Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Agent_r.Aqn


  • This topic is locked This topic is locked
6 replies to this topic

#1 RedBeerdDread

RedBeerdDread

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 11 December 2011 - 08:23 PM

The CPU that the horse in question is in has two redirect viruses, as well, so I'm on another computer to post this.

Here's the info and the two attachments:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by VETERAN at 15:20:01 on 2011-12-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1980.1367 [GMT -6:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\VETERAN\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1081222
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {0f62ca82-6b5b-4303-bd3f-dacf475651f4} - c:\documents and settings\veteran\local settings\application data\Systemx86_x64.dll
BHO: AhIeBho Class: {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - c:\program files\zoomtext 9.1\ahoi\ah_ie_bho.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Policies Update] rundll32 "c:\documents and settings\veteran\local settings\application data\microsoft\microsoftupdate\Microsoftupdt32.dll",DllRegisterServer
uRun: [DisplayBackupUpdate] rundll32.exe "c:\documents and settings\all users\application data\DisplayBackupUpdate.dll",DllRegisterServer
uRun: [Microsoft® Windows Update] c:\documents and settings\veteran\m-1-52-5782-8752-5245\winsvc.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [VeGeMHdmoTmIHU.exe] c:\documents and settings\all users\application data\VeGeMHdmoTmIHU.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230561298484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230561540937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B8703E07-C165-43F2-B607-A0E5CD28B593} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\veteran\application data\mozilla\firefox\profiles\z8ida0g5.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-16 12552]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-12-22 24064]
R1 Ai2sXP;Ai2sXP;c:\windows\system32\drivers\Ai2sXP.sys [2009-1-9 7680]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 108552]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-16 297752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-2 94880]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2008-12-22 144480]
S3 AsfAlrt;AsfAlrt Service;c:\windows\system32\drivers\Asfalrt.sys [2007-4-19 42832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
.
=============== Created Last 30 ================
.
2011-12-11 20:17:50 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 15:20:26.17 ===============


Any and all help would be GREATLY appreciated.

Thank You

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:59 AM

Posted 12 December 2011 - 07:04 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 RedBeerdDread

RedBeerdDread
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 13 December 2011 - 12:11 PM

Thank You very much.

I'll get back to you as soon as I do this!

Peace.

RedBeerdDread

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:59 AM

Posted 16 December 2011 - 11:44 AM

Hi,

Do you still need help with your machine?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 RedBeerdDread

RedBeerdDread
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:59 AM

Posted 17 December 2011 - 08:30 PM

Yes, I do!

I was just able to able to run the TDSKiller and successfully got the log. Will be below.

However, I ran the ComboFix, but didn't get a scan report for it.

There is a possibility that the process was interrupted, because I stepped out for a smoke break and found my friend's child at the computer. Upon being asked, he told me that the scan had finished and that, "the computer restarted itself".

I have no way to verify this. I checked for "C:\ComboFix.txt ", but the C: drive did not have the .txt file. I even ran a system search for the .txt file, to no avail. What's next, kind person?


18:21:44.0015 3940 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:21:44.0031 3940 ============================================================
18:21:44.0031 3940 Current date / time: 2011/12/17 18:21:44.0031
18:21:44.0031 3940 SystemInfo:
18:21:44.0031 3940
18:21:44.0031 3940 OS Version: 5.1.2600 ServicePack: 3.0
18:21:44.0031 3940 Product type: Workstation
18:21:44.0031 3940 ComputerName: FDSQYK1
18:21:44.0031 3940 UserName: VETERAN
18:21:44.0031 3940 Windows directory: C:\WINDOWS
18:21:44.0031 3940 System windows directory: C:\WINDOWS
18:21:44.0031 3940 Processor architecture: Intel x86
18:21:44.0031 3940 Number of processors: 2
18:21:44.0031 3940 Page size: 0x1000
18:21:44.0031 3940 Boot type: Normal boot
18:21:44.0031 3940 ============================================================
18:21:45.0281 3940 Initialize success
18:21:47.0515 1680 ============================================================
18:21:47.0515 1680 Scan started
18:21:47.0515 1680 Mode: Manual;
18:21:47.0515 1680 ============================================================
18:21:48.0250 1680 Abiosdsk - ok
18:21:48.0296 1680 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:21:48.0312 1680 abp480n5 - ok
18:21:48.0343 1680 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:21:48.0343 1680 ACPI - ok
18:21:48.0359 1680 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:21:48.0359 1680 ACPIEC - ok
18:21:48.0421 1680 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
18:21:48.0421 1680 ADIHdAudAddService - ok
18:21:48.0468 1680 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:21:48.0484 1680 adpu160m - ok
18:21:48.0515 1680 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:21:48.0531 1680 aec - ok
18:21:48.0578 1680 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:21:48.0609 1680 AFD - ok
18:21:48.0625 1680 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:21:48.0640 1680 agp440 - ok
18:21:48.0640 1680 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:21:48.0656 1680 agpCPQ - ok
18:21:48.0656 1680 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:21:48.0671 1680 Aha154x - ok
18:21:48.0718 1680 Ai2sXP (f222916ad25256fe45cac21308e582e1) C:\WINDOWS\System32\drivers\Ai2sXP.sys
18:21:48.0734 1680 Ai2sXP - ok
18:21:48.0734 1680 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:21:48.0750 1680 aic78u2 - ok
18:21:48.0750 1680 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:21:48.0765 1680 aic78xx - ok
18:21:48.0812 1680 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:21:48.0812 1680 AliIde - ok
18:21:48.0828 1680 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:21:48.0843 1680 alim1541 - ok
18:21:48.0843 1680 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:21:48.0859 1680 amdagp - ok
18:21:48.0875 1680 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:21:48.0875 1680 amsint - ok
18:21:48.0906 1680 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:21:48.0921 1680 asc - ok
18:21:48.0921 1680 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:21:48.0937 1680 asc3350p - ok
18:21:48.0953 1680 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:21:48.0968 1680 asc3550 - ok
18:21:49.0000 1680 AsfAlrt (acee9813685f4a03ee5a160057dd61a8) C:\WINDOWS\system32\Drivers\AsfAlrt.sys
18:21:49.0015 1680 AsfAlrt - ok
18:21:49.0031 1680 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:21:49.0046 1680 AsyncMac - ok
18:21:49.0062 1680 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:21:49.0062 1680 atapi - ok
18:21:49.0078 1680 Atdisk - ok
18:21:49.0093 1680 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:21:49.0093 1680 Atmarpc - ok
18:21:49.0109 1680 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:21:49.0125 1680 audstub - ok
18:21:49.0171 1680 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
18:21:49.0218 1680 AvgLdx86 - ok
18:21:49.0218 1680 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:21:49.0234 1680 AvgMfx86 - ok
18:21:49.0265 1680 AvgRkx86 (94a16f829b1456237b7f929198ce2807) C:\WINDOWS\system32\Drivers\avgrkx86.sys
18:21:49.0281 1680 AvgRkx86 - ok
18:21:49.0312 1680 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
18:21:49.0328 1680 AvgTdiX - ok
18:21:49.0343 1680 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:21:49.0359 1680 Beep - ok
18:21:49.0390 1680 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:21:49.0406 1680 cbidf - ok
18:21:49.0421 1680 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:21:49.0421 1680 cbidf2k - ok
18:21:49.0421 1680 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:21:49.0437 1680 cd20xrnt - ok
18:21:49.0437 1680 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:21:49.0453 1680 Cdaudio - ok
18:21:49.0468 1680 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:21:49.0484 1680 Cdfs - ok
18:21:49.0500 1680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:21:49.0515 1680 Cdrom - ok
18:21:49.0531 1680 Changer - ok
18:21:49.0531 1680 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:21:49.0546 1680 CmdIde - ok
18:21:49.0562 1680 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:21:49.0578 1680 Cpqarray - ok
18:21:49.0593 1680 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:21:49.0609 1680 dac2w2k - ok
18:21:49.0625 1680 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:21:49.0625 1680 dac960nt - ok
18:21:49.0640 1680 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:21:49.0640 1680 Disk - ok
18:21:49.0671 1680 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
18:21:49.0687 1680 DLABMFSM - ok
18:21:49.0718 1680 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
18:21:49.0734 1680 DLABOIOM - ok
18:21:49.0765 1680 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
18:21:49.0781 1680 DLACDBHM - ok
18:21:49.0796 1680 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
18:21:49.0796 1680 DLADResM - ok
18:21:49.0812 1680 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
18:21:49.0828 1680 DLAIFS_M - ok
18:21:49.0843 1680 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
18:21:49.0859 1680 DLAOPIOM - ok
18:21:49.0859 1680 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
18:21:49.0875 1680 DLAPoolM - ok
18:21:49.0875 1680 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
18:21:49.0890 1680 DLARTL_M - ok
18:21:49.0921 1680 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
18:21:50.0000 1680 DLAUDFAM - ok
18:21:50.0031 1680 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
18:21:50.0093 1680 DLAUDF_M - ok
18:21:50.0140 1680 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:21:50.0187 1680 dmboot - ok
18:21:50.0203 1680 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:21:50.0218 1680 dmio - ok
18:21:50.0218 1680 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:21:50.0234 1680 dmload - ok
18:21:50.0265 1680 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:21:50.0265 1680 DMusic - ok
18:21:50.0312 1680 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:21:50.0328 1680 dpti2o - ok
18:21:50.0359 1680 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:21:50.0359 1680 drmkaud - ok
18:21:50.0375 1680 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
18:21:50.0390 1680 DRVMCDB - ok
18:21:50.0406 1680 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
18:21:50.0421 1680 DRVNDDM - ok
18:21:50.0437 1680 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
18:21:50.0437 1680 e1kexpress - ok
18:21:50.0453 1680 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:21:50.0468 1680 Fastfat - ok
18:21:50.0484 1680 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:21:50.0500 1680 Fdc - ok
18:21:50.0515 1680 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:21:50.0531 1680 Fips - ok
18:21:50.0546 1680 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:21:50.0546 1680 Flpydisk - ok
18:21:50.0578 1680 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:21:50.0609 1680 FltMgr - ok
18:21:50.0609 1680 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:21:50.0625 1680 Fs_Rec - ok
18:21:50.0656 1680 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:21:50.0671 1680 Ftdisk - ok
18:21:50.0687 1680 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:21:50.0703 1680 Gpc - ok
18:21:50.0734 1680 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:21:50.0750 1680 HDAudBus - ok
18:21:50.0781 1680 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
18:21:50.0796 1680 HECI - ok
18:21:50.0812 1680 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:21:50.0828 1680 hidusb - ok
18:21:50.0859 1680 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:21:50.0875 1680 hpn - ok
18:21:50.0890 1680 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
18:21:50.0921 1680 HSFHWBS2 - ok
18:21:50.0953 1680 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
18:21:51.0015 1680 HSF_DPV - ok
18:21:51.0062 1680 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:21:51.0062 1680 HTTP - ok
18:21:51.0093 1680 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:21:51.0109 1680 i2omgmt - ok
18:21:51.0125 1680 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:21:51.0140 1680 i2omp - ok
18:21:51.0265 1680 ialm (2da364ee62d4949620b6fae4ffea16a7) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:21:51.0437 1680 ialm - ok
18:21:51.0484 1680 iaStor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iaStor.sys
18:21:51.0515 1680 iaStor - ok
18:21:51.0546 1680 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:21:51.0562 1680 Imapi - ok
18:21:51.0609 1680 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:21:51.0625 1680 ini910u - ok
18:21:51.0640 1680 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:21:51.0656 1680 IntelIde - ok
18:21:51.0656 1680 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:21:51.0671 1680 intelppm - ok
18:21:51.0687 1680 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:21:51.0703 1680 Ip6Fw - ok
18:21:51.0703 1680 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:21:51.0718 1680 IpFilterDriver - ok
18:21:51.0734 1680 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:21:51.0750 1680 IpInIp - ok
18:21:51.0765 1680 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:21:51.0796 1680 IpNat - ok
18:21:51.0812 1680 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:21:51.0828 1680 IPSec - ok
18:21:51.0828 1680 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:21:51.0843 1680 IRENUM - ok
18:21:51.0875 1680 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:21:51.0890 1680 isapnp - ok
18:21:51.0906 1680 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:21:51.0921 1680 Kbdclass - ok
18:21:51.0937 1680 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:21:51.0953 1680 kbdhid - ok
18:21:52.0000 1680 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:21:52.0000 1680 kmixer - ok
18:21:52.0031 1680 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:21:52.0062 1680 KSecDD - ok
18:21:52.0078 1680 lbrtfdc - ok
18:21:52.0109 1680 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
18:21:52.0125 1680 mdmxsdk - ok
18:21:52.0125 1680 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:21:52.0140 1680 mnmdd - ok
18:21:52.0156 1680 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:21:52.0156 1680 Modem - ok
18:21:52.0156 1680 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:21:52.0171 1680 Mouclass - ok
18:21:52.0187 1680 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:21:52.0203 1680 mouhid - ok
18:21:52.0203 1680 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:21:52.0218 1680 MountMgr - ok
18:21:52.0250 1680 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:21:52.0265 1680 mraid35x - ok
18:21:52.0265 1680 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:21:52.0281 1680 MRxDAV - ok
18:21:52.0328 1680 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:21:52.0343 1680 MRxSmb - ok
18:21:52.0359 1680 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:21:52.0375 1680 Msfs - ok
18:21:52.0406 1680 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:21:52.0421 1680 MSKSSRV - ok
18:21:52.0453 1680 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:21:52.0468 1680 MSPCLOCK - ok
18:21:52.0484 1680 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:21:52.0484 1680 MSPQM - ok
18:21:52.0515 1680 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:21:52.0515 1680 mssmbios - ok
18:21:52.0546 1680 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:21:52.0562 1680 Mup - ok
18:21:52.0609 1680 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
18:21:52.0625 1680 NAL - ok
18:21:52.0640 1680 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:21:52.0671 1680 NDIS - ok
18:21:52.0718 1680 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:21:52.0734 1680 NdisTapi - ok
18:21:52.0765 1680 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:21:52.0765 1680 Ndisuio - ok
18:21:52.0765 1680 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:21:52.0781 1680 NdisWan - ok
18:21:52.0812 1680 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:21:52.0828 1680 NDProxy - ok
18:21:52.0843 1680 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:21:52.0859 1680 NetBIOS - ok
18:21:52.0890 1680 NetBT (53f9c9f51ab9b17953e063d9f5b3c0ad) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:21:53.0000 1680 NetBT ( Rootkit.Win32.ZAccess.j ) - infected
18:21:53.0000 1680 NetBT - detected Rootkit.Win32.ZAccess.j (0)
18:21:53.0187 1680 NetworkX (326ea4569cd8a57a5ad9ca5df3692287) C:\WINDOWS\system32\ckldrv.sys
18:21:53.0218 1680 NetworkX - ok
18:21:53.0609 1680 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:21:53.0656 1680 Npfs - ok
18:21:53.0843 1680 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:21:54.0187 1680 Ntfs - ok
18:21:54.0453 1680 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:21:54.0484 1680 Null - ok
18:21:54.0593 1680 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:21:54.0625 1680 NwlnkFlt - ok
18:21:54.0640 1680 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:21:54.0656 1680 NwlnkFwd - ok
18:21:54.0687 1680 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:21:54.0703 1680 Parport - ok
18:21:54.0734 1680 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:21:54.0734 1680 PartMgr - ok
18:21:54.0765 1680 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:21:54.0765 1680 ParVdm - ok
18:21:54.0781 1680 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:21:54.0796 1680 PCI - ok
18:21:54.0796 1680 PCIDump - ok
18:21:54.0812 1680 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:21:54.0828 1680 PCIIde - ok
18:21:54.0828 1680 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:21:54.0843 1680 Pcmcia - ok
18:21:54.0859 1680 PDCOMP - ok
18:21:54.0859 1680 PDFRAME - ok
18:21:54.0875 1680 PDRELI - ok
18:21:54.0875 1680 PDRFRAME - ok
18:21:54.0906 1680 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:21:54.0921 1680 perc2 - ok
18:21:54.0921 1680 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:21:54.0937 1680 perc2hib - ok
18:21:54.0968 1680 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:21:54.0968 1680 PptpMiniport - ok
18:21:54.0984 1680 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:21:55.0000 1680 PSched - ok
18:21:55.0015 1680 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:21:55.0031 1680 Ptilink - ok
18:21:55.0062 1680 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:21:55.0078 1680 PxHelp20 - ok
18:21:55.0078 1680 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:21:55.0093 1680 ql1080 - ok
18:21:55.0109 1680 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:21:55.0109 1680 Ql10wnt - ok
18:21:55.0125 1680 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:21:55.0140 1680 ql12160 - ok
18:21:55.0140 1680 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:21:55.0156 1680 ql1240 - ok
18:21:55.0171 1680 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:21:55.0171 1680 ql1280 - ok
18:21:55.0203 1680 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:21:55.0218 1680 RasAcd - ok
18:21:55.0218 1680 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:21:55.0234 1680 Rasl2tp - ok
18:21:55.0250 1680 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:21:55.0265 1680 RasPppoe - ok
18:21:55.0265 1680 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:21:55.0281 1680 Raspti - ok
18:21:55.0296 1680 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:21:55.0328 1680 Rdbss - ok
18:21:55.0328 1680 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:21:55.0343 1680 RDPCDD - ok
18:21:55.0359 1680 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:21:55.0375 1680 rdpdr - ok
18:21:55.0421 1680 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:21:55.0453 1680 RDPWD - ok
18:21:55.0453 1680 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:21:55.0468 1680 redbook - ok
18:21:55.0546 1680 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:21:55.0546 1680 Secdrv - ok
18:21:55.0578 1680 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:21:55.0593 1680 Serenum - ok
18:21:55.0593 1680 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:21:55.0625 1680 Serial - ok
18:21:55.0656 1680 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
18:21:55.0671 1680 SFAUDIO - ok
18:21:55.0703 1680 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:21:55.0718 1680 Sfloppy - ok
18:21:55.0796 1680 Simbad - ok
18:21:55.0828 1680 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:21:55.0843 1680 sisagp - ok
18:21:55.0906 1680 snapman (b6aa9bbff890ffea333ffe81d0b888ff) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:21:55.0921 1680 snapman - ok
18:21:55.0968 1680 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:21:55.0984 1680 Sparrow - ok
18:21:56.0062 1680 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:21:56.0062 1680 splitter - ok
18:21:56.0078 1680 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:21:56.0078 1680 sr - ok
18:21:56.0171 1680 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:21:56.0296 1680 Srv - ok
18:21:56.0359 1680 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:21:56.0390 1680 swenum - ok
18:21:56.0546 1680 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:21:56.0562 1680 swmidi - ok
18:21:56.0687 1680 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:21:56.0703 1680 symc810 - ok
18:21:56.0781 1680 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:21:56.0796 1680 symc8xx - ok
18:21:56.0828 1680 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:21:56.0843 1680 sym_hi - ok
18:21:56.0859 1680 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:21:56.0875 1680 sym_u3 - ok
18:21:56.0906 1680 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:21:56.0906 1680 sysaudio - ok
18:21:56.0937 1680 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:21:56.0968 1680 Tcpip - ok
18:21:56.0984 1680 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:21:57.0000 1680 TDPIPE - ok
18:21:57.0015 1680 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:21:57.0031 1680 TDTCP - ok
18:21:57.0062 1680 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:21:57.0078 1680 TermDD - ok
18:21:57.0140 1680 tifsfilter (b84b82c0cbeb1b0d7eb7a946bade5830) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
18:21:57.0156 1680 tifsfilter - ok
18:21:57.0171 1680 timounter (68b3daa08ea06737022832fccffb9b75) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:21:57.0187 1680 timounter - ok
18:21:57.0203 1680 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:21:57.0203 1680 TosIde - ok
18:21:57.0218 1680 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:21:57.0234 1680 Udfs - ok
18:21:57.0250 1680 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:21:57.0250 1680 ultra - ok
18:21:57.0265 1680 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:21:57.0281 1680 Update - ok
18:21:57.0296 1680 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:21:57.0312 1680 usbccgp - ok
18:21:57.0343 1680 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
18:21:57.0359 1680 USBCM - ok
18:21:57.0375 1680 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:21:57.0390 1680 usbehci - ok
18:21:57.0437 1680 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:21:57.0453 1680 usbhub - ok
18:21:57.0500 1680 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:21:57.0515 1680 usbprint - ok
18:21:57.0546 1680 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:21:57.0562 1680 usbscan - ok
18:21:57.0578 1680 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:21:57.0578 1680 USBSTOR - ok
18:21:57.0593 1680 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:21:57.0609 1680 usbuhci - ok
18:21:57.0656 1680 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:21:57.0656 1680 VgaSave - ok
18:21:57.0718 1680 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:21:57.0718 1680 viaagp - ok
18:21:57.0750 1680 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:21:57.0765 1680 ViaIde - ok
18:21:57.0796 1680 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:21:57.0812 1680 VolSnap - ok
18:21:57.0828 1680 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:21:57.0843 1680 Wanarp - ok
18:21:57.0875 1680 WDICA - ok
18:21:57.0890 1680 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:21:57.0906 1680 wdmaud - ok
18:21:57.0968 1680 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
18:21:58.0000 1680 winachsf - ok
18:21:58.0062 1680 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:21:58.0062 1680 WmiAcpi - ok
18:21:58.0109 1680 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:21:58.0125 1680 WudfPf - ok
18:21:58.0156 1680 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:21:58.0187 1680 WudfRd - ok
18:21:58.0203 1680 MBR (0x1B8) (71a32d731ee3fad0976687e7eeb228ab) \Device\Harddisk0\DR0
18:21:58.0578 1680 \Device\Harddisk0\DR0 - ok
18:21:58.0578 1680 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR8
18:21:58.0687 1680 \Device\Harddisk1\DR8 - ok
18:21:58.0703 1680 Boot (0x1200) (ad4b2921d820ec9aaf76fd5a06309e90) \Device\Harddisk0\DR0\Partition0
18:21:58.0703 1680 \Device\Harddisk0\DR0\Partition0 - ok
18:21:58.0718 1680 Boot (0x1200) (7124a10cf8abea68c57057c812b05366) \Device\Harddisk1\DR8\Partition0
18:21:58.0718 1680 \Device\Harddisk1\DR8\Partition0 - ok
18:21:58.0718 1680 ============================================================
18:21:58.0718 1680 Scan finished
18:21:58.0718 1680 ============================================================
18:21:58.0718 0228 Detected object count: 1
18:21:58.0718 0228 Actual detected object count: 1
18:22:39.0515 0228 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
18:22:41.0703 0228 Backup copy not found, trying to cure infected file..
18:22:41.0781 0228 Cure success, using it..
18:22:41.0781 0228 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
18:22:42.0796 0228 NetBT ( Rootkit.Win32.ZAccess.j ) - User select action: Cure
18:23:03.0296 0876 Deinitialize success


Thank you again, so much for your assistance!

Peace.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:59 AM

Posted 17 December 2011 - 08:33 PM

Hi,

Please re-run ComboFix and stay with it until a log is produced,

thanks

(or lock the door :))

make sure your security programs are disabled, and please be patient, it may appear to have stalled, but it will still be working, it takes longer than you think it should, especially to produce it's log)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:59 AM

Posted 26 December 2011 - 11:54 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users