Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:Win32/Sirefef.O


  • This topic is locked This topic is locked
46 replies to this topic

#1 TheSpade

TheSpade

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 10 November 2011 - 11:50 PM

I've been infected with viruses.

I realized it when I've been redirected to another website(CC Search)by Google after Google search. After searching about this CC Search, I decided to install anti-virus to remove some viruses.

I've tried installing KasperSky but it seemed that it couldn't start. While downloading other Anti-Virus software, my internet connection was "cut-off" half-way. This happens too when I am download other programs too.

It was then I started downloading using FreeDownloadManager so I could pause the download and continue after rebooting my computer and my internet connection was back.(The connection remains for about 5minutes after starting download) Therefore I restarted for 3-4 times before successfully downloading the anti-virus(HitMan and Spyware Doctor) and TDSS killer. Although infections were found and removed, after rebooting my computer, Windows Defender found this virus trojan, Win32/Sirefef.O.

Windows Defender prompted me to remove it and after clicking "Remove All", an error occurred:

Error encountered:
Code 0x80508017. Some actions couldn't be applied to potentially harmful items. The items might be stored in a read-only location. Delete the files or folders that contains the items or, for information on removing read-only permissions from files and folders, see Help and Support.

Category:
Trojan

Description:
This program is dangerous and executes commands from an attacker.

Advice:
Remove this software immediately.

Resources:
process:
pid:3476

file:
C:\Windows\4275009247:545861633.exe

Will someone help me with this?

Problems faced: Redirected to CC Search and Trojan:Win32/Sirefef.O found.
Here's the DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by user at 12:18:25 on 2011-11-11
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee Security Scan\2.0.189\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\4275009247:545861633.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Windows\system32\vssvc.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0211&m=aspire_m1640
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=0211&m=aspire_m1640
mDefault_Page_URL = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://start.facemoods.com/?a=bf&s={searchTerms}&f=4
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Apanel] c:\acersw\config\SetApanel.cmd
mRun: [Skytel] Skytel.exe
mRun: [RegistryQuick.exe] c:\program files\regquick\RegistryQuick.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{23F758A4-F69A-4206-A835-772459481304} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{40C57B1D-F89B-4877-A1AE-0A282C2C08BD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4B89E525-B2FE-4E02-B769-D671257BBDE6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C223A989-79F2-40CE-8BF0-660AC9E7FB4C} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FF540C95-2E8B-4A08-AFBA-0D51A11C699E} : DhcpNameServer = 192.168.1.254
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\y5fcfwws.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://sg.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - prefs.js: network.proxy.http - proxy.changeipaddress.org
FF - prefs.js: network.proxy.http_port - 8231
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R? 1394hub;1394 Enabled Hub
R? Acer HomeMedia Connect Service;Acer HomeMedia Connect Service
R? apf001;apf001
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
R? dgderdrv;dgderdrv
R? EagleXNt;EagleXNt
R? gewcctla;gewcctla
R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? hitmanpro35;Hitman Pro 3.5 Support Driver
R? KiesAllShare;SAMSUNG KiesAllShare Service
R? maxD20081102;maxD20081102
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McShield;McAfee Real-time Scanner
R? McSysmon;McAfee SystemGuards
R? nmzcgyhm;nmzcgyhm
R? NVHDA;Service for NVIDIA HDMI Audio Driver
R? sdCoreService;PC Tools Security Service
R? ss_bbus;SAMSUNG USB Mobile Device (WDM)
R? ss_bmdfl;SAMSUNG USB Mobile Modem (Filter)
R? ss_bmdm;SAMSUNG USB Mobile Modem
R? ss_bserd;SAMSUNG USB Mobile Logging Driver
R? ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
R? SwitchBoard;SwitchBoard
R? yvmjidon;yvmjidon
S? Browser Defender Update Service;Browser Defender Update Service
S? FontCache;Windows Font Cache Service
S? netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista
S? PCTCore;PCTools KDS
S? pctDS;PC Tools Data Store
S? pctEFA;PC Tools Extended File Attributes
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== Created Last 30 ================
.
2011-11-11 03:45:35 -------- d-----w- c:\program files\ESET
2011-11-11 03:43:48 41680 ----a-w- c:\windows\system32\drivers\nmzcgyhm.sys
2011-11-11 03:39:29 41680 ----a-w- c:\windows\system32\drivers\yvmjidon.sys
2011-11-11 03:36:26 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e27a7b7d-eaef-489a-a878-238705c48377}\offreg.dll
2011-11-11 03:30:38 48016 --sha-w- c:\windows\system32\c_13516.nl_
2011-11-11 03:28:03 767952 ----a-w- c:\windows\BDTSupport.dll
2011-11-11 03:28:03 1996752 ----a-w- c:\windows\PCTBDCore.dll
2011-11-11 03:28:03 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-11-11 03:28:03 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-11-11 02:06:36 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-11 01:36:19 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-11-11 01:36:19 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-11-11 01:36:18 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-11-11 01:36:18 102184 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-11-11 01:36:16 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-11-11 01:36:16 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-11-11 01:36:13 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-11-11 01:36:09 -------- d-----w- c:\users\user\appdata\roaming\PC Tools
2011-11-11 01:36:09 -------- d-----w- c:\programdata\PC Tools
2011-11-11 01:36:09 -------- d-----w- c:\program files\PC Tools Security
2011-11-11 01:36:09 -------- d-----w- c:\program files\common files\PC Tools
2011-11-11 01:35:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-11 01:35:30 -------- d-----w- c:\programdata\Hitman Pro
2011-11-11 01:25:49 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-10 08:34:30 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 08:34:27 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-10 08:33:18 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e27a7b7d-eaef-489a-a878-238705c48377}\mpengine.dll
2011-11-09 13:06:14 1634808704 ----a-w- c:\program files\Garena_GKART_setup_v40.exe
2011-11-09 13:05:56 -------- d-----w- c:\users\user\appdata\local\Garena
2011-11-08 06:05:17 -------- d-----w- c:\programdata\Avira
2011-11-08 06:05:17 -------- d-----w- c:\program files\Avira
2011-11-08 06:03:53 -------- d--h--w- c:\programdata\Common Files
2011-11-08 06:03:06 -------- d-----w- c:\programdata\MFAData
2011-11-08 05:28:54 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-07 02:44:49 -------- d--h--w- C:\kleaner.tmp
2011-11-07 02:29:11 -------- d-----r- C:\Sandbox
2011-11-07 02:27:51 -------- d-----w- c:\program files\Sandboxie
2011-11-07 02:18:27 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-11-07 02:18:18 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2011-11-07 01:12:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-11-07 01:08:19 -------- d-sh--w- c:\users\user\appdata\local\df76cffe
2011-11-06 04:13:55 1467200 ----a-w- c:\windows\system32\msvcr100d.dll
2011-11-06 04:13:54 -------- d-----w- c:\program files\Dll-Files.com Fixer
2011-10-29 07:59:54 -------- d-----w- c:\program files\Ask.com
2011-10-29 07:49:36 -------- d-----w- c:\programdata\Ask
2011-10-25 13:58:47 -------- d-----w- c:\program files\GPK
2011-10-25 13:30:37 -------- d-----w- c:\program files\Log
2011-10-25 11:32:44 2705744 ----a-w- c:\program files\vcredist_x86.exe
2011-10-25 11:32:43 4333568 ----a-w- c:\program files\iceclientlib.dll
2011-10-25 11:32:43 4161816 ----a-w- c:\program files\d3dx9d_31.dll
2011-10-25 11:32:43 374784 ----a-w- c:\program files\fmodex.dll
2011-10-25 11:32:42 831488 ----a-w- c:\program files\codec_TCS8.dll
2011-10-25 11:32:42 831488 ----a-w- c:\program files\codec_TCS16.dll
2011-10-25 11:32:42 5718016 ----a-w- c:\program files\bdvid32.dll
2011-10-25 11:32:42 2414360 ----a-w- c:\program files\d3dx9_31.dll
2011-10-25 11:32:41 4813824 ----a-w- c:\program files\bdcap32.dll
2011-10-25 11:32:41 2585872 ----a-w- c:\program files\WindowsInstaller.exe
2011-10-25 11:28:48 7699464 ----a-w- c:\program files\DragonNest.exe
2011-10-25 11:28:48 701800 ----a-w- c:\program files\GPKitClt.dll
2011-10-25 11:28:48 1144168 ----a-w- c:\program files\DNLauncher.exe
2011-10-18 09:13:55 -------- d-----w- c:\users\user\appdata\roaming\Free Download Manager
2011-10-18 09:13:53 -------- d-----w- c:\programdata\FreeDownloadManager.ORG
2011-10-18 09:13:52 -------- d-----w- c:\program files\Free Download Manager
2011-10-15 11:07:29 -------- d-----w- c:\program files\Tales of Pirates Online
2011-10-13 08:49:29 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 08:49:29 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 08:49:27 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-13 08:49:27 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-13 08:49:26 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 08:49:16 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-13 08:49:16 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-13 08:49:16 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 08:49:15 563712 ----a-w- c:\windows\system32\oleaut32.dll
.
==================== Find3M ====================
.
2011-11-11 03:36:09 185856 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-11 03:30:10 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-11-10 23:33:26 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-02 21:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:17:19 103784 ----a-w- c:\users\user\GoToAssistDownloadHelper.exe
2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 12:18:59.71 ===============

I can't get the gmer thing on, it crashes after some scan results shows
Edit: By the way, I'm using Windows Vista and there's always updates recently. Was that caused by the virus?

Attached Files


Edited by TheSpade, 11 November 2011 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 11 November 2011 - 03:09 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 12 November 2011 - 05:43 AM

I can't get Combofix to complete. Can I know the estimated time? I ran it and left it there for 1 hour and it seemed to continue scanning. Is internet connection required? It seemed that after running, my internet connection seems to be unstable or even disconnected. When I switch on the computer now, it prompts me that the recycle bin on C drive corrupted,and asked me if I want to empty it. Other than that it seemed to be working as normal with the usual Win32/Sirefef.O found by my Windows Defender. Spyware doctor says its disconnected and it's functions don't work(can't click).

Edited by TheSpade, 12 November 2011 - 05:55 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 12 November 2011 - 12:45 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 08:16 PM

I'm using my other computer now. After TDSSkiller.exe scan, I rebooted the computer. While rebooting, there appeared to be a CHKDSK which verifies my files or something. After this CHKDSK, I couldn't start the computer. Upon reaching the desktop, while loading, the blue screen of death appeared and said IRQL_NOT_LESS_OR_EQUAL. It appeared every single time I restart the computer. Now I can't start the computer. I'll try and start the computer and get the TDSSKiller log, but meanwhile what can I do to the computer?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 13 November 2011 - 08:27 PM

Hello


what operating system do you have

it would make it to the desktop and then blue screen - have you tried safe mode?


gringo

Edited by gringo_pr, 13 November 2011 - 08:28 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 08:30 PM

Windows Vista

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 13 November 2011 - 08:31 PM

it would make it to the desktop and then blue screen - have you tried safe mode?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 08:48 PM

Just tried safe mode, but no internet, had to transfer the file. Here's the TDSS log:

08:33:22.0247 3704 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
08:33:24.0043 3704 ============================================================
08:33:24.0043 3704 Current date / time: 2011/11/14 08:33:24.0043
08:33:24.0043 3704 SystemInfo:
08:33:24.0043 3704
08:33:24.0044 3704 OS Version: 6.0.6002 ServicePack: 2.0
08:33:24.0044 3704 Product type: Workstation
08:33:24.0044 3704 ComputerName: USER-PC
08:33:24.0044 3704 UserName: user
08:33:24.0044 3704 Windows directory: C:\Windows
08:33:24.0044 3704 System windows directory: C:\Windows
08:33:24.0044 3704 Processor architecture: Intel x86
08:33:24.0044 3704 Number of processors: 2
08:33:24.0044 3704 Page size: 0x1000
08:33:24.0044 3704 Boot type: Normal boot
08:33:24.0044 3704 ============================================================
08:33:24.0525 3704 Initialize success
08:33:27.0205 3348 ============================================================
08:33:27.0205 3348 Scan started
08:33:27.0205 3348 Mode: Manual;
08:33:27.0205 3348 ============================================================
08:33:27.0876 3348 1394hub - ok
08:33:28.0079 3348 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:33:28.0096 3348 ACPI - ok
08:33:28.0335 3348 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:33:28.0344 3348 adp94xx - ok
08:33:28.0837 3348 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:33:28.0874 3348 adpahci - ok
08:33:28.0939 3348 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:33:28.0943 3348 adpu160m - ok
08:33:28.0965 3348 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:33:28.0970 3348 adpu320 - ok
08:33:29.0081 3348 AFD (9c9ceff2fd8ef7fe83f5f1aa514bdf14) C:\Windows\system32\drivers\afd.sys
08:33:29.0086 3348 AFD ( Rootkit.Win32.ZAccess.e ) - infected
08:33:29.0086 3348 AFD - detected Rootkit.Win32.ZAccess.e (0)
08:33:29.0137 3348 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:33:29.0139 3348 agp440 - ok
08:33:29.0206 3348 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:33:29.0216 3348 aic78xx - ok
08:33:29.0389 3348 ajiknmjq - ok
08:33:29.0414 3348 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:33:29.0416 3348 aliide - ok
08:33:29.0480 3348 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:33:29.0482 3348 amdagp - ok
08:33:29.0542 3348 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:33:29.0544 3348 amdide - ok
08:33:29.0590 3348 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:33:29.0592 3348 AmdK7 - ok
08:33:29.0627 3348 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:33:29.0637 3348 AmdK8 - ok
08:33:29.0677 3348 apf001 - ok
08:33:29.0905 3348 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:33:29.0908 3348 arc - ok
08:33:30.0144 3348 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:33:30.0147 3348 arcsas - ok
08:33:30.0713 3348 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:33:30.0736 3348 AsyncMac - ok
08:33:31.0128 3348 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:33:31.0130 3348 atapi - ok
08:33:31.0275 3348 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:33:31.0280 3348 Beep - ok
08:33:31.0335 3348 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:33:31.0338 3348 blbdrive - ok
08:33:31.0646 3348 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:33:31.0649 3348 bowser - ok
08:33:31.0837 3348 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:33:31.0845 3348 BrFiltLo - ok
08:33:32.0026 3348 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:33:32.0029 3348 BrFiltUp - ok
08:33:32.0243 3348 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:33:32.0246 3348 Brserid - ok
08:33:32.0288 3348 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:33:32.0312 3348 BrSerWdm - ok
08:33:32.0405 3348 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:33:32.0410 3348 BrUsbMdm - ok
08:33:32.0450 3348 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:33:32.0461 3348 BrUsbSer - ok
08:33:32.0578 3348 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:33:32.0582 3348 BTHMODEM - ok
08:33:32.0778 3348 catchme - ok
08:33:33.0038 3348 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:33:33.0066 3348 cdfs - ok
08:33:33.0266 3348 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
08:33:33.0277 3348 cdrom - ok
08:33:33.0331 3348 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:33:33.0342 3348 circlass - ok
08:33:33.0408 3348 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:33:33.0419 3348 CLFS - ok
08:33:33.0588 3348 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:33:33.0598 3348 cmdide - ok
08:33:34.0090 3348 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
08:33:34.0093 3348 Compbatt - ok
08:33:34.0205 3348 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:33:34.0206 3348 crcdisk - ok
08:33:34.0325 3348 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:33:34.0331 3348 Crusoe - ok
08:33:34.0494 3348 df76cffe (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\4275009247:545861633.exe
08:33:34.0495 3348 Suspicious file (Hidden): C:\Windows\4275009247:545861633.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
08:33:34.0495 3348 df76cffe ( Rootkit.Win32.PMax.gen ) - infected
08:33:34.0495 3348 df76cffe - detected Rootkit.Win32.PMax.gen (0)
08:33:34.0547 3348 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:33:34.0555 3348 DfsC - ok
08:33:34.0631 3348 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
08:33:34.0641 3348 dgderdrv - ok
08:33:34.0699 3348 dg_ssudbus (c9f9cafafbffaf7e380efc353ccc940c) C:\Windows\system32\DRIVERS\ssudbus.sys
08:33:34.0727 3348 dg_ssudbus - ok
08:33:35.0064 3348 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:33:35.0090 3348 disk - ok
08:33:35.0247 3348 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:33:35.0258 3348 drmkaud - ok
08:33:35.0297 3348 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:33:35.0309 3348 DXGKrnl - ok
08:33:35.0430 3348 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:33:35.0440 3348 E1G60 - ok
08:33:35.0514 3348 EagleNT - ok
08:33:35.0543 3348 EagleXNt - ok
08:33:35.0592 3348 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:33:35.0595 3348 Ecache - ok
08:33:35.0716 3348 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:33:35.0728 3348 elxstor - ok
08:33:35.0915 3348 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:33:35.0917 3348 ErrDev - ok
08:33:36.0094 3348 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:33:36.0100 3348 exfat - ok
08:33:36.0269 3348 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:33:36.0273 3348 fastfat - ok
08:33:36.0485 3348 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:33:36.0490 3348 fdc - ok
08:33:36.0770 3348 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:33:36.0773 3348 FileInfo - ok
08:33:36.0845 3348 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:33:36.0852 3348 Filetrace - ok
08:33:36.0937 3348 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:33:36.0943 3348 flpydisk - ok
08:33:36.0990 3348 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:33:36.0994 3348 FltMgr - ok
08:33:37.0059 3348 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:33:37.0069 3348 Fs_Rec - ok
08:33:37.0107 3348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:33:37.0118 3348 gagp30kx - ok
08:33:37.0324 3348 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
08:33:37.0330 3348 HdAudAddService - ok
08:33:37.0367 3348 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:33:37.0377 3348 HDAudBus - ok
08:33:37.0535 3348 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:33:37.0539 3348 HidBth - ok
08:33:38.0137 3348 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:33:38.0139 3348 HidIr - ok
08:33:38.0246 3348 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:33:38.0248 3348 HidUsb - ok
08:33:38.0305 3348 hitmanpro35 (72472b9ce5d02e443cff49a40355455d) C:\Windows\system32\drivers\hitmanpro35.sys
08:33:38.0307 3348 hitmanpro35 - ok
08:33:38.0458 3348 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:33:38.0462 3348 HpCISSs - ok
08:33:38.0574 3348 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:33:38.0582 3348 HTTP - ok
08:33:38.0651 3348 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:33:38.0654 3348 i2omp - ok
08:33:38.0698 3348 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:33:38.0700 3348 i8042prt - ok
08:33:38.0786 3348 iaStor (580bfec487c55264bfe3d60c3c24eee1) C:\Windows\system32\drivers\iastor.sys
08:33:38.0791 3348 iaStor - ok
08:33:38.0835 3348 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:33:38.0840 3348 iaStorV - ok
08:33:38.0995 3348 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:33:38.0998 3348 iirsp - ok
08:33:39.0045 3348 int15 - ok
08:33:39.0186 3348 IntcAzAudAddService (4c01298060cf930d26a75a86b874b6ae) C:\Windows\system32\drivers\RTKVHDA.sys
08:33:39.0263 3348 IntcAzAudAddService - ok
08:33:39.0356 3348 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:33:39.0364 3348 intelide - ok
08:33:39.0421 3348 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:33:39.0423 3348 intelppm - ok
08:33:39.0658 3348 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:33:39.0666 3348 IpFilterDriver - ok
08:33:39.0726 3348 IpInIp - ok
08:33:39.0836 3348 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:33:39.0842 3348 IPMIDRV - ok
08:33:39.0905 3348 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:33:39.0909 3348 IPNAT - ok
08:33:39.0930 3348 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
08:33:39.0932 3348 IRENUM - ok
08:33:39.0957 3348 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
08:33:39.0960 3348 isapnp - ok
08:33:40.0088 3348 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
08:33:40.0097 3348 iScsiPrt - ok
08:33:40.0214 3348 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
08:33:40.0220 3348 iteatapi - ok
08:33:40.0245 3348 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
08:33:40.0248 3348 iteraid - ok
08:33:40.0266 3348 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:33:40.0268 3348 kbdclass - ok
08:33:40.0673 3348 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
08:33:40.0702 3348 kbdhid - ok
08:33:41.0223 3348 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
08:33:41.0266 3348 KSecDD - ok
08:33:41.0813 3348 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
08:33:41.0841 3348 lltdio - ok
08:33:42.0261 3348 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
08:33:42.0266 3348 LSI_FC - ok
08:33:42.0856 3348 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
08:33:42.0863 3348 LSI_SAS - ok
08:33:42.0928 3348 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
08:33:42.0939 3348 LSI_SCSI - ok
08:33:42.0964 3348 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
08:33:42.0967 3348 luafv - ok
08:33:42.0982 3348 maxD20081102 - ok
08:33:43.0217 3348 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
08:33:43.0219 3348 megasas - ok
08:33:43.0286 3348 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
08:33:43.0295 3348 MegaSR - ok
08:33:43.0333 3348 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
08:33:43.0335 3348 Modem - ok
08:33:43.0417 3348 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys
08:33:43.0419 3348 MODEMCSA - ok
08:33:43.0450 3348 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
08:33:43.0452 3348 monitor - ok
08:33:43.0516 3348 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
08:33:43.0519 3348 mouclass - ok
08:33:43.0548 3348 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
08:33:43.0559 3348 mouhid - ok
08:33:43.0648 3348 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
08:33:43.0661 3348 MountMgr - ok
08:33:43.0687 3348 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
08:33:43.0691 3348 mpio - ok
08:33:43.0896 3348 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
08:33:43.0904 3348 mpsdrv - ok
08:33:43.0980 3348 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
08:33:43.0983 3348 Mraid35x - ok
08:33:44.0024 3348 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
08:33:44.0027 3348 MRxDAV - ok
08:33:44.0089 3348 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:33:44.0093 3348 mrxsmb - ok
08:33:44.0127 3348 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:33:44.0132 3348 mrxsmb10 - ok
08:33:44.0218 3348 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:33:44.0222 3348 mrxsmb20 - ok
08:33:44.0260 3348 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
08:33:44.0262 3348 msahci - ok
08:33:44.0286 3348 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
08:33:44.0290 3348 msdsm - ok
08:33:44.0339 3348 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
08:33:44.0344 3348 Msfs - ok
08:33:44.0513 3348 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
08:33:44.0514 3348 msisadrv - ok
08:33:44.0778 3348 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
08:33:44.0798 3348 MSKSSRV - ok
08:33:45.0278 3348 msloop (0a562f61d84bf1988e4dd6413b76c1d4) C:\Windows\system32\DRIVERS\loop.sys
08:33:45.0280 3348 msloop - ok
08:33:45.0458 3348 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
08:33:45.0461 3348 MSPCLOCK - ok
08:33:45.0585 3348 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
08:33:45.0590 3348 MSPQM - ok
08:33:45.0625 3348 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
08:33:45.0629 3348 MsRPC - ok
08:33:45.0679 3348 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
08:33:45.0680 3348 mssmbios - ok
08:33:45.0705 3348 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
08:33:45.0708 3348 MSTEE - ok
08:33:45.0780 3348 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
08:33:45.0782 3348 Mup - ok
08:33:45.0868 3348 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
08:33:45.0872 3348 NativeWifiP - ok
08:33:45.0970 3348 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
08:33:45.0985 3348 NDIS - ok
08:33:46.0048 3348 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
08:33:46.0051 3348 NdisTapi - ok
08:33:46.0069 3348 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
08:33:46.0071 3348 Ndisuio - ok
08:33:46.0212 3348 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
08:33:46.0222 3348 NdisWan - ok
08:33:46.0359 3348 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
08:33:46.0361 3348 NDProxy - ok
08:33:46.0451 3348 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
08:33:46.0454 3348 NetBIOS - ok
08:33:46.0554 3348 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
08:33:46.0559 3348 netbt - ok
08:33:46.0770 3348 netr73 (757f999aa72b55780ee810d4cd1bdd47) C:\Windows\system32\DRIVERS\WUSB54GCx86.sys
08:33:46.0777 3348 netr73 - ok
08:33:46.0906 3348 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
08:33:46.0917 3348 nfrd960 - ok
08:33:46.0998 3348 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
08:33:47.0012 3348 Npfs - ok
08:33:47.0187 3348 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
08:33:47.0191 3348 nsiproxy - ok
08:33:47.0285 3348 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
08:33:47.0312 3348 Ntfs - ok
08:33:47.0463 3348 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
08:33:47.0476 3348 ntrigdigi - ok
08:33:47.0521 3348 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
08:33:47.0524 3348 Null - ok
08:33:47.0617 3348 NVENETFD (b896fb556b4dc1e1d2943559ea79c5c5) C:\Windows\system32\DRIVERS\nvmfdx32.sys
08:33:47.0636 3348 NVENETFD - ok
08:33:47.0725 3348 NVHDA (f3ef6cb754c908c5e79fe5bb4a7e39ba) C:\Windows\system32\drivers\nvhda32v.sys
08:33:47.0728 3348 NVHDA - ok
08:33:47.0959 3348 nvlddmkm (ca76b9adb89f60c512f8ee1ea3c85668) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:33:48.0093 3348 nvlddmkm - ok
08:33:48.0186 3348 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
08:33:48.0190 3348 nvraid - ok
08:33:48.0292 3348 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
08:33:48.0297 3348 nvrd32 - ok
08:33:48.0427 3348 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
08:33:48.0429 3348 nvsmu - ok
08:33:48.0549 3348 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
08:33:48.0556 3348 nvstor - ok
08:33:48.0630 3348 nvstor32 (d7b213299852d2026dbc90dab77ef06c) C:\Windows\system32\drivers\nvstor32.sys
08:33:48.0632 3348 nvstor32 - ok
08:33:48.0769 3348 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
08:33:48.0780 3348 nv_agp - ok
08:33:48.0826 3348 NwlnkFlt - ok
08:33:48.0933 3348 NwlnkFwd - ok
08:33:49.0112 3348 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
08:33:49.0114 3348 ohci1394 - ok
08:33:49.0332 3348 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
08:33:49.0337 3348 Parport - ok
08:33:49.0403 3348 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
08:33:49.0406 3348 partmgr - ok
08:33:49.0446 3348 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
08:33:49.0455 3348 Parvdm - ok
08:33:49.0498 3348 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
08:33:49.0501 3348 pccsmcfd - ok
08:33:49.0573 3348 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
08:33:49.0577 3348 pci - ok
08:33:49.0638 3348 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
08:33:49.0640 3348 pciide - ok
08:33:49.0669 3348 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
08:33:49.0674 3348 pcmcia - ok
08:33:49.0795 3348 PCTCore (6ef125721a9f1f7dbf3229786f7decd0) C:\Windows\system32\drivers\PCTCore.sys
08:33:49.0805 3348 PCTCore - ok
08:33:49.0894 3348 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
08:33:49.0899 3348 pctDS - ok
08:33:50.0150 3348 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
08:33:50.0176 3348 pctEFA - ok
08:33:50.0291 3348 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
08:33:50.0307 3348 PEAUTH - ok
08:33:50.0371 3348 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
08:33:50.0374 3348 PptpMiniport - ok
08:33:50.0448 3348 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
08:33:50.0451 3348 Processor - ok
08:33:50.0487 3348 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
08:33:50.0498 3348 PSched - ok
08:33:50.0564 3348 PSDFilter (ab94285ff6c6bc5433407d8d182a4bb4) C:\Windows\system32\DRIVERS\psdfilter.sys
08:33:50.0566 3348 PSDFilter - ok
08:33:50.0583 3348 PSDNServ (2aaf9a5d7a63d26bfaea853c5f2292bc) C:\Windows\system32\DRIVERS\PSDNServ.sys
08:33:50.0585 3348 PSDNServ - ok
08:33:50.0615 3348 psdvdisk (0eb8cec99855beae5b0d02c2302619ef) C:\Windows\system32\DRIVERS\PSDVdisk.sys
08:33:50.0618 3348 psdvdisk - ok
08:33:50.0709 3348 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
08:33:50.0729 3348 ql2300 - ok
08:33:50.0748 3348 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
08:33:50.0758 3348 ql40xx - ok
08:33:50.0825 3348 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
08:33:50.0828 3348 QWAVEdrv - ok
08:33:50.0844 3348 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
08:33:50.0846 3348 RasAcd - ok
08:33:50.0867 3348 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:33:50.0871 3348 Rasl2tp - ok
08:33:50.0960 3348 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
08:33:50.0962 3348 RasPppoe - ok
08:33:50.0977 3348 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
08:33:50.0980 3348 RasSstp - ok
08:33:51.0036 3348 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
08:33:51.0045 3348 rdbss - ok
08:33:51.0108 3348 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:33:51.0111 3348 RDPCDD - ok
08:33:51.0141 3348 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
08:33:51.0147 3348 rdpdr - ok
08:33:51.0159 3348 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
08:33:51.0162 3348 RDPENCDD - ok
08:33:51.0235 3348 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
08:33:51.0240 3348 RDPWD - ok
08:33:51.0330 3348 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
08:33:51.0341 3348 rspndr - ok
08:33:51.0370 3348 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
08:33:51.0373 3348 sbp2port - ok
08:33:51.0412 3348 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:33:51.0414 3348 secdrv - ok
08:33:51.0506 3348 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
08:33:51.0508 3348 Serenum - ok
08:33:51.0555 3348 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
08:33:51.0559 3348 Serial - ok
08:33:51.0624 3348 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
08:33:51.0626 3348 sermouse - ok
08:33:51.0836 3348 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
08:33:51.0842 3348 sffdisk - ok
08:33:51.0900 3348 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
08:33:51.0902 3348 sffp_mmc - ok
08:33:51.0915 3348 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
08:33:51.0918 3348 sffp_sd - ok
08:33:51.0941 3348 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
08:33:51.0944 3348 sfloppy - ok
08:33:51.0980 3348 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
08:33:51.0984 3348 sisagp - ok
08:33:52.0052 3348 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
08:33:52.0055 3348 SiSRaid2 - ok
08:33:52.0085 3348 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
08:33:52.0089 3348 SiSRaid4 - ok
08:33:52.0309 3348 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
08:33:52.0334 3348 Smb - ok
08:33:52.0670 3348 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
08:33:52.0720 3348 smserial - ok
08:33:52.0840 3348 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
08:33:52.0842 3348 spldr - ok
08:33:53.0072 3348 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
08:33:53.0084 3348 srv - ok
08:33:53.0247 3348 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
08:33:53.0275 3348 srv2 - ok
08:33:53.0544 3348 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
08:33:53.0593 3348 srvnet - ok
08:33:53.0891 3348 ssudmdm (91970cc4a3a30a01c1573184a62f5143) C:\Windows\system32\DRIVERS\ssudmdm.sys
08:33:53.0919 3348 ssudmdm - ok
08:33:54.0186 3348 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
08:33:54.0189 3348 ss_bbus - ok
08:33:54.0329 3348 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
08:33:54.0332 3348 ss_bmdfl - ok
08:33:54.0454 3348 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
08:33:54.0458 3348 ss_bmdm - ok
08:33:54.0479 3348 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
08:33:54.0482 3348 ss_bserd - ok
08:33:54.0583 3348 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
08:33:54.0585 3348 swenum - ok
08:33:54.0667 3348 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
08:33:54.0670 3348 Symc8xx - ok
08:33:54.0703 3348 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
08:33:54.0712 3348 Sym_hi - ok
08:33:54.0765 3348 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
08:33:54.0768 3348 Sym_u3 - ok
08:33:54.0901 3348 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
08:33:54.0926 3348 Tcpip - ok
08:33:55.0306 3348 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
08:33:55.0317 3348 Tcpip6 - ok
08:33:55.0686 3348 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
08:33:55.0688 3348 tcpipreg - ok
08:33:55.0762 3348 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
08:33:55.0772 3348 TDPIPE - ok
08:33:55.0796 3348 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
08:33:55.0798 3348 TDTCP - ok
08:33:56.0116 3348 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
08:33:56.0124 3348 tdx - ok
08:33:56.0215 3348 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
08:33:56.0220 3348 TermDD - ok
08:33:56.0301 3348 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:33:56.0307 3348 tssecsrv - ok
08:33:56.0392 3348 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
08:33:56.0400 3348 tunmp - ok
08:33:56.0424 3348 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
08:33:56.0427 3348 tunnel - ok
08:33:56.0532 3348 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
08:33:56.0537 3348 uagp35 - ok
08:33:56.0585 3348 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
08:33:56.0593 3348 udfs - ok
08:33:56.0716 3348 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
08:33:56.0723 3348 uliagpkx - ok
08:33:56.0924 3348 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
08:33:56.0975 3348 uliahci - ok
08:33:57.0094 3348 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
08:33:57.0099 3348 UlSata - ok
08:33:57.0245 3348 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
08:33:57.0255 3348 ulsata2 - ok
08:33:57.0407 3348 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
08:33:57.0414 3348 umbus - ok
08:33:57.0682 3348 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
08:33:57.0693 3348 usbccgp - ok
08:33:57.0776 3348 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
08:33:57.0785 3348 usbcir - ok
08:33:57.0818 3348 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
08:33:57.0820 3348 usbehci - ok
08:33:58.0001 3348 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
08:33:58.0021 3348 usbhub - ok
08:33:58.0139 3348 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
08:33:58.0165 3348 usbohci - ok
08:33:58.0208 3348 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
08:33:58.0211 3348 usbprint - ok
08:33:58.0402 3348 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:33:58.0404 3348 USBSTOR - ok
08:33:58.0784 3348 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
08:33:58.0792 3348 usbuhci - ok
08:33:58.0970 3348 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
08:33:58.0987 3348 vga - ok
08:33:59.0038 3348 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
08:33:59.0041 3348 VgaSave - ok
08:33:59.0074 3348 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
08:33:59.0077 3348 viaagp - ok
08:33:59.0228 3348 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
08:33:59.0234 3348 ViaC7 - ok
08:33:59.0545 3348 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
08:33:59.0572 3348 viaide - ok
08:33:59.0801 3348 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
08:33:59.0830 3348 volmgr - ok
08:34:00.0067 3348 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
08:34:00.0082 3348 volmgrx - ok
08:34:00.0307 3348 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
08:34:00.0341 3348 volsnap - ok
08:34:00.0433 3348 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
08:34:00.0437 3348 vsmraid - ok
08:34:00.0577 3348 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
08:34:00.0599 3348 WacomPen - ok
08:34:00.0879 3348 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:34:00.0902 3348 Wanarp - ok
08:34:00.0934 3348 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
08:34:00.0937 3348 Wanarpv6 - ok
08:34:01.0005 3348 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
08:34:01.0008 3348 wanatw - ok
08:34:01.0047 3348 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
08:34:01.0049 3348 Wd - ok
08:34:01.0330 3348 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
08:34:01.0381 3348 Wdf01000 - ok
08:34:01.0747 3348 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
08:34:01.0752 3348 WmiAcpi - ok
08:34:02.0193 3348 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
08:34:02.0216 3348 WpdUsb - ok
08:34:02.0307 3348 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
08:34:02.0310 3348 ws2ifsl - ok
08:34:02.0372 3348 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:34:02.0375 3348 WUDFRd - ok
08:34:02.0482 3348 MBR (0x1B8) (beedf9b7f43a72a91456f7131afc11b2) \Device\Harddisk0\DR0
08:34:04.0562 3348 \Device\Harddisk0\DR0 - ok
08:34:04.0582 3348 Boot (0x1200) (1dc5cd82d71b9036943e9c2935a3ba19) \Device\Harddisk0\DR0\Partition0
08:34:04.0585 3348 \Device\Harddisk0\DR0\Partition0 - ok
08:34:04.0586 3348 ============================================================
08:34:04.0586 3348 Scan finished
08:34:04.0586 3348 ============================================================
08:34:04.0605 3508 Detected object count: 2
08:34:04.0605 3508 Actual detected object count: 2
08:34:17.0705 3508 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\afd.sys) error 1813
08:34:33.0500 3508 Backup copy not found, trying to cure infected file..
08:34:33.0521 3508 Cure success, using it..
08:34:33.0616 3508 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
08:34:41.0517 3508 C:\Windows\System32\c_13516.nls - will be deleted on reboot
08:34:41.0789 3508 C:\Windows\System32\c_13516.nl_ - will be deleted on reboot
08:35:05.0777 3508 AFD ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
08:35:05.0870 3508 HKLM\SYSTEM\ControlSet001\services\df76cffe - will be deleted on reboot
08:35:05.0895 3508 HKLM\SYSTEM\ControlSet003\services\df76cffe - will be deleted on reboot
08:35:05.0957 3508 C:\Windows\4275009247:545861633.exe - will be deleted on reboot
08:35:05.0957 3508 df76cffe ( Rootkit.Win32.PMax.gen ) - User select action: Delete
08:35:41.0058 1808 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 13 November 2011 - 08:53 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 08:56 PM

Is it okay to run combofix in safe mode without internet connection? Is it normal to have no internet connection in safe mode?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 13 November 2011 - 09:02 PM

If you selected just safe mode then you will not have internet

you can try to use safe mode with networking and that will give you internet access


you can run combofix in safe mode and you don't need internet for it to run



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 10:30 PM

I have been running Combofix for about 1hour(since 10.30am +8GMT) but now its still running. Should I continue?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:29 AM

Posted 13 November 2011 - 10:33 PM

as long as it is running yes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 TheSpade

TheSpade
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:11:29 PM

Posted 13 November 2011 - 11:11 PM

BSoD came out while Combofix was running. What do I do now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users