Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware - Coolsearchsystems


  • This topic is locked This topic is locked
7 replies to this topic

#1 mygameparts

mygameparts

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 10 October 2011 - 05:20 PM

I have no idea how I got this one... either from a automotive message board or a pdf file, grr!!

So this is a nasty one.

I keep getting fake Windows Security Alerts stating "To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program?" with options "Keep Blocking, Unblock, Ask Me Later." I've been right clicking on the taskbar and closing each one as it pops up.

When I search for anything through google or other search engine and click the results, I see "waiting for coolsearchsystems.com" on the status bar on the bottom of Firefox.

I tried running Malware Bytes and it automatically closes in the middle of the Quickscan.
I also tried running super anti spyware and it also will shut down by itself mid-scan.

Please help!

BC AdBot (Login to Remove)

 


#2 Allen

Allen

  • Members
  • 337 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:01 AM

Posted 10 October 2011 - 06:27 PM

Question Have you tried scanning in safe mode? if not then do it!
Hey everyone I'm Allen I am a young web developer/designer/programmer I also help people with computer issues including hardware problems, malware/viruses infections and software conflicts. I am a kind and easy to get along with person so if you need help feel free to ask.

#3 mygameparts

mygameparts
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 10 October 2011 - 07:21 PM

I ran Malware Bytes in safe mode.
It found and quarantines Backdoor.0Access
It instructed me to reboot to completely remove it.

I rebooted the PC and the malware still there. Also Malware Bytes has been deleted or disabled now.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 AM

Posted 10 October 2011 - 08:46 PM

Hello,please post that MBAM svan log.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.6.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 mygameparts

mygameparts
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 13 October 2011 - 10:13 AM

I did everything you requested but the malware is still there. I could not run the final step, MBAM, because the spyware kills it.

MBAM Log
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7918

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

10/10/2011 8:05:36 PM
mbam-log-2011-10-10 (20-05-36).txt

Scan type: Quick scan
Objects scanned: 207257
Time elapsed: 21 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\3c88daf9 (Backdoor.0Access) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\4191848508:3279365382.exe (Backdoor.0Access) -> Quarantined and deleted successfully.



TDSS LOG

16:32:26.0734 1048 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
16:32:27.0015 1048 ============================================================
16:32:27.0015 1048 Current date / time: 2011/10/12 16:32:27.0015
16:32:27.0015 1048 SystemInfo:
16:32:27.0015 1048
16:32:27.0015 1048 OS Version: 5.1.2600 ServicePack: 3.0
16:32:27.0015 1048 Product type: Workstation
16:32:27.0015 1048 ComputerName: D32K5JC1
16:32:27.0015 1048 UserName: Richard
16:32:27.0015 1048 Windows directory: C:\WINDOWS
16:32:27.0015 1048 System windows directory: C:\WINDOWS
16:32:27.0015 1048 Processor architecture: Intel x86
16:32:27.0015 1048 Number of processors: 2
16:32:27.0015 1048 Page size: 0x1000
16:32:27.0015 1048 Boot type: Safe boot
16:32:27.0015 1048 ============================================================
16:32:35.0750 1048 Initialize success
16:32:38.0093 1068 ============================================================
16:32:38.0093 1068 Scan started
16:32:38.0093 1068 Mode: Manual;
16:32:38.0093 1068 ============================================================
16:32:42.0093 1068 .i8042prt - ok
16:32:42.0390 1068 3c88daf9 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\4191848508:3279365382.exe
16:32:43.0234 1068 Suspicious file (Hidden): C:\WINDOWS\4191848508:3279365382.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
16:32:43.0234 1068 3c88daf9 ( HiddenFile.Multi.Generic ) - warning
16:32:43.0234 1068 3c88daf9 - detected HiddenFile.Multi.Generic (1)
16:32:43.0953 1068 Abiosdsk - ok
16:32:44.0750 1068 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
16:32:44.0765 1068 abp480n5 - ok
16:32:45.0640 1068 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:32:45.0781 1068 ACPI - ok
16:32:46.0531 1068 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:32:46.0546 1068 ACPIEC - ok
16:32:47.0375 1068 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
16:32:47.0453 1068 adpu160m - ok
16:32:48.0296 1068 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:32:48.0421 1068 aec - ok
16:32:49.0265 1068 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:32:49.0390 1068 AFD - ok
16:32:50.0281 1068 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
16:32:50.0328 1068 agp440 - ok
16:32:51.0093 1068 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
16:32:51.0125 1068 agpCPQ - ok
16:32:51.0875 1068 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
16:32:51.0890 1068 Aha154x - ok
16:32:52.0671 1068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
16:32:52.0718 1068 aic78u2 - ok
16:32:53.0484 1068 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
16:32:53.0531 1068 aic78xx - ok
16:32:54.0296 1068 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
16:32:54.0312 1068 AliIde - ok
16:32:55.0187 1068 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
16:32:55.0218 1068 alim1541 - ok
16:32:55.0968 1068 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
16:32:56.0000 1068 amdagp - ok
16:32:56.0750 1068 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
16:32:56.0765 1068 amsint - ok
16:32:57.0531 1068 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
16:32:57.0546 1068 asc - ok
16:32:58.0312 1068 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
16:32:58.0328 1068 asc3350p - ok
16:32:59.0078 1068 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
16:32:59.0093 1068 asc3550 - ok
16:32:59.0921 1068 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
16:32:59.0937 1068 Aspi32 - ok
16:33:00.0703 1068 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:33:00.0718 1068 AsyncMac - ok
16:33:01.0515 1068 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:33:01.0531 1068 atapi - ok
16:33:02.0265 1068 Atdisk - ok
16:33:03.0062 1068 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:33:03.0109 1068 Atmarpc - ok
16:33:03.0843 1068 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:33:03.0859 1068 audstub - ok
16:33:05.0703 1068 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
16:33:06.0593 1068 BCM43XX - ok
16:33:07.0328 1068 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:33:07.0328 1068 Beep - ok
16:33:08.0140 1068 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
16:33:08.0156 1068 cbidf - ok
16:33:08.0890 1068 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:33:08.0890 1068 cbidf2k - ok
16:33:09.0656 1068 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
16:33:09.0671 1068 cd20xrnt - ok
16:33:10.0453 1068 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:33:10.0468 1068 Cdaudio - ok
16:33:11.0406 1068 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:33:11.0453 1068 Cdfs - ok
16:33:12.0234 1068 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:33:12.0296 1068 Cdrom - ok
16:33:13.0000 1068 Changer - ok
16:33:13.0812 1068 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:33:13.0828 1068 CmBatt - ok
16:33:14.0578 1068 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
16:33:14.0593 1068 CmdIde - ok
16:33:15.0328 1068 Compbatt (994046611c6b09ef57ca8fca4048cff6) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:33:15.0328 1068 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\compbatt.sys. Real md5: 994046611c6b09ef57ca8fca4048cff6, Fake md5: af1f9d2a22adb4f28502edbaa8bc642e
16:33:15.0328 1068 Compbatt ( ForgedFile.Multi.Generic ) - warning
16:33:15.0328 1068 Compbatt - detected ForgedFile.Multi.Generic (1)
16:33:16.0156 1068 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
16:33:16.0171 1068 Cpqarray - ok
16:33:16.0984 1068 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
16:33:17.0031 1068 dac2w2k - ok
16:33:17.0765 1068 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
16:33:17.0781 1068 dac960nt - ok
16:33:18.0609 1068 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:33:18.0640 1068 Disk - ok
16:33:19.0609 1068 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:33:19.0812 1068 dmboot - ok
16:33:20.0687 1068 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:33:20.0796 1068 dmio - ok
16:33:21.0531 1068 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:33:21.0546 1068 dmload - ok
16:33:22.0343 1068 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:33:22.0390 1068 DMusic - ok
16:33:23.0296 1068 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
16:33:23.0421 1068 dot4 - ok
16:33:24.0171 1068 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
16:33:24.0187 1068 Dot4Print - ok
16:33:24.0921 1068 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
16:33:24.0953 1068 Dot4Scan - ok
16:33:25.0734 1068 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
16:33:25.0750 1068 dot4usb - ok
16:33:26.0500 1068 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
16:33:26.0515 1068 dpti2o - ok
16:33:27.0265 1068 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:33:27.0281 1068 drmkaud - ok
16:33:28.0578 1068 EMSC (553cff6cf3622de0d7fefdebe72a6395) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
16:33:28.0578 1068 EMSC - ok
16:33:30.0062 1068 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:33:30.0171 1068 Fastfat - ok
16:33:30.0968 1068 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:33:31.0015 1068 Fdc - ok
16:33:31.0750 1068 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:33:31.0781 1068 Fips - ok
16:33:32.0859 1068 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:33:32.0875 1068 Flpydisk - ok
16:33:33.0765 1068 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:33:33.0859 1068 FltMgr - ok
16:33:34.0625 1068 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:33:34.0640 1068 Fs_Rec - ok
16:33:35.0468 1068 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:33:35.0562 1068 Ftdisk - ok
16:33:36.0359 1068 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:33:36.0390 1068 Gpc - ok
16:33:37.0328 1068 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:33:37.0328 1068 HDAudBus - ok
16:33:38.0093 1068 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:33:38.0109 1068 hidusb - ok
16:33:38.0875 1068 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
16:33:38.0906 1068 hpn - ok
16:33:39.0812 1068 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:33:40.0015 1068 HTTP - ok
16:33:40.0796 1068 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
16:33:40.0812 1068 i2omgmt - ok
16:33:41.0593 1068 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
16:33:41.0609 1068 i2omp - ok
16:33:42.0390 1068 i8042prt (61b114b5d0b0eb5342bead361fedae18) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:33:42.0390 1068 i8042prt ( Rootkit.Win32.ZAccess.e ) - infected
16:33:42.0390 1068 i8042prt - detected Rootkit.Win32.ZAccess.e (0)
16:33:44.0093 1068 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
16:33:45.0062 1068 ialm - ok
16:33:45.0859 1068 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:33:45.0890 1068 Imapi - ok
16:33:46.0687 1068 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
16:33:46.0703 1068 ini910u - ok
16:33:51.0109 1068 IntcAzAudAddService (41bb402c2ade27b32439bb765864ab3b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:33:54.0921 1068 IntcAzAudAddService - ok
16:33:55.0671 1068 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:33:55.0687 1068 IntelIde - ok
16:33:56.0468 1068 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:33:56.0500 1068 intelppm - ok
16:33:57.0281 1068 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:33:57.0312 1068 Ip6Fw - ok
16:33:58.0062 1068 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:33:58.0078 1068 IpFilterDriver - ok
16:33:58.0828 1068 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:33:58.0843 1068 IpInIp - ok
16:33:59.0671 1068 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:33:59.0765 1068 IpNat - ok
16:34:00.0578 1068 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:34:00.0625 1068 IPSec - ok
16:34:01.0375 1068 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:34:01.0390 1068 IRENUM - ok
16:34:02.0171 1068 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:34:02.0203 1068 isapnp - ok
16:34:03.0234 1068 JMCR (fa4a5b32cae6074205b26971191efee4) C:\WINDOWS\system32\DRIVERS\jmcr.sys
16:34:03.0312 1068 JMCR - ok
16:34:04.0078 1068 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:34:04.0093 1068 Kbdclass - ok
16:34:04.0843 1068 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:34:04.0859 1068 kbdhid - ok
16:34:05.0734 1068 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:34:05.0859 1068 kmixer - ok
16:34:06.0656 1068 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:34:06.0718 1068 KSecDD - ok
16:34:07.0500 1068 lbrtfdc - ok
16:34:08.0343 1068 MBAMSwissArmy - ok
16:34:09.0109 1068 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:34:09.0109 1068 mnmdd - ok
16:34:09.0906 1068 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:34:09.0937 1068 Modem - ok
16:34:10.0687 1068 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:34:10.0703 1068 Mouclass - ok
16:34:11.0468 1068 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:34:11.0484 1068 mouhid - ok
16:34:12.0250 1068 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:34:12.0281 1068 MountMgr - ok
16:34:13.0031 1068 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
16:34:13.0046 1068 mraid35x - ok
16:34:14.0046 1068 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:34:14.0171 1068 MRxDAV - ok
16:34:15.0250 1068 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:34:15.0593 1068 MRxSmb - ok
16:34:16.0375 1068 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:34:16.0390 1068 Msfs - ok
16:34:17.0140 1068 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:34:17.0156 1068 MSKSSRV - ok
16:34:17.0984 1068 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:34:18.0000 1068 MSPCLOCK - ok
16:34:18.0750 1068 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:34:18.0750 1068 MSPQM - ok
16:34:19.0531 1068 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:34:19.0546 1068 mssmbios - ok
16:34:20.0359 1068 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:34:20.0437 1068 Mup - ok
16:34:21.0328 1068 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:34:21.0484 1068 NDIS - ok
16:34:22.0218 1068 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:34:22.0234 1068 NdisTapi - ok
16:34:23.0203 1068 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:34:23.0218 1068 Ndisuio - ok
16:34:24.0015 1068 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:34:24.0093 1068 NdisWan - ok
16:34:25.0046 1068 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:34:25.0078 1068 NDProxy - ok
16:34:25.0875 1068 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:34:25.0906 1068 NetBIOS - ok
16:34:26.0812 1068 NetBT (5117edcfe6ac0b86a458e156d1c67179) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:34:26.0968 1068 NetBT ( Rootkit.Win32.ZAccess.g ) - infected
16:34:26.0968 1068 NetBT - detected Rootkit.Win32.ZAccess.g (0)
16:34:27.0875 1068 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:34:27.0890 1068 Npfs - ok
16:34:29.0125 1068 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:34:29.0609 1068 Ntfs - ok
16:34:30.0578 1068 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:34:30.0578 1068 Null - ok
16:34:31.0328 1068 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:34:31.0343 1068 NwlnkFlt - ok
16:34:32.0109 1068 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:34:32.0140 1068 NwlnkFwd - ok
16:34:32.0984 1068 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:34:33.0046 1068 Parport - ok
16:34:33.0828 1068 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:34:33.0859 1068 PartMgr - ok
16:34:34.0640 1068 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:34:34.0656 1068 ParVdm - ok
16:34:35.0375 1068 PCASp50 - ok
16:34:36.0171 1068 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:34:36.0234 1068 PCI - ok
16:34:36.0953 1068 PCIDump - ok
16:34:37.0718 1068 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:34:37.0734 1068 PCIIde - ok
16:34:38.0593 1068 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:34:38.0703 1068 Pcmcia - ok
16:34:39.0421 1068 PDCOMP - ok
16:34:40.0171 1068 PDFRAME - ok
16:34:40.0921 1068 PDRELI - ok
16:34:41.0671 1068 PDRFRAME - ok
16:34:42.0453 1068 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
16:34:42.0468 1068 perc2 - ok
16:34:43.0203 1068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
16:34:43.0218 1068 perc2hib - ok
16:34:44.0156 1068 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:34:44.0203 1068 PptpMiniport - ok
16:34:45.0031 1068 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:34:45.0078 1068 PSched - ok
16:34:45.0843 1068 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:34:45.0859 1068 Ptilink - ok
16:34:46.0828 1068 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:34:46.0875 1068 PxHelp20 - ok
16:34:47.0640 1068 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
16:34:47.0671 1068 ql1080 - ok
16:34:48.0484 1068 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
16:34:48.0515 1068 Ql10wnt - ok
16:34:49.0281 1068 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
16:34:49.0328 1068 ql12160 - ok
16:34:50.0093 1068 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
16:34:50.0140 1068 ql1240 - ok
16:34:50.0937 1068 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
16:34:50.0984 1068 ql1280 - ok
16:34:51.0718 1068 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:34:51.0734 1068 RasAcd - ok
16:34:52.0531 1068 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:34:52.0578 1068 Rasl2tp - ok
16:34:53.0343 1068 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:34:53.0375 1068 RasPppoe - ok
16:34:54.0125 1068 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:34:54.0140 1068 Raspti - ok
16:34:55.0156 1068 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:34:55.0281 1068 Rdbss - ok
16:34:56.0031 1068 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:34:56.0031 1068 RDPCDD - ok
16:34:57.0031 1068 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:34:57.0187 1068 rdpdr - ok
16:34:58.0062 1068 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:34:58.0156 1068 RDPWD - ok
16:34:59.0000 1068 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:34:59.0031 1068 redbook - ok
16:35:00.0093 1068 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\WINDOWS\system32\Drivers\RimUsb.sys
16:35:00.0125 1068 RimUsb - ok
16:35:00.0953 1068 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
16:35:00.0984 1068 RimVSerPort - ok
16:35:01.0734 1068 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
16:35:01.0734 1068 ROOTMODEM - ok
16:35:02.0640 1068 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:35:02.0718 1068 RTLE8023xp - ok
16:35:02.0812 1068 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:35:02.0828 1068 SASDIFSV - ok
16:35:02.0921 1068 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:35:02.0968 1068 SASKUTIL - ok
16:35:03.0812 1068 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:35:03.0875 1068 sdbus - ok
16:35:04.0796 1068 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:35:04.0812 1068 Secdrv - ok
16:35:05.0625 1068 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:35:05.0687 1068 Serial - ok
16:35:06.0484 1068 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:35:06.0484 1068 Sfloppy - ok
16:35:07.0625 1068 Sftfs (44d20201a6c3fe4a634a559f8105f5b4) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
16:35:08.0000 1068 Sftfs - ok
16:35:08.0906 1068 Sftplay (0e108d75f8db551669e5eb37cbf5bc02) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
16:35:09.0046 1068 Sftplay - ok
16:35:09.0921 1068 Sftredir (65b31b4ba9efeace4dd95ed94051139f) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
16:35:09.0953 1068 Sftredir - ok
16:35:10.0796 1068 Sftvol (97604f605310f50dc49a2994c3264a42) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
16:35:10.0828 1068 Sftvol - ok
16:35:11.0640 1068 Simbad - ok
16:35:12.0406 1068 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
16:35:12.0437 1068 sisagp - ok
16:35:13.0234 1068 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
16:35:13.0250 1068 SONYPVU1 - ok
16:35:14.0015 1068 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
16:35:14.0031 1068 Sparrow - ok
16:35:14.0781 1068 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:35:14.0796 1068 splitter - ok
16:35:15.0671 1068 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:35:15.0734 1068 sr - ok
16:35:16.0781 1068 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:35:17.0062 1068 Srv - ok
16:35:17.0843 1068 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:35:17.0859 1068 swenum - ok
16:35:18.0656 1068 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:35:18.0703 1068 swmidi - ok
16:35:19.0468 1068 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
16:35:19.0484 1068 symc810 - ok
16:35:20.0281 1068 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
16:35:20.0312 1068 symc8xx - ok
16:35:21.0093 1068 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
16:35:21.0109 1068 sym_hi - ok
16:35:21.0890 1068 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
16:35:21.0921 1068 sym_u3 - ok
16:35:22.0875 1068 SynTP (64a8508b82a62bf661670884d1fd0e13) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:35:23.0031 1068 SynTP - ok
16:35:23.0828 1068 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:35:23.0890 1068 sysaudio - ok
16:35:24.0937 1068 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:35:25.0203 1068 Tcpip - ok
16:35:26.0343 1068 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:35:26.0359 1068 TDPIPE - ok
16:35:27.0125 1068 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:35:27.0140 1068 TDTCP - ok
16:35:27.0937 1068 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:35:27.0968 1068 TermDD - ok
16:35:28.0765 1068 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
16:35:28.0781 1068 TosIde - ok
16:35:29.0625 1068 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:35:29.0703 1068 Udfs - ok
16:35:30.0453 1068 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
16:35:30.0484 1068 ultra - ok
16:35:31.0609 1068 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:35:32.0171 1068 Update - ok
16:35:32.0984 1068 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
16:35:33.0000 1068 usbbus - ok
16:35:33.0781 1068 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:35:33.0796 1068 usbccgp - ok
16:35:34.0546 1068 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
16:35:34.0578 1068 UsbDiag - ok
16:35:35.0343 1068 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:35:35.0375 1068 usbehci - ok
16:35:36.0562 1068 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:35:36.0609 1068 usbhub - ok
16:35:37.0390 1068 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
16:35:37.0406 1068 USBModem - ok
16:35:38.0171 1068 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:35:38.0203 1068 usbprint - ok
16:35:38.0984 1068 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:35:39.0015 1068 USBSTOR - ok
16:35:39.0765 1068 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:35:39.0781 1068 usbuhci - ok
16:35:40.0546 1068 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:35:40.0562 1068 VgaSave - ok
16:35:41.0359 1068 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
16:35:41.0390 1068 viaagp - ok
16:35:42.0156 1068 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
16:35:42.0171 1068 ViaIde - ok
16:35:42.0953 1068 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:35:43.0015 1068 VolSnap - ok
16:35:43.0843 1068 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:35:43.0875 1068 Wanarp - ok
16:35:44.0937 1068 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
16:35:44.0937 1068 Wdf01000 - ok
16:35:45.0640 1068 WDICA - ok
16:35:46.0500 1068 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:35:46.0562 1068 wdmaud - ok
16:35:47.0531 1068 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:35:47.0546 1068 WpdUsb - ok
16:35:47.0718 1068 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
16:35:47.0968 1068 \Device\Harddisk0\DR0 - ok
16:35:47.0984 1068 Boot (0x1200) (711ccc78729158062cca3c47f837110f) \Device\Harddisk0\DR0\Partition0
16:35:48.0000 1068 \Device\Harddisk0\DR0\Partition0 - ok
16:35:48.0031 1068 ============================================================
16:35:48.0031 1068 Scan finished
16:35:48.0031 1068 ============================================================
16:35:48.0078 1060 Detected object count: 4
16:35:48.0078 1060 Actual detected object count: 4
16:36:02.0000 1060 C:\WINDOWS\4191848508:3279365382.exe - copied to quarantine
16:36:02.0000 1060 3c88daf9 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
16:36:02.0796 1060 C:\WINDOWS\system32\DRIVERS\compbatt.sys - copied to quarantine
16:36:02.0796 1060 Compbatt ( ForgedFile.Multi.Generic ) - User select action: Quarantine
16:36:03.0593 1060 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
16:36:27.0156 1060 Backup copy found, using it..
16:36:27.0484 1060 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
16:36:27.0484 1060 i8042prt ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
16:36:28.0390 1060 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
16:37:22.0781 1060 Backup copy not found, trying to cure infected file..
16:37:22.0781 1060 C:\WINDOWS\system32\DRIVERS\netbt.sys - Cure failed (FFFFFFFF)
16:37:22.0781 1060 C:\WINDOWS\system32\DRIVERS\netbt.sys - processing error
16:37:22.0781 1060 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
16:37:49.0781 1044 Deinitialize success

I had to run SAS portable scanner and I cannot find any logs. The Scanner Logs is empty

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:01 AM

Posted 13 October 2011 - 12:33 PM

you have a ZeroAccess Rootkit that the clean failed

16:35:48.0078 1060 Detected object count: 4
16:35:48.0078 1060 Actual detected object count: 4
16:36:02.0000 1060 C:\WINDOWS\4191848508:3279365382.exe - copied to quarantine
16:36:02.0000 1060 3c88daf9 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
16:36:02.0796 1060 C:\WINDOWS\system32\DRIVERS\compbatt.sys - copied to quarantine
16:36:02.0796 1060 Compbatt ( ForgedFile.Multi.Generic ) - User select action: Quarantine
16:36:03.0593 1060 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
16:36:27.0156 1060 Backup copy found, using it..
16:36:27.0484 1060 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
16:36:27.0484 1060 i8042prt ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
16:36:28.0390 1060 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
16:37:22.0781 1060 Backup copy not found, trying to cure infected file..
16:37:22.0781 1060 C:\WINDOWS\system32\DRIVERS\netbt.sys - Cure failed (FFFFFFFF)
16:37:22.0781 1060 C:\WINDOWS\system32\DRIVERS\netbt.sys - processing error
16:37:22.0781 1060 NetBT ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
16:37:49.0781 1044 Deinitialize success



We need to move and get you custom help.


We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include this link back tp this topic

http://www.bleepingcomputer.com/forums/topic422857.html/page__pid__2439632#entry2439632

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 mygameparts

mygameparts
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:01 AM

Posted 14 October 2011 - 09:20 AM

Everything seemed to run fine.

http://www.bleepingcomputer.com/forums/topic423452.html

That's my post. Thank you for your help thus far.

#8 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,962 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:01 AM

Posted 14 October 2011 - 09:54 AM

Hello,

Now for the hard and frustrating part: waiting.

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users