Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Security 2012 virus infection help


  • Please log in to reply
24 replies to this topic

#1 jeffw11

jeffw11

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 03 December 2011 - 07:49 AM

A friend of mine from across the country called last evening about a computer problem. She keeps getting Vista Security 2012 popups to the point where her computer is unusable. This virus is showing up in both regular mode and safe mode. It is not allowing System Restore to work. If you can work around the popups, it will not allow internet browsing as it states that the site you are trying to go to is unsafe. Also, for some unknown reason, her anti-virus program has disappeared.

I had her run malwarebytes and she was able to run it but the program was not able to update first. It seems like this virus is blocking any attempt to go anywhere on the internet for help. It won't even let her go to www.bleepingcomputer.com.

Is there something I can do either on the phone or remotely with her computer to try and get her up running again?

Thanks for any help,
Jeff

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 03 December 2011 - 05:04 PM

See here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 15 December 2011 - 07:34 PM

Ok, got her up and running again. She is visiting for a few days next week so I will have access to her computer. Are there any recommendations that I should do to make sure we have the virus out of her computer for sure and any extra clean up things to do so that when she leaves, she has a clean computer?

Thanks for the help.
Jeff

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 15 December 2011 - 07:49 PM

When she gets to your place post back and we'll run some more scans.

I can give you a list right now.

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 December 2011 - 07:48 PM

ok, here we go. this is the results after running antimalwarebytes:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8406

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/20/2011 6:44:40 PM
mbam-log-2011-12-20 (18-44-40).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 342683
Time elapsed: 1 hour(s), 22 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Dorothy\AppData\Local\Temp\15A7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Dorothy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13\42c00f8d-14bcaf71 (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dorothy\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13\7a017d0d-6af841e7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Dorothy\AppData\Roaming\904E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.



I will continue with the other items and report back.

#6 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 December 2011 - 08:02 PM

Security Check Log file:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
AVG 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````




On to the next.

#7 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 20 December 2011 - 08:07 PM

Mini Toolbox Log File:

MiniToolBox by Farbar
Ran by Dorothy (administrator) on 20-12-2011 at 19:03:59
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dorothy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : roc.mn.charter.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : roc.mn.charter.com
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-23-4D-19-9A-13
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25a2:5c5b:6f:ce2c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.135(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, December 20, 2011 6:53:01 PM
Lease Expires . . . . . . . . . . : Wednesday, December 21, 2011 6:53:00 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 201335629
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-85-21-D6-00-21-70-C2-D8-BC
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.fl.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-21-70-C2-D8-BC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7FE70221-992E-4025-9DD0-6E5EA4434BC5}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.hsd1.fl.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Pinging google.com [74.125.224.209] with 32 bytes of data:

Reply from 74.125.224.209: bytes=32 time=79ms TTL=48

Reply from 74.125.224.209: bytes=32 time=83ms TTL=48



Ping statistics for 74.125.224.209:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 79ms, Maximum = 83ms, Average = 81ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=58ms TTL=49

Reply from 209.191.122.70: bytes=32 time=56ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 58ms, Average = 57ms



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
12 ...00 23 4d 19 9a 13 ...... Dell Wireless 1395 WLAN Mini-Card
11 ...00 21 70 c2 d8 bc ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{7FE70221-992E-4025-9DD0-6E5EA4434BC5}
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.hsd1.fl.comcast.net.
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.135 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.135 281
192.168.1.135 255.255.255.255 On-link 192.168.1.135 281
192.168.1.255 255.255.255.255 On-link 192.168.1.135 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.135 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.135 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::25a2:5c5b:6f:ce2c/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/20/2011 07:05:33 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xfe4, application start time 0xnslookup.exe0.

Error: (12/20/2011 07:05:23 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x175c, application start time 0xnslookup.exe0.

Error: (12/20/2011 07:05:11 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x12bc, application start time 0xnslookup.exe0.

Error: (12/20/2011 06:54:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2011 05:35:11 PM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x35684cb0,
process id 0xa18, application start time 0xping.exe0.

Error: (12/20/2011 05:31:20 PM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module Flash10b.ocx, version 10.0.22.87, time stamp 0x4987a6c3, exception code 0xc0000005, fault offset 0x000cc904,
process id 0x5d4, application start time 0xping.exe0.

Error: (12/20/2011 05:15:32 PM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x35680040,
process id 0x878, application start time 0xping.exe0.

Error: (12/20/2011 04:49:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2011 11:58:32 AM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x356820e0,
process id 0x238, application start time 0xping.exe0.

Error: (12/20/2011 11:02:58 AM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967, exception code 0xe06d7363, fault offset 0x0003fc56,
process id 0x1790, application start time 0xping.exe0.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/20/2011 07:05:33 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7dfe401ccbf7ca2471a3d

Error: (12/20/2011 07:05:23 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d175c01ccbf7c9c55cd1d

Error: (12/20/2011 07:05:11 PM) (Source: Application Error)(User: )
Description: nslookup.exe6.0.6002.1800549e01d63ntdll.dll6.0.6002.183274cb73436c000013800009f7d12bc01ccbf7c7071fded

Error: (12/20/2011 06:54:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2011 05:35:11 PM) (Source: Application Error)(User: )
Description: ping.exe6.0.6001.1800047919130unknown0.0.0.000000000c000000535684cb0a1801ccbf6fa7b9c140

Error: (12/20/2011 05:31:20 PM) (Source: Application Error)(User: )
Description: ping.exe6.0.6001.1800047919130Flash10b.ocx10.0.22.874987a6c3c0000005000cc9045d401ccbf6d861ac4f0

Error: (12/20/2011 05:15:32 PM) (Source: Application Error)(User: )
Description: ping.exe6.0.6001.1800047919130unknown0.0.0.000000000c00000053568004087801ccbf6c2de63130

Error: (12/20/2011 04:49:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/20/2011 11:58:32 AM) (Source: Application Error)(User: )
Description: ping.exe6.0.6001.1800047919130unknown0.0.0.000000000c0000005356820e023801ccbf3ffb6db596

Error: (12/20/2011 11:02:58 AM) (Source: Application Error)(User: )
Description: ping.exe6.0.6001.1800047919130kernel32.dll6.0.6002.184494da47967e06d73630003fc56179001ccbf384f448b66


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.5)
4500_Help (Version: 1.00.0000)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.5.0.7220)
Adobe Download Manager (Version: 1.6.2.48)
Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Media Player (Version: 1.6)
Adobe Reader 9.4.4 (Version: 9.4.4)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support (Version: 1.5.2)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.1.116)
AVG 2011 (Version: 10.0.1415)
AVG 2011 (Version: 10.0.2108)
Bonjour (Version: 2.0.5.0)
BPD_HPSU (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 100.0.170.000)
Business Tools Launcher (Version: 1.00.0000)
CCleaner (Version: 3.11)
CCScore (Version: 7.00.0000.0001)
Cisco EAP-FAST Module (Version: 2.1.3)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Coupon Printer for Windows (Version: 5.0.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.2.09085)
Dell Touchpad (Version: 7.1.102.7)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card Utility (Version: 4.170.77.13)
Destination Component (Version: 100.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
DocMgr (Version: 100.0.201.000)
DocProc (Version: 10.0.0.0)
EDocs
ESSBrwr (Version: 7.00.0000.0003)
ESSCDBK (Version: 7.00.0000.0002)
ESScore (Version: 7.00.0000.0008)
ESSgui (Version: 7.00.0000.0002)
ESSini (Version: 7.00.0000.0003)
ESSPCD (Version: 7.00.0000.0002)
ESSPDock (Version: 6.03.0001.0004)
ESSSONIC (Version: 6.4.0000.0001)
ESSTOOLS (Version: 5.00.0000.0004)
essvatgt (Version: 7.00.0000.0002)
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
fflink (Version: 6.02.1001.0001)
GB Manager (Version: 1.20.0000)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
GPBaseService (Version: 100.0.187.000)
Guffins
HP Document Manager 1.0 (Version: 1.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Officejet J4500 Series (Version: 1.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 100.0.170.000)
IncrediMail (Version: 6.2.2.4734)
IncrediMail 2.0 (Version: 6.2.2.4734)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.3.1.55)
J4500 (Version: 50.0.165.000)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 3 (Version: 1.6.0.30)
Java™ 6 Update 5 (Version: 1.6.0.50)
kgcbaby (Version: 5.03.0000.0002)
kgcbase (Version: 5.03.0000.0004)
kgchday (Version: 5.03.0000.0002)
kgchlwn (Version: 5.03.0000.0002)
kgcinvt (Version: 5.03.0000.0003)
kgckids (Version: 6.03.0001.0001)
kgcmove (Version: 6.03.0001.0001)
kgcvday (Version: 5.03.0000.0002)
Kodak EasyShare software
Laptop Integrated Webcam Driver (1.01.01.0529)
Linksys Updater (Version: 1.1.8015.381)
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
MasterCook 5: Cooking Light
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.0 (Version: 8.01.249.0)
Microsoft IntelliType Pro 8.0 (Version: 8.01.249.0)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Word 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Web Publishing Wizard 1.52
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 8.0.1 (x86 en-US) (Version: 8.0.1)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
netbrdg (Version: 7.00.0000.0003)
Norton PC Checkup (Version: 2.0.11.20)
OfotoXMI (Version: 7.00.0000.0002)
Personal Entertainment Launcher (Version: 1.00.0000)
PhotoMail Maker (Version: 6.0.0.1007)
Play Pickle
PrintMaster
Product Support Launcher (Version: 1.00.0000)
ProductContext (Version: 50.0.165.000)
PSSWCORE (Version: 2.02.0000)
QuickSet (Version: 8.2.20)
QuickTime (Version: 7.69.80.9)
Realtek High Definition Audio Driver
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Scan (Version: 10.1.0.0)
SFR (Version: 7.00.0000.0004)
SHASTA (Version: 6.04.0000.0001)
Shockwave
skin0001 (Version: 7.00.0000.0002)
SKINXSDK (Version: 7.00.0000.0001)
Skype web features (Version: 1.0.3971)
Skype™ 4.2 (Version: 4.2.169)
Smart Defrag 2 (Version: 2.2)
SolutionCenter (Version: 100.0.175.000)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
staticcr (Version: 7.00.0000.0002)
Status (Version: 110.0.180.000)
Synaptics Pointing Device Driver (Version: 12.2.11.0)
The Weather Channel Desktop 6
TomTom HOME 2.7.3.1894 (Version: 2.7.3.1894)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toolbox (Version: 100.0.170.000)
tooltips (Version: 7.00.0000.0002)
TrayApp (Version: 110.0.180.000)
VideoToolkit01 (Version: 100.0.128.000)
VPRINTOL (Version: 7.00.0000.0001)
WebEx
WebReg (Version: 100.0.170.000)
WIRELESS (Version: 7.00.0000.0002)
Wizard101 (Version: 1.0.0)
WONswap

**** End of log ****

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 20 December 2011 - 09:20 PM

GMER log is missing.

When done...
There is "hosts" file missing.

Open Notepad.
Paste the following text into it:

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#  	102.54.94.97 	rhino.acme.com      	# source server
#   	38.25.63.10 	x.acme.com          	# x client host

127.0.0.1   	localhost
::1         	localhost

Go File>Save As and...

1. Name the file hosts. (no extension; make sure there is just a "dot" at the end <--- VERY IMPORTANT!)
2. Make sure, "Save as type:" is set to "All Files (*.*)
3. File is saved to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder

Posted Image

===============================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    C:\WINDOWS\SYSTEM32\DRIVERS\ETC
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2011 - 12:24 AM

gmer keeps shutting down with a windows error or it gives me the blue screen of death. I've tried in safe mode and regular mode but the same results.

I will do what you suggested in your last post tomorrow and sleep is needed. thank you.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 21 December 2011 - 12:26 AM

Instead of GMER....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2011 - 07:18 PM

aswMBR log file:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 17:58:49
-----------------------------
17:58:49.815 OS Version: Windows 6.0.6002 Service Pack 2
17:58:49.815 Number of processors: 2 586 0xF0D
17:58:49.815 ComputerName: DOROTHY-PC UserName: Dorothy
17:58:50.548 Initialize success
17:58:56.523 AVAST engine defs: 11122101
17:59:04.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:59:04.542 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
17:59:04.573 Disk 0 MBR read successfully
17:59:04.573 Disk 0 MBR scan
17:59:04.573 Disk 0 Windows VISTA default MBR code
17:59:04.573 Disk 0 scanning sectors +312579760
17:59:04.666 Disk 0 scanning C:\Windows\system32\drivers
17:59:09.690 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
17:59:17.505 Service scanning
17:59:20.220 Modules scanning
17:59:22.856 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
17:59:23.808 Disk 0 trace - called modules:
17:59:23.839 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87774f10]<<
17:59:23.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863655b0]
17:59:23.854 3 CLASSPNP.SYS[8a9ac8b3] -> nt!IofCallDriver -> [0x876a63d0]
17:59:23.854 \Driver\00000949[0x876a5310] -> IRP_MJ_CREATE -> 0x87774f10
17:59:25.430 AVAST engine scan C:\Windows
17:59:28.285 AVAST engine scan C:\Windows\system32
18:01:25.378 AVAST engine scan C:\Windows\system32\drivers
18:01:30.230 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
18:01:38.420 AVAST engine scan C:\Users\Dorothy
18:06:29.688 File: C:\Users\Dorothy\Downloads\Google Updater.exe **INFECTED** Win32:Malware-gen
18:07:47.095 AVAST engine scan C:\ProgramData
18:12:58.362 Scan finished successfully
18:13:24.398 Disk 0 MBR has been saved successfully to "C:\Users\Dorothy\Desktop\MBR.dat"
18:13:24.414 The log file has been saved successfully to "C:\Users\Dorothy\Desktop\aswMBR.txt"


Got this to work in safemode. Regular mode just gave me a blue screen of death and then rebooted the computer.

Should I go on and fix the hosts file or wait till you get back to me?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 21 December 2011 - 08:23 PM

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2011 - 09:30 PM

TDSSKILLER log:

20:22:06.0972 0344 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
20:22:07.0362 0344 ============================================================
20:22:07.0362 0344 Current date / time: 2011/12/21 20:22:07.0362
20:22:07.0362 0344 SystemInfo:
20:22:07.0362 0344
20:22:07.0362 0344 OS Version: 6.0.6002 ServicePack: 2.0
20:22:07.0362 0344 Product type: Workstation
20:22:07.0362 0344 ComputerName: DOROTHY-PC
20:22:07.0362 0344 UserName: Dorothy
20:22:07.0362 0344 Windows directory: C:\Windows
20:22:07.0362 0344 System windows directory: C:\Windows
20:22:07.0362 0344 Processor architecture: Intel x86
20:22:07.0362 0344 Number of processors: 2
20:22:07.0362 0344 Page size: 0x1000
20:22:07.0362 0344 Boot type: Normal boot
20:22:07.0362 0344 ============================================================
20:22:08.0095 0344 Initialize success
20:22:10.0684 4936 ============================================================
20:22:10.0684 4936 Scan started
20:22:10.0684 4936 Mode: Manual;
20:22:10.0684 4936 ============================================================
20:22:11.0168 4936 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:22:11.0168 4936 ACPI - ok
20:22:11.0386 4936 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:22:11.0480 4936 adp94xx - ok
20:22:11.0605 4936 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:22:11.0652 4936 adpahci - ok
20:22:11.0745 4936 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:22:11.0839 4936 adpu160m - ok
20:22:11.0948 4936 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:22:11.0995 4936 adpu320 - ok
20:22:12.0135 4936 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:22:12.0182 4936 AFD - ok
20:22:12.0307 4936 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:22:12.0307 4936 agp440 - ok
20:22:12.0354 4936 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:22:12.0369 4936 aic78xx - ok
20:22:12.0400 4936 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:22:12.0400 4936 aliide - ok
20:22:12.0416 4936 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:22:12.0432 4936 amdagp - ok
20:22:12.0432 4936 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:22:12.0447 4936 amdide - ok
20:22:12.0510 4936 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:22:12.0525 4936 AmdK7 - ok
20:22:12.0541 4936 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:22:12.0541 4936 AmdK8 - ok
20:22:12.0603 4936 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:22:12.0619 4936 ApfiltrService - ok
20:22:12.0666 4936 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:22:12.0681 4936 arc - ok
20:22:12.0744 4936 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:22:12.0744 4936 arcsas - ok
20:22:12.0775 4936 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:22:12.0790 4936 AsyncMac - ok
20:22:12.0822 4936 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:22:12.0822 4936 atapi - ok
20:22:12.0978 4936 AVGIDSDriver (1c8d965bbcaa9ee5defdb54743437086) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:22:12.0978 4936 AVGIDSDriver - ok
20:22:13.0040 4936 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:22:13.0040 4936 AVGIDSEH - ok
20:22:13.0071 4936 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:22:13.0071 4936 AVGIDSFilter - ok
20:22:13.0118 4936 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
20:22:13.0118 4936 AVGIDSShim - ok
20:22:13.0149 4936 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
20:22:13.0165 4936 Avgldx86 - ok
20:22:13.0180 4936 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
20:22:13.0180 4936 Avgmfx86 - ok
20:22:13.0243 4936 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
20:22:13.0243 4936 Avgrkx86 - ok
20:22:13.0290 4936 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
20:22:13.0290 4936 Avgtdix - ok
20:22:13.0352 4936 BCM42RLY (7bd70aeed0d975285a1b20bd012ebf4e) C:\Windows\system32\drivers\BCM42RLY.sys
20:22:13.0352 4936 BCM42RLY - ok
20:22:13.0414 4936 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:22:13.0461 4936 BCM43XX - ok
20:22:13.0555 4936 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:22:13.0570 4936 Beep - ok
20:22:13.0648 4936 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:22:13.0664 4936 blbdrive - ok
20:22:13.0726 4936 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:22:13.0742 4936 bowser - ok
20:22:13.0789 4936 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:22:13.0804 4936 BrFiltLo - ok
20:22:13.0836 4936 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:22:13.0851 4936 BrFiltUp - ok
20:22:13.0882 4936 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:22:13.0898 4936 Brserid - ok
20:22:13.0914 4936 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:22:13.0929 4936 BrSerWdm - ok
20:22:13.0945 4936 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:22:13.0960 4936 BrUsbMdm - ok
20:22:14.0007 4936 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:22:14.0007 4936 BrUsbSer - ok
20:22:14.0132 4936 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:22:14.0132 4936 BTHMODEM - ok
20:22:14.0210 4936 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:22:14.0226 4936 cdfs - ok
20:22:14.0350 4936 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:22:14.0366 4936 cdrom - ok
20:22:14.0413 4936 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:22:14.0428 4936 circlass - ok
20:22:14.0460 4936 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:22:14.0491 4936 CLFS - ok
20:22:14.0600 4936 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:22:14.0631 4936 CmBatt - ok
20:22:14.0678 4936 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:22:14.0694 4936 cmdide - ok
20:22:14.0725 4936 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:22:14.0725 4936 Compbatt - ok
20:22:14.0756 4936 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:22:14.0756 4936 crcdisk - ok
20:22:14.0787 4936 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:22:14.0803 4936 Crusoe - ok
20:22:15.0021 4936 dc3d (484ffbcec4091ff617494b6b0cb04eb3) C:\Windows\system32\DRIVERS\dc3d.sys
20:22:15.0037 4936 dc3d - ok
20:22:15.0162 4936 DfsC (5824c3b2d41f7d756c82112ca2a821b1) C:\Windows\system32\Drivers\dfsc.sys
20:22:15.0162 4936 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: 5824c3b2d41f7d756c82112ca2a821b1, Fake md5: edf7d5fac21b67b2e43722fb078a665a
20:22:15.0162 4936 DfsC ( Rootkit.Win32.ZAccess.k ) - infected
20:22:15.0162 4936 DfsC - detected Rootkit.Win32.ZAccess.k (0)
20:22:15.0302 4936 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:22:15.0302 4936 disk - ok
20:22:15.0411 4936 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:22:15.0458 4936 Dot4 - ok
20:22:15.0552 4936 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:22:15.0567 4936 Dot4Print - ok
20:22:15.0630 4936 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:22:15.0645 4936 dot4usb - ok
20:22:15.0723 4936 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:22:15.0739 4936 drmkaud - ok
20:22:15.0801 4936 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:22:15.0801 4936 DXGKrnl - ok
20:22:15.0910 4936 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:22:15.0926 4936 e1express - ok
20:22:15.0973 4936 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:22:15.0988 4936 E1G60 - ok
20:22:16.0082 4936 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:22:16.0082 4936 Ecache - ok
20:22:16.0176 4936 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:22:16.0207 4936 elxstor - ok
20:22:16.0238 4936 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:22:16.0254 4936 ErrDev - ok
20:22:16.0316 4936 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:22:16.0316 4936 exfat - ok
20:22:16.0378 4936 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:22:16.0394 4936 fastfat - ok
20:22:16.0441 4936 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:22:16.0441 4936 fdc - ok
20:22:16.0472 4936 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:22:16.0488 4936 FileInfo - ok
20:22:16.0503 4936 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:22:16.0519 4936 Filetrace - ok
20:22:16.0534 4936 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:16.0550 4936 flpydisk - ok
20:22:16.0597 4936 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:22:16.0597 4936 FltMgr - ok
20:22:16.0659 4936 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:22:16.0659 4936 Fs_Rec - ok
20:22:16.0690 4936 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:22:16.0690 4936 gagp30kx - ok
20:22:16.0722 4936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:22:16.0722 4936 GEARAspiWDM - ok
20:22:16.0846 4936 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:22:16.0862 4936 HDAudBus - ok
20:22:16.0940 4936 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:22:16.0956 4936 HidBth - ok
20:22:16.0987 4936 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:22:17.0002 4936 HidIr - ok
20:22:17.0034 4936 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:22:17.0049 4936 HidUsb - ok
20:22:17.0065 4936 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:22:17.0080 4936 HpCISSs - ok
20:22:17.0190 4936 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:22:17.0205 4936 HTTP - ok
20:22:17.0252 4936 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:22:17.0268 4936 i2omp - ok
20:22:17.0330 4936 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:22:17.0346 4936 i8042prt - ok
20:22:17.0408 4936 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
20:22:17.0408 4936 iaStor - ok
20:22:17.0439 4936 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:22:17.0486 4936 iaStorV - ok
20:22:17.0595 4936 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:22:17.0611 4936 igfx - ok
20:22:17.0658 4936 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:22:17.0673 4936 iirsp - ok
20:22:17.0767 4936 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
20:22:17.0923 4936 IntcAzAudAddService - ok
20:22:18.0016 4936 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
20:22:18.0016 4936 intelide - ok
20:22:18.0126 4936 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:22:18.0126 4936 intelppm - ok
20:22:18.0172 4936 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:18.0188 4936 IpFilterDriver - ok
20:22:18.0188 4936 IpInIp - ok
20:22:18.0219 4936 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:22:18.0235 4936 IPMIDRV - ok
20:22:18.0266 4936 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:22:18.0266 4936 IPNAT - ok
20:22:18.0297 4936 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:22:18.0313 4936 IRENUM - ok
20:22:18.0360 4936 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:22:18.0375 4936 isapnp - ok
20:22:18.0422 4936 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:22:18.0422 4936 iScsiPrt - ok
20:22:18.0438 4936 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:22:18.0453 4936 iteatapi - ok
20:22:18.0484 4936 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:22:18.0484 4936 iteraid - ok
20:22:18.0531 4936 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:22:18.0531 4936 kbdclass - ok
20:22:18.0578 4936 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:22:18.0594 4936 kbdhid - ok
20:22:18.0625 4936 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:22:18.0656 4936 KSecDD - ok
20:22:18.0750 4936 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:22:18.0750 4936 lltdio - ok
20:22:18.0781 4936 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:22:18.0796 4936 LSI_FC - ok
20:22:18.0828 4936 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:22:18.0843 4936 LSI_SAS - ok
20:22:18.0874 4936 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:22:18.0874 4936 LSI_SCSI - ok
20:22:18.0921 4936 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:22:18.0921 4936 luafv - ok
20:22:18.0921 4936 MBAMSwissArmy - ok
20:22:18.0999 4936 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:22:19.0015 4936 megasas - ok
20:22:19.0046 4936 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:22:19.0062 4936 MegaSR - ok
20:22:19.0124 4936 MfeAVFK (103ab7e8299f29c4734a5f2bb003b88a) C:\Windows\system32\drivers\MfeAVFK.sys
20:22:19.0140 4936 MfeAVFK - ok
20:22:19.0171 4936 MfeBOPK (cf04c52e571c69d17c971a712b3f4a13) C:\Windows\system32\drivers\MfeBOPK.sys
20:22:19.0171 4936 MfeBOPK - ok
20:22:19.0264 4936 mfehidk (c0d134b371df272bc7509c78b8209e0b) C:\Windows\system32\drivers\mfehidk.sys
20:22:19.0264 4936 mfehidk - ok
20:22:19.0296 4936 MfeRKDK (3eed155c99097b55dd6398e60db79f34) C:\Windows\system32\drivers\MfeRKDK.sys
20:22:19.0296 4936 MfeRKDK - ok
20:22:19.0358 4936 mfetdik (6a2b75f727b608e5df15eb1f3b959b95) C:\Windows\system32\drivers\mfetdik.sys
20:22:19.0358 4936 mfetdik - ok
20:22:19.0389 4936 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:22:19.0405 4936 Modem - ok
20:22:19.0420 4936 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:22:19.0420 4936 monitor - ok
20:22:19.0452 4936 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:22:19.0452 4936 mouclass - ok
20:22:19.0467 4936 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:22:19.0483 4936 mouhid - ok
20:22:19.0498 4936 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:22:19.0514 4936 MountMgr - ok
20:22:19.0545 4936 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:22:19.0561 4936 mpio - ok
20:22:19.0592 4936 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:22:19.0592 4936 mpsdrv - ok
20:22:19.0639 4936 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:22:19.0639 4936 Mraid35x - ok
20:22:19.0686 4936 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:22:19.0701 4936 MRxDAV - ok
20:22:19.0795 4936 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:22:19.0810 4936 mrxsmb - ok
20:22:19.0873 4936 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:22:19.0904 4936 mrxsmb10 - ok
20:22:19.0920 4936 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:22:19.0935 4936 mrxsmb20 - ok
20:22:19.0982 4936 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:22:19.0998 4936 msahci - ok
20:22:20.0044 4936 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:22:20.0060 4936 msdsm - ok
20:22:20.0076 4936 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:22:20.0091 4936 Msfs - ok
20:22:20.0122 4936 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:22:20.0138 4936 msisadrv - ok
20:22:20.0185 4936 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:22:20.0185 4936 MSKSSRV - ok
20:22:20.0216 4936 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:22:20.0216 4936 MSPCLOCK - ok
20:22:20.0232 4936 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:22:20.0247 4936 MSPQM - ok
20:22:20.0294 4936 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:22:20.0341 4936 MsRPC - ok
20:22:20.0388 4936 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:22:20.0388 4936 mssmbios - ok
20:22:20.0434 4936 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:22:20.0450 4936 MSTEE - ok
20:22:20.0466 4936 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:22:20.0481 4936 Mup - ok
20:22:20.0528 4936 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:22:20.0544 4936 NativeWifiP - ok
20:22:20.0590 4936 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:22:20.0590 4936 NDIS - ok
20:22:20.0622 4936 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:22:20.0637 4936 NdisTapi - ok
20:22:20.0653 4936 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:22:20.0668 4936 Ndisuio - ok
20:22:20.0715 4936 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:22:20.0731 4936 NdisWan - ok
20:22:20.0762 4936 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:22:20.0762 4936 NDProxy - ok
20:22:20.0824 4936 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:22:20.0840 4936 NetBIOS - ok
20:22:20.0887 4936 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:22:20.0902 4936 netbt - ok
20:22:20.0949 4936 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:22:20.0965 4936 nfrd960 - ok
20:22:20.0996 4936 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:22:21.0012 4936 Npfs - ok
20:22:21.0058 4936 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:22:21.0074 4936 nsiproxy - ok
20:22:21.0152 4936 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:22:21.0199 4936 Ntfs - ok
20:22:21.0246 4936 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:22:21.0261 4936 ntrigdigi - ok
20:22:21.0292 4936 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:22:21.0308 4936 Null - ok
20:22:21.0339 4936 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:22:21.0339 4936 nvraid - ok
20:22:21.0386 4936 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:22:21.0402 4936 nvstor - ok
20:22:21.0433 4936 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:22:21.0448 4936 nv_agp - ok
20:22:21.0448 4936 NwlnkFlt - ok
20:22:21.0464 4936 NwlnkFwd - ok
20:22:21.0495 4936 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
20:22:21.0511 4936 O2MDRDR - ok
20:22:21.0573 4936 O2SDRDR (97e494165ce16ea3762114ba64faf332) C:\Windows\system32\DRIVERS\o2sd.sys
20:22:21.0604 4936 O2SDRDR - ok
20:22:21.0667 4936 OEM13Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM13Vfx.sys
20:22:21.0682 4936 OEM13Vfx - ok
20:22:21.0698 4936 OEM13Vid (12539b57ed05de7552403a12b3e0161c) C:\Windows\system32\DRIVERS\OEM13Vid.sys
20:22:21.0729 4936 OEM13Vid - ok
20:22:21.0792 4936 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:22:21.0807 4936 ohci1394 - ok
20:22:21.0916 4936 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:22:21.0932 4936 Parport - ok
20:22:21.0963 4936 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:22:21.0963 4936 partmgr - ok
20:22:21.0994 4936 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:22:21.0994 4936 Parvdm - ok
20:22:22.0041 4936 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:22:22.0041 4936 pci - ok
20:22:22.0072 4936 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:22:22.0088 4936 pciide - ok
20:22:22.0119 4936 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:22:22.0135 4936 pcmcia - ok
20:22:22.0182 4936 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:22:22.0213 4936 PEAUTH - ok
20:22:22.0306 4936 Point32 (420336f91eb745811cf130c80ede0653) C:\Windows\system32\DRIVERS\point32.sys
20:22:22.0306 4936 Point32 - ok
20:22:22.0338 4936 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:22:22.0353 4936 PptpMiniport - ok
20:22:22.0369 4936 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:22:22.0384 4936 Processor - ok
20:22:22.0416 4936 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:22:22.0416 4936 PSched - ok
20:22:22.0447 4936 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:22:22.0447 4936 PxHelp20 - ok
20:22:22.0509 4936 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:22:22.0603 4936 ql2300 - ok
20:22:22.0634 4936 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:22:22.0650 4936 ql40xx - ok
20:22:22.0665 4936 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:22:22.0681 4936 QWAVEdrv - ok
20:22:22.0759 4936 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:22:22.0852 4936 R300 - ok
20:22:22.0868 4936 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:22:22.0868 4936 RasAcd - ok
20:22:22.0899 4936 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:22:22.0899 4936 Rasl2tp - ok
20:22:22.0930 4936 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:22:22.0946 4936 RasPppoe - ok
20:22:22.0993 4936 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:22:22.0993 4936 RasSstp - ok
20:22:23.0024 4936 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:22:23.0055 4936 rdbss - ok
20:22:23.0071 4936 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:22:23.0071 4936 RDPCDD - ok
20:22:23.0118 4936 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:22:23.0133 4936 rdpdr - ok
20:22:23.0133 4936 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:22:23.0149 4936 RDPENCDD - ok
20:22:23.0180 4936 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:22:23.0227 4936 RDPWD - ok
20:22:23.0274 4936 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:22:23.0274 4936 rspndr - ok
20:22:23.0336 4936 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:22:23.0352 4936 RTL8169 - ok
20:22:23.0414 4936 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:22:23.0430 4936 sbp2port - ok
20:22:23.0492 4936 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:22:23.0492 4936 secdrv - ok
20:22:23.0523 4936 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:22:23.0523 4936 Serenum - ok
20:22:23.0554 4936 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:22:23.0570 4936 Serial - ok
20:22:23.0617 4936 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:22:23.0617 4936 sermouse - ok
20:22:23.0664 4936 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:22:23.0664 4936 sffdisk - ok
20:22:23.0695 4936 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:22:23.0710 4936 sffp_mmc - ok
20:22:23.0726 4936 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:22:23.0726 4936 sffp_sd - ok
20:22:23.0757 4936 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:22:23.0757 4936 sfloppy - ok
20:22:23.0788 4936 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:22:23.0788 4936 sisagp - ok
20:22:23.0820 4936 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:22:23.0820 4936 SiSRaid2 - ok
20:22:23.0851 4936 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:22:23.0851 4936 SiSRaid4 - ok
20:22:23.0913 4936 slabbus (70d7480eba6e5d2a1687809324237d98) C:\Windows\system32\DRIVERS\slabbus.sys
20:22:23.0913 4936 slabbus - ok
20:22:23.0944 4936 slabser (044c01804923a37e771a2b9750406979) C:\Windows\system32\DRIVERS\slabser.sys
20:22:23.0960 4936 slabser - ok
20:22:24.0007 4936 SmartDefragDriver (46b40982af166bf89c3f51fb13e60d6d) C:\Windows\system32\Drivers\SmartDefragDriver.sys
20:22:24.0007 4936 SmartDefragDriver - ok
20:22:24.0038 4936 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:22:24.0054 4936 Smb - ok
20:22:24.0100 4936 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:22:24.0100 4936 spldr - ok
20:22:24.0163 4936 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:22:24.0210 4936 srv - ok
20:22:24.0241 4936 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:22:24.0256 4936 srv2 - ok
20:22:24.0288 4936 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:22:24.0303 4936 srvnet - ok
20:22:24.0334 4936 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:22:24.0334 4936 swenum - ok
20:22:24.0381 4936 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:22:24.0397 4936 Symc8xx - ok
20:22:24.0412 4936 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:22:24.0428 4936 Sym_hi - ok
20:22:24.0444 4936 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:22:24.0444 4936 Sym_u3 - ok
20:22:24.0490 4936 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
20:22:24.0506 4936 SynTP - ok
20:22:24.0568 4936 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:22:24.0568 4936 Tcpip - ok
20:22:24.0600 4936 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:22:24.0615 4936 Tcpip6 - ok
20:22:24.0662 4936 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:22:24.0678 4936 tcpipreg - ok
20:22:24.0724 4936 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:22:24.0724 4936 TDPIPE - ok
20:22:24.0756 4936 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:22:24.0756 4936 TDTCP - ok
20:22:24.0802 4936 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:22:24.0802 4936 tdx - ok
20:22:24.0849 4936 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:22:24.0849 4936 TermDD - ok
20:22:24.0912 4936 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:22:24.0927 4936 tssecsrv - ok
20:22:24.0974 4936 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:22:24.0974 4936 tunmp - ok
20:22:25.0005 4936 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:22:25.0021 4936 tunnel - ok
20:22:25.0083 4936 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:22:25.0083 4936 uagp35 - ok
20:22:25.0130 4936 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:22:25.0161 4936 udfs - ok
20:22:25.0208 4936 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:22:25.0208 4936 uliagpkx - ok
20:22:25.0239 4936 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:22:25.0270 4936 uliahci - ok
20:22:25.0302 4936 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:22:25.0317 4936 UlSata - ok
20:22:25.0333 4936 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:22:25.0348 4936 ulsata2 - ok
20:22:25.0380 4936 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:22:25.0380 4936 umbus - ok
20:22:25.0442 4936 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
20:22:25.0442 4936 USBAAPL - ok
20:22:25.0489 4936 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:25.0504 4936 usbccgp - ok
20:22:25.0520 4936 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:22:25.0536 4936 usbcir - ok
20:22:25.0567 4936 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:22:25.0582 4936 usbehci - ok
20:22:25.0629 4936 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:22:25.0645 4936 usbhub - ok
20:22:25.0660 4936 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:22:25.0660 4936 usbohci - ok
20:22:25.0707 4936 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:22:25.0707 4936 usbprint - ok
20:22:25.0754 4936 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:22:25.0770 4936 usbscan - ok
20:22:25.0785 4936 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:25.0801 4936 USBSTOR - ok
20:22:25.0848 4936 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:22:25.0863 4936 usbuhci - ok
20:22:25.0879 4936 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:25.0894 4936 vga - ok
20:22:25.0910 4936 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:22:25.0910 4936 VgaSave - ok
20:22:25.0941 4936 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:22:25.0941 4936 viaagp - ok
20:22:25.0957 4936 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:22:25.0972 4936 ViaC7 - ok
20:22:25.0988 4936 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:22:26.0004 4936 viaide - ok
20:22:26.0019 4936 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:22:26.0019 4936 volmgr - ok
20:22:26.0066 4936 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:22:26.0066 4936 volmgrx - ok
20:22:26.0113 4936 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:22:26.0113 4936 volsnap - ok
20:22:26.0144 4936 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:22:26.0160 4936 vsmraid - ok
20:22:26.0191 4936 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:22:26.0191 4936 WacomPen - ok
20:22:26.0206 4936 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:26.0222 4936 Wanarp - ok
20:22:26.0238 4936 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:26.0238 4936 Wanarpv6 - ok
20:22:26.0253 4936 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:22:26.0269 4936 Wd - ok
20:22:26.0316 4936 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:22:26.0331 4936 Wdf01000 - ok
20:22:26.0440 4936 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
20:22:26.0456 4936 WinUSB - ok
20:22:26.0472 4936 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:22:26.0472 4936 WmiAcpi - ok
20:22:26.0534 4936 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:22:26.0534 4936 WpdUsb - ok
20:22:26.0596 4936 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:26.0612 4936 ws2ifsl - ok
20:22:26.0674 4936 WudfPf (492e9b6232af783173c8f0f612982f3b) C:\Windows\system32\drivers\WudfPf.sys
20:22:26.0690 4936 WudfPf - ok
20:22:26.0721 4936 WUDFRd (fbcc03fe3d9d8976931426f7ae2baae6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:26.0737 4936 WUDFRd - ok
20:22:26.0784 4936 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:22:26.0815 4936 \Device\Harddisk0\DR0 - ok
20:22:26.0830 4936 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
20:22:26.0830 4936 \Device\Harddisk0\DR0\Partition0 - ok
20:22:26.0830 4936 Boot (0x1200) (f62351c4e763b676a049d0f55863eb9d) \Device\Harddisk0\DR0\Partition1
20:22:26.0830 4936 \Device\Harddisk0\DR0\Partition1 - ok
20:22:26.0830 4936 ============================================================
20:22:26.0830 4936 Scan finished
20:22:26.0830 4936 ============================================================
20:22:26.0846 5024 Detected object count: 1
20:22:26.0846 5024 Actual detected object count: 1
20:22:49.0232 5024 Backup copy not found, trying to cure infected file..
20:22:49.0263 5024 Cure success, using it..
20:22:49.0279 5024 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
20:22:52.0321 5024 DfsC ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
20:23:17.0686 4256 Deinitialize success





let me know what else to do. Thanks for the help.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:11 AM

Posted 21 December 2011 - 09:31 PM

Post new aswMBR log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 21 December 2011 - 11:48 PM

new log:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 17:58:49
-----------------------------
17:58:49.815 OS Version: Windows 6.0.6002 Service Pack 2
17:58:49.815 Number of processors: 2 586 0xF0D
17:58:49.815 ComputerName: DOROTHY-PC UserName: Dorothy
17:58:50.548 Initialize success
17:58:56.523 AVAST engine defs: 11122101
17:59:04.542 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:59:04.542 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
17:59:04.573 Disk 0 MBR read successfully
17:59:04.573 Disk 0 MBR scan
17:59:04.573 Disk 0 Windows VISTA default MBR code
17:59:04.573 Disk 0 scanning sectors +312579760
17:59:04.666 Disk 0 scanning C:\Windows\system32\drivers
17:59:09.690 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
17:59:17.505 Service scanning
17:59:20.220 Modules scanning
17:59:22.856 Module: C:\Windows\System32\Drivers\dfsc.sys **SUSPICIOUS**
17:59:23.808 Disk 0 trace - called modules:
17:59:23.839 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87774f10]<<
17:59:23.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863655b0]
17:59:23.854 3 CLASSPNP.SYS[8a9ac8b3] -> nt!IofCallDriver -> [0x876a63d0]
17:59:23.854 \Driver\00000949[0x876a5310] -> IRP_MJ_CREATE -> 0x87774f10
17:59:25.430 AVAST engine scan C:\Windows
17:59:28.285 AVAST engine scan C:\Windows\system32
18:01:25.378 AVAST engine scan C:\Windows\system32\drivers
18:01:30.230 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Aluroot [Rtk]
18:01:38.420 AVAST engine scan C:\Users\Dorothy
18:06:29.688 File: C:\Users\Dorothy\Downloads\Google Updater.exe **INFECTED** Win32:Malware-gen
18:07:47.095 AVAST engine scan C:\ProgramData
18:12:58.362 Scan finished successfully
18:13:24.398 Disk 0 MBR has been saved successfully to "C:\Users\Dorothy\Desktop\MBR.dat"
18:13:24.414 The log file has been saved successfully to "C:\Users\Dorothy\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-21 22:26:13
-----------------------------
22:26:13.818 OS Version: Windows 6.0.6002 Service Pack 2
22:26:13.818 Number of processors: 2 586 0xF0D
22:26:13.833 ComputerName: DOROTHY-PC UserName: Dorothy
22:26:15.331 Initialize success
22:26:21.150 AVAST engine defs: 11122101
22:26:30.385 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:26:30.400 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
22:26:30.416 Disk 0 MBR read successfully
22:26:30.416 Disk 0 MBR scan
22:26:30.432 Disk 0 Windows VISTA default MBR code
22:26:30.432 Disk 0 scanning sectors +312579760
22:26:30.525 Disk 0 scanning C:\Windows\system32\drivers
22:26:46.219 Service scanning
22:26:47.794 Modules scanning
22:26:59.401 Disk 0 trace - called modules:
22:26:59.448 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
22:26:59.448 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86465ac8]
22:26:59.448 3 CLASSPNP.SYS[8a9ab8b3] -> nt!IofCallDriver -> [0x859207f0]
22:26:59.962 5 acpi.sys[8068f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8592a030]
22:27:02.458 AVAST engine scan C:\Windows
22:27:08.636 AVAST engine scan C:\Windows\system32
22:31:21.964 AVAST engine scan C:\Windows\system32\drivers
22:31:43.336 AVAST engine scan C:\Users\Dorothy
22:38:20.419 File: C:\Users\Dorothy\Downloads\Google Updater.exe **INFECTED** Win32:Malware-gen
22:39:31.321 AVAST engine scan C:\ProgramData
22:44:19.016 Scan finished successfully
22:45:50.962 Disk 0 MBR has been saved successfully to "C:\Users\Dorothy\Desktop\MBR.dat"
22:45:50.994 The log file has been saved successfully to "C:\Users\Dorothy\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users