Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

worm/virus Services.exe has terminated unexpectedly


  • This topic is locked This topic is locked
22 replies to this topic

#1 jillmarten

jillmarten

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 07 February 2012 - 09:22 PM

I am editing my post because I thought since I couldn't do the GMER and the DDS (maybe you could tell me why) I would add the Malwarebytes log that I was able to run... The error that I am getting now wasn't popping up until after I ran malwarebytes in safemode where it was able to update as well... now the error even comes up in safe mode... Please help as soon as possible... Thank You.

Hello, Thanks for helping me, I have encountered a problem with a computer and I don't know what it is. My one account on this computer all of a sudden all the Icons went missing and I couldn't get on the internet and this error kept popping up...

- 0x0181c708 referenced memory at 0x0006003c Services.exe Application error

C:\Windows\system32\Services.exe terminated unexpectedly with status code 1073741818

Since I couldn't do anything in regular mode because the internet and everything was missing I restarted the computer and went into safe mode with networking and updated and ran malwarebytes antimalware and it found 35 different items.. It removed them and then I restarted the computer and the icons were back and everything seemed find then after about 5 minutes that same error popped back up and NT Authority System wanted to shutdown the system, So after the computer restarted twice I stopped it by typing Shutdown -A in the run box.. But it froze and I still couldn't do anythning... the internet says there is a winsock error... PLEASE help me!!!!


I tried to download the DDS and Something is wrong with the link. ( I am downloading everything on a non infected computer. So I found another link on Bleeping computer, downloaded it, but it wouldn't work on the infected computer. When I tried to run the GMER the Zip version, both times I get the file is corrupt, so it wouldn't unzip. So I tried the .exe version and I get a error "LoadDriver("C:\DOCUME~1JASONC~1\lOCALS~1\Temp\pwtcqpod.sys")" Cannnot create a stable subkey under a volatile parent key...

So Please Help, I am sorry I couldn't attach the logs you wanted but I couldnt' do them...

Attached Files


Edited by jillmarten, 08 February 2012 - 10:41 AM.

Jill M***Butterfly Kisses


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 10 February 2012 - 11:17 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

It would be wise to download these tools using a good computer to a CD or flash drive.
Copy the file on the Desktop of the infected computer and run them as indicated below.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 10 February 2012 - 03:04 PM

Hello Thanks for getting back to me...I did what you told me to do.. Here are my results.. I did have one problem.. When I Ran the TDSKiller It found to things and cured them then It wanted me to restart so I pressed it and then all of a sudden a blue screen came on and said " A Problem has been detected and windows has been shut down to prevent damage to your computer
A Wait operation, attach process or yield was attempted from a DPC routine. If this is the first time you've seen this Sop error screen restart computer...." So I restarted the computer and reran the TDSKiller again just to make sure and the second time it restarted fine so I will post both logs and the other. Thanks so much... What next?


1ST TDS KILLER LOG

13:17:33.0593 1236 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:17:33.0968 1236 ============================================================
13:17:33.0968 1236 Current date / time: 2012/02/10 13:17:33.0968
13:17:33.0968 1236 SystemInfo:
13:17:33.0968 1236
13:17:33.0968 1236 OS Version: 5.1.2600 ServicePack: 3.0
13:17:33.0968 1236 Product type: Workstation
13:17:33.0968 1236 ComputerName: CARLISLE
13:17:33.0968 1236 UserName: Jason Carlisle
13:17:33.0968 1236 Windows directory: C:\WINDOWS
13:17:33.0968 1236 System windows directory: C:\WINDOWS
13:17:33.0968 1236 Processor architecture: Intel x86
13:17:33.0968 1236 Number of processors: 2
13:17:33.0968 1236 Page size: 0x1000
13:17:33.0968 1236 Boot type: Normal boot
13:17:33.0968 1236 ============================================================
13:17:37.0703 1236 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:17:37.0750 1236 Drive \Device\Harddisk1\DR5 - Size: 0xF0D89000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:17:37.0750 1236 \Device\Harddisk0\DR0:
13:17:37.0765 1236 MBR used
13:17:37.0765 1236 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54
13:17:37.0765 1236 \Device\Harddisk1\DR5:
13:17:37.0765 1236 MBR used
13:17:37.0765 1236 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x786C09
13:17:38.0109 1236 Initialize success
13:17:38.0109 1236 ============================================================
13:17:45.0171 1736 ============================================================
13:17:45.0171 1736 Scan started
13:17:45.0171 1736 Mode: Manual;
13:17:45.0171 1736 ============================================================
13:17:46.0046 1736 299BE - ok
13:17:46.0250 1736 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:17:46.0250 1736 Aavmker4 - ok
13:17:46.0312 1736 Abiosdsk - ok
13:17:46.0390 1736 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:17:46.0390 1736 abp480n5 - ok
13:17:46.0484 1736 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:17:46.0484 1736 ACPI - ok
13:17:46.0562 1736 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:17:46.0562 1736 ACPIEC - ok
13:17:46.0656 1736 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:17:46.0656 1736 adpu160m - ok
13:17:46.0750 1736 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:17:46.0750 1736 aec - ok
13:17:46.0843 1736 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:17:46.0843 1736 agp440 - ok
13:17:46.0906 1736 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:17:46.0906 1736 agpCPQ - ok
13:17:46.0968 1736 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:17:46.0968 1736 Aha154x - ok
13:17:47.0062 1736 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:17:47.0078 1736 aic78u2 - ok
13:17:47.0140 1736 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:17:47.0140 1736 aic78xx - ok
13:17:47.0203 1736 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:17:47.0203 1736 AliIde - ok
13:17:47.0296 1736 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:17:47.0296 1736 alim1541 - ok
13:17:47.0375 1736 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:17:47.0375 1736 amdagp - ok
13:17:47.0421 1736 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:17:47.0421 1736 amsint - ok
13:17:47.0500 1736 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:17:47.0515 1736 asc - ok
13:17:47.0593 1736 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:17:47.0609 1736 asc3350p - ok
13:17:47.0671 1736 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:17:47.0671 1736 asc3550 - ok
13:17:47.0781 1736 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:17:47.0781 1736 aswFsBlk - ok
13:17:47.0843 1736 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
13:17:47.0843 1736 aswMon2 - ok
13:17:47.0890 1736 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
13:17:47.0890 1736 aswRdr - ok
13:17:47.0968 1736 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
13:17:47.0968 1736 aswSnx - ok
13:17:48.0140 1736 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
13:17:48.0140 1736 aswSP - ok
13:17:48.0218 1736 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
13:17:48.0218 1736 aswTdi - ok
13:17:48.0296 1736 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:17:48.0296 1736 AsyncMac - ok
13:17:48.0375 1736 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:17:48.0375 1736 atapi - ok
13:17:48.0437 1736 Atdisk - ok
13:17:48.0656 1736 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:17:48.0671 1736 ati2mtag - ok
13:17:48.0812 1736 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:17:48.0812 1736 Atmarpc - ok
13:17:48.0906 1736 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:17:48.0906 1736 audstub - ok
13:17:48.0984 1736 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:17:48.0984 1736 Beep - ok
13:17:49.0109 1736 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
13:17:49.0109 1736 bvrp_pci - ok
13:17:49.0171 1736 catchme - ok
13:17:49.0359 1736 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:17:49.0359 1736 cbidf - ok
13:17:49.0406 1736 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:17:49.0406 1736 cbidf2k - ok
13:17:49.0437 1736 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:17:49.0437 1736 cd20xrnt - ok
13:17:49.0484 1736 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:17:49.0484 1736 Cdaudio - ok
13:17:49.0625 1736 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:17:49.0625 1736 Cdfs - ok
13:17:49.0875 1736 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:17:49.0890 1736 Cdrom - ok
13:17:50.0984 1736 Changer - ok
13:17:52.0671 1736 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:17:52.0671 1736 CmdIde - ok
13:17:53.0234 1736 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:17:53.0234 1736 Cpqarray - ok
13:17:53.0781 1736 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:17:53.0781 1736 dac2w2k - ok
13:17:54.0359 1736 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:17:54.0359 1736 dac960nt - ok
13:17:54.0843 1736 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:17:54.0859 1736 Disk - ok
13:17:55.0203 1736 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:17:55.0218 1736 DLABOIOM - ok
13:17:56.0187 1736 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:17:56.0187 1736 DLACDBHM - ok
13:17:56.0765 1736 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:17:56.0765 1736 DLADResN - ok
13:17:56.0859 1736 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:17:56.0906 1736 DLAIFS_M - ok
13:17:57.0203 1736 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:17:57.0250 1736 DLAOPIOM - ok
13:17:57.0468 1736 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:17:57.0468 1736 DLAPoolM - ok
13:17:57.0937 1736 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:17:57.0937 1736 DLARTL_N - ok
13:17:58.0203 1736 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:17:58.0218 1736 DLAUDFAM - ok
13:17:58.0906 1736 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:17:58.0953 1736 DLAUDF_M - ok
13:17:59.0765 1736 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:17:59.0781 1736 dmboot - ok
13:18:00.0218 1736 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:18:00.0218 1736 dmio - ok
13:18:00.0421 1736 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:18:00.0437 1736 dmload - ok
13:18:00.0750 1736 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:18:00.0750 1736 DMusic - ok
13:18:00.0937 1736 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
13:18:00.0937 1736 DNINDIS5 - ok
13:18:01.0218 1736 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:18:01.0218 1736 dpti2o - ok
13:18:01.0859 1736 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:18:01.0859 1736 drmkaud - ok
13:18:02.0656 1736 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:18:02.0656 1736 DRVMCDB - ok
13:18:03.0125 1736 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:18:03.0125 1736 DRVNDDM - ok
13:18:03.0593 1736 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:18:03.0671 1736 DSproct - ok
13:18:05.0125 1736 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
13:18:05.0125 1736 dsunidrv - ok
13:18:06.0921 1736 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:18:06.0921 1736 E100B - ok
13:18:08.0765 1736 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:18:08.0765 1736 e1express - ok
13:18:12.0281 1736 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
13:18:12.0281 1736 ELacpi - ok
13:18:13.0562 1736 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
13:18:13.0562 1736 ELhid - ok
13:18:15.0140 1736 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
13:18:15.0140 1736 ELkbd - ok
13:18:16.0609 1736 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
13:18:16.0625 1736 ELmon - ok
13:18:16.0703 1736 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
13:18:16.0703 1736 ELmou - ok
13:18:17.0765 1736 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:18:17.0765 1736 Fastfat - ok
13:18:17.0796 1736 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:18:17.0796 1736 Fdc - ok
13:18:17.0859 1736 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:18:17.0859 1736 Fips - ok
13:18:17.0984 1736 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:18:17.0984 1736 Flpydisk - ok
13:18:18.0093 1736 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:18:18.0093 1736 FltMgr - ok
13:18:18.0203 1736 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
13:18:18.0203 1736 FlyUsb - ok
13:18:18.0281 1736 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:18:18.0281 1736 Fs_Rec - ok
13:18:18.0734 1736 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:18:18.0734 1736 Ftdisk - ok
13:18:19.0890 1736 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:18:19.0890 1736 GEARAspiWDM - ok
13:18:20.0125 1736 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:18:20.0140 1736 Gpc - ok
13:18:20.0265 1736 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:18:20.0265 1736 HDAudBus - ok
13:18:20.0343 1736 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:18:20.0343 1736 HidUsb - ok
13:18:20.0421 1736 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:18:20.0421 1736 hpn - ok
13:18:20.0546 1736 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:18:20.0562 1736 HSFHWBS2 - ok
13:18:21.0234 1736 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:18:21.0250 1736 HSF_DP - ok
13:18:21.0609 1736 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:18:21.0609 1736 HTTP - ok
13:18:22.0109 1736 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:18:22.0109 1736 i2omgmt - ok
13:18:22.0265 1736 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:18:22.0265 1736 i2omp - ok
13:18:22.0406 1736 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:18:22.0406 1736 i8042prt - ok
13:18:22.0640 1736 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
13:18:22.0640 1736 iastor - ok
13:18:22.0765 1736 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:18:22.0765 1736 Imapi - ok
13:18:22.0796 1736 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:18:22.0796 1736 ini910u - ok
13:18:22.0859 1736 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:18:22.0859 1736 IntelIde - ok
13:18:22.0890 1736 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:18:22.0890 1736 intelppm - ok
13:18:22.0937 1736 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:18:22.0937 1736 Ip6Fw - ok
13:18:23.0015 1736 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:18:23.0015 1736 IpFilterDriver - ok
13:18:23.0031 1736 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:18:23.0046 1736 IpInIp - ok
13:18:23.0078 1736 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:18:23.0078 1736 IpNat - ok
13:18:23.0140 1736 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:18:23.0140 1736 IPSec ( Virus.Win32.ZAccess.c ) - infected
13:18:23.0140 1736 IPSec - detected Virus.Win32.ZAccess.c (0)
13:18:23.0250 1736 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:18:23.0250 1736 IRENUM - ok
13:18:23.0265 1736 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:18:23.0281 1736 isapnp - ok
13:18:23.0546 1736 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
13:18:23.0546 1736 JSWSCIMD - ok
13:18:23.0687 1736 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:18:23.0687 1736 Kbdclass - ok
13:18:23.0703 1736 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:18:23.0703 1736 kbdhid - ok
13:18:23.0812 1736 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:18:23.0812 1736 kmixer - ok
13:18:23.0968 1736 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:18:23.0968 1736 KSecDD - ok
13:18:24.0000 1736 lbrtfdc - ok
13:18:24.0250 1736 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:18:24.0250 1736 mdmxsdk - ok
13:18:24.0296 1736 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:18:24.0296 1736 MHNDRV - ok
13:18:24.0312 1736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:18:24.0312 1736 mnmdd - ok
13:18:24.0359 1736 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:18:24.0359 1736 Modem - ok
13:18:24.0375 1736 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:18:24.0375 1736 MODEMCSA - ok
13:18:24.0406 1736 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:18:24.0406 1736 Mouclass - ok
13:18:24.0484 1736 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:18:24.0484 1736 mouhid - ok
13:18:24.0500 1736 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:18:24.0500 1736 MountMgr - ok
13:18:24.0734 1736 MpKsl04a20366 - ok
13:18:24.0765 1736 MpKsl0d50a27f - ok
13:18:24.0765 1736 MpKsl49eb6d9d - ok
13:18:24.0812 1736 MpKsl54e05903 - ok
13:18:24.0812 1736 MpKsl6e0faded - ok
13:18:24.0828 1736 MpKslbf83f00e - ok
13:18:24.0828 1736 MpKslc64fc51d - ok
13:18:24.0843 1736 MpKsldd8c98fd - ok
13:18:24.0843 1736 MpKslfb40abee - ok
13:18:24.0890 1736 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:18:24.0890 1736 mraid35x - ok
13:18:24.0968 1736 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:18:24.0968 1736 MRxDAV - ok
13:18:25.0046 1736 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:18:25.0046 1736 MRxSmb - ok
13:18:25.0093 1736 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:18:25.0093 1736 Msfs - ok
13:18:25.0140 1736 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:18:25.0140 1736 MSKSSRV - ok
13:18:25.0187 1736 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:18:25.0187 1736 MSPCLOCK - ok
13:18:25.0250 1736 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:18:25.0250 1736 MSPQM - ok
13:18:25.0296 1736 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:18:25.0296 1736 mssmbios - ok
13:18:25.0359 1736 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:18:25.0359 1736 Mup - ok
13:18:25.0375 1736 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:18:25.0375 1736 NDIS - ok
13:18:25.0437 1736 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:18:25.0437 1736 NdisTapi - ok
13:18:25.0500 1736 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:18:25.0500 1736 Ndisuio - ok
13:18:25.0546 1736 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:18:25.0546 1736 NdisWan - ok
13:18:25.0578 1736 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:18:25.0578 1736 NDProxy - ok
13:18:25.0625 1736 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:18:25.0625 1736 NetBIOS - ok
13:18:25.0656 1736 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:18:25.0671 1736 NetBT - ok
13:18:25.0734 1736 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:18:25.0734 1736 Npfs - ok
13:18:25.0859 1736 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:18:25.0859 1736 Ntfs - ok
13:18:25.0875 1736 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:18:25.0875 1736 Null - ok
13:18:25.0984 1736 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:18:26.0000 1736 nv - ok
13:18:26.0062 1736 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:18:26.0062 1736 NwlnkFlt - ok
13:18:26.0078 1736 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:18:26.0078 1736 NwlnkFwd - ok
13:18:26.0140 1736 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:18:26.0140 1736 Parport - ok
13:18:26.0156 1736 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:18:26.0156 1736 PartMgr - ok
13:18:26.0187 1736 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:18:26.0187 1736 ParVdm - ok
13:18:26.0296 1736 PCD5SRVC{57CE0040-62CCC763-05040000} - ok
13:18:26.0359 1736 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:18:26.0359 1736 PCI - ok
13:18:26.0375 1736 PCIDump - ok
13:18:26.0421 1736 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:18:26.0421 1736 PCIIde - ok
13:18:26.0468 1736 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:18:26.0468 1736 Pcmcia - ok
13:18:26.0484 1736 PDCOMP - ok
13:18:26.0500 1736 PDFRAME - ok
13:18:26.0515 1736 PDRELI - ok
13:18:26.0531 1736 PDRFRAME - ok
13:18:26.0546 1736 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:18:26.0546 1736 perc2 - ok
13:18:26.0562 1736 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:18:26.0578 1736 perc2hib - ok
13:18:26.0640 1736 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:18:26.0640 1736 PptpMiniport - ok
13:18:26.0656 1736 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:18:26.0656 1736 PSched - ok
13:18:26.0671 1736 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:18:26.0671 1736 Ptilink - ok
13:18:26.0687 1736 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:18:26.0687 1736 PxHelp20 - ok
13:18:26.0734 1736 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:18:26.0734 1736 ql1080 - ok
13:18:26.0781 1736 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:18:26.0781 1736 Ql10wnt - ok
13:18:26.0859 1736 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:18:26.0859 1736 ql12160 - ok
13:18:26.0953 1736 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:18:26.0953 1736 ql1240 - ok
13:18:27.0015 1736 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:18:27.0015 1736 ql1280 - ok
13:18:27.0093 1736 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:18:27.0109 1736 RasAcd - ok
13:18:27.0250 1736 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:18:27.0250 1736 Rasl2tp - ok
13:18:27.0296 1736 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:18:27.0296 1736 RasPppoe - ok
13:18:27.0328 1736 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:18:27.0328 1736 Raspti - ok
13:18:27.0421 1736 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:18:27.0437 1736 Rdbss - ok
13:18:27.0453 1736 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:18:27.0453 1736 RDPCDD - ok
13:18:27.0500 1736 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:18:27.0500 1736 rdpdr - ok
13:18:27.0578 1736 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:18:27.0578 1736 RDPWD - ok
13:18:27.0656 1736 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:18:27.0656 1736 redbook - ok
13:18:27.0703 1736 rsrzzelp - ok
13:18:27.0843 1736 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:18:27.0843 1736 SASDIFSV - ok
13:18:27.0859 1736 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:18:27.0859 1736 SASENUM - ok
13:18:27.0875 1736 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:18:27.0875 1736 SASKUTIL - ok
13:18:27.0921 1736 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:18:27.0937 1736 Secdrv - ok
13:18:27.0968 1736 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:18:27.0968 1736 serenum - ok
13:18:28.0015 1736 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:18:28.0015 1736 Serial - ok
13:18:28.0046 1736 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:18:28.0046 1736 Sfloppy - ok
13:18:28.0062 1736 Simbad - ok
13:18:28.0109 1736 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:18:28.0109 1736 sisagp - ok
13:18:28.0140 1736 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:18:28.0140 1736 Sparrow - ok
13:18:28.0171 1736 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:18:28.0171 1736 splitter - ok
13:18:28.0265 1736 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:18:28.0265 1736 sr - ok
13:18:28.0328 1736 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:18:28.0328 1736 Srv - ok
13:18:28.0421 1736 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
13:18:28.0421 1736 STHDA - ok
13:18:28.0484 1736 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:18:28.0484 1736 swenum - ok
13:18:28.0515 1736 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:18:28.0515 1736 swmidi - ok
13:18:28.0546 1736 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:18:28.0546 1736 symc810 - ok
13:18:28.0578 1736 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:18:28.0578 1736 symc8xx - ok
13:18:28.0593 1736 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:18:28.0593 1736 sym_hi - ok
13:18:28.0609 1736 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:18:28.0609 1736 sym_u3 - ok
13:18:28.0671 1736 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:18:28.0671 1736 sysaudio - ok
13:18:28.0734 1736 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:18:28.0750 1736 Tcpip - ok
13:18:28.0828 1736 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:18:28.0843 1736 TDPIPE - ok
13:18:28.0875 1736 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:18:28.0875 1736 TDTCP - ok
13:18:28.0890 1736 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:18:28.0906 1736 TermDD - ok
13:18:28.0937 1736 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:18:28.0937 1736 TosIde - ok
13:18:28.0984 1736 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:18:29.0000 1736 Udfs - ok
13:18:29.0031 1736 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:18:29.0031 1736 ultra - ok
13:18:29.0093 1736 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:18:29.0093 1736 Update - ok
13:18:29.0140 1736 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:18:29.0140 1736 USBAAPL - ok
13:18:29.0187 1736 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:18:29.0203 1736 usbccgp - ok
13:18:29.0218 1736 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:18:29.0218 1736 usbehci - ok
13:18:29.0250 1736 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:18:29.0250 1736 usbhub - ok
13:18:29.0296 1736 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:18:29.0312 1736 usbprint - ok
13:18:29.0328 1736 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:18:29.0328 1736 usbscan - ok
13:18:29.0437 1736 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:18:29.0437 1736 USBSTOR - ok
13:18:29.0531 1736 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:18:29.0531 1736 usbuhci - ok
13:18:29.0593 1736 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:18:29.0593 1736 VgaSave - ok
13:18:29.0640 1736 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:18:29.0640 1736 viaagp - ok
13:18:29.0703 1736 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:18:29.0718 1736 ViaIde - ok
13:18:29.0750 1736 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:18:29.0765 1736 VolSnap - ok
13:18:29.0781 1736 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:18:29.0781 1736 Wanarp - ok
13:18:29.0796 1736 wanatw - ok
13:18:29.0812 1736 WDICA - ok
13:18:29.0828 1736 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:18:29.0828 1736 wdmaud - ok
13:18:29.0875 1736 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:18:29.0875 1736 winachsf - ok
13:18:29.0968 1736 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
13:18:29.0984 1736 WN111v2 - ok
13:18:30.0031 1736 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
13:18:30.0031 1736 WSIMD - ok
13:18:30.0093 1736 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:18:30.0093 1736 WudfPf - ok
13:18:30.0109 1736 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:18:30.0109 1736 WudfRd - ok
13:18:30.0140 1736 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:18:30.0171 1736 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
13:18:30.0171 1736 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
13:18:30.0187 1736 MBR (0x1B8) (fe3aef5dee52f7de9c622ec12e92058e) \Device\Harddisk1\DR5
13:18:33.0140 1736 \Device\Harddisk1\DR5 - ok
13:18:33.0156 1736 Boot (0x1200) (21f989f1eec19c2cae0d2403d45d4ede) \Device\Harddisk0\DR0\Partition0
13:18:33.0171 1736 \Device\Harddisk0\DR0\Partition0 - ok
13:18:33.0171 1736 Boot (0x1200) (6d9a6c4a8ed04c278543f69c95e42796) \Device\Harddisk1\DR5\Partition0
13:18:33.0171 1736 \Device\Harddisk1\DR5\Partition0 - ok
13:18:33.0171 1736 ============================================================
13:18:33.0171 1736 Scan finished
13:18:33.0171 1736 ============================================================
13:18:33.0187 1072 Detected object count: 2
13:18:33.0187 1072 Actual detected object count: 2
13:21:21.0140 1072 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
13:21:21.0156 1072 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
13:21:29.0187 1072 Backup copy found, using it..
13:21:29.0296 1072 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
13:21:31.0968 1072 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure
13:21:32.0546 1072 \Device\Harddisk0\DR0\# - copied to quarantine
13:21:32.0546 1072 \Device\Harddisk0\DR0 - copied to quarantine
13:21:32.0625 1072 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:21:32.0687 1072 \Device\Harddisk0\DR0\TDLFS\rsrc.dat - copied to quarantine
13:21:32.0859 1072 \Device\Harddisk0\DR0\TDLFS\tdlcmd.dll - copied to quarantine
13:21:32.0859 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
13:21:32.0859 1072 \Device\Harddisk0\DR0 - ok
13:21:32.0859 1072 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
13:22:38.0218 0948 Deinitialize success


2ND TDS KILLER LOG


13:53:57.0484 3048 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
13:53:57.0578 3048 ============================================================
13:53:57.0578 3048 Current date / time: 2012/02/10 13:53:57.0578
13:53:57.0578 3048 SystemInfo:
13:53:57.0578 3048
13:53:57.0578 3048 OS Version: 5.1.2600 ServicePack: 3.0
13:53:57.0578 3048 Product type: Workstation
13:53:57.0578 3048 ComputerName: CARLISLE
13:53:57.0578 3048 UserName: Jason Carlisle
13:53:57.0578 3048 Windows directory: C:\WINDOWS
13:53:57.0578 3048 System windows directory: C:\WINDOWS
13:53:57.0578 3048 Processor architecture: Intel x86
13:53:57.0578 3048 Number of processors: 2
13:53:57.0578 3048 Page size: 0x1000
13:53:57.0578 3048 Boot type: Normal boot
13:53:57.0578 3048 ============================================================
13:53:59.0203 3048 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:53:59.0203 3048 Drive \Device\Harddisk1\DR4 - Size: 0xF0D89000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:53:59.0203 3048 \Device\Harddisk0\DR0:
13:53:59.0203 3048 MBR used
13:53:59.0203 3048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x1C840B54
13:53:59.0203 3048 \Device\Harddisk1\DR4:
13:53:59.0203 3048 MBR used
13:53:59.0203 3048 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x786C09
13:53:59.0250 3048 Initialize success
13:53:59.0250 3048 ============================================================
13:54:03.0703 0432 ============================================================
13:54:03.0703 0432 Scan started
13:54:03.0703 0432 Mode: Manual;
13:54:03.0703 0432 ============================================================
13:54:05.0046 0432 299BE - ok
13:54:05.0046 0432 54987843 - ok
13:54:05.0109 0432 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:54:05.0109 0432 Aavmker4 - ok
13:54:05.0109 0432 Abiosdsk - ok
13:54:05.0156 0432 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:54:05.0156 0432 abp480n5 - ok
13:54:05.0218 0432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:54:05.0218 0432 ACPI - ok
13:54:05.0265 0432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:54:05.0265 0432 ACPIEC - ok
13:54:05.0296 0432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:54:05.0296 0432 adpu160m - ok
13:54:05.0359 0432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:54:05.0359 0432 aec - ok
13:54:05.0406 0432 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:54:05.0406 0432 agp440 - ok
13:54:05.0421 0432 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:54:05.0437 0432 agpCPQ - ok
13:54:05.0453 0432 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:54:05.0453 0432 Aha154x - ok
13:54:05.0468 0432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:54:05.0468 0432 aic78u2 - ok
13:54:05.0500 0432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:54:05.0500 0432 aic78xx - ok
13:54:05.0515 0432 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:54:05.0515 0432 AliIde - ok
13:54:05.0531 0432 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:54:05.0531 0432 alim1541 - ok
13:54:05.0562 0432 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:54:05.0562 0432 amdagp - ok
13:54:05.0562 0432 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:54:05.0578 0432 amsint - ok
13:54:05.0625 0432 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:54:05.0625 0432 asc - ok
13:54:05.0640 0432 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:54:05.0640 0432 asc3350p - ok
13:54:05.0656 0432 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:54:05.0656 0432 asc3550 - ok
13:54:05.0687 0432 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:54:05.0687 0432 aswFsBlk - ok
13:54:05.0687 0432 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
13:54:05.0703 0432 aswMon2 - ok
13:54:05.0734 0432 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
13:54:05.0734 0432 aswRdr - ok
13:54:05.0750 0432 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
13:54:05.0765 0432 aswSnx - ok
13:54:05.0781 0432 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
13:54:05.0796 0432 aswSP - ok
13:54:05.0843 0432 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
13:54:05.0843 0432 aswTdi - ok
13:54:05.0906 0432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:54:05.0906 0432 AsyncMac - ok
13:54:05.0921 0432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:54:05.0921 0432 atapi - ok
13:54:05.0937 0432 Atdisk - ok
13:54:06.0000 0432 ati2mtag (03621f7f968ff63713943405deb777f9) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:54:06.0031 0432 ati2mtag - ok
13:54:06.0062 0432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:54:06.0078 0432 Atmarpc - ok
13:54:06.0109 0432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:54:06.0109 0432 audstub - ok
13:54:06.0125 0432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:54:06.0125 0432 Beep - ok
13:54:06.0171 0432 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
13:54:06.0171 0432 bvrp_pci - ok
13:54:06.0187 0432 catchme - ok
13:54:06.0218 0432 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:54:06.0218 0432 cbidf - ok
13:54:06.0218 0432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:54:06.0234 0432 cbidf2k - ok
13:54:06.0250 0432 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:54:06.0250 0432 cd20xrnt - ok
13:54:06.0281 0432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:54:06.0281 0432 Cdaudio - ok
13:54:06.0312 0432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:54:06.0312 0432 Cdfs - ok
13:54:06.0343 0432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:54:06.0343 0432 Cdrom - ok
13:54:06.0359 0432 Changer - ok
13:54:06.0406 0432 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:54:06.0406 0432 CmdIde - ok
13:54:06.0421 0432 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:54:06.0421 0432 Cpqarray - ok
13:54:06.0468 0432 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:54:06.0468 0432 dac2w2k - ok
13:54:06.0500 0432 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:54:06.0500 0432 dac960nt - ok
13:54:06.0531 0432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:54:06.0531 0432 Disk - ok
13:54:06.0578 0432 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
13:54:06.0593 0432 DLABOIOM - ok
13:54:06.0593 0432 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
13:54:06.0593 0432 DLACDBHM - ok
13:54:06.0625 0432 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
13:54:06.0625 0432 DLADResN - ok
13:54:06.0640 0432 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
13:54:06.0640 0432 DLAIFS_M - ok
13:54:06.0656 0432 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
13:54:06.0656 0432 DLAOPIOM - ok
13:54:06.0671 0432 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
13:54:06.0671 0432 DLAPoolM - ok
13:54:06.0687 0432 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
13:54:06.0687 0432 DLARTL_N - ok
13:54:06.0703 0432 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
13:54:06.0703 0432 DLAUDFAM - ok
13:54:06.0718 0432 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
13:54:06.0718 0432 DLAUDF_M - ok
13:54:06.0781 0432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:54:06.0796 0432 dmboot - ok
13:54:06.0843 0432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:54:06.0843 0432 dmio - ok
13:54:06.0859 0432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:54:06.0859 0432 dmload - ok
13:54:06.0875 0432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:54:06.0875 0432 DMusic - ok
13:54:06.0937 0432 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
13:54:06.0953 0432 DNINDIS5 - ok
13:54:06.0984 0432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:54:06.0984 0432 dpti2o - ok
13:54:07.0015 0432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:54:07.0015 0432 drmkaud - ok
13:54:07.0031 0432 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
13:54:07.0031 0432 DRVMCDB - ok
13:54:07.0046 0432 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
13:54:07.0046 0432 DRVNDDM - ok
13:54:07.0218 0432 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
13:54:07.0218 0432 DSproct - ok
13:54:07.0265 0432 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
13:54:07.0265 0432 dsunidrv - ok
13:54:07.0312 0432 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:54:07.0312 0432 E100B - ok
13:54:07.0359 0432 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:54:07.0359 0432 e1express - ok
13:54:07.0421 0432 ELacpi (1976fedf6d7f87135c9b7f5cb4c8c868) C:\WINDOWS\system32\DRIVERS\ELacpi.sys
13:54:07.0421 0432 ELacpi - ok
13:54:07.0468 0432 ELhid (ae65c02444907966378454138b9f99f0) C:\WINDOWS\system32\DRIVERS\ELhid.sys
13:54:07.0468 0432 ELhid - ok
13:54:07.0484 0432 ELkbd (e485c3ba1daddeef3e14fea1e8fda6e1) C:\WINDOWS\system32\DRIVERS\ELkbd.sys
13:54:07.0484 0432 ELkbd - ok
13:54:07.0500 0432 ELmon (0d87cb825ed6cb2ebcc147a10a42f1d6) C:\WINDOWS\system32\DRIVERS\ELmon.sys
13:54:07.0500 0432 ELmon - ok
13:54:07.0515 0432 ELmou (a4add3847b67bacab6fc851a2b60fdb3) C:\WINDOWS\system32\DRIVERS\ELmou.sys
13:54:07.0515 0432 ELmou - ok
13:54:07.0593 0432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:54:07.0593 0432 Fastfat - ok
13:54:07.0625 0432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:54:07.0625 0432 Fdc - ok
13:54:07.0671 0432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:54:07.0671 0432 Fips - ok
13:54:07.0703 0432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:54:07.0703 0432 Flpydisk - ok
13:54:07.0734 0432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:54:07.0750 0432 FltMgr - ok
13:54:07.0796 0432 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
13:54:07.0796 0432 FlyUsb - ok
13:54:07.0828 0432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:54:07.0828 0432 Fs_Rec - ok
13:54:07.0843 0432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:54:07.0843 0432 Ftdisk - ok
13:54:07.0921 0432 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
13:54:07.0921 0432 GEARAspiWDM - ok
13:54:07.0984 0432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:54:07.0984 0432 Gpc - ok
13:54:08.0000 0432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:54:08.0015 0432 HDAudBus - ok
13:54:08.0031 0432 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:54:08.0031 0432 HidUsb - ok
13:54:08.0078 0432 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:54:08.0078 0432 hpn - ok
13:54:08.0109 0432 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:54:08.0109 0432 HSFHWBS2 - ok
13:54:08.0156 0432 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:54:08.0171 0432 HSF_DP - ok
13:54:08.0234 0432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:54:08.0234 0432 HTTP - ok
13:54:08.0265 0432 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:54:08.0265 0432 i2omgmt - ok
13:54:08.0296 0432 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:54:08.0296 0432 i2omp - ok
13:54:08.0343 0432 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:54:08.0343 0432 i8042prt - ok
13:54:08.0390 0432 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
13:54:08.0406 0432 iastor - ok
13:54:08.0421 0432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:54:08.0437 0432 Imapi - ok
13:54:08.0468 0432 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:54:08.0468 0432 ini910u - ok
13:54:08.0484 0432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:54:08.0484 0432 IntelIde - ok
13:54:08.0531 0432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:54:08.0531 0432 intelppm - ok
13:54:08.0562 0432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:54:08.0562 0432 Ip6Fw - ok
13:54:08.0593 0432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:54:08.0593 0432 IpFilterDriver - ok
13:54:08.0609 0432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:54:08.0609 0432 IpInIp - ok
13:54:08.0640 0432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:54:08.0656 0432 IpNat - ok
13:54:08.0656 0432 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:54:08.0671 0432 IPSec ( Virus.Win32.ZAccess.c ) - infected
13:54:08.0671 0432 IPSec - detected Virus.Win32.ZAccess.c (0)
13:54:08.0687 0432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:54:08.0687 0432 IRENUM - ok
13:54:08.0703 0432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:54:08.0703 0432 isapnp - ok
13:54:08.0734 0432 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
13:54:08.0734 0432 JSWSCIMD - ok
13:54:08.0765 0432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:54:08.0765 0432 Kbdclass - ok
13:54:08.0781 0432 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:54:08.0781 0432 kbdhid - ok
13:54:08.0812 0432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:54:08.0812 0432 kmixer - ok
13:54:08.0843 0432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:54:08.0843 0432 KSecDD - ok
13:54:08.0859 0432 lbrtfdc - ok
13:54:08.0906 0432 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:54:08.0906 0432 mdmxsdk - ok
13:54:08.0937 0432 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
13:54:08.0937 0432 MHNDRV - ok
13:54:08.0953 0432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:54:08.0953 0432 mnmdd - ok
13:54:08.0984 0432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:54:09.0000 0432 Modem - ok
13:54:09.0000 0432 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:54:09.0000 0432 MODEMCSA - ok
13:54:09.0015 0432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:54:09.0015 0432 Mouclass - ok
13:54:09.0062 0432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:54:09.0078 0432 mouhid - ok
13:54:09.0078 0432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:54:09.0078 0432 MountMgr - ok
13:54:09.0218 0432 MpKsl04a20366 - ok
13:54:09.0218 0432 MpKsl0d50a27f - ok
13:54:09.0234 0432 MpKsl49eb6d9d - ok
13:54:09.0234 0432 MpKsl54e05903 - ok
13:54:09.0234 0432 MpKsl6e0faded - ok
13:54:09.0250 0432 MpKslbf83f00e - ok
13:54:09.0250 0432 MpKslc64fc51d - ok
13:54:09.0265 0432 MpKsldd8c98fd - ok
13:54:09.0265 0432 MpKslfb40abee - ok
13:54:09.0281 0432 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:54:09.0281 0432 mraid35x - ok
13:54:09.0296 0432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:54:09.0296 0432 MRxDAV - ok
13:54:09.0359 0432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:54:09.0375 0432 MRxSmb - ok
13:54:09.0406 0432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:54:09.0406 0432 Msfs - ok
13:54:09.0437 0432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:54:09.0437 0432 MSKSSRV - ok
13:54:09.0484 0432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:54:09.0500 0432 MSPCLOCK - ok
13:54:09.0515 0432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:54:09.0515 0432 MSPQM - ok
13:54:09.0531 0432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:54:09.0531 0432 mssmbios - ok
13:54:09.0546 0432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:54:09.0562 0432 Mup - ok
13:54:09.0609 0432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:54:09.0609 0432 NDIS - ok
13:54:09.0671 0432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:54:09.0671 0432 NdisTapi - ok
13:54:09.0734 0432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:54:09.0734 0432 Ndisuio - ok
13:54:09.0750 0432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:54:09.0750 0432 NdisWan - ok
13:54:09.0781 0432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:54:09.0781 0432 NDProxy - ok
13:54:09.0796 0432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:54:09.0796 0432 NetBIOS - ok
13:54:09.0843 0432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:54:09.0843 0432 NetBT - ok
13:54:09.0890 0432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:54:09.0890 0432 Npfs - ok
13:54:09.0953 0432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:54:09.0953 0432 Ntfs - ok
13:54:09.0968 0432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:54:09.0984 0432 Null - ok
13:54:10.0046 0432 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:54:10.0078 0432 nv - ok
13:54:10.0125 0432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:54:10.0125 0432 NwlnkFlt - ok
13:54:10.0140 0432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:54:10.0140 0432 NwlnkFwd - ok
13:54:10.0187 0432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:54:10.0203 0432 Parport - ok
13:54:10.0203 0432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:54:10.0203 0432 PartMgr - ok
13:54:10.0234 0432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:54:10.0234 0432 ParVdm - ok
13:54:10.0312 0432 PCD5SRVC{57CE0040-62CCC763-05040000} - ok
13:54:10.0328 0432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:54:10.0328 0432 PCI - ok
13:54:10.0343 0432 PCIDump - ok
13:54:10.0343 0432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:54:10.0359 0432 PCIIde - ok
13:54:10.0406 0432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:54:10.0406 0432 Pcmcia - ok
13:54:10.0421 0432 PDCOMP - ok
13:54:10.0437 0432 PDFRAME - ok
13:54:10.0437 0432 PDRELI - ok
13:54:10.0453 0432 PDRFRAME - ok
13:54:10.0468 0432 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:54:10.0484 0432 perc2 - ok
13:54:10.0500 0432 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:54:10.0500 0432 perc2hib - ok
13:54:10.0562 0432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:54:10.0562 0432 PptpMiniport - ok
13:54:10.0578 0432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:54:10.0593 0432 PSched - ok
13:54:10.0593 0432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:54:10.0609 0432 Ptilink - ok
13:54:10.0609 0432 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:54:10.0609 0432 PxHelp20 - ok
13:54:10.0640 0432 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:54:10.0640 0432 ql1080 - ok
13:54:10.0656 0432 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:54:10.0671 0432 Ql10wnt - ok
13:54:10.0687 0432 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:54:10.0687 0432 ql12160 - ok
13:54:10.0703 0432 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:54:10.0703 0432 ql1240 - ok
13:54:10.0734 0432 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:54:10.0734 0432 ql1280 - ok
13:54:10.0765 0432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:54:10.0765 0432 RasAcd - ok
13:54:10.0781 0432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:54:10.0796 0432 Rasl2tp - ok
13:54:10.0796 0432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:54:10.0812 0432 RasPppoe - ok
13:54:10.0812 0432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:54:10.0828 0432 Raspti - ok
13:54:10.0843 0432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:54:10.0843 0432 Rdbss - ok
13:54:10.0859 0432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:54:10.0875 0432 RDPCDD - ok
13:54:10.0937 0432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:54:10.0937 0432 rdpdr - ok
13:54:11.0000 0432 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:54:11.0000 0432 RDPWD - ok
13:54:11.0031 0432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:54:11.0031 0432 redbook - ok
13:54:11.0046 0432 rsrzzelp - ok
13:54:11.0187 0432 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
13:54:11.0187 0432 SASDIFSV - ok
13:54:11.0203 0432 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
13:54:11.0203 0432 SASENUM - ok
13:54:11.0218 0432 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
13:54:11.0234 0432 SASKUTIL - ok
13:54:11.0281 0432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:54:11.0296 0432 Secdrv - ok
13:54:11.0343 0432 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:54:11.0343 0432 serenum - ok
13:54:11.0375 0432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:54:11.0390 0432 Serial - ok
13:54:11.0421 0432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:54:11.0421 0432 Sfloppy - ok
13:54:11.0437 0432 Simbad - ok
13:54:11.0453 0432 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:54:11.0468 0432 sisagp - ok
13:54:11.0484 0432 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:54:11.0484 0432 Sparrow - ok
13:54:11.0531 0432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:54:11.0531 0432 splitter - ok
13:54:11.0562 0432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:54:11.0562 0432 sr - ok
13:54:11.0625 0432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:54:11.0640 0432 Srv - ok
13:54:11.0718 0432 STHDA (2a2dc39623adef8ab3703ab9fac4b440) C:\WINDOWS\system32\drivers\sthda.sys
13:54:11.0734 0432 STHDA - ok
13:54:11.0796 0432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:54:11.0796 0432 swenum - ok
13:54:11.0828 0432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:54:11.0828 0432 swmidi - ok
13:54:11.0875 0432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:54:11.0875 0432 symc810 - ok
13:54:11.0890 0432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:54:11.0890 0432 symc8xx - ok
13:54:11.0906 0432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:54:11.0921 0432 sym_hi - ok
13:54:11.0937 0432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:54:11.0937 0432 sym_u3 - ok
13:54:11.0984 0432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:54:11.0984 0432 sysaudio - ok
13:54:12.0062 0432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:54:12.0062 0432 Tcpip - ok
13:54:12.0109 0432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:54:12.0109 0432 TDPIPE - ok
13:54:12.0156 0432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:54:12.0156 0432 TDTCP - ok
13:54:12.0171 0432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:54:12.0171 0432 TermDD - ok
13:54:12.0218 0432 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:54:12.0218 0432 TosIde - ok
13:54:12.0281 0432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:54:12.0281 0432 Udfs - ok
13:54:12.0312 0432 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:54:12.0312 0432 ultra - ok
13:54:12.0359 0432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:54:12.0375 0432 Update - ok
13:54:12.0406 0432 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:54:12.0421 0432 USBAAPL - ok
13:54:12.0468 0432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:54:12.0468 0432 usbccgp - ok
13:54:12.0484 0432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:54:12.0484 0432 usbehci - ok
13:54:12.0500 0432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:54:12.0500 0432 usbhub - ok
13:54:12.0546 0432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:54:12.0546 0432 usbprint - ok
13:54:12.0578 0432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:54:12.0593 0432 usbscan - ok
13:54:12.0625 0432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:54:12.0625 0432 USBSTOR - ok
13:54:12.0671 0432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:54:12.0671 0432 usbuhci - ok
13:54:12.0687 0432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:54:12.0687 0432 VgaSave - ok
13:54:12.0718 0432 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:54:12.0734 0432 viaagp - ok
13:54:12.0765 0432 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:54:12.0765 0432 ViaIde - ok
13:54:12.0812 0432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:54:12.0828 0432 VolSnap - ok
13:54:12.0843 0432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:54:12.0859 0432 Wanarp - ok
13:54:12.0859 0432 wanatw - ok
13:54:12.0875 0432 WDICA - ok
13:54:12.0890 0432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:54:12.0906 0432 wdmaud - ok
13:54:12.0937 0432 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:54:12.0953 0432 winachsf - ok
13:54:13.0031 0432 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
13:54:13.0046 0432 WN111v2 - ok
13:54:13.0109 0432 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
13:54:13.0109 0432 WSIMD - ok
13:54:13.0156 0432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:54:13.0156 0432 WudfPf - ok
13:54:13.0187 0432 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:54:13.0187 0432 WudfRd - ok
13:54:13.0218 0432 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:54:13.0421 0432 \Device\Harddisk0\DR0 - ok
13:54:13.0437 0432 MBR (0x1B8) (fe3aef5dee52f7de9c622ec12e92058e) \Device\Harddisk1\DR4
13:54:16.0390 0432 \Device\Harddisk1\DR4 - ok
13:54:16.0390 0432 Boot (0x1200) (21f989f1eec19c2cae0d2403d45d4ede) \Device\Harddisk0\DR0\Partition0
13:54:16.0390 0432 \Device\Harddisk0\DR0\Partition0 - ok
13:54:16.0406 0432 Boot (0x1200) (6d9a6c4a8ed04c278543f69c95e42796) \Device\Harddisk1\DR4\Partition0
13:54:16.0406 0432 \Device\Harddisk1\DR4\Partition0 - ok
13:54:16.0406 0432 ============================================================
13:54:16.0406 0432 Scan finished
13:54:16.0406 0432 ============================================================
13:54:16.0421 3136 Detected object count: 1
13:54:16.0421 3136 Actual detected object count: 1
13:54:21.0937 3136 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
13:54:21.0953 3136 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
13:54:29.0796 3136 Backup copy found, using it..
13:54:29.0812 3136 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
13:54:31.0734 3136 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure
13:54:35.0421 3044 Deinitialize success



ASWMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-10 13:26:39
-----------------------------
13:26:39.187 OS Version: Windows 5.1.2600 Service Pack 3
13:26:39.187 Number of processors: 2 586 0x407
13:26:39.187 ComputerName: CARLISLE UserName:
13:26:39.984 Initialize success
13:26:40.125 AVAST engine defs: 11022400
13:27:56.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
13:27:56.593 Disk 0 Vendor: SAMSUNG_SP2504C VT100-48 Size: 238418MB BusType: 3
13:27:56.625 Disk 0 MBR read successfully
13:27:56.625 Disk 0 MBR scan
13:27:56.625 Disk 0 Windows XP default MBR code
13:27:56.625 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:27:56.625 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233601 MB offset 112455
13:27:56.656 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 478528155
13:27:56.671 Disk 0 scanning sectors +488263545
13:27:56.734 Disk 0 scanning C:\WINDOWS\system32\drivers
13:28:06.375 Service scanning
13:28:11.140 Modules scanning
13:28:15.531 Module: C:\WINDOWS\system32\DRIVERS\ipsec.sys **SUSPICIOUS**
13:28:17.546 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
13:28:18.234 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
13:28:19.593 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**
13:28:19.609 Disk 0 trace - called modules:
13:28:19.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf1632fc0]<<
13:28:19.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8734eab8]
13:28:19.640 3 CLASSPNP.SYS[f7512fd7] -> nt!IofCallDriver -> [0x86b1e950]
13:28:19.656 \Driver\00010109[0x86b24030] -> IRP_MJ_CREATE -> 0xf1632fc0
13:28:20.203 AVAST engine scan C:\WINDOWS
13:28:40.781 AVAST engine scan C:\WINDOWS\system32
13:31:04.562 AVAST engine scan C:\WINDOWS\system32\drivers
13:31:15.015 File: C:\WINDOWS\system32\drivers\ipsec.sys **SUSPICIOUS**
13:31:28.828 AVAST engine scan C:\Documents and Settings\Jason Carlisle
13:47:44.968 AVAST engine scan C:\Documents and Settings\All Users
13:50:56.546 Scan finished successfully
13:53:19.750 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jason Carlisle\Desktop\MBR.dat"
13:53:19.750 The log file has been saved successfully to "C:\Documents and Settings\Jason Carlisle\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   526bytes   0 downloads

Jill M***Butterfly Kisses


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 11 February 2012 - 08:06 AM

Please run the aswMBR tool again and post the log.

==

I would also like to see a DDS log if possible.

Please let me know what problem persists.

#5 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 11 February 2012 - 03:52 PM

Okay I ran aswMBR and was able to run DDS. THe Attatch is zipped and attached to the post along with the mbr dat file the rest is in the post... Thanks for all that you are doing.....
By the way the Services error that kept popping is not popping up anymore.

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 13:54:00
-----------------------------
13:54:00.453 OS Version: Windows 5.1.2600 Service Pack 3
13:54:00.453 Number of processors: 2 586 0x407
13:54:00.453 ComputerName: CARLISLE UserName:
13:54:01.171 Initialize success
13:54:01.296 AVAST engine defs: 11022400
13:54:10.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
13:54:10.156 Disk 0 Vendor: SAMSUNG_SP2504C VT100-48 Size: 238418MB BusType: 3
13:54:10.187 Disk 0 MBR read successfully
13:54:10.187 Disk 0 MBR scan
13:54:10.187 Disk 0 Windows XP default MBR code
13:54:10.187 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:54:10.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233601 MB offset 112455
13:54:10.234 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 478528155
13:54:10.234 Disk 0 scanning sectors +488263545
13:54:10.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:54:22.250 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
13:54:29.453 Disk 0 trace - called modules:
13:54:29.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf75e5fc0]<<
13:54:29.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87345ab8]
13:54:29.468 3 CLASSPNP.SYS[f7512fd7] -> nt!IofCallDriver -> [0x871dfa88]
13:54:29.468 \Driver\00000497[0x8729b030] -> IRP_MJ_CREATE -> 0xf75e5fc0
13:54:30.109 AVAST engine scan C:\WINDOWS
13:54:44.843 AVAST engine scan C:\WINDOWS\system32
13:57:07.468 AVAST engine scan C:\WINDOWS\system32\drivers
13:57:13.921 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
13:57:29.156 AVAST engine scan C:\Documents and Settings\Jason Carlisle
14:13:04.937 AVAST engine scan C:\Documents and Settings\All Users
14:15:16.078 Scan finished successfully
14:17:41.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jason Carlisle\Desktop\MBR.dat"
14:17:41.718 The log file has been saved successfully to "C:\Documents and Settings\Jason Carlisle\Desktop\aswMBR.txt"

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Jason Carlisle at 14:18:32 on 2012-02-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.590 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {12A9DB21-42A2-492D-A85C-CDDE0C88B608} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,RunDLLEntry
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: Wallpaper =
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {20722C4E-9050-45C8-8D1A-816C4A06AD90} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_6/PhotoCenter_ActiveX_Control.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://employees.sentry.com/InternalSite/WhlCompMgr.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{51564908-1C14-4993-8DB8-A3A531605333} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7080B8EF-169E-4BCA-90A8-60511251BDA5} : DhcpNameServer = 75.75.75.75 75.75.76.76
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jason carlisle\application data\mozilla\firefox\profiles\8nxftq42.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=20011&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-12 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-12 301528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-12 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-12 42184]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
S1 MpKsl04a20366;MpKsl04a20366;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca167369-12db-42ef-bfe4-fbc88cb85286}\mpksl04a20366.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca167369-12db-42ef-bfe4-fbc88cb85286}\MpKsl04a20366.sys [?]
S1 MpKsl0d50a27f;MpKsl0d50a27f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abe094bf-b27f-4c98-9909-237b579d31b1}\mpksl0d50a27f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{abe094bf-b27f-4c98-9909-237b579d31b1}\MpKsl0d50a27f.sys [?]
S1 MpKsl49eb6d9d;MpKsl49eb6d9d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c57d0bea-9022-404d-8e78-41a5d4694cf8}\mpksl49eb6d9d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c57d0bea-9022-404d-8e78-41a5d4694cf8}\MpKsl49eb6d9d.sys [?]
S1 MpKsl54e05903;MpKsl54e05903;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\mpksl54e05903.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\MpKsl54e05903.sys [?]
S1 MpKsl6e0faded;MpKsl6e0faded;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7df836d0-d35a-4dce-885a-1449cad6a3f4}\mpksl6e0faded.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7df836d0-d35a-4dce-885a-1449cad6a3f4}\MpKsl6e0faded.sys [?]
S1 MpKslbf83f00e;MpKslbf83f00e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\mpkslbf83f00e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\MpKslbf83f00e.sys [?]
S1 MpKslc64fc51d;MpKslc64fc51d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\mpkslc64fc51d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{84d5858e-fecd-4dd3-90a3-0003f1b6dc7d}\MpKslc64fc51d.sys [?]
S1 MpKsldd8c98fd;MpKsldd8c98fd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{771ab23f-89bc-42ba-8f2c-a296edaeb0fe}\mpksldd8c98fd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{771ab23f-89bc-42ba-8f2c-a296edaeb0fe}\MpKsldd8c98fd.sys [?]
S1 MpKslfb40abee;MpKslfb40abee;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65d3fc25-83b9-409c-a7ef-49524bbfc3c8}\mpkslfb40abee.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65d3fc25-83b9-409c-a7ef-49524bbfc3c8}\MpKslfb40abee.sys [?]
S1 rsrzzelp;rsrzzelp;\??\c:\windows\system32\drivers\rsrzzelp.sys --> c:\windows\system32\drivers\rsrzzelp.sys [?]
S3 54987843;54987843; [x]
S3 DMService;Whale Component Manager;c:\windows\downlo~1\DMService.exe [2011-1-16 428184]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-19 18560]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-21 136176]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 PCD5SRVC{57CE0040-62CCC763-05040000};PCD5SRVC{57CE0040-62CCC763-05040000} - PCDR Kernel Mode Service Helper Driver;\??\c:\progra~1\dellsu~2\hwdiag\bin\pcd5srvc.pkms --> c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-21 136176]
.
=============== Created Last 30 ================
.
2012-02-10 19:21:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 20:52:34 -------- d-----w- c:\documents and settings\jason carlisle\application data\Malwarebytes
2012-02-05 21:41:07 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-01-20 01:16:39 -------- d-sh--w- C:\found.001
.
==================== Find3M ====================
.
2012-02-10 19:56:06 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-01-15 16:35:29 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 14:22:59.90 ===============

Attached Files


Jill M***Butterfly Kisses


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 12 February 2012 - 07:39 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall
===

If ComboFix stalls for more than 60 minutes please stop the process and restart the program.
You may have to do this a few times as this infection is difficult to remove.

#7 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 12 February 2012 - 04:18 PM

Ok combo fix ran and now I have the bluescreen of Death error code 0x0000007B.... Now what? It won't go into safe mode either

Edited by jillmarten, 12 February 2012 - 04:21 PM.

Jill M***Butterfly Kisses


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 13 February 2012 - 09:35 AM

Did you install the Windows Recovery Console when you first executed ComboFix?
If it was installed when you boot normally you should have an option to select it.
This option will appear for a few seconds so be alert.


Do you have the Windows XP installation disk handy?

Keep me posted.

#9 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 February 2012 - 09:55 AM

I have windows recovery console installed. It was already installed. I do have a winxp disk handy. I did go in to the recovery console and ran chkdsk /r it found errors and repaired them so I ran it again to make sure it came out clean and it did... What next... Please help.. I need this computer...Actually Files on this computer I need...

Jill M***Butterfly Kisses


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 13 February 2012 - 11:14 AM

You will find all the commands available to your in the Recovery Console.

http://support.microsoft.com/kb/314058

I suggest you copy all your files to a CD or Flash drive before doing anything else.
===

Your error is probably caused by a virus or a bad driver.

Advanced troubleshooting for "Stop 0x0000007B" errors in Windows XP
http://support.microsoft.com/kb/324103
===

I would then try to FIX the Master Boot Record.
http://support.microsoft.com/kb/314058

FIXMBR
fixmbr device name
Use this command to repair the MBR of the boot partition. In the command syntax, device name is an optional device name that specifies the device that requires a new MBR. Use this command if a virus has damaged the MBR and Windows cannot start.

Warning This command can damage your partition tables if a virus is present or if a hardware problem exists. If you use this command, you may create inaccessible partitions.

If that fails then reinstall XP

How to perform an in-place upgrade (reinstallation) of Windows XP
http://support.microsoft.com/kb/978788

If you have any questions before proceeding please let me know.

#11 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 February 2012 - 11:33 AM

How do I backup my files if I can't get into windows?

Jill M***Butterfly Kisses


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 13 February 2012 - 01:23 PM

I did go in to the recovery console and ran chkdsk /r it found errors and repaired them so I ran it again to make sure it came out clean and it did.


You were able to run chkdsk from the recovery console are you not able to use the Copy function to same you files?

===

I do have a winxp disk handy

What options do you have is your start the computer with this disk in the CD drive?

#13 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 February 2012 - 02:12 PM

It isn't the original xp disk that came with the computer tho... The one that came with is xp with media center

Jill M***Butterfly Kisses


#14 jillmarten

jillmarten
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 13 February 2012 - 02:43 PM

Okay found the right disk for the version that is installed on this computer. Will an in-place upgrade (reinstallation) of Windows XP erase all of my documents, pictures and things?

Jill M***Butterfly Kisses


#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,214 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:01 AM

Posted 14 February 2012 - 08:55 AM

It's recommended here.

http://support.microsoft.com/kb/978788

Read this article. Print it for reference.

====

If unable to save your files run this tool.
You may be able to restore your computer or at least save your files suggested in the Microsoft article.

Read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like BurnAware Free or ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


Summarizing:
  • Go to a clean PC.
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • At the infected PC: put the disk in the drive and reboot.

Follow the directions here, but you will find some differences.

Familiarize yourself with How to create a report file in Kaspersky Rescue Disk 10?

Print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever)
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update if any available
Back to other tab and click Start Object Scan.
(It took 3 hours to scan my 47G)
When scan has completed save a report:

On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.

Post the content of the file for my review.
Let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users