Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit.Win32.ZAccess.e


  • This topic is locked This topic is locked
17 replies to this topic

#1 KawaiiTea

KawaiiTea

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 23 December 2011 - 08:01 PM

I was brought here from another topic. When I was asked to download some things, they would be open for a couples seconds and then be forced closed. Some of the items (malware byte and other anti viruses) would force close and when I tried to open them again, I go an error saying that I didn't have permission to open it. When I used TDSSkiller, it for some things and Rootkit.Win32.ZAccess.e was one of the things. Whenever I try to cure it, I reboot my computer and it's still there. I'm not sure if this is causing the problem with me not being able to download and open anti viruses. I'm not able to use gmer because it closes after about a minute.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Run by Second Guest at 19:48:10 on 2011-12-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.489 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\518753303:3899856097.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
.
============== Pseudo HJT Report ===============
.
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: brumamkcwgrm Object: {20f08d1d-10f1-4eeb-bf27-abc45e7e761d} - c:\windows\$xntuninstall643$\rhlqh.dll
BHO: {27DAE335-5892-4D9E-9210-9AE2717AFAAB} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: E-Zsoft VideoDownloaderToolBar: {4322a444-92f8-4c3e-bd4c-013ba51e2871} - c:\program files\versalsoft\internetdownload\VDTB.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [InternetDownload_upgrade] "c:\program files\versalsoft\internetdownload\InternetDownload.exe" /upgrade
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [eRecoveryService]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\philip~1.lnk - c:\program files\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: qword.com
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\second guest.emachine-98e05c\application data\mozilla\firefox\profiles\zpanlr9h.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2010-1-19 127016]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2010-1-19 1118248]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
S2 ETService;Empowering Technology Service;c:\program files\emachines\emachines recovery management\service\ETService.exe [2009-10-10 24576]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-26 136176]
S2 ioloFileInfoList;iolo FileInfoList Service;"c:\program files\iolo\common\lib\ioloservicemanager.exe" --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 ioloSystemService;iolo System Service;"c:\program files\iolo\common\lib\ioloservicemanager.exe" --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?]
S2 tmevtmgr;tmevtmgr;\??\c:\windows\system32\drivers\tmevtmgr.sys --> c:\windows\system32\drivers\tmevtmgr.sys [?]
S2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys --> c:\windows\system32\drivers\tmpreflt.sys [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 cpuz134;cpuz134;\??\c:\docume~1\second~1.ema\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\second~1.ema\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-13 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-26 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\2.0.181\mcchsvc.exe" --> c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [?]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\tm_cfw.sys --> c:\windows\system32\drivers\TM_CFW.sys [?]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
.
=============== Created Last 30 ================
.
2011-12-23 22:07:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-12-23 22:07:24 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2011-12-24 00:33:02 50112 --sha-w- c:\windows\system32\c_68825.nl_
2011-12-24 00:32:16 456576 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-11-24 15:09:01 44544 ----a-w- c:\windows\system32\drivers\fips.sys
2011-11-23 07:01:28 475736 ----a-w- c:\windows\system32\drivers\8802005drv.sys
2011-11-23 07:01:28 133208 ----a-w- c:\windows\system32\drivers\02011208.sys
2011-11-22 22:58:34 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-19 22:14:00 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2011-11-19 20:48:31 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-11-17 23:36:16 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 17:40:57 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-10-28 16:03:18 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-10-28 16:02:54 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-10-28 16:01:36 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2011-10-28 15:40:58 252840 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-10-25 18:38:20 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-10-25 18:38:18 2291664 ----a-w- c:\windows\PCTBDCore.dll
2011-10-25 18:38:18 1681360 ----a-w- c:\windows\PCTBDRes.dll
2011-10-25 18:38:08 767952 ----a-w- c:\windows\BDTSupport.dll
2011-10-22 20:11:14 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-10-22 20:11:08 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-10-07 23:48:02 492768 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-10-07 23:48:02 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-10-07 23:48:00 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-10-07 23:47:12 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-10-07 23:47:12 300200 ----a-w- c:\windows\system32\guard32.dll
2011-10-07 22:52:12 660992 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-10-07 22:52:06 341656 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-28 18:14:02 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
.
============= FINISH: 19:49:27.29 ===============

Attached Files


Edited by Noviciate, 24 December 2011 - 02:46 PM.
Added DDS log from attachment


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 24 December 2011 - 02:48 PM

Good evening. :)

Please download DummyCreator.zip by Farbar from here and save it to your Desktop - you will then need to unzip it.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the "Extraction Wizard" window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish.


  • Double click DummyCreator.exe to run the tool.
  • Copy and paste the following into the edit box:

    • C:\WINDOWS\518753303
  • Click the Create button.
  • Make sure you have a copy of Result.txt that should appear once the tool has completed.
  • Important: Restart the computer and then let me have a copy of Result.txt in your next reply.

So long, and thanks for all the fish.

 

 


#3 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 24 December 2011 - 06:23 PM

i couldn't attach the file so I'll paste what it said here.

DummyCreator by Farbar
Ran by Second Guest (administrator) on 24-12-2011 at 18:10:58
**************************************************************

C:\WINDOWS\518753303 [24-12-2011 18:10:59]

== End of log ==

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 25 December 2011 - 03:25 PM

Good evening. :)

Download Junction.zip by Mark Russinovich from here and save it to your Desktop - you'll need to unzip this one as well.

  • Copy and paste the file junction.exe into the Windows directory (C:\Windows).
  • Go to Start > Run..., copy the following into the textbox and click OK:

    • cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
  • A Command Window will open and the tool will start scanning.
  • When it's done, a text file called log.txt will appear - i'd like a copy of that in your next reply.

So long, and thanks for all the fish.

 

 


#5 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 25 December 2011 - 06:59 PM

Here are the results

Attached Files



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 26 December 2011 - 02:30 PM

Good evening. :)

What you have attached is a file called Result.txt which was created by DummyCreator, the contents of which you have already posted.
What I wanted was a file called log.txt which should have appeared if you followed the instructions in my previous post.

So long, and thanks for all the fish.

 

 


#7 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 26 December 2011 - 04:44 PM

Oops, sorry didn't notice


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


Failed to open \\?\c:\\System Volume Information: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0cb42702e248c448909e3bd3b9025335_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\11a198c67208c4834e9f422cfe64b3aa_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\14c01b1eef4914a0ef3e889eb4490e89_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\16cbee54a2ed125cdbbf0a5c37dce542_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f80c40c5a15b9fd745259d2c75442d1_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44eb847faa83fd06f178650680a60df1_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4802c8771816641e6d70e34fabe989ac_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fbdef0b391861b95d901770c64cca0d_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7e485f8af4cee66b9e773b81ddc968ea_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85f890a2ddf4af2231ac821e9b8a526e_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b701c4a90da49b5c228d26c77bacc3b7_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c56b0f1dc5dca32687d8fa7f8122305f_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da82709a2ba614736a8621176a66c3b8_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ffd4c2af0f55a2b41595fbd29b695f26_d874d043-09a1-47f6-ad88-d53396b3d507: Access is denied.


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Mese's\Desktop\hiii.com.exe: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Mese's\Desktop\moo.com.exe: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Mese's\Local Settings\Temp\{5FA84335-02E5-4DBC-8D02-EF8768727A6A}\en-us: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Mese's\Local Settings\Temp\{698D4E73-B7E1-4BE4-B4B4-CEC5F32D91F7}\en-us: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Mom\My Documents\Downloads\hijackthis.exe: Access is denied.


Failed to open \\?\c:\\Documents and Settings\Second Guest.EMACHINE-98E05C\Local Settings\Temp\7zSE5.tmp\Setup.exe: Access is denied.


Failed to open \\?\c:\\Nexon\Mabinogi\Mabinogi(1).exe: Access is denied.


Failed to open \\?\c:\\Program Files\AVG\AVG2012\avgscanx.exe: Access is denied.


Failed to open \\?\c:\\Program Files\AVG\AVG2012\avgui.exe: Access is denied.


Failed to open \\?\c:\\Program Files\COMODO\COMODO Internet Security\cfp.exe: Access is denied.


Failed to open \\?\c:\\Program Files\COMODO\COMODO Internet Security\cmdagent.exe: Access is denied.


Failed to open \\?\c:\\Program Files\InstallShield Installation Information\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}\setup.ilg: Access is denied.


Failed to open \\?\c:\\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe: Access is denied.


Failed to open \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe: Access is denied.


Failed to open \\?\c:\\Program Files\Windows Defender\MsMpEng.exe: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc705.lnk: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc706.url: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc707.url: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc708.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc709.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc710.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc711.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc712.png: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc713.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc714.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc715.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc716.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc717.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc718.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc719.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc720.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc721.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc722.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc723.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc724.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc725.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc726.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc727.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc728.jpeg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc729.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc730.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc731.png: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc732.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc733.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc734.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc735.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc736.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc737.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc738.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc739.mp3: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc740.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc741.JPG: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc742.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc743.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc744.png: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc745.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc746.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc747.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc748.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc749.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc750.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc751.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc752.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc753.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc754.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc755.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc756.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc757.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc758.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc759.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc760.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc761.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc762.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc763: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc764: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc765: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc766: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc767: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc768.wmv: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc769.lnk: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc770.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc771.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc772.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc773.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc774.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc775.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc776.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc777.jpg: Access is denied.


Failed to open \\?\c:\\RECYCLER\S-1-5-21-3289834387-869750193-1123432360-1007\Dc778: Access is denied.


Failed to open \\?\c:\\WINDOWS\$NtUninstallKB877$: Access is denied.


c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(2).ini: Access is denied.


Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini: Access is denied.


Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(4).ini: Access is denied.


Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop.ini: Access is denied.


c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.


============== EOF (v 1.0.1) ==============

Attached Files

  • Attached File  log.txt   15.53KB   2 downloads

Edited by Noviciate, 26 December 2011 - 05:01 PM.
added from attachment


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 27 December 2011 - 04:14 PM

Good evening. :)

Can you tell me what the following files are:

c:\\Documents and Settings\Mese's\Desktop\hiii.com.exe
c:\\Documents and Settings\Mese's\Desktop\moo.com.exe

So long, and thanks for all the fish.

 

 


#9 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 December 2011 - 04:52 PM

Oh lol those are just random files that I made

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 27 December 2011 - 05:38 PM

Please download GrantPerms.zip by Farbar from here and save it to your Desktop - you will then need to unzip it.

  • Run GrantPerms.exe and copy the following into the textbox:

    • \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
      \\?\c:\\Documents and Settings\Mese's\Desktop\hiii.com.exe
      \\?\c:\\Documents and Settings\Mese's\Desktop\moo.com.exe
      \\?\c:\\Documents and Settings\Mese's\Local Settings\Temp\{698D4E73-B7E1-4BE4-B4B4-CEC5F32D91F7}\en-us
      \\?\c:\\Documents and Settings\Mom\My Documents\Downloads\hijackthis.exe
      \\?\c:\\Documents and Settings\Second Guest.EMACHINE-98E05C\Local Settings\Temp\7zSE5.tmp\Setup.exe
      \\?\c:\\Nexon\Mabinogi\Mabinogi(1).exe
      \\?\c:\\Program Files\AVG\AVG2012\avgscanx.exe
      \\?\c:\\Program Files\AVG\AVG2012\avgui.exe
      \\?\c:\\Program Files\COMODO\COMODO Internet Security\cfp.exe
      \\?\c:\\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
      \\?\c:\\Program Files\InstallShield Installation Information\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}\setup.ilg
      \\?\c:\\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
      \\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      \\?\c:\\Program Files\Windows Defender\MsMpEng.exe
      \\?\c:\\WINDOWS\$NtUninstallKB877$
      \\?\c:\\WINDOWS\system32\MRT.exe
  • Click Unlock and when you are given the message "Unlock operation completed", click OK.
  • Click List Permissions to create a log of the actions - a copy will be saved as Perms.txt into the folder that GrantPerms.exe was run from.
  • I'd like you to copy and paste the contents of this textfile into your next reply.

So long, and thanks for all the fish.

 

 


#11 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 December 2011 - 05:58 PM

The permissions

GrantPerms by Farbar
Ran by Second Guest (administrator) at 2011-12-27 17:58:02

===============================================
\\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Mese's\Desktop\hiii.com.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Mese's\Desktop\moo.com.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Mese's\Local Settings\Temp\{698D4E73-B7E1-4BE4-B4B4-CEC5F32D91F7}\en-us

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\c:\\Documents and Settings\Mom\My Documents\Downloads\hijackthis.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Second Guest.EMACHINE-98E05C\Local Settings\Temp\7zSE5.tmp\Setup.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Nexon\Mabinogi\Mabinogi(1).exe

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)
BUILTIN\Users READ/EXECUTE ALLOW (I)


\\?\c:\\Program Files\AVG\AVG2012\avgscanx.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\AVG\AVG2012\avgui.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\COMODO\COMODO Internet Security\cfp.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\InstallShield Installation Information\{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}\setup.ilg

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Users READ/EXECUTE ALLOW (I)
BUILTIN\Administrators FULL ALLOW (I)
NT AUTHORITY\SYSTEM FULL ALLOW (I)


\\?\c:\\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\Windows Defender\MsMpEng.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINDOWS\$NtUninstallKB877$

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)


\\?\c:\\WINDOWS\system32\MRT.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)

Attached Files


Edited by Noviciate, 28 December 2011 - 03:35 PM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 28 December 2011 - 03:37 PM

Good evening. :)

Please copy and paste information if asked to do so rather than attach it as it makes it impossible to look at easily and I just have to edit the information into your post.

Download TDSSKiller.zip from Kaspersky from here and save it to your Desktop.

  • You will then need to extract the file(s) from the zipped folder.
  • To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
    In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
    In the final window, click on Finish

  • Please close all open programs as this may result in a reboot being necessary.
  • Double click TDSSKiller.exe to begin.
  • Click Change parameters and check the two boxes under Additional Options.
  • Click Start scan and allow the tool to do just that.
  • One the scan has completed, if the tool has identified anything allow it to carry out it's default action(s) - you'll need to click Continue where appropriate.
  • Finally, if it prompts you to reboot your machine, please click Reboot Now and ensure that your machine does so.
  • If the scan finds nothing, please click the Report button and let me have a copy of the text file that opens.
  • If you reboot your machine, the log, which i'd like to see, will be located at the root of you hard drive as C:\TDSSKiller.Version_Date_Time_log.txt.
    Please check that you get the one with the right date and time. :)

So long, and thanks for all the fish.

 

 


#13 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 28 December 2011 - 04:03 PM

16:01:09.0375 3500 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:01:09.0531 3500 ============================================================
16:01:09.0531 3500 Current date / time: 2011/12/28 16:01:09.0531
16:01:09.0531 3500 SystemInfo:
16:01:09.0531 3500
16:01:09.0531 3500 OS Version: 5.1.2600 ServicePack: 3.0
16:01:09.0531 3500 Product type: Workstation
16:01:09.0531 3500 ComputerName: EMACHINE-98E05C
16:01:09.0531 3500 UserName: Second Guest
16:01:09.0531 3500 Windows directory: C:\WINDOWS
16:01:09.0531 3500 System windows directory: C:\WINDOWS
16:01:09.0531 3500 Processor architecture: Intel x86
16:01:09.0531 3500 Number of processors: 1
16:01:09.0531 3500 Page size: 0x1000
16:01:09.0531 3500 Boot type: Normal boot
16:01:09.0531 3500 ============================================================
16:01:11.0703 3500 Initialize success

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:38 AM

Posted 28 December 2011 - 06:03 PM

It looks to me like you have chopped the end of the log off.

So long, and thanks for all the fish.

 

 


#15 KawaiiTea

KawaiiTea
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 28 December 2011 - 06:49 PM

I redid the scan and got the whole thing this time. Also, I noticed when I redid the scan, the zaccess was not there, which it would normally return each time I ran TDSSkiller.


18:44:22.0500 3440 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:44:22.0671 3440 ============================================================
18:44:22.0671 3440 Current date / time: 2011/12/28 18:44:22.0671
18:44:22.0671 3440 SystemInfo:
18:44:22.0671 3440
18:44:22.0671 3440 OS Version: 5.1.2600 ServicePack: 3.0
18:44:22.0671 3440 Product type: Workstation
18:44:22.0671 3440 ComputerName: EMACHINE-98E05C
18:44:22.0671 3440 UserName: Second Guest
18:44:22.0671 3440 Windows directory: C:\WINDOWS
18:44:22.0671 3440 System windows directory: C:\WINDOWS
18:44:22.0671 3440 Processor architecture: Intel x86
18:44:22.0671 3440 Number of processors: 1
18:44:22.0671 3440 Page size: 0x1000
18:44:22.0671 3440 Boot type: Normal boot
18:44:22.0671 3440 ============================================================
18:44:25.0250 3440 Initialize success
18:44:36.0812 3508 ============================================================
18:44:36.0812 3508 Scan started
18:44:36.0812 3508 Mode: Manual;
18:44:36.0812 3508 ============================================================
18:44:37.0171 3508 .avgtdix - ok
18:44:37.0406 3508 Abiosdsk - ok
18:44:37.0593 3508 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:44:37.0625 3508 abp480n5 - ok
18:44:37.0828 3508 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:37.0890 3508 ACPI - ok
18:44:37.0906 3508 Scan interrupted by user!
18:44:37.0906 3508 Scan interrupted by user!
18:44:37.0906 3508 Scan interrupted by user!
18:44:37.0906 3508 ============================================================
18:44:37.0906 3508 Scan finished
18:44:37.0906 3508 ============================================================
18:44:37.0921 3500 Detected object count: 0
18:44:37.0921 3500 Actual detected object count: 0
18:44:41.0078 3520 ============================================================
18:44:41.0078 3520 Scan started
18:44:41.0078 3520 Mode: Manual; SigCheck; TDLFS;
18:44:41.0078 3520 ============================================================
18:44:41.0187 3520 .avgtdix - ok
18:44:41.0406 3520 Abiosdsk - ok
18:44:41.0593 3520 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
18:44:48.0015 3520 abp480n5 - ok
18:44:48.0265 3520 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:48.0437 3520 ACPI - ok
18:44:48.0687 3520 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:44:48.0890 3520 ACPIEC - ok
18:44:49.0156 3520 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
18:44:49.0406 3520 adpu160m - ok
18:44:49.0687 3520 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:44:49.0859 3520 aec - ok
18:44:50.0093 3520 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
18:44:50.0312 3520 AFD - ok
18:44:50.0718 3520 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:44:51.0171 3520 AgereSoftModem - ok
18:44:51.0390 3520 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
18:44:51.0593 3520 agp440 - ok
18:44:51.0828 3520 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
18:44:52.0031 3520 agpCPQ - ok
18:44:52.0265 3520 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
18:44:52.0390 3520 Aha154x - ok
18:44:52.0640 3520 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
18:44:52.0875 3520 aic78u2 - ok
18:44:53.0125 3520 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
18:44:53.0375 3520 aic78xx - ok
18:44:53.0593 3520 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
18:44:53.0828 3520 AliIde - ok
18:44:54.0046 3520 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
18:44:54.0265 3520 alim1541 - ok
18:44:54.0515 3520 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
18:44:54.0734 3520 amdagp - ok
18:44:54.0968 3520 AMP (182806937f4af5cc0f3c65b4d68b051e) C:\WINDOWS\system32\DRIVERS\amp.sys
18:44:55.0109 3520 AMP - ok
18:44:55.0500 3520 AMPSE (b95101fbceb2ae4873e3bc38460f5568) C:\WINDOWS\system32\DRIVERS\ampse.sys
18:44:55.0750 3520 AMPSE - ok
18:44:55.0937 3520 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
18:44:56.0062 3520 amsint - ok
18:44:56.0328 3520 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
18:44:56.0531 3520 asc - ok
18:44:56.0750 3520 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
18:44:56.0859 3520 asc3350p - ok
18:44:57.0093 3520 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
18:44:57.0312 3520 asc3550 - ok
18:44:57.0562 3520 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:44:57.0750 3520 AsyncMac - ok
18:44:57.0937 3520 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:44:58.0109 3520 atapi - ok
18:44:58.0328 3520 Atdisk - ok
18:44:58.0531 3520 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:44:58.0718 3520 Atmarpc - ok
18:44:58.0953 3520 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:44:59.0187 3520 audstub - ok
18:44:59.0437 3520 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:44:59.0640 3520 Beep - ok
18:44:59.0890 3520 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
18:45:00.0125 3520 cbidf - ok
18:45:00.0343 3520 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:45:00.0531 3520 cbidf2k - ok
18:45:00.0718 3520 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
18:45:00.0828 3520 cd20xrnt - ok
18:45:01.0062 3520 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:45:01.0296 3520 Cdaudio - ok
18:45:01.0531 3520 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:45:01.0734 3520 Cdfs - ok
18:45:01.0984 3520 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:45:02.0187 3520 Cdrom - ok
18:45:02.0390 3520 Changer - ok
18:45:02.0578 3520 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
18:45:02.0812 3520 CmdIde - ok
18:45:03.0062 3520 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
18:45:03.0296 3520 Cpqarray - ok
18:45:03.0421 3520 cpuz134 - ok
18:45:03.0671 3520 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
18:45:03.0921 3520 dac2w2k - ok
18:45:04.0171 3520 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
18:45:04.0406 3520 dac960nt - ok
18:45:04.0656 3520 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:45:04.0859 3520 Disk - ok
18:45:05.0218 3520 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:45:05.0640 3520 dmboot - ok
18:45:05.0890 3520 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:45:06.0125 3520 dmio - ok
18:45:06.0359 3520 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:45:06.0593 3520 dmload - ok
18:45:06.0843 3520 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:45:07.0000 3520 DMusic - ok
18:45:07.0250 3520 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
18:45:07.0468 3520 dpti2o - ok
18:45:07.0703 3520 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:45:07.0859 3520 drmkaud - ok
18:45:08.0109 3520 EagleNT - ok
18:45:08.0375 3520 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\WINDOWS\system32\DRIVERS\elagopro.sys
18:45:08.0500 3520 elagopro - ok
18:45:08.0703 3520 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\elaunidr.sys
18:45:08.0781 3520 elaunidr - ok
18:45:09.0046 3520 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:45:09.0218 3520 Fastfat - ok
18:45:09.0468 3520 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:45:09.0656 3520 Fdc - ok
18:45:09.0906 3520 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:45:10.0125 3520 Fips - ok
18:45:10.0343 3520 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:45:10.0531 3520 Flpydisk - ok
18:45:10.0796 3520 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:45:11.0015 3520 FltMgr - ok
18:45:11.0265 3520 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:45:11.0484 3520 Fs_Rec - ok
18:45:11.0765 3520 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:45:11.0984 3520 Ftdisk - ok
18:45:12.0234 3520 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:45:12.0421 3520 Gpc - ok
18:45:12.0687 3520 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:45:12.0859 3520 HDAudBus - ok
18:45:13.0109 3520 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:45:13.0281 3520 hidusb - ok
18:45:13.0531 3520 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
18:45:13.0750 3520 hpn - ok
18:45:14.0015 3520 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:45:14.0046 3520 HTTP ( UnsignedFile.Multi.Generic ) - warning
18:45:14.0046 3520 HTTP - detected UnsignedFile.Multi.Generic (1)
18:45:14.0312 3520 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
18:45:14.0500 3520 i2omgmt - ok
18:45:14.0734 3520 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
18:45:14.0921 3520 i2omp - ok
18:45:15.0156 3520 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:45:15.0328 3520 i8042prt - ok
18:45:15.0562 3520 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:45:15.0750 3520 Imapi - ok
18:45:16.0000 3520 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
18:45:16.0250 3520 ini910u - ok
18:45:16.0500 3520 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
18:45:16.0515 3520 int15 - ok
18:45:16.0531 3520 int15.sys - ok
18:45:17.0343 3520 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:45:18.0109 3520 IntcAzAudAddService - ok
18:45:18.0359 3520 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:45:18.0546 3520 IntelIde - ok
18:45:18.0796 3520 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:45:19.0000 3520 Ip6Fw - ok
18:45:19.0265 3520 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:45:19.0515 3520 IpFilterDriver - ok
18:45:19.0750 3520 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:45:19.0906 3520 IpInIp - ok
18:45:20.0078 3520 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:45:20.0281 3520 IpNat - ok
18:45:20.0515 3520 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:45:20.0703 3520 IPSec - ok
18:45:20.0937 3520 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:45:21.0140 3520 IRENUM - ok
18:45:21.0390 3520 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:45:21.0578 3520 isapnp - ok
18:45:21.0812 3520 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:45:22.0000 3520 Kbdclass - ok
18:45:22.0234 3520 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:45:22.0421 3520 kbdhid - ok
18:45:22.0625 3520 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:45:22.0781 3520 kmixer - ok
18:45:23.0031 3520 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
18:45:23.0234 3520 KSecDD - ok
18:45:23.0453 3520 lbrtfdc - ok
18:45:23.0656 3520 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:45:23.0875 3520 mnmdd - ok
18:45:24.0125 3520 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:45:24.0296 3520 Modem - ok
18:45:24.0546 3520 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:45:24.0718 3520 Mouclass - ok
18:45:24.0968 3520 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:45:25.0203 3520 mouhid - ok
18:45:25.0421 3520 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:45:25.0609 3520 MountMgr - ok
18:45:25.0859 3520 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
18:45:26.0078 3520 mraid35x - ok
18:45:26.0343 3520 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:45:26.0578 3520 MRxDAV - ok
18:45:26.0890 3520 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:45:27.0250 3520 MRxSmb - ok
18:45:27.0500 3520 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:45:27.0656 3520 Msfs - ok
18:45:27.0906 3520 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:45:28.0093 3520 MSKSSRV - ok
18:45:28.0343 3520 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:45:28.0515 3520 MSPCLOCK - ok
18:45:28.0765 3520 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:45:28.0937 3520 MSPQM - ok
18:45:29.0218 3520 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:45:29.0406 3520 mssmbios - ok
18:45:29.0625 3520 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
18:45:29.0812 3520 Mup - ok
18:45:30.0093 3520 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:45:30.0312 3520 NDIS - ok
18:45:30.0562 3520 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:45:30.0734 3520 NdisTapi - ok
18:45:30.0968 3520 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:45:31.0156 3520 Ndisuio - ok
18:45:31.0406 3520 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:45:31.0609 3520 NdisWan - ok
18:45:31.0843 3520 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
18:45:32.0031 3520 NDProxy - ok
18:45:32.0250 3520 neokdss - ok
18:45:32.0453 3520 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:45:32.0640 3520 NetBIOS - ok
18:45:32.0859 3520 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:45:33.0046 3520 NetBT - ok
18:45:33.0312 3520 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:45:33.0500 3520 Npfs - ok
18:45:33.0828 3520 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:45:34.0203 3520 Ntfs - ok
18:45:34.0421 3520 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:45:34.0640 3520 Null - ok
18:45:35.0765 3520 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:45:37.0890 3520 nv - ok
18:45:38.0109 3520 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:45:38.0265 3520 NVENETFD - ok
18:45:38.0484 3520 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:45:38.0609 3520 nvnetbus - ok
18:45:38.0843 3520 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:45:39.0046 3520 NwlnkFlt - ok
18:45:39.0281 3520 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:45:39.0515 3520 NwlnkFwd - ok
18:45:39.0765 3520 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:45:39.0937 3520 Parport - ok
18:45:40.0171 3520 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:45:40.0359 3520 PartMgr - ok
18:45:40.0609 3520 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:45:40.0812 3520 ParVdm - ok
18:45:41.0062 3520 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:45:41.0250 3520 PCI - ok
18:45:41.0421 3520 PCIDump - ok
18:45:41.0609 3520 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:45:41.0796 3520 PCIIde - ok
18:45:42.0062 3520 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:45:42.0265 3520 Pcmcia - ok
18:45:42.0453 3520 PDCOMP - ok
18:45:42.0609 3520 PDFRAME - ok
18:45:42.0765 3520 PDRELI - ok
18:45:42.0921 3520 PDRFRAME - ok
18:45:43.0109 3520 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
18:45:43.0328 3520 perc2 - ok
18:45:43.0546 3520 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
18:45:43.0750 3520 perc2hib - ok
18:45:44.0031 3520 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:45:44.0218 3520 PptpMiniport - ok
18:45:44.0453 3520 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
18:45:44.0640 3520 Processor - ok
18:45:44.0890 3520 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:45:45.0078 3520 PSched - ok
18:45:45.0312 3520 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:45:45.0578 3520 Ptilink - ok
18:45:45.0843 3520 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:45:45.0890 3520 PxHelp20 - ok
18:45:46.0093 3520 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
18:45:46.0312 3520 ql1080 - ok
18:45:46.0546 3520 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
18:45:46.0750 3520 Ql10wnt - ok
18:45:47.0000 3520 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
18:45:47.0234 3520 ql12160 - ok
18:45:47.0468 3520 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
18:45:47.0718 3520 ql1240 - ok
18:45:47.0953 3520 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
18:45:48.0187 3520 ql1280 - ok
18:45:48.0484 3520 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:45:48.0671 3520 RasAcd - ok
18:45:48.0921 3520 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:45:49.0109 3520 Rasl2tp - ok
18:45:49.0343 3520 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:45:49.0578 3520 RasPppoe - ok
18:45:49.0843 3520 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:45:50.0046 3520 Raspti - ok
18:45:50.0328 3520 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:45:50.0578 3520 Rdbss - ok
18:45:50.0765 3520 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:45:50.0968 3520 RDPCDD - ok
18:45:51.0265 3520 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:45:51.0515 3520 rdpdr - ok
18:45:51.0765 3520 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
18:45:51.0953 3520 RDPWD - ok
18:45:52.0203 3520 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:45:52.0375 3520 redbook - ok
18:45:52.0593 3520 RimUsb - ok
18:45:52.0781 3520 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:45:52.0906 3520 RimVSerPort - ok
18:45:53.0156 3520 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:45:53.0375 3520 ROOTMODEM - ok
18:45:53.0515 3520 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:45:53.0546 3520 SASDIFSV - ok
18:45:53.0593 3520 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:45:53.0671 3520 SASKUTIL - ok
18:45:53.0921 3520 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:45:54.0109 3520 Secdrv - ok
18:45:54.0359 3520 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:45:54.0531 3520 Serial - ok
18:45:54.0796 3520 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:45:54.0968 3520 Sfloppy - ok
18:45:55.0203 3520 Simbad - ok
18:45:55.0375 3520 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
18:45:55.0546 3520 sisagp - ok
18:45:55.0812 3520 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
18:45:55.0921 3520 Sparrow - ok
18:45:56.0156 3520 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:45:56.0312 3520 splitter - ok
18:45:56.0562 3520 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:45:56.0750 3520 sr - ok
18:45:57.0000 3520 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
18:45:57.0218 3520 Srv - ok
18:45:57.0453 3520 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
18:45:57.0531 3520 sscdbus - ok
18:45:57.0765 3520 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
18:45:57.0812 3520 sscdmdfl - ok
18:45:58.0062 3520 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
18:45:58.0125 3520 sscdmdm - ok
18:45:58.0359 3520 sscdserd (d04bd59f28c78e2e66632092cafc0a2b) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
18:45:58.0437 3520 sscdserd - ok
18:45:58.0671 3520 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:45:58.0843 3520 swenum - ok
18:45:59.0078 3520 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:45:59.0375 3520 swmidi - ok
18:45:59.0625 3520 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
18:45:59.0812 3520 symc810 - ok
18:46:00.0046 3520 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
18:46:00.0265 3520 symc8xx - ok
18:46:00.0500 3520 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
18:46:00.0703 3520 sym_hi - ok
18:46:00.0968 3520 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
18:46:01.0187 3520 sym_u3 - ok
18:46:01.0406 3520 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:46:01.0562 3520 sysaudio - ok
18:46:01.0875 3520 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:46:02.0187 3520 Tcpip - ok
18:46:02.0453 3520 Tcpip6 (aa7a55536096d646dc7ab0ac5641e9e8) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:46:02.0671 3520 Tcpip6 - ok
18:46:02.0906 3520 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:46:03.0093 3520 TDPIPE - ok
18:46:03.0359 3520 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:46:03.0531 3520 TDTCP - ok
18:46:03.0765 3520 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:46:03.0953 3520 TermDD - ok
18:46:04.0187 3520 tmactmon - ok
18:46:04.0359 3520 tmcfw - ok
18:46:04.0578 3520 tmcomm (ad866d83b4f0391aecceb4e507011831) C:\WINDOWS\system32\drivers\tmcomm.sys
18:46:04.0640 3520 tmcomm - ok
18:46:04.0859 3520 tmevtmgr - ok
18:46:05.0000 3520 tmpreflt - ok
18:46:05.0156 3520 tmxpflt - ok
18:46:05.0359 3520 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
18:46:05.0562 3520 TosIde - ok
18:46:05.0812 3520 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:46:05.0984 3520 tunmp - ok
18:46:06.0250 3520 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:46:06.0437 3520 Udfs - ok
18:46:06.0671 3520 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
18:46:06.0781 3520 ultra - ok
18:46:07.0078 3520 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:46:07.0390 3520 Update - ok
18:46:07.0640 3520 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:46:07.0812 3520 usbccgp - ok
18:46:08.0062 3520 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:46:08.0265 3520 usbehci - ok
18:46:08.0468 3520 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:46:08.0640 3520 usbhub - ok
18:46:08.0875 3520 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:46:09.0046 3520 usbohci - ok
18:46:09.0328 3520 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:46:09.0515 3520 usbprint - ok
18:46:09.0765 3520 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:46:09.0906 3520 USBSTOR - ok
18:46:10.0140 3520 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:46:10.0312 3520 VgaSave - ok
18:46:10.0562 3520 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
18:46:10.0734 3520 viaagp - ok
18:46:10.0953 3520 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
18:46:11.0140 3520 ViaIde - ok
18:46:11.0343 3520 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:46:11.0515 3520 VolSnap - ok
18:46:11.0734 3520 vsapint - ok
18:46:11.0953 3520 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:46:12.0125 3520 Wanarp - ok
18:46:12.0328 3520 WDICA - ok
18:46:12.0531 3520 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:46:12.0671 3520 wdmaud - ok
18:46:12.0968 3520 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:46:13.0156 3520 WmiAcpi - ok
18:46:13.0406 3520 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:46:13.0500 3520 WpdUsb ( UnsignedFile.Multi.Generic ) - warning
18:46:13.0500 3520 WpdUsb - detected UnsignedFile.Multi.Generic (1)
18:46:13.0750 3520 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:46:13.0953 3520 WS2IFSL - ok
18:46:14.0203 3520 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:46:14.0343 3520 WudfPf - ok
18:46:14.0546 3520 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:46:14.0671 3520 WudfRd - ok
18:46:14.0734 3520 MBR (0x1B8) (ea228d2d5aad83b7544d12986bdf25a2) \Device\Harddisk0\DR0
18:46:15.0796 3520 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:46:15.0796 3520 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:46:15.0843 3520 MBR (0x1B8) (3e80c5775b1fcfe668596f5bb9e9dc15) \Device\Harddisk3\DR7
18:46:25.0171 3520 \Device\Harddisk3\DR7 - ok
18:46:25.0187 3520 Boot (0x1200) (eb5769a9cb8157052e6ceabb2a35255b) \Device\Harddisk0\DR0\Partition0
18:46:25.0187 3520 \Device\Harddisk0\DR0\Partition0 - ok
18:46:25.0187 3520 ============================================================
18:46:25.0187 3520 Scan finished
18:46:25.0187 3520 ============================================================
18:46:25.0312 3512 Detected object count: 3
18:46:25.0312 3512 Actual detected object count: 3
18:46:36.0390 3512 HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:36.0390 3512 HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:36.0390 3512 WpdUsb ( UnsignedFile.Multi.Generic ) - skipped by user
18:46:36.0390 3512 WpdUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:46:36.0390 3512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:46:36.0390 3512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users