Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ntos Trojan.Zeroaccess!kmem infection - Need help removing


  • Please log in to reply
9 replies to this topic

#1 regor5150

regor5150

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 January 2012 - 09:49 PM

Hey everyone, new to this forum, although I've used it before to fix things... but this time I'm stuck.

So I've got Symantec Endpoint Protection on my laptop, and its finding a filename called 'ntos' with a risk description of "Trojan.Zeroaccess!kmem" in windows\system32

Endpoint only logs the event and when I try to quarantine or delete the file its saying its unable to because the file no longer exists. Yet, this thing KEEPS popping back up, multiple times, with the exact same information each time.

I've tried running a full system scan with Endpoint, and with Malwarebytes. I've even downloaded a Symantec removal tool, but none of it seemed to work. I have not yet tried Spybot, but that's coming after I post this.

Does anyone have any experience with this particular bugger?
Thanks,
~Roger

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 22 January 2012 - 10:43 PM

Hello,Roger
Spybot will not remove it.
I moved this from XP to the Am I Infected forum.

Please do this next.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 regor5150

regor5150
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 January 2012 - 11:12 PM

Ok, I d/l'd MiniToolBox and ran it. I had 2 error msgs pop up while it was running:

netsh.exe - Entry Point Not Found
The procedure entry point MigrateWinsockConfiguration could not be located in the dynamic link library MSWSOCK.dll

nslookup.exe - Ordinal Not Found
The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll
(occurred 3x)

Here is the Results.txt file:


MiniToolBox by Farbar Version: 18-01-2012
Ran by Regor (administrator) on 22-01-2012 at 23:02:05
Microsoft Windows XP Professional Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================


::1 localhost

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net 127.0.0.1 am1.activemeter.com

There are 12576 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Connection (Connected)
1394 Net Adapter = 1394 Firewire Connection (Connected)
Intel® PRO/100 VE Network Connection = Ethernet Connection (Media disconnected)
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.


Windows IP Configuration



Host Name . . . . . . . . . . . . : Regor

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-6F-19-8F

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.4

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 208.67.222.222

208.67.220.220

Lease Obtained. . . . . . . . . . : Sunday, January 22, 2012 9:02:12 PM

Lease Expires . . . . . . . . . . : Monday, January 18, 2038 10:14:07 PM



Ethernet adapter Ethernet Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-16-36-A2-B4-94

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Autoconfiguration IP Address. . . : 169.254.27.163

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . :



Pinging google.com [74.125.113.105] with 32 bytes of data:



Reply from 74.125.113.105: bytes=32 time=88ms TTL=52

Reply from 74.125.113.105: bytes=32 time=45ms TTL=52



Ping statistics for 74.125.113.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 88ms, Average = 66ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de 6f 19 8f ...... Intel® PRO/Wireless 3945ABG Network Connection - Teefer2 Miniport
0x3 ...00 16 36 a2 b4 94 ...... Intel® PRO/100 VE Network Connection - Teefer2 Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.4 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 169.254.27.163 169.254.27.163 30
169.254.27.163 255.255.255.255 127.0.0.1 127.0.0.1 30
169.254.255.255 255.255.255.255 169.254.27.163 169.254.27.163 30
192.168.0.0 255.255.255.0 192.168.0.4 192.168.0.4 25
192.168.0.4 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.0.255 255.255.255.255 192.168.0.4 192.168.0.4 25
224.0.0.0 240.0.0.0 169.254.27.163 169.254.27.163 30
224.0.0.0 240.0.0.0 192.168.0.4 192.168.0.4 25
255.255.255.255 255.255.255.255 169.254.27.163 169.254.27.163 1
255.255.255.255 255.255.255.255 192.168.0.4 192.168.0.4 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()
Catalog9 22 mswsock.dll [File Not found] ()
Catalog9 23 mswsock.dll [File Not found] ()
Catalog9 24 mswsock.dll [File Not found] ()
Catalog9 25 mswsock.dll [File Not found] ()
Catalog9 26 mswsock.dll [File Not found] ()
Catalog9 27 mswsock.dll [File Not found] ()
Catalog9 28 mswsock.dll [File Not found] ()
Catalog9 29 mswsock.dll [File Not found] ()
Catalog9 30 mswsock.dll [File Not found] ()
Catalog9 31 mswsock.dll [File Not found] ()
Catalog9 32 mswsock.dll [File Not found] ()
Catalog9 33 mswsock.dll [File Not found] ()
Catalog9 34 mswsock.dll [File Not found] ()
Catalog9 35 mswsock.dll [File Not found] ()
Catalog9 36 mswsock.dll [File Not found] ()
Catalog9 37 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/22/2012 09:18:50 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (01/22/2012 09:02:32 PM) (Source: Media Center Receiver) (User: )
Description: TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error: (01/22/2012 08:47:57 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 08:32:58 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 08:18:01 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 07:01:31 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 06:47:12 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 06:33:30 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (01/22/2012 06:21:31 PM) (Source: Media Center Receiver) (User: )
Description: TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error: (01/22/2012 05:55:03 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.


System errors:
=============
Error: (01/22/2012 11:05:21 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:20 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:18 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:16 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:14 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:13 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:12 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:10 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127

Error: (01/22/2012 11:05:08 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service terminated with the following error:
%%127


Microsoft Office Sessions:
=========================
Error: (01/22/2012 09:18:50 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (01/22/2012 09:02:32 PM) (Source: Media Center Receiver)(User: )
Description: WebcamMax, WDM Video Capturec0040597

Error: (01/22/2012 08:47:57 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 08:32:58 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 08:18:01 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 07:01:31 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 06:47:12 PM) (Source: SescLU)(User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (01/22/2012 06:33:30 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.

Error: (01/22/2012 06:21:31 PM) (Source: Media Center Receiver)(User: )
Description: WebcamMax, WDM Video Capturec0040597

Error: (01/22/2012 05:55:03 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Trojan.Zeroaccess!kmem in File: c:\windows\system32\ntos by: Startup scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.


=========================== Installed Programs ============================


1AVCapture (Version: 1.7.6.11)
A-PDF PPT2PDF 1.0
Able MIDI Editor 1.3 (remove only)
Ad-Aware (Version: 7.1.0.7)
Adit Testdesk (Version: 1.50)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.2) (Version: 10.1.2)
Advanced Audio Recorder v6.0.1
Advanced Registry Doctor (Version: 8.8.8.21)
Advanced WindowsCare 2.41 Professional
Alchemy GIF Animator
All My Software 1.6
AllMedia Grabber (Version: 2.1)
AllMySongs Database (Version: 1.1)
Amazing Slow Downer (remove only)
AMUST Disk Cleaner 1.0
AMUST Registry Cleaner (Version: 3.5)
AP Tuner 3.06
Apex Video Converter Super 7.54 (Version: V7.54)
Apple Software Update (Version: 1.0.2.1)
ASAPI Update
Aspi Installer
Asterisks Password Viewer (Version: 1.10.02)
ASTRA32 - Advanced System Information Tool 1.54 (Version: 1.54)
AudibleManager (Version: 1309592.1378168.1310188.2089872920)
Audio Recorder 1.1
Audio Speed Changer Pro 1.3 (Version: 1.3)
Autumn MP3 Tagger 2.50
AV WebCam Morpher 2.0 (Version: 2.0.41)
Avi2Dvd 0.4.5 beta (Version: 0.4.5 beta)
AVS Capture Wizard 1.4.2
AVS Ringtone Maker version 1.4
AVS Video Editor 4
AVS4YOU Software Navigator 1.2
Azureus (Version: 2.5.0.4)
Bee Icons v 4.0.3 (GAOTD Edition) (Version: 4.0.3)
Belarc Advisor 7.2
Beyond Sync 3.5.8.135
BlindWrite 6 (Version: 6.0.1.19)
Blox World 1.2
Bonjour Core for Windows (Version: 1.0.3)
BootSkin
BufferChm (Version: 60.0.155.000)
BurnAware Home Edition 1.2.9
BusinessCardsMX 3.43 (Version: 3.43)
Button Shop (Version: 03.00.00.00)
Captain Tray Pro 6.4
CapTrue
CD Label Designer 3.5 (Version: CD Label Designer 3.5)
Clean MemXP (Version: 8.0)
Cleanse Uninstaller Pro 6.5 (Version: )
Clone Terminator 1.0
CloneDVD2
Combo Digital Film Reader USB
Comfort Keys 2.0.3.1 (Version: 2.0)
Computer-Expert Supervisors Pack v.1.1 (Version: 1.1)
Conexant HD Audio
Confidence Online™ for Web Applications
Convert DOC to PDF For Word 3.50
ConvertXtoDVD 2.1.14.223 (Version: 2.1.14.223)
Cool RingTone Maker 1.1.2
Corel Applications
Cover Commander 2.91 by Insofta Development (Version: 2.91)
COWON Media Center - jetAudio Basic VX (Version: 8.0.16)
CP_AtenaShokunin1Config (Version: 60.0.155.000)
CP_CalendarTemplates1 (Version: 60.0.155.000)
cp_LightScribeConfig (Version: 60.0.155.000)
cp_OnlineProjectsConfig (Version: 60.0.155.000)
CP_Package_Basic1 (Version: 60.0.155.000)
CP_Package_Variety1 (Version: 60.0.155.000)
CP_Package_Variety2 (Version: 60.0.155.000)
CP_Package_Variety3 (Version: 60.0.155.000)
CP_Panorama1Config (Version: 60.0.155.000)
cp_PosterPrintConfig (Version: 60.0.155.000)
cp_UpdateProjectsConfig (Version: 60.0.155.000)
CubeDrift 1.0
CueTour (Version: 60.0.155.000)
Customer Experience Enhancement (Version: Customer Experience Enhancement -1.0.0.1680)
CyberPower Audio Editing Lab 12.8
Daniusoft Media Converter(Build 2.3.2.0)
DemoCreator
Destinations (Version: 60.0.155.000)
DeviceManagementQFolder (Version: 1.00.0000)
Diamond Puzzle 1.0
Direct Audio Converter & CD Ripper 1.7 (Version: 1.7)
DiskAnalyzer Professional 1.8
DivX (Version: 5.2.1)
DivX Content Uploader (Version: 1.2.1)
DivX Web Player (Version: 1.3.1)
DMS DJ Promixer Full (Version: 1.0)
DocConverter
DScaler 4.1.15
DVD Cutter 1.0
EASEUS Data Recovery Wizard Professional 4.3.6 (Version: 4.3.6)
Elecard DVD Player (Version: 2.1.70214)
Elprime Media Recovery 1.5
EndNote X Volume License Edition (Version: 10.0.0.2131)
Epson Event Manager (Version: 2.40.0001)
EPSON NX420 Series Printer Uninstall
EPSON Scan
EPSON USB Display (Version: 1.45.000)
EpsonNet Config V3 (Version: 3.7.0)
EpsonNet Print (Version: 2.4j)
EpsonNet Setup 3.3 (Version: 3.3b)
Equation Wizard
ESPNMotion (Version: 2.1.6.0011)
eXPert PDF Editor Professional Edition (Version: 1.0)
exPressit S.E. 2.2
Extra DVD Ripper Express 4.54
Extra DVD to 3GP Ripper 6.41
Extra Video Converter 4.6
Extreme Picture Finder 3.5.6 (Version: 3.5.6)
Facebook Plug-In
Fantastic Flame Screensaver
ffdshow [rev 1972] [2008-05-24] (Version: 1.0)
Flash Renamer 5.3
FlashFXP
Flex GIF Animator version 8.54 (Version: 8.54)
FLV Video Downloader 1.0 (Version: 1.0)
Foxonic Professional 3.2 (build 0019) (Version: 3.2 (build 0019))
Free PS Convert driver 8.15
FreeRIP v3.1 (Version: 3.091)
Frigate Professional Version
FTP Synchronizer 2.3.31
FullDPAppQFolder (Version: 1.00.0000)
G-Force (Version: 2.8)
G-tune 2.11
GemMaster Mystic
Glary Utilities Pro 2.18.0.786 (Version: 2.18.0.786)
Google Apps (Version: 1.2.279.2381)
Google Chrome (Version: 16.0.912.75)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
Goombah Partner COM Server (Version: 1.0.2.0)
GuitarFX 3
Hauppauge MCE XP/Vista Software Encoder (2.0.24341) (Version: 2.0.24341)
HDDlife for Notebooks (Version: 2.9.109)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP BatteryCheck 1.00 A7 (Version: 1.00 A7)
HP Help and Support (Version: 4.2.0013)
HP Imaging Device Functions 6.0 (Version: 6.0)
HP Pavilion Webcam Demo (Version: 2.00.0000)
HP Photosmart Premier Software 6.0 (Version: 6.0)
HP Product Detection (Version: 11.14.0001)
HP Quick Launch Buttons 6.10 A2 (Version: 6.10 A2)
HP QuickPlay 2.3
HP Rhapsody
HP Update (Version: 4.000.010.008)
HP User Guides 0035 (Version: 1.03.0000)
HP Wireless Assistant 2.00 G2 (Version: 2.00 G2)
HpSdpAppCoreApp (Version: 3.00.0000)
Icon Constructor 3
ID3-TagIT 3 (Version: 3)
InControl 2.4
Inpaint (Version: 1.0.0)
InstantShareDevices (Version: 60.0.155.000)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intrusion Detection System - Sax2 2.0
iResizer 1.0
ISI ResearchSoft - Export Helper
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
KC Softwares AVIToolbox
Koi Fish 3D Screensaver 1.0 (Version: 1.0)
Laboratory Hematology
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Lightscribe Extended Label Contrast Utility (Version: 1.4.142.1)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.99)
Living Cell 3D Screensaver 1.2
LogonStudio
Macromedia Flash Player 8 (Version: 8.0.22.0)
Macromedia Shockwave Player (Version: 10.1.1.016)
MagicScore
MagicTweak Version 4.11
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Media Resizer PRO
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft English TTS Engine (Version: 2.0.1000.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2006 (Version: 15)
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional (Version: 9.00.2720)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 08.04.0623)
mIRC (Version: 6.21)
Mosby Clinical Chemistry (Version: 4.60.000)
Move Networks Media Player for Internet Explorer
MP3 Recorder Studio 5.8
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MultimediaFeed MP3 Tagger v2.83 (Version: 2.83)
MultiStage Recovery 2.7
Music Duplicate Remover 6.0
Musicmatch® Jukebox (Version: 10.00.4015)
muvee autoProducer 5.0 (Version: 5.00.050)
My HP Games (Version: HPLAP0202)
Nature Illusion Studio (Version: 1.80)
NeoDownloader 2.8.1 (GiveAwayOfTheDay Version) (Version: 2.8.1)
NetWaiting (Version: 2.5.33)
Network Print Monitor for Windows 2000/XP
Nuclear Coffee - ConvertVid
Numark Cue (Atomix Productions)
Office 2003 Trial Assistant (Version: 1.0.0)
Office Animation Runtime (Version: 11.0.5510.0)
oggcodecs 0.71.0946 (Version: 0.71.0946)
OptionalContentQFolder (Version: 1.00.0000)
OtsAV DJ Trial 1.85.001
OtsDJ 1.15.004
PageFour 1.50
PCHand Screen Capture (GOTD Version) 1.8.0.2
PCHand Screen Recorder (GOTD Version) 1.8.5.2
PDFZilla V1.2.7
PeerBlock 1.1 (r518) (Version: 1.1.0.518)
Photo Viewer 2.3
PhotoGallery (Version: 60.0.155.000)
PhotoScape
Picasa 3 (Version: 3.8)
Picture To Icon (remove only)
PlayFLV
Power Tab Editor 1.7 (Version: 1.7.0)
PPT To Video Scout (Version: 1.22)
PPTminimizer
Premium Booster (Version: 2.2.0.1400)
Process Lasso (Version: 5.1.0.34)
QuickTime (Version: 7.1.3.100)
RandMap (Version: 60.0.155.000)
RealPlayer
Recover Files 2.0
RESTrick Control Panel (Version: 1.3.2)
Ruckus Player (Version: 3.6.1.14618)
Sansa Updater
SAPI Wrapper (Version: 1.0.0.0)
ScreenCamera (Version: 1.9.6.11)
ScreenDASH (Version: 3.0)
Simpo PDF to Word 2.1.1.0
SkinsHP1 (Version: 60.0.155.000)
SkinStudio Free
Skype Toolbars (Version: 5.0.4126)
Skype™ 5.0 (Version: 5.0.152)
Sloud UB Composer version 1.00
SmartWhois (Version: 4.2)
SnowFox Total Video Converter 2.8.1.1
Soft Data Fax Modem with SmartCP
Solar System - Moon 3D Screensaver v1.0
SolveigMM Video Splitter (Version: 1.2.12.27)
Sonic Audio Module (Version: 2.0.4)
Sonic Copy Module (Version: 2.0.4)
Sonic Data Module (Version: 2.0.4)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.2.0)
Sonic Update Manager (Version: 3.0.0)
Sonic_PrimoSDK (Version: 60.0.155.000)
SonicAC3Encoder (Version: 1.00.0000)
SonicMPEGEncoder (Version: 1.00.0000)
Sothink FLV Player (Version: 2.3)
Sothink Web Video Downloader (Version: 1.2)
Sound Editor Deluxe v3.9
Spybot - Search & Destroy (Version: 1.6.2)
Spybot - Search & Destroy 1.5.2.20
StatFi 2007 GAOTD
StatFi 2007 GAOTD (Version: 4.8.6.0)
StatPlus 2007 (Version: 4.6.0.0B)
Steinberg WaveLab 5.01b
SWF & FLV Player 3.0 (build 3.0.33.5106) (Version: 3.0.33.5106)
SWF & FLV Toolbox 3.5 (build 3.5.23.412) (Version: 3.5.23.412)
Symantec Endpoint Protection (Version: 11.0.6200.754)
Synaptics Pointing Device Driver (Version: 8.3.8.0)
TagTuner 2.0
The One Ring 3D Screensaver 1.0 (Version: 1.0)
The Ultimate Unit Converter Software!
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Topaz Moment (Version: 3.4)
TourSetup (Version: 1.0.0)
Trellian LiveUpgrade v2.0
Trellian WebPage (Version: 3.0.0.10)
Triaxis
Trillian Pro 3.1 Build 121 (Version: 3.1.0.121)
TTS Wrapper (Version: 1.0.0.0)
TubeClock
TuxGuitar 1.0
Tweak UI
uMark Professional 1.3 (Version: 1.3.0)
Unload (Version: 6.0.0)
Update Rollup 2 for Windows XP Media Center Edition 2005
Valix NetSearch version 1.5
Ventrilo Client (Version: 3.0.1)
Video Watermark Factory (Version: 1.0)
VideoAvatar
VideoGet
VideoLAN VLC media player 0.8.6a (Version: 0.8.6a)
VidMorph
VirtualDJ PRO Full (Version: 7.0.3)
VirtuallyJenna K17 570 MOD (Version: 2.025.002.565)
VisiFly
Vongo (Version: 1.31.02)
Vuze
Web Design Group CSS Reference
Web Design Group HTML Reference
Web Forum Reader 2.0
Web Stream Recorder Pro 1.61 (Version: 1.61)
WebcamMax (Version: 3.2.1)
WebFldrs XP (Version: 9.50.7523)
WebM Media Foundation Components (Version: 0.25.0.0)
WhiteCap (Version: 4.7.4)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.5.0530.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows XP Hotfix - KB873333 (Version: 20050114.005213)
Windows XP Hotfix - KB873339 (Version: 20041117.092459)
Windows XP Hotfix - KB883667 (Version: 20040812.104354)
Windows XP Hotfix - KB885250 (Version: 20050118.202711)
Windows XP Hotfix - KB885835 (Version: 20041027.181713)
Windows XP Hotfix - KB885836 (Version: 20041028.173203)
Windows XP Hotfix - KB885855 (Version: 20040930.104104)
Windows XP Hotfix - KB886185 (Version: 20041021.090540)
Windows XP Hotfix - KB887472 (Version: 20041014.162858)
Windows XP Hotfix - KB888113 (Version: 20041116.131036)
Windows XP Hotfix - KB888239 (Version: 20041124.162528)
Windows XP Hotfix - KB888302 (Version: 20041207.111426)
Windows XP Hotfix - KB890546 (Version: 20041208.112932)
Windows XP Hotfix - KB890859 (Version: 1)
Windows XP Hotfix - KB891220 (Version: 20041208.154529)
Windows XP Hotfix - KB891781 (Version: 20050110.165439)
Windows XP Hotfix - KB892559 (Version: 2)
Windows XP Media Center Edition 2005 KB925766
WinPcap 4.0.2 (Version: 4.0.0.1040)
WinRAR archiver
WinUtilities 9.98 Professional Edition
WinX Cell Phone Video Converter 4.0
Wireless Home Network Setup (Version: 1.1.154.1)
Wondershare AVI to DVD Burner(Build 2.1.15)
Wondershare DVD Ripper Platinum(Build 4.2.0.16)
Wondershare Photo Story (2.5.5) (Version: 2.5.5)
Wondershare YouTube Downloader(Build 1.0.16)
XBCD 1.07 (Version: 1.07)
Xilisoft Video Converter (Version: 3.1.57.0612b)
XTweak
XviD MPEG-4 Codec
XY Chart Labeler 7.0
Your monster voice 1
ZIP RAR ACE Password Recovery (Version: 1.73.02)
ZoneAlarm (Version: 7.0.462.000)
Zoner GIF Animator 5 (Version: 5.0.3000.2)
Zune Desktop Theme (Version: 1.0.5341.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 2037.98 MB
Available physical RAM: 1272.43 MB
Total Pagefile: 3407.29 MB
Available Pagefile: 2780.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1976.06 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:99.09 GB) (Free:47.05 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.2 GB) FAT32
4 Drive f: (KODAK) (Removable) (Total:0.96 GB) (Free:0.2 GB) FAT

========================= Users: ========================================

User accounts for \\REGOR

Administrator ASPNET Guest
HelpAssistant Other Regor
Someone Else SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini020607-01.dmp
C:\WINDOWS\Minidump\Mini030907-01.dmp
C:\WINDOWS\Minidump\Mini032607-01.dmp
C:\WINDOWS\Minidump\Mini050907-01.dmp

**** End of log ****


I have not yet ran the tdsskiller file. About to though.

#4 regor5150

regor5150
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 January 2012 - 11:26 PM

I think it got it! Here's the TDSSKiller log:


23:15:02.0187 3280 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
23:15:04.0187 3280 ============================================================
23:15:04.0187 3280 Current date / time: 2012/01/22 23:15:04.0187
23:15:04.0187 3280 SystemInfo:
23:15:04.0187 3280
23:15:04.0187 3280 OS Version: 5.1.2600 ServicePack: 2.0
23:15:04.0187 3280 Product type: Workstation
23:15:04.0187 3280 ComputerName: REGOR
23:15:04.0187 3280 UserName: Regor
23:15:04.0187 3280 Windows directory: C:\WINDOWS
23:15:04.0187 3280 System windows directory: C:\WINDOWS
23:15:04.0187 3280 Processor architecture: Intel x86
23:15:04.0187 3280 Number of processors: 2
23:15:04.0187 3280 Page size: 0x1000
23:15:04.0187 3280 Boot type: Normal boot
23:15:04.0187 3280 ============================================================
23:15:04.0859 3280 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:15:04.0921 3280 Initialize success
23:15:25.0531 2676 ============================================================
23:15:25.0531 2676 Scan started
23:15:25.0531 2676 Mode: Manual;
23:15:25.0531 2676 ============================================================
23:15:26.0656 2676 5U870CAP_VID_1262&PID_25FD (d2142fee659d97b2b05820f21594bfe2) C:\WINDOWS\system32\Drivers\5U870CAP.sys
23:15:26.0656 2676 5U870CAP_VID_1262&PID_25FD - ok
23:15:26.0671 2676 Abiosdsk - ok
23:15:26.0734 2676 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:15:26.0734 2676 abp480n5 - ok
23:15:26.0765 2676 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:15:26.0781 2676 ACPI - ok
23:15:26.0781 2676 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:15:26.0781 2676 ACPIEC - ok
23:15:26.0812 2676 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:15:26.0828 2676 adpu160m - ok
23:15:26.0890 2676 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:15:26.0890 2676 aec - ok
23:15:26.0937 2676 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
23:15:26.0937 2676 Afc - ok
23:15:26.0968 2676 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
23:15:26.0968 2676 AFD - ok
23:15:26.0984 2676 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
23:15:26.0984 2676 agp440 - ok
23:15:27.0000 2676 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:15:27.0000 2676 agpCPQ - ok
23:15:27.0015 2676 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:15:27.0031 2676 Aha154x - ok
23:15:27.0046 2676 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:15:27.0046 2676 aic78u2 - ok
23:15:27.0078 2676 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:15:27.0093 2676 aic78xx - ok
23:15:27.0140 2676 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
23:15:27.0140 2676 AliIde - ok
23:15:27.0265 2676 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:15:27.0265 2676 alim1541 - ok
23:15:27.0281 2676 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:15:27.0281 2676 amdagp - ok
23:15:27.0296 2676 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
23:15:27.0312 2676 amsint - ok
23:15:27.0328 2676 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:15:27.0328 2676 Arp1394 - ok
23:15:27.0406 2676 Asapi (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\drivers\Asapi.sys
23:15:27.0406 2676 Asapi - ok
23:15:27.0437 2676 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
23:15:27.0437 2676 asc - ok
23:15:27.0453 2676 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:15:27.0453 2676 asc3350p - ok
23:15:27.0468 2676 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:15:27.0484 2676 asc3550 - ok
23:15:27.0546 2676 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
23:15:27.0546 2676 Aspi32 - ok
23:15:27.0656 2676 ASTRA32 (5fc1fed39ed5d3f71c7d2fc16a49e2a2) C:\Program Files\ASTRA32\ASTRA32.sys
23:15:27.0671 2676 ASTRA32 - ok
23:15:27.0687 2676 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:15:27.0734 2676 AsyncMac - ok
23:15:27.0796 2676 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:15:27.0796 2676 atapi - ok
23:15:27.0906 2676 Atdisk - ok
23:15:27.0937 2676 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:15:27.0937 2676 Atmarpc - ok
23:15:27.0984 2676 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:15:28.0000 2676 audstub - ok
23:15:28.0046 2676 avcgbdr (de95593d8699d96beeb0ba2e6ecb8313) C:\WINDOWS\system32\drivers\avcgbdr.sys
23:15:28.0062 2676 avcgbdr - ok
23:15:28.0078 2676 avcgbfl (187f906eb9f4d647ced63bf57bf96545) C:\WINDOWS\system32\Drivers\avcgbfl.sys
23:15:28.0093 2676 avcgbfl - ok
23:15:28.0140 2676 AVWEBCAM (08270114009e3e8891120c9ff651123b) C:\WINDOWS\system32\DRIVERS\avwebcam.sys
23:15:28.0140 2676 AVWEBCAM - ok
23:15:28.0171 2676 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
23:15:28.0171 2676 BANTExt - ok
23:15:28.0218 2676 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:15:28.0218 2676 Beep - ok
23:15:28.0312 2676 BootScreen (00d58c17a122df30fca5d701daf06e29) C:\WINDOWS\System32\drivers\vidstub.sys
23:15:28.0328 2676 BootScreen - ok
23:15:28.0500 2676 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys
23:15:28.0515 2676 BTWUSB - ok
23:15:28.0578 2676 CamthWDM (0a679709f97d085b8efd40d3a116a59f) C:\WINDOWS\system32\DRIVERS\CamthWDM.sys
23:15:28.0578 2676 CamthWDM - ok
23:15:28.0609 2676 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:15:28.0609 2676 cbidf - ok
23:15:28.0625 2676 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:15:28.0625 2676 cbidf2k - ok
23:15:28.0671 2676 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:15:28.0671 2676 CCDECODE - ok
23:15:28.0703 2676 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:15:28.0718 2676 cd20xrnt - ok
23:15:28.0765 2676 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:15:28.0765 2676 Cdaudio - ok
23:15:28.0781 2676 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:15:28.0796 2676 Cdfs - ok
23:15:28.0875 2676 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:15:28.0921 2676 Cdrom - ok
23:15:29.0015 2676 Changer - ok
23:15:29.0046 2676 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:15:29.0046 2676 CmBatt - ok
23:15:29.0078 2676 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:15:29.0078 2676 CmdIde - ok
23:15:29.0125 2676 COH_Mon (4f2dedeed7c091fafc4dada5534f3d37) C:\WINDOWS\system32\Drivers\COH_Mon.sys
23:15:29.0140 2676 COH_Mon - ok
23:15:29.0140 2676 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:15:29.0156 2676 Compbatt - ok
23:15:29.0171 2676 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:15:29.0187 2676 Cpqarray - ok
23:15:29.0203 2676 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:15:29.0218 2676 dac2w2k - ok
23:15:29.0234 2676 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:15:29.0234 2676 dac960nt - ok
23:15:29.0265 2676 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:15:29.0265 2676 Disk - ok
23:15:29.0328 2676 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
23:15:29.0359 2676 dmboot - ok
23:15:29.0390 2676 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
23:15:29.0390 2676 dmio - ok
23:15:29.0406 2676 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:15:29.0406 2676 dmload - ok
23:15:29.0468 2676 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:15:29.0468 2676 DMusic - ok
23:15:29.0484 2676 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:15:29.0484 2676 dpti2o - ok
23:15:29.0515 2676 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:15:29.0515 2676 drmkaud - ok
23:15:29.0562 2676 DsAudioDevice_286 (7d9071966fe010bc46e8a51f26f654c1) C:\WINDOWS\system32\drivers\DsAudioDevice_286.sys
23:15:29.0562 2676 DsAudioDevice_286 - ok
23:15:29.0718 2676 DSDrv4 (8462304cbd54857a5943bda8a6ede5ed) C:\PROGRA~1\DScaler\DSDrv4.sys
23:15:29.0718 2676 DSDrv4 - ok
23:15:29.0890 2676 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
23:15:29.0890 2676 E100B - ok
23:15:29.0937 2676 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
23:15:29.0937 2676 eabfiltr - ok
23:15:29.0984 2676 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
23:15:29.0984 2676 eabusb - ok
23:15:30.0093 2676 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:15:30.0171 2676 eeCtrl - ok
23:15:30.0234 2676 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
23:15:30.0234 2676 ElbyCDIO - ok
23:15:30.0250 2676 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
23:15:30.0250 2676 ElbyDelay - ok
23:15:30.0312 2676 eppvad_simple (802f427a85feb7cc5f63587f82e4479e) C:\WINDOWS\system32\drivers\EMP_UDAU.sys
23:15:30.0312 2676 eppvad_simple - ok
23:15:30.0421 2676 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:15:30.0437 2676 EraserUtilRebootDrv - ok
23:15:30.0593 2676 ezplay (96dad6e55739d96a6b24d26fa077dad8) C:\WINDOWS\system32\Drivers\ezplay.sys
23:15:30.0609 2676 ezplay - ok
23:15:30.0671 2676 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:15:30.0687 2676 Fastfat - ok
23:15:30.0750 2676 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:15:30.0750 2676 Fdc - ok
23:15:30.0781 2676 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
23:15:30.0781 2676 Fips - ok
23:15:30.0812 2676 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:15:30.0812 2676 Flpydisk - ok
23:15:30.0843 2676 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:15:30.0843 2676 FltMgr - ok
23:15:30.0890 2676 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:15:30.0890 2676 Fs_Rec - ok
23:15:30.0906 2676 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:15:30.0906 2676 Ftdisk - ok
23:15:30.0921 2676 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:15:30.0921 2676 Gpc - ok
23:15:30.0968 2676 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
23:15:30.0968 2676 HBtnKey - ok
23:15:31.0015 2676 hcw85bda (659bd528db5390f1f1329f42a78be79f) C:\WINDOWS\system32\drivers\HCW85BDA.sys
23:15:31.0062 2676 hcw85bda - ok
23:15:31.0250 2676 HdAudAddService (4905d28aa09f63e6a2f4e93ed6dd7d19) C:\WINDOWS\system32\drivers\CHDAud.sys
23:15:31.0281 2676 HdAudAddService - ok
23:15:31.0343 2676 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:15:31.0359 2676 HDAudBus - ok
23:15:31.0406 2676 HidIr (07577916997e89563ed508c2ab6ff415) C:\WINDOWS\system32\DRIVERS\hidir.sys
23:15:31.0406 2676 HidIr - ok
23:15:31.0453 2676 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:15:31.0453 2676 HidUsb - ok
23:15:31.0500 2676 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
23:15:31.0500 2676 hpn - ok
23:15:31.0531 2676 HSFHWAZL (8e60293c44e3f6f7f09defb60023a37d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
23:15:31.0531 2676 HSFHWAZL - ok
23:15:31.0593 2676 HSF_DPV (4c2aab15ad6229134f70e5c950e6185c) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:15:31.0640 2676 HSF_DPV - ok
23:15:31.0796 2676 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
23:15:31.0812 2676 HTTP - ok
23:15:31.0843 2676 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
23:15:31.0843 2676 i2omgmt - ok
23:15:31.0859 2676 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:15:31.0859 2676 i2omp - ok
23:15:31.0875 2676 i8042prt (5249a6f482cb28bce66a2a928944b127) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:15:31.0875 2676 i8042prt ( Virus.Win32.ZAccess.k ) - infected
23:15:31.0875 2676 i8042prt - detected Virus.Win32.ZAccess.k (0)
23:15:31.0984 2676 ialm (85d42b7f0dd406adf5e3ec7659a279ec) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:15:32.0031 2676 ialm - ok
23:15:32.0078 2676 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
23:15:32.0093 2676 iaStor - ok
23:15:32.0109 2676 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:15:32.0109 2676 Imapi - ok
23:15:32.0171 2676 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:15:32.0171 2676 ini910u - ok
23:15:32.0187 2676 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
23:15:32.0187 2676 IntelIde - ok
23:15:32.0203 2676 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:15:32.0203 2676 intelppm - ok
23:15:32.0234 2676 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:15:32.0234 2676 Ip6Fw - ok
23:15:32.0265 2676 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:15:32.0265 2676 IpFilterDriver - ok
23:15:32.0359 2676 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:15:32.0359 2676 IpInIp - ok
23:15:32.0531 2676 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:15:32.0531 2676 IpNat - ok
23:15:32.0609 2676 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:15:32.0609 2676 IPSec - ok
23:15:32.0671 2676 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:15:32.0671 2676 IRENUM - ok
23:15:32.0718 2676 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:15:32.0718 2676 isapnp - ok
23:15:32.0765 2676 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:15:32.0781 2676 Kbdclass - ok
23:15:32.0828 2676 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:15:32.0828 2676 kbdhid - ok
23:15:32.0875 2676 KLIF (2cf7c3dd0102a32a680ef97f3b1c861a) C:\WINDOWS\system32\DRIVERS\klif.sys
23:15:32.0875 2676 KLIF - ok
23:15:32.0937 2676 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:15:32.0937 2676 kmixer - ok
23:15:32.0968 2676 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
23:15:32.0984 2676 KSecDD - ok
23:15:33.0015 2676 lbrtfdc - ok
23:15:33.0078 2676 lusbaudio (081caf42d5db1fcf8794fd77befd1b11) C:\WINDOWS\system32\drivers\OVSound2.sys
23:15:33.0078 2676 lusbaudio - ok
23:15:33.0156 2676 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:15:33.0156 2676 mdmxsdk - ok
23:15:33.0234 2676 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
23:15:33.0234 2676 MHNDRV - ok
23:15:33.0265 2676 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:15:33.0265 2676 mnmdd - ok
23:15:33.0281 2676 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
23:15:33.0281 2676 Modem - ok
23:15:33.0312 2676 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:15:33.0312 2676 Mouclass - ok
23:15:33.0359 2676 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:15:33.0375 2676 mouhid - ok
23:15:33.0390 2676 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:15:33.0390 2676 MountMgr - ok
23:15:33.0437 2676 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
23:15:33.0437 2676 MPE - ok
23:15:33.0484 2676 MQAC (db07b0088cdfd20c2a22e675120ede34) C:\WINDOWS\system32\drivers\mqac.sys
23:15:33.0484 2676 MQAC - ok
23:15:33.0531 2676 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:15:33.0546 2676 mraid35x - ok
23:15:33.0578 2676 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:15:33.0593 2676 MRxDAV - ok
23:15:33.0718 2676 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:15:33.0718 2676 MRxSmb - ok
23:15:33.0843 2676 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:15:33.0843 2676 Msfs - ok
23:15:33.0890 2676 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:15:33.0906 2676 MSKSSRV - ok
23:15:33.0968 2676 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:15:33.0968 2676 MSPCLOCK - ok
23:15:34.0046 2676 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:15:34.0046 2676 MSPQM - ok
23:15:34.0078 2676 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:15:34.0078 2676 mssmbios - ok
23:15:34.0125 2676 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:15:34.0125 2676 MSTEE - ok
23:15:34.0140 2676 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:15:34.0140 2676 Mup - ok
23:15:34.0171 2676 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:15:34.0187 2676 NABTSFEC - ok
23:15:34.0359 2676 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~3\VirusDefs\20120122.004\NAVENG.SYS
23:15:34.0359 2676 NAVENG - ok
23:15:34.0437 2676 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~3\VirusDefs\20120122.004\NAVEX15.SYS
23:15:34.0437 2676 NAVEX15 - ok
23:15:34.0625 2676 Nbf (c087dd7fa47c4a43683df764fbfa30a7) C:\WINDOWS\system32\DRIVERS\nbf.sys
23:15:34.0625 2676 Nbf - ok
23:15:34.0703 2676 NDIS (aa898f84d2b59129fb92e143a2c73434) C:\WINDOWS\system32\drivers\NDIS.sys
23:15:34.0703 2676 NDIS - ok
23:15:34.0765 2676 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:15:34.0765 2676 NdisIP - ok
23:15:34.0828 2676 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:15:34.0828 2676 NdisTapi - ok
23:15:34.0859 2676 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:15:34.0859 2676 Ndisuio - ok
23:15:34.0890 2676 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:15:34.0906 2676 NdisWan - ok
23:15:34.0921 2676 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:15:34.0921 2676 NDProxy - ok
23:15:34.0937 2676 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:15:34.0937 2676 NetBIOS - ok
23:15:35.0000 2676 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:15:35.0000 2676 NetBT - ok
23:15:35.0234 2676 NETw3x32 (e2f396f71a793a04839dbb6af304a026) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
23:15:35.0296 2676 NETw3x32 - ok
23:15:35.0359 2676 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:15:35.0359 2676 NIC1394 - ok
23:15:35.0406 2676 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
23:15:35.0406 2676 nm - ok
23:15:35.0453 2676 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
23:15:35.0453 2676 NPF - ok
23:15:35.0500 2676 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:15:35.0500 2676 Npfs - ok
23:15:35.0531 2676 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
23:15:35.0609 2676 Ntfs - ok
23:15:35.0765 2676 NuidFltr (20623a75f3c6c1076ebba64dd8c4bc02) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
23:15:35.0781 2676 NuidFltr - ok
23:15:35.0796 2676 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:15:35.0796 2676 Null - ok
23:15:35.0843 2676 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:15:35.0843 2676 NwlnkFlt - ok
23:15:35.0859 2676 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:15:35.0859 2676 NwlnkFwd - ok
23:15:35.0890 2676 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:15:35.0890 2676 ohci1394 - ok
23:15:35.0937 2676 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
23:15:35.0953 2676 Parport - ok
23:15:35.0968 2676 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:15:35.0968 2676 PartMgr - ok
23:15:36.0000 2676 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:15:36.0015 2676 ParVdm - ok
23:15:36.0140 2676 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
23:15:36.0140 2676 pbfilter - ok
23:15:36.0187 2676 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
23:15:36.0187 2676 PCI - ok
23:15:36.0187 2676 PCIDump - ok
23:15:36.0218 2676 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:15:36.0218 2676 PCIIde - ok
23:15:36.0250 2676 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:15:36.0250 2676 Pcmcia - ok
23:15:36.0421 2676 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
23:15:36.0421 2676 pcouffin - ok
23:15:36.0468 2676 PDCOMP - ok
23:15:36.0484 2676 PDFRAME - ok
23:15:36.0500 2676 PDRELI - ok
23:15:36.0500 2676 PDRFRAME - ok
23:15:36.0515 2676 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
23:15:36.0531 2676 perc2 - ok
23:15:36.0546 2676 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:15:36.0546 2676 perc2hib - ok
23:15:36.0593 2676 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:15:36.0609 2676 PptpMiniport - ok
23:15:36.0625 2676 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:15:36.0625 2676 PSched - ok
23:15:36.0656 2676 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:15:36.0656 2676 Ptilink - ok
23:15:36.0703 2676 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:15:36.0703 2676 PxHelp20 - ok
23:15:36.0750 2676 QCEmerald (90849934d37133e069f31f3e9a66c9bc) C:\WINDOWS\system32\DRIVERS\OVCE.sys
23:15:36.0750 2676 QCEmerald - ok
23:15:36.0812 2676 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:15:36.0812 2676 ql1080 - ok
23:15:36.0828 2676 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:15:36.0828 2676 Ql10wnt - ok
23:15:36.0843 2676 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:15:36.0843 2676 ql12160 - ok
23:15:36.0859 2676 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:15:36.0859 2676 ql1240 - ok
23:15:36.0875 2676 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:15:36.0875 2676 ql1280 - ok
23:15:36.0921 2676 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:15:36.0921 2676 RasAcd - ok
23:15:37.0062 2676 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
23:15:37.0078 2676 Rasirda - ok
23:15:37.0109 2676 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:15:37.0109 2676 Rasl2tp - ok
23:15:37.0156 2676 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:15:37.0156 2676 RasPppoe - ok
23:15:37.0187 2676 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:15:37.0203 2676 Raspti - ok
23:15:37.0250 2676 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:15:37.0250 2676 Rdbss - ok
23:15:37.0281 2676 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:15:37.0281 2676 RDPCDD - ok
23:15:37.0312 2676 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:15:37.0312 2676 rdpdr - ok
23:15:37.0375 2676 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:15:37.0390 2676 RDPWD - ok
23:15:37.0453 2676 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:15:37.0453 2676 redbook - ok
23:15:37.0609 2676 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
23:15:37.0609 2676 rimmptsk - ok
23:15:37.0640 2676 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
23:15:37.0640 2676 rimsptsk - ok
23:15:37.0687 2676 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
23:15:37.0687 2676 rismxdp - ok
23:15:37.0734 2676 RMCAST (9d54c7c15847b933e03d6e7c9307bae5) C:\WINDOWS\system32\drivers\RMCast.sys
23:15:37.0734 2676 RMCAST - ok
23:15:37.0781 2676 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
23:15:37.0781 2676 rtl8139 - ok
23:15:37.0828 2676 SAUSBHW (6bb83f7f50aeaf7bfe56eab09a93a922) C:\WINDOWS\system32\Drivers\sausb.sys
23:15:37.0843 2676 SAUSBHW - ok
23:15:37.0921 2676 SCRCAMHRDRV (6673b255518f08f55cece03f6d2eb6ad) C:\WINDOWS\system32\DRIVERS\SCRCAMHRDRV.sys
23:15:37.0921 2676 SCRCAMHRDRV - ok
23:15:37.0984 2676 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:15:37.0984 2676 sdbus - ok
23:15:38.0125 2676 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:15:38.0125 2676 Secdrv - ok
23:15:38.0156 2676 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
23:15:38.0156 2676 Serial - ok
23:15:38.0203 2676 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
23:15:38.0203 2676 sffdisk - ok
23:15:38.0234 2676 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
23:15:38.0234 2676 sffp_sd - ok
23:15:38.0250 2676 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:15:38.0250 2676 Sfloppy - ok
23:15:38.0281 2676 Simbad - ok
23:15:38.0312 2676 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:15:38.0312 2676 sisagp - ok
23:15:38.0343 2676 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:15:38.0359 2676 SLIP - ok
23:15:38.0375 2676 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:15:38.0375 2676 Sparrow - ok
23:15:38.0531 2676 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:15:38.0546 2676 SPBBCDrv - ok
23:15:38.0671 2676 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:15:38.0671 2676 splitter - ok
23:15:38.0718 2676 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
23:15:38.0718 2676 sr - ok
23:15:38.0828 2676 srescan (ec4240c219452982a02391e2599ad043) C:\WINDOWS\system32\ZoneLabs\srescan.sys
23:15:38.0953 2676 srescan - ok
23:15:39.0031 2676 SRTSP (b36f8d6a02ff2b3a53e250a629782f29) C:\WINDOWS\system32\Drivers\SRTSP.SYS
23:15:39.0031 2676 SRTSP - ok
23:15:39.0109 2676 SRTSPL (e99bd98ac171a29fc1ba9376be87ae73) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
23:15:39.0125 2676 SRTSPL - ok
23:15:39.0250 2676 SRTSPX (1af34729898063e9b7df8d149d767e07) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
23:15:39.0265 2676 SRTSPX - ok
23:15:39.0328 2676 Srv (ea554a3ffc3f536fe8320eb38f5e4843) C:\WINDOWS\system32\DRIVERS\srv.sys
23:15:39.0343 2676 Srv - ok
23:15:39.0406 2676 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:15:39.0421 2676 streamip - ok
23:15:39.0453 2676 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:15:39.0453 2676 swenum - ok
23:15:39.0500 2676 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:15:39.0515 2676 swmidi - ok
23:15:39.0546 2676 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
23:15:39.0546 2676 symc810 - ok
23:15:39.0593 2676 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:15:39.0593 2676 symc8xx - ok
23:15:39.0656 2676 SymEvent (e42a34e6f5ca71a84d4c2de620aad13d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:15:39.0671 2676 SymEvent - ok
23:15:39.0781 2676 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:15:39.0781 2676 SYMREDRV - ok
23:15:39.0812 2676 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:15:39.0812 2676 SYMTDI - ok
23:15:39.0828 2676 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:15:39.0828 2676 sym_hi - ok
23:15:39.0843 2676 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:15:39.0843 2676 sym_u3 - ok
23:15:39.0921 2676 SynTP (369d0626687a968182a9db40fe8a0905) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:15:39.0921 2676 SynTP - ok
23:15:39.0984 2676 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:15:39.0984 2676 sysaudio - ok
23:15:40.0015 2676 SysPlant (666992d996c524812e713effd836d043) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
23:15:40.0015 2676 SysPlant - ok
23:15:40.0093 2676 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:15:40.0109 2676 Tcpip - ok
23:15:40.0140 2676 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:15:40.0156 2676 TDPIPE - ok
23:15:40.0265 2676 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:15:40.0281 2676 TDTCP - ok
23:15:40.0296 2676 Teefer2 (f63439ac8fa992bfa0c757eb644a1a0c) C:\WINDOWS\system32\DRIVERS\teefer2.sys
23:15:40.0312 2676 Teefer2 - ok
23:15:40.0343 2676 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:15:40.0343 2676 TermDD - ok
23:15:40.0390 2676 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
23:15:40.0390 2676 TosIde - ok
23:15:40.0421 2676 tunmp (87a0e9e18c10a9e454238e3330e2a26d) C:\WINDOWS\system32\DRIVERS\tunmp.sys
23:15:40.0437 2676 tunmp - ok
23:15:40.0468 2676 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:15:40.0500 2676 Udfs - ok
23:15:40.0500 2676 UIUSys - ok
23:15:40.0515 2676 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
23:15:40.0531 2676 ultra - ok
23:15:40.0593 2676 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
23:15:40.0593 2676 Update - ok
23:15:40.0640 2676 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:15:40.0640 2676 usbccgp - ok
23:15:40.0671 2676 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:15:40.0687 2676 usbehci - ok
23:15:40.0750 2676 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:15:40.0750 2676 usbhub - ok
23:15:40.0859 2676 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:15:40.0859 2676 usbprint - ok
23:15:40.0906 2676 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:15:40.0906 2676 usbscan - ok
23:15:40.0937 2676 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:15:40.0937 2676 USBSTOR - ok
23:15:40.0984 2676 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:15:40.0984 2676 usbuhci - ok
23:15:41.0046 2676 VendorJoystickEnabler (9a7166938b3c2cd94fe380c0d07d4b19) C:\WINDOWS\system32\Drivers\xctrl.sys
23:15:41.0062 2676 VendorJoystickEnabler - ok
23:15:41.0109 2676 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:15:41.0109 2676 VgaSave - ok
23:15:41.0156 2676 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:15:41.0156 2676 viaagp - ok
23:15:41.0203 2676 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
23:15:41.0203 2676 ViaIde - ok
23:15:41.0312 2676 VIAIRDA (d683e3dafae4ed45b338d4a52edcf3d0) C:\WINDOWS\system32\DRIVERS\viairda.sys
23:15:41.0328 2676 VIAIRDA - ok
23:15:41.0359 2676 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
23:15:41.0359 2676 VolSnap - ok
23:15:41.0437 2676 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
23:15:41.0437 2676 vsdatant - ok
23:15:41.0562 2676 w39n51 (c79918a5bd269035f3a34d157401b9df) C:\WINDOWS\system32\DRIVERS\w39n51.sys
23:15:41.0656 2676 w39n51 - ok
23:15:41.0828 2676 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:15:41.0828 2676 Wanarp - ok
23:15:41.0906 2676 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:15:41.0968 2676 Wdf01000 - ok
23:15:42.0015 2676 WDICA - ok
23:15:42.0093 2676 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:15:42.0093 2676 wdmaud - ok
23:15:42.0187 2676 WebCamHelper (5124ac756d3585a3c080690ea98c6c11) C:\PROGRA~1\AVWEBC~1\WebCamHelper.sys
23:15:42.0218 2676 WebCamHelper - ok
23:15:42.0312 2676 winachsf (e17d31cd52dcb7745ac5330eea062d0b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:15:42.0359 2676 winachsf - ok
23:15:42.0546 2676 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:15:42.0546 2676 WmiAcpi - ok
23:15:42.0656 2676 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
23:15:42.0656 2676 WpdUsb - ok
23:15:42.0703 2676 WPS (9748e527f0d71bc86a1fe45f294e368b) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
23:15:42.0703 2676 WPS - ok
23:15:42.0765 2676 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
23:15:42.0765 2676 WpsHelper - ok
23:15:42.0812 2676 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:15:42.0828 2676 WSTCODEC - ok
23:15:42.0875 2676 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:15:42.0875 2676 WudfPf - ok
23:15:42.0937 2676 XBCD (f35663b3d640d751a4d7eb29d105c994) C:\WINDOWS\system32\Drivers\xbcd.sys
23:15:42.0937 2676 XBCD - ok
23:15:42.0984 2676 MBR (0x1B8) (665277635dc8ba83deae12eadedb75a0) \Device\Harddisk0\DR0
23:15:43.0015 2676 \Device\Harddisk0\DR0 - ok
23:15:43.0015 2676 Boot (0x1200) (e7adb6ad8acfd573f0741b5d12867888) \Device\Harddisk0\DR0\Partition0
23:15:43.0015 2676 \Device\Harddisk0\DR0\Partition0 - ok
23:15:43.0031 2676 Boot (0x1200) (4d152edcb4daf1f145e58df32cdd5e9a) \Device\Harddisk0\DR0\Partition1
23:15:43.0031 2676 \Device\Harddisk0\DR0\Partition1 - ok
23:15:43.0046 2676 ============================================================
23:15:43.0046 2676 Scan finished
23:15:43.0046 2676 ============================================================
23:15:43.0046 4000 Detected object count: 1
23:15:43.0046 4000 Actual detected object count: 1
23:15:55.0218 4000 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
23:15:56.0328 4000 Backup copy found, using it..
23:15:56.0390 4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
23:16:01.0468 4000 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
23:16:24.0468 0168 Deinitialize success

If it did, THANK YOU SO MUCH!!! lol

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 23 January 2012 - 08:04 PM

That looks good. Are you using a custom Hosts file or SpyBot's Teatimer?

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 regor5150

regor5150
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 January 2012 - 10:46 PM

That looks good. Are you using a custom Hosts file or SpyBot's Teatimer?


Yes, I'm using a hosts file from MVPS.org. No to Teatimer.

Ok, getting ready to run that scan. I'll post the results.

#7 regor5150

regor5150
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 25 January 2012 - 09:29 AM

I'm not 100% sure these files were malicious


C:\Documents and Settings\All Users\Documents\Stuff From Dell Laptop\Downloads from Dell\ctimer.exe multiple threats deleted - quarantined
C:\Documents and Settings\All Users\Documents\Stuff From Dell Laptop\Downloads from Dell\fp2006-final-3[1].00-setup.exe JS/BadJoke.KillFiles.A application deleted - quarantined
C:\Documents and Settings\All Users\Documents\Stuff From Dell Laptop\Serials\Keygen.zip a variant of Win32/Keygen.AD application deleted - quarantined
C:\Documents and Settings\Regor\Desktop\DataTraveler Backup\Computer Fixing Utilities\SDFix.exe Win32/PrcView application deleted - quarantined
C:\Documents and Settings\Regor\My Documents\Downloads\cnet_DiscoXTBasicSetup_msi.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Regor\My Documents\Downloads\cnet_DJ_Promixer_Free1_0_Setup_exe (1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Downloads\freeripmp3.exe multiple threats deleted - quarantined
C:\Program Files\SmartWhois\swlaunch.xpi a variant of Win32/Injector.DIS trojan deleted - quarantined
C:\Program Files\SmartWhois\swsetup.exe a variant of Win32/Injector.DIS trojan cleaned by deleting - quarantined
C:\Program Files\Wondershare\DemoCreator\DllMouse.dll probably a variant of Win32/Spy.Delf.BKRATFF trojan cleaned by deleting - quarantined

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 25 January 2012 - 04:14 PM

Other than Downloads from Dell\ctimer.exe -DJ_Promixer_Free1 and DiscoXTBasic.. the others are malware.. These can be restored and skipped on future scans.
Good on the hosts as otherwise it was infected.

How is it running now?


This looks like a Crack..Dell Laptop\Serials\Keygen.zip
And is probaly the source of your infections.

IMPORTANT NOTE: The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

trendmicro.com/vinfo

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Before we can continue, I need you to remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so we need to ensure they have been removed.

Using these types of programs or the websites you visited to get them is almost a guaranteed way to get yourself infected!!

Edited by boopme, 25 January 2012 - 04:17 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 regor5150

regor5150
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 26 January 2012 - 01:11 AM

Well, to be honest, I don't even know what any of those files were. But the scan deleted them anyways, so its all good.

The computer is running fine now, so thanks for all your help! :)

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:21 AM

Posted 26 January 2012 - 11:36 AM

OK, well this was the bad infection and its gone.
23:15:43.0046 4000 Detected object count: 1
23:15:43.0046 4000 Actual detected object count: 1
23:15:55.0218 4000 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
23:15:56.0328 4000 Backup copy found, using it..
23:15:56.0390 4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
23:16:01.0468 4000 i8042prt ( Virus.Win32.ZAccess.k ) - User select action: Cure
23:16:24.0468 0168 Deinitialize success



I am not preaching ,only stating the facts from all the infections I hav eseen from those apps.


If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users