828 5980 rspndr - ok
13:20:55.0919 5980 s115bus (e1ab463b36a7ef31d8a73a97a9b57afa) C:\Windows\system32\DRIVERS\s115bus.sys
13:20:55.0921 5980 s115bus - ok
13:20:56.0013 5980 s115mdfl (e24113fc13b8737c94cf4e3415488c76) C:\Windows\system32\DRIVERS\s115mdfl.sys
13:20:56.0015 5980 s115mdfl - ok
13:20:56.0115 5980 s115mdm (4029e49e7c673aa0670bd206b0af1b5b) C:\Windows\system32\DRIVERS\s115mdm.sys
13:20:56.0117 5980 s115mdm - ok
13:20:56.0212 5980 s115mgmt (eb02ab4ca8bccecfde236cad8fc6e135) C:\Windows\system32\DRIVERS\s115mgmt.sys
13:20:56.0214 5980 s115mgmt - ok
13:20:56.0282 5980 s115obex (089869db9ffd2ac807fa87fe82ac7761) C:\Windows\system32\DRIVERS\s115obex.sys
13:20:56.0284 5980 s115obex - ok
13:20:56.0406 5980 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:20:56.0408 5980 SASDIFSV - ok
13:20:56.0524 5980 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
13:20:56.0526 5980 SASKUTIL - ok
13:20:56.0595 5980 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:20:56.0597 5980 sbp2port - ok
13:20:56.0683 5980 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:20:56.0684 5980 secdrv - ok
13:20:56.0825 5980 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:20:56.0826 5980 Serenum - ok
13:20:56.0890 5980 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:20:56.0892 5980 Serial - ok
13:20:56.0976 5980 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:20:56.0978 5980 sermouse - ok
13:20:57.0060 5980 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:20:57.0061 5980 sffdisk - ok
13:20:57.0129 5980 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:20:57.0130 5980 sffp_mmc - ok
13:20:57.0209 5980 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:20:57.0210 5980 sffp_sd - ok
13:20:57.0291 5980 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:20:57.0292 5980 sfloppy - ok
13:20:57.0376 5980 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:20:57.0377 5980 sisagp - ok
13:20:57.0663 5980 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:20:57.0664 5980 SiSRaid2 - ok
13:20:57.0749 5980 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:20:57.0751 5980 SiSRaid4 - ok
13:20:57.0857 5980 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:20:57.0859 5980 Smb - ok
13:20:57.0963 5980 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:20:57.0964 5980 spldr - ok
13:20:58.0037 5980 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:20:58.0042 5980 srv - ok
13:20:58.0139 5980 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:20:58.0141 5980 srv2 - ok
13:20:58.0224 5980 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:20:58.0226 5980 srvnet - ok
13:20:58.0309 5980 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:20:58.0310 5980 swenum - ok
13:20:58.0376 5980 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:20:58.0378 5980 Symc8xx - ok
13:20:58.0502 5980 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:20:58.0504 5980 Sym_hi - ok
13:20:58.0560 5980 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:20:58.0561 5980 Sym_u3 - ok
13:20:58.0700 5980 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
13:20:58.0716 5980 Tcpip - ok
13:20:58.0875 5980 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
13:20:58.0880 5980 Tcpip6 - ok
13:20:59.0004 5980 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:20:59.0006 5980 tcpipreg - ok
13:20:59.0069 5980 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:20:59.0070 5980 TDPIPE - ok
13:20:59.0143 5980 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:20:59.0144 5980 TDTCP - ok
13:20:59.0211 5980 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:20:59.0213 5980 tdx - ok
13:20:59.0278 5980 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:20:59.0280 5980 TermDD - ok
13:20:59.0357 5980 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:20:59.0358 5980 tssecsrv - ok
13:20:59.0427 5980 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:20:59.0428 5980 tunmp - ok
13:20:59.0541 5980 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:20:59.0543 5980 tunnel - ok
13:20:59.0620 5980 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:20:59.0621 5980 uagp35 - ok
13:20:59.0709 5980 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:20:59.0713 5980 udfs - ok
13:20:59.0816 5980 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:20:59.0817 5980 uliagpkx - ok
13:20:59.0932 5980 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:20:59.0936 5980 uliahci - ok
13:21:00.0026 5980 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:21:00.0028 5980 UlSata - ok
13:21:00.0112 5980 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:21:00.0114 5980 ulsata2 - ok
13:21:00.0196 5980 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:21:00.0197 5980 umbus - ok
13:21:00.0393 5980 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\Windows\system32\Drivers\usbaapl.sys
13:21:00.0394 5980 USBAAPL - ok
13:21:00.0533 5980 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:21:00.0535 5980 usbccgp - ok
13:21:00.0605 5980 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:21:00.0607 5980 usbcir - ok
13:21:00.0722 5980 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:21:00.0723 5980 usbehci - ok
13:21:00.0839 5980 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:21:00.0842 5980 usbhub - ok
13:21:00.0860 5980 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:21:00.0862 5980 usbohci - ok
13:21:00.0874 5980 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
13:21:00.0876 5980 usbprint - ok
13:21:00.0906 5980 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:21:00.0907 5980 USBSTOR - ok
13:21:00.0915 5980 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:21:00.0916 5980 usbuhci - ok
13:21:00.0948 5980 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:21:00.0949 5980 vga - ok
13:21:00.0968 5980 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:21:00.0969 5980 VgaSave - ok
13:21:00.0993 5980 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:21:00.0994 5980 viaagp - ok
13:21:01.0013 5980 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:21:01.0014 5980 ViaC7 - ok
13:21:01.0033 5980 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:21:01.0035 5980 viaide - ok
13:21:01.0060 5980 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:21:01.0062 5980 volmgr - ok
13:21:01.0086 5980 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:21:01.0091 5980 volmgrx - ok
13:21:01.0113 5980 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:21:01.0116 5980 volsnap - ok
13:21:01.0141 5980 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:21:01.0143 5980 vsmraid - ok
13:21:01.0166 5980 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:21:01.0167 5980 WacomPen - ok
13:21:01.0191 5980 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:01.0193 5980 Wanarp - ok
13:21:01.0205 5980 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:21:01.0205 5980 Wanarpv6 - ok
13:21:01.0228 5980 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:21:01.0229 5980 Wd - ok
13:21:01.0269 5980 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
13:21:01.0270 5980 WDC_SAM - ok
13:21:01.0288 5980 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:21:01.0295 5980 Wdf01000 - ok
13:21:01.0358 5980 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
13:21:01.0361 5980 WimFltr - ok
13:21:01.0433 5980 WinUsb (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.SYS
13:21:01.0434 5980 WinUsb - ok
13:21:01.0508 5980 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:21:01.0509 5980 WmiAcpi - ok
13:21:01.0679 5980 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:21:01.0681 5980 WpdUsb - ok
13:21:01.0775 5980 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:21:01.0776 5980 ws2ifsl - ok
13:21:01.0949 5980 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:21:01.0951 5980 WUDFRd - ok
13:21:01.0978 5980 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:21:02.0048 5980 \Device\Harddisk0\DR0 - ok
13:21:07.0217 5980 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
13:21:07.0367 5980 \Device\Harddisk1\DR1 - ok
13:21:07.0376 5980 Boot (0x1200) (5dbf04bf4e1ba0529316ddd4015b9277) \Device\Harddisk0\DR0\Partition0
13:21:07.0377 5980 \Device\Harddisk0\DR0\Partition0 - ok
13:21:07.0389 5980 Boot (0x1200) (e63f62503a913b5fcabb401acc49adb7) \Device\Harddisk0\DR0\Partition1
13:21:07.0389 5980 \Device\Harddisk0\DR0\Partition1 - ok
13:21:07.0392 5980 Boot (0x1200) (f180a011dfbe1a58f59665d44e22738a) \Device\Harddisk1\DR1\Partition0
13:21:07.0393 5980 \Device\Harddisk1\DR1\Partition0 - ok
13:21:07.0394 5980 ============================================================
13:21:07.0394 5980 Scan finished
13:21:07.0394 5980 ============================================================
13:21:07.0401 5304 Detected object count: 2
13:21:07.0401 5304 Actual detected object count: 2
13:21:18.0452 5304 f4be94c7 ( HiddenFile.Multi.Generic ) - skipped by user
13:21:18.0452 5304 f4be94c7 ( HiddenFile.Multi.Generic ) - User select action: Skip
13:21:18.0520 5304 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\netbios.sys) error 1813
13:21:23.0373 5304 Backup copy found, using it..
13:21:23.0379 5304 C:\Windows\system32\DRIVERS\netbios.sys - will be cured on reboot
13:21:23.0379 5304 NetBIOS ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
13:21:54.0391 4208 Deinitialize success

#6 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 09:34 PM

here is a mbam log from this morning in safe mode

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7866

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19120

5/10/2011 1:52:46 AM
mbam-log-2011-10-05 (01-52-46).txt

Scan type: Quick scan
Objects scanned: 195274
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\f4be94c7 (Backdoor.0Access) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mstsPING (IPH.Trojan.Agent.CPN) -> Value: mstsPING -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Jose\AppData\Local\Temp\audiokup.dll (IPH.Trojan.Agent.CPN) -> Quarantined and deleted successfully.
c:\Windows\3348414196:188836664.exe (Backdoor.0Access) -> Quarantined and deleted successfully.
c:\Users\Jose\AppData\Local\Temp\wpbt0.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 PM

Posted 04 October 2011 - 10:03 PM

Hello again. Her's the scoop.

You have been infected with the Zeroaccess rootkit. This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


We need to update Java and Adobe Reader.
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional[/i


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click [i]Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


How is it runnning now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 04 October 2011 - 11:11 PM

thank you for the help. once i get the report i will post it for you :)

Edited by pepsez, 05 October 2011 - 12:16 AM.


#9 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 05 October 2011 - 02:41 AM

here is my eset scan report. i'm still getting pop ups and errors :(

C:\Documents and Settings\Jose\AppData\Local\f4be94c7\X Win32/Sirefef.DD trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jose\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\4a14144e-1b3a1672 multiple threats deleted - quarantined
C:\Documents and Settings\Jose\Music\Ableton\VST\Native Instruments FM8\FM8 1.0.4 Update.exe probably a variant of Win32/Agent.IRISVRM trojan deleted - quarantined
C:\Documents and Settings\Jose\Music\Global Noises\Other\keygen.exe a variant of Win32/Keygen.BH application cleaned by deleting - quarantined
C:\Notepad.Bin\B11B645784F.exe a variant of Win32/Kryptik.TOA trojan cleaned by deleting - quarantined
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Bonjour\mDNSResponder.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE Win32/Patched.HN trojan error while cleaning
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe Win32/Patched.HN trojan error while cleaning
C:\Program Files\McAfee.com\Agent\mcupdate.exe Win32/Patched.HN trojan cleaned - quarantined
C:\Program Files\SUPERAntiSpyware\SASCore.exe Win32/Patched.HN trojan cleaned - quarantined

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 PM

Posted 05 October 2011 - 12:21 PM

OK, Run the TDSS scan agaim.


Next run ATF and SAS:

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 06 October 2011 - 04:48 AM

It seems like it has done something to my internet connection and I cannot connect to my private network. Should I download those two programs from another computer and install them via external usb? Thanks again for your help.

#12 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 06 October 2011 - 08:41 AM

hey mate i found a program called antizeroaccess.exe. it seems like this has removed the rootkit. i was able to run malwarebytes and superantispyware, to which both found no threats. i also ran tdsskiller again which found nothing. is there anything else i can do to make sure it is completely gone from my computer? i am also still having problems with my internet connection. i have it as a wired connection with ethernet cable. thank you in advance for all your assistance. hopefully i have beat this thing!

#13 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 06 October 2011 - 09:26 AM

here is my anti zeroaccess log


Webroot AntiZeroAccess 0.8 Log File
Execution time: 07/10/2011 - 00:03
Host operation System: Windows Vista X86 version 6.0.6002 Service Pack 2
00:03:28 - CheckSystem - Begin to check system...
00:03:28 - OpenRootDrive - Opening system root volume and physical drive....
00:03:28 - C Root Drive: Disk number: 0 Start sector: 0x01E1B800 Partition Size: 0x3856A000 sectors.
00:03:28 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
00:03:31 - InstallAndStartDriver - Main driver was installed and now is running.
00:03:31 - CheckSystem - Warning! Disk class driver is INFECTED.
00:03:32 - CheckFile - Warning! File "cdrom.sys" is Infected by ZeroAccess Rootkit.
00:03:42 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe
00:03:42 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:03:42 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
00:03:42 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\windows\system32\ati2evxx.exe
00:03:42 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Program Files\Bonjour\mDNSResponder.exe
00:03:43 - DoSecondPhaseCheck - Found and destroyed ZeroAccess self defense Service Key: "f4be94c7".
00:03:43 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\windows\system32\gearsec.exe
00:03:43 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\program files\intel\intel matrix storage manager\iaantmon.exe
00:03:43 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: c:\program files\common files\logitech\bluetooth\lbtserv.exe
00:03:44 - CheckExecutableEP - Unable to open "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" file. CreateFile last error: 5
00:03:44 - DoSecondPhaseCheck - Warning! Found a ZeroAccess forged PE: C:\Windows\system32\mfevtps.exe
00:03:44 - CheckExecutableEP - Unable to open "C:\Program Files\Blaze Media Pro\NMSAccess32.exe" file. CreateFile last error: 3
00:03:44 - CheckExecutableEP - Unable to open "c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe" file. CreateFile last error: 3
00:03:44 - CheckExecutableEP - Unable to open "c:\windows\system32\slsvc.exe" file. CreateFile last error: 5
00:03:52 - DoRepair - Begin to perform system repair....
00:03:52 - DoRepair - System Disk class driver was repaired.
00:03:52 - DoRepair - Infected "cdrom.sys" file was renamed.
00:03:52 - DoRepair - Infected "cdrom.sys" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "c:\program files\adobe\photoshop elements 6.0\photoshopelementsfileagent.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "c:\program files\adobe\photoshop elements 6.0\Pre4BBE.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "photoshopelementsfileagent.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "photoshopelementsfileagent.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" file.
00:03:52 - DoRepair - Infected "armsvc.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\Pre4BBF.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "AppleMobileDeviceService.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "AppleMobileDeviceService.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "c:\windows\system32\ati2evxx.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "c:\windows\system32\Pre4BD0.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "ati2evxx.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "ati2evxx.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "C:\Program Files\Bonjour\mDNSResponder.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "C:\Program Files\Bonjour\Pre4BD1.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "mDNSResponder.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "mDNSResponder.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "c:\windows\system32\gearsec.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "c:\windows\system32\Pre4BE2.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "gearsec.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "gearsec.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "c:\program files\intel\intel matrix storage manager\iaantmon.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "c:\program files\intel\intel matrix storage manager\Pre4BE3.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "iaantmon.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "iaantmon.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Error! Unable to repair read-only "c:\program files\common files\logitech\bluetooth\lbtserv.exe" file.
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "c:\program files\common files\logitech\bluetooth\Pre4BE4.tmp" file.
00:03:52 - DoRepair - Unable to repair read-only "lbtserv.exe" file, file was copied and patched with another name. Reboot system to complete repair process.
00:03:52 - DoRepair - Infected "lbtserv.exe" file was successfully cleaned!
00:03:52 - CheckExecutableEP - Successfuly rewritten repaired "C:\Windows\system32\mfevtps.exe" file.
00:03:52 - DoRepair - Infected "mfevtps.exe" file was successfully cleaned!
00:03:53 - DoRepair - "c_12345.nls" ZeroAccess file NOT found.
00:03:53 - DoRepair - Successfully deleted "desktop.ini" ZeroAccess file!
00:03:58 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
00:03:58 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
00:03:58 - Execution Ended!


Webroot AntiZeroAccess 0.8 Log File
Execution time: 07/10/2011 - 00:21
Host operation System: Windows Vista X86 version 6.0.6002 Service Pack 2
00:21:54 - CheckSystem - Begin to check system...
00:21:54 - OpenRootDrive - Opening system root volume and physical drive....
00:21:54 - C Root Drive: Disk number: 0 Start sector: 0x01E1B800 Partition Size: 0x3856A000 sectors.
00:21:54 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
00:21:54 - InstallAndStartDriver - Main driver was installed and now is running.
00:21:54 - CheckSystem - Disk class driver state is OK.
00:21:58 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
00:21:58 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
00:21:58 - Execution Ended!

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:41 PM

Posted 06 October 2011 - 09:31 AM

Hello
For the connection try these...

Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.

If needed : type these one line at a time, press enter after each line. See if it works after each.


netsh interface ipv4 reset
netsh interface ipv6 reset
ipconfig /flushdns


Looks good, Still run ATF/SAS as if it only cleans out junk files and cookies it's worth it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 pepsez

pepsez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:41 AM

Posted 06 October 2011 - 07:43 PM

I tried to do all those things. Internet still not working. Run commands advised of that "this process requires elevation"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users