Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan infected cdrom.sys driver. what should I do?


  • This topic is locked This topic is locked
31 replies to this topic

#1 AgoodLEARNER

AgoodLEARNER

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 18 February 2012 - 08:33 PM

I posted on here about my problem a few weeks ago but I didn't get a e-mail notification about any reply, so the topic got canceled. I apologize. I'm a noob to this forum lol. Anyways here's my dilemma...

I ran Malwarebytes after I had a blue screen crash. Malwarebytes found a Trojan.Patched under system32\drivers\cdrom.sys and an Exploit.Drop under windows\temp\wpbt0.dll. I had them both removed and quarantined. Now my cdrom doesn't work because the driver is missing. After doing some research I tried uninstalling my cdrom and restarting, but that isn't working. I'm trying to figure out how to get my cdrom driver back. I would like to somehow clean my cdrom.sys file because I can't find a replacement for it.

For the record, I restored the cdrom.sys file today and ran a ZeroAccess Removal tool just to see if it could clean it. It didn't even find anything.

Any help fixing this problem would be appreciated. I will make sure to adjust the notification settings this time so I can know when to respond. Thanks.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 19 February 2012 - 02:58 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 19 February 2012 - 03:53 PM

Hi Gringo, Thanks for the reply. I appreciate your help.
Here are the DDS logs:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_20
Run by Set Up Shop at 15:45:16 on 2012-02-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.940 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\StkASv2K.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Set Up Shop\Desktop\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = about:blank
uLocal Page = about:blank
uSearch Page = about:blank
mStart Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mLocal Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4B18F9BC-B7E7-445C-99E0-F4FBD4EE9210} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\set up shop\appdata\roaming\mozilla\firefox\profiles\s0q7y7fj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 6522
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\set up shop\appdata\roaming\mozilla\firefox\profiles\s0q7y7fj.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\set up shop\appdata\roaming\mozilla\firefox\profiles\s0q7y7fj.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
.
============= SERVICES / DRIVERS ===============
.
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-4 652360]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-25 365952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-31 1153368]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2011-3-9 238592]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2011-3-9 1060864]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2011-3-9 484352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-4 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-25 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-16 135664]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-19 00:34:02 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-01-25 03:06:47 -------- d-----w- c:\users\set up shop\appdata\local\ElevatedDiagnostics
2012-01-24 00:53:11 -------- d-----w- c:\program files\NirSoft
.
==================== Find3M ====================
.
2012-02-19 00:27:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 04:02:07 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 15:46:55.12 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/15/2009 6:58:42 AM
System Uptime: 2/19/2012 1:49:07 PM (2 hours ago)
.
Motherboard: Wistron | | 303C
Processor: AMD Athlon Dual-Core QL-62 | Socket A | 1000/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 74.822 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.828 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Optiarc DVD RW AD-7560S ATA Device
Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7560S_________________SH03____\5&1BA4DB8C&0&0.0.0
Manufacturer:
Name: Optiarc DVD RW AD-7560S ATA Device
PNP Device ID: IDE\CDROMOPTIARC_DVD_RW_AD-7560S_________________SH03____\5&1BA4DB8C&0&0.0.0
Service:
.
==== System Restore Points ===================
.
RP868: 2/2/2012 7:27:01 PM - Scheduled Checkpoint
RP869: 2/3/2012 4:15:17 PM - Scheduled Checkpoint
RP870: 2/4/2012 9:21:17 PM - Scheduled Checkpoint
RP871: 2/6/2012 6:21:12 PM - Scheduled Checkpoint
RP872: 2/8/2012 12:43:11 AM - Scheduled Checkpoint
RP873: 2/8/2012 2:09:33 PM - Scheduled Checkpoint
RP874: 2/10/2012 12:00:03 AM - Scheduled Checkpoint
RP875: 2/11/2012 8:08:00 PM - Scheduled Checkpoint
RP876: 2/13/2012 6:28:25 PM - Scheduled Checkpoint
RP877: 2/14/2012 6:02:51 PM - Scheduled Checkpoint
RP878: 2/15/2012 9:01:00 PM - Scheduled Checkpoint
RP879: 2/16/2012 6:19:15 PM - Scheduled Checkpoint
RP880: 2/18/2012 1:04:54 AM - Scheduled Checkpoint
RP881: 2/18/2012 9:37:14 PM - Scheduled Checkpoint
RP882: 2/19/2012 2:36:32 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.0
Adobe Shockwave Player
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Atheros Driver Installation Program
AXIS Media Control Embedded
Belkin Setup and Router Monitor
Bonjour
BovadaPoker
CCleaner
CCScore
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink DVD Suite
DHTML Editing Component
DivX Web Player
DNA
DVD Flick 1.3.0.7
EasyViewer
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ESU for Microsoft Vista
Exif Tag Remover 4.01
fflink
File Secure Pro Viewer
Google Earth
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
iTunes
Java Auto Updater
Java™ 6 Update 20
Juno Preloader
K-Lite Mega Codec Pack 6.8.0
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.25)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
neroxml
netbrdg
NetWaiting
NirSoft BlueScreenView
Norton Internet Security
Notepad++
NVIDIA Drivers
OfotoXMI
OpenOffice.org 3.2
PokerStars.net
Power2Go
PowerDirector
Project Torque
PVSonyDll
QuickTime
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SFR
SHASTA
skin0001
SKINXSDK
Spelling Dictionaries Support For Adobe Reader 9
SPORE Creature Creator Trial Edition
Spybot - Search & Destroy
Stamps.com
staticcr
Synaptics Pointing Device Driver
TagBot
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VLC media player 1.0.1
VPRINTOL
WD SmartWare
WinRAR archiver
WIRELESS
Xfire (remove only)
XfireXO Toolbar
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/19/2012 12:36:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
2/19/2012 1:50:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom SRTSP SRTSPX
2/19/2012 1:49:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
2/19/2012 1:49:59 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
2/19/2012 1:49:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
2/19/2012 1:49:59 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/19/2012 1:49:59 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
2/18/2012 8:38:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AffinegyService service to connect.
2/18/2012 8:38:58 PM, Error: Service Control Manager [7000] - The AffinegyService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/18/2012 7:30:16 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
2/18/2012 7:24:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/18/2012 7:24:54 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/18/2012 7:24:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 19 February 2012 - 05:13 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 19 February 2012 - 06:10 PM

Ok well here's the problem with that. I've attempted to run combofix before but no matter what, it always detects AVG running. Even tho I don't even have it on my computer anymore. I've searched far and wide for a solution to this and haven't been able to find one. I've deleted left over entries from my registry and everything. I really can't find a single trace of AVG left on my computer, yet and still combofix detects that it is still running. I don't get it.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 19 February 2012 - 06:22 PM

go ahead and run it and I will remove it later

it is not that combofix detects it - windows is telling combofix that it is running


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 19 February 2012 - 07:33 PM

I ran combofix and surprisingly it didn't detect AVG (first time ever). But it froze up at the screen saying "this may take up to 10 minutes..etc". The cursor was blinking and my computer was still working fine. I left combofix running for about an hour until I finally closed it and restarted my computer. What should I do now?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 19 February 2012 - 08:25 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 19 February 2012 - 10:59 PM

I booted into safe mode and combofix is still doing the same thing. It does the system restore thing then it says its scanning for files and may take 10 minutes etc, but thats it. It just stays at that screen for a long time and never shows any progress.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 19 February 2012 - 11:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 20 February 2012 - 12:26 AM

Here's the TDSS log:

00:16:42.0525 2652 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
00:16:42.0822 2652 ============================================================
00:16:42.0822 2652 Current date / time: 2012/02/20 00:16:42.0822
00:16:42.0822 2652 SystemInfo:
00:16:42.0822 2652
00:16:42.0822 2652 OS Version: 6.0.6002 ServicePack: 2.0
00:16:42.0822 2652 Product type: Workstation
00:16:42.0822 2652 ComputerName: SETUPSHOP-PC
00:16:42.0822 2652 UserName: Set Up Shop
00:16:42.0822 2652 Windows directory: C:\Windows
00:16:42.0822 2652 System windows directory: C:\Windows
00:16:42.0822 2652 Processor architecture: Intel x86
00:16:42.0822 2652 Number of processors: 2
00:16:42.0822 2652 Page size: 0x1000
00:16:42.0822 2652 Boot type: Normal boot
00:16:42.0822 2652 ============================================================
00:16:45.0474 2652 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:16:45.0489 2652 \Device\Harddisk0\DR0:
00:16:45.0489 2652 MBR used
00:16:45.0489 2652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC02FC1
00:16:45.0489 2652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC03000, BlocksNum 0x15C1000
00:16:45.0614 2652 Initialize success
00:16:45.0614 2652 ============================================================
00:16:51.0386 3820 ============================================================
00:16:51.0386 3820 Scan started
00:16:51.0386 3820 Mode: Manual;
00:16:51.0386 3820 ============================================================
00:16:52.0946 3820 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:16:52.0962 3820 ACPI - ok
00:16:53.0055 3820 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:16:53.0071 3820 adp94xx - ok
00:16:53.0086 3820 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:16:53.0102 3820 adpahci - ok
00:16:53.0133 3820 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:16:53.0133 3820 adpu160m - ok
00:16:53.0164 3820 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:16:53.0164 3820 adpu320 - ok
00:16:53.0274 3820 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:16:53.0274 3820 AFD - ok
00:16:53.0336 3820 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:16:53.0336 3820 agp440 - ok
00:16:53.0367 3820 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:16:53.0367 3820 aic78xx - ok
00:16:53.0398 3820 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
00:16:53.0398 3820 aliide - ok
00:16:53.0430 3820 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:16:53.0430 3820 amdagp - ok
00:16:53.0445 3820 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
00:16:53.0445 3820 amdide - ok
00:16:53.0492 3820 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:16:53.0508 3820 AmdK7 - ok
00:16:53.0539 3820 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:16:53.0539 3820 AmdK8 - ok
00:16:53.0617 3820 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:16:53.0617 3820 arc - ok
00:16:53.0679 3820 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:16:53.0679 3820 arcsas - ok
00:16:53.0788 3820 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:16:53.0788 3820 AsyncMac - ok
00:16:53.0866 3820 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:16:53.0866 3820 atapi - ok
00:16:53.0944 3820 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
00:16:53.0976 3820 athr - ok
00:16:54.0116 3820 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:16:54.0116 3820 Beep - ok
00:16:54.0147 3820 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:16:54.0163 3820 blbdrive - ok
00:16:54.0256 3820 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:16:54.0256 3820 bowser - ok
00:16:54.0288 3820 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:16:54.0288 3820 BrFiltLo - ok
00:16:54.0319 3820 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:16:54.0319 3820 BrFiltUp - ok
00:16:54.0350 3820 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:16:54.0350 3820 Brserid - ok
00:16:54.0381 3820 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:16:54.0381 3820 BrSerWdm - ok
00:16:54.0412 3820 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:16:54.0412 3820 BrUsbMdm - ok
00:16:54.0444 3820 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:16:54.0444 3820 BrUsbSer - ok
00:16:54.0475 3820 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:16:54.0475 3820 BTHMODEM - ok
00:16:54.0584 3820 catchme - ok
00:16:54.0615 3820 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:16:54.0615 3820 cdfs - ok
00:16:54.0693 3820 cdrom (ce85042e0aad5e68045431d6ef7f8b60) C:\Windows\system32\DRIVERS\cdrom.sys
00:16:54.0693 3820 cdrom ( Virus.Win32.ZAccess.k ) - infected
00:16:54.0693 3820 cdrom - detected Virus.Win32.ZAccess.k (0)
00:16:54.0787 3820 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:16:54.0802 3820 circlass - ok
00:16:55.0099 3820 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:16:55.0099 3820 CLFS - ok
00:16:55.0146 3820 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:16:55.0146 3820 CmBatt - ok
00:16:55.0161 3820 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
00:16:55.0161 3820 cmdide - ok
00:16:55.0302 3820 CnxtHdAudService (dda0cb141150fef87419926790cd26c8) C:\Windows\system32\drivers\CHDRT32.sys
00:16:55.0333 3820 CnxtHdAudService - ok
00:16:55.0426 3820 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:16:55.0426 3820 Compbatt - ok
00:16:55.0520 3820 cpuz132 - ok
00:16:55.0567 3820 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:16:55.0645 3820 crcdisk - ok
00:16:55.0863 3820 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:16:55.0863 3820 Crusoe - ok
00:16:55.0957 3820 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:16:55.0972 3820 DfsC - ok
00:16:56.0035 3820 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:16:56.0035 3820 disk - ok
00:16:56.0128 3820 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:16:56.0128 3820 drmkaud - ok
00:16:56.0238 3820 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
00:16:56.0253 3820 DXGKrnl - ok
00:16:56.0300 3820 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:16:56.0300 3820 E1G60 - ok
00:16:56.0378 3820 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:16:56.0378 3820 Ecache - ok
00:16:56.0440 3820 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:16:56.0456 3820 elxstor - ok
00:16:56.0503 3820 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:16:56.0503 3820 ErrDev - ok
00:16:56.0596 3820 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:16:56.0612 3820 exfat - ok
00:16:56.0674 3820 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:16:56.0690 3820 fastfat - ok
00:16:56.0721 3820 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:16:56.0737 3820 fdc - ok
00:16:56.0815 3820 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:16:56.0815 3820 FileInfo - ok
00:16:56.0846 3820 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:16:56.0846 3820 Filetrace - ok
00:16:56.0893 3820 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:16:56.0908 3820 flpydisk - ok
00:16:56.0971 3820 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:16:56.0971 3820 FltMgr - ok
00:16:57.0018 3820 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
00:16:57.0018 3820 Fs_Rec - ok
00:16:57.0064 3820 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:16:57.0064 3820 gagp30kx - ok
00:16:57.0111 3820 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:16:57.0111 3820 GEARAspiWDM - ok
00:16:57.0220 3820 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:16:57.0220 3820 HdAudAddService - ok
00:16:57.0298 3820 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:16:57.0314 3820 HDAudBus - ok
00:16:57.0345 3820 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:16:57.0345 3820 HidBth - ok
00:16:57.0392 3820 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:16:57.0392 3820 HidIr - ok
00:16:57.0454 3820 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:16:57.0454 3820 HidUsb - ok
00:16:57.0501 3820 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:16:57.0501 3820 HpCISSs - ok
00:16:57.0517 3820 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:16:57.0517 3820 HpqKbFiltr - ok
00:16:57.0688 3820 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
00:16:57.0720 3820 HSF_DPV - ok
00:16:57.0782 3820 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
00:16:57.0782 3820 HSXHWAZL - ok
00:16:57.0860 3820 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:16:57.0860 3820 HTTP - ok
00:16:57.0922 3820 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:16:57.0922 3820 i2omp - ok
00:16:58.0000 3820 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:16:58.0000 3820 i8042prt - ok
00:16:58.0032 3820 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:16:58.0032 3820 iaStorV - ok
00:16:58.0078 3820 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:16:58.0078 3820 iirsp - ok
00:16:58.0110 3820 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
00:16:58.0110 3820 intelide - ok
00:16:58.0156 3820 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:16:58.0156 3820 intelppm - ok
00:16:58.0203 3820 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:16:58.0219 3820 IpFilterDriver - ok
00:16:58.0250 3820 IpInIp - ok
00:16:58.0281 3820 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:16:58.0281 3820 IPMIDRV - ok
00:16:58.0328 3820 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:16:58.0328 3820 IPNAT - ok
00:16:58.0390 3820 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:16:58.0390 3820 IRENUM - ok
00:16:58.0406 3820 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:16:58.0406 3820 isapnp - ok
00:16:58.0500 3820 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:16:58.0500 3820 iScsiPrt - ok
00:16:58.0531 3820 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:16:58.0531 3820 iteatapi - ok
00:16:58.0578 3820 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:16:58.0578 3820 iteraid - ok
00:16:58.0609 3820 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:16:58.0640 3820 kbdclass - ok
00:16:58.0671 3820 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:16:58.0671 3820 kbdhid - ok
00:16:58.0734 3820 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
00:16:58.0749 3820 KSecDD - ok
00:16:58.0827 3820 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:16:58.0827 3820 lltdio - ok
00:16:58.0874 3820 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:16:58.0874 3820 LSI_FC - ok
00:16:58.0905 3820 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:16:58.0905 3820 LSI_SAS - ok
00:16:58.0952 3820 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:16:58.0952 3820 LSI_SCSI - ok
00:16:58.0983 3820 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:16:58.0983 3820 luafv - ok
00:16:59.0014 3820 lvpopflt - ok
00:16:59.0030 3820 LVRS - ok
00:16:59.0046 3820 LVUVC - ok
00:16:59.0139 3820 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
00:16:59.0139 3820 MBAMProtector - ok
00:16:59.0186 3820 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
00:16:59.0186 3820 mdmxsdk - ok
00:16:59.0217 3820 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:16:59.0217 3820 megasas - ok
00:16:59.0264 3820 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:16:59.0264 3820 MegaSR - ok
00:16:59.0295 3820 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:16:59.0311 3820 Modem - ok
00:16:59.0358 3820 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:16:59.0358 3820 monitor - ok
00:16:59.0373 3820 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:16:59.0389 3820 mouclass - ok
00:16:59.0420 3820 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:16:59.0420 3820 mouhid - ok
00:16:59.0451 3820 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:16:59.0451 3820 MountMgr - ok
00:16:59.0482 3820 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:16:59.0498 3820 mpio - ok
00:16:59.0545 3820 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:16:59.0545 3820 mpsdrv - ok
00:16:59.0576 3820 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:16:59.0592 3820 Mraid35x - ok
00:16:59.0654 3820 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:16:59.0654 3820 MRxDAV - ok
00:16:59.0701 3820 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:16:59.0716 3820 mrxsmb - ok
00:16:59.0794 3820 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:16:59.0794 3820 mrxsmb10 - ok
00:16:59.0826 3820 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:16:59.0826 3820 mrxsmb20 - ok
00:16:59.0857 3820 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
00:16:59.0857 3820 msahci - ok
00:16:59.0888 3820 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:16:59.0888 3820 msdsm - ok
00:16:59.0935 3820 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:16:59.0935 3820 Msfs - ok
00:16:59.0997 3820 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:16:59.0997 3820 msisadrv - ok
00:17:00.0091 3820 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:17:00.0091 3820 MSKSSRV - ok
00:17:00.0122 3820 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:00.0122 3820 MSPCLOCK - ok
00:17:00.0169 3820 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:17:00.0169 3820 MSPQM - ok
00:17:00.0231 3820 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:17:00.0231 3820 MsRPC - ok
00:17:00.0262 3820 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:17:00.0262 3820 mssmbios - ok
00:17:00.0294 3820 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:17:00.0309 3820 MSTEE - ok
00:17:00.0356 3820 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:17:00.0356 3820 Mup - ok
00:17:00.0496 3820 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:17:00.0496 3820 NativeWifiP - ok
00:17:00.0512 3820 NAVENG - ok
00:17:00.0528 3820 NAVEX15 - ok
00:17:00.0621 3820 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:17:00.0637 3820 NDIS - ok
00:17:00.0668 3820 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:00.0668 3820 NdisTapi - ok
00:17:00.0715 3820 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:00.0730 3820 Ndisuio - ok
00:17:01.0011 3820 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:01.0074 3820 NdisWan - ok
00:17:01.0183 3820 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:17:01.0183 3820 NDProxy - ok
00:17:01.0214 3820 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:17:01.0214 3820 NetBIOS - ok
00:17:01.0276 3820 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:17:01.0276 3820 netbt - ok
00:17:01.0432 3820 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
00:17:01.0495 3820 NETw3v32 - ok
00:17:01.0526 3820 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:17:01.0526 3820 nfrd960 - ok
00:17:01.0604 3820 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:17:01.0604 3820 Npfs - ok
00:17:01.0635 3820 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:17:01.0635 3820 nsiproxy - ok
00:17:01.0729 3820 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:17:01.0760 3820 Ntfs - ok
00:17:01.0854 3820 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:17:01.0854 3820 ntrigdigi - ok
00:17:01.0900 3820 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:17:01.0900 3820 Null - ok
00:17:02.0010 3820 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
00:17:02.0041 3820 NVENETFD - ok
00:17:02.0103 3820 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\Windows\system32\drivers\nvhda32v.sys
00:17:02.0103 3820 NVHDA - ok
00:17:02.0400 3820 nvlddmkm (9fa0906253ba079d8c086cd2700e8b4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:17:02.0634 3820 nvlddmkm - ok
00:17:02.0758 3820 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:17:02.0758 3820 nvraid - ok
00:17:02.0852 3820 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
00:17:02.0852 3820 nvsmu - ok
00:17:02.0946 3820 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:17:02.0946 3820 nvstor - ok
00:17:03.0039 3820 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:17:03.0039 3820 nv_agp - ok
00:17:03.0055 3820 NwlnkFlt - ok
00:17:03.0070 3820 NwlnkFwd - ok
00:17:03.0133 3820 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
00:17:03.0133 3820 ohci1394 - ok
00:17:03.0195 3820 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:17:03.0195 3820 Parport - ok
00:17:03.0273 3820 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
00:17:03.0273 3820 partmgr - ok
00:17:03.0304 3820 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:17:03.0304 3820 Parvdm - ok
00:17:03.0382 3820 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:17:03.0382 3820 pci - ok
00:17:03.0429 3820 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:17:03.0429 3820 pciide - ok
00:17:03.0460 3820 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:17:03.0476 3820 pcmcia - ok
00:17:03.0554 3820 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:17:03.0585 3820 PEAUTH - ok
00:17:03.0710 3820 pfc (444f122e68db44c0589227781f3c8b3f) C:\Windows\system32\drivers\pfc.sys
00:17:03.0710 3820 pfc - ok
00:17:03.0788 3820 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:17:03.0788 3820 PptpMiniport - ok
00:17:03.0804 3820 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
00:17:03.0804 3820 Processor - ok
00:17:03.0866 3820 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:17:03.0866 3820 PSched - ok
00:17:03.0944 3820 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:17:03.0975 3820 ql2300 - ok
00:17:03.0991 3820 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:17:03.0991 3820 ql40xx - ok
00:17:04.0022 3820 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:17:04.0022 3820 QWAVEdrv - ok
00:17:04.0053 3820 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:17:04.0053 3820 RasAcd - ok
00:17:04.0084 3820 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:04.0084 3820 Rasl2tp - ok
00:17:04.0147 3820 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:04.0162 3820 RasPppoe - ok
00:17:04.0209 3820 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:17:04.0209 3820 RasSstp - ok
00:17:04.0272 3820 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:17:04.0287 3820 rdbss - ok
00:17:04.0287 3820 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:04.0303 3820 RDPCDD - ok
00:17:04.0381 3820 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:17:04.0381 3820 rdpdr - ok
00:17:04.0396 3820 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:17:04.0396 3820 RDPENCDD - ok
00:17:04.0443 3820 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
00:17:04.0459 3820 RDPWD - ok
00:17:04.0552 3820 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:17:04.0552 3820 rspndr - ok
00:17:04.0599 3820 RTSTOR (d1fb9a678bd6c2b1129fcb09d5feb6dd) C:\Windows\system32\drivers\RTSTOR.SYS
00:17:04.0599 3820 RTSTOR - ok
00:17:04.0646 3820 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:17:04.0662 3820 sbp2port - ok
00:17:04.0724 3820 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
00:17:04.0724 3820 sdbus - ok
00:17:04.0755 3820 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:17:04.0755 3820 secdrv - ok
00:17:04.0833 3820 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:17:04.0833 3820 Serenum - ok
00:17:04.0864 3820 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:17:04.0880 3820 Serial - ok
00:17:04.0974 3820 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:17:04.0974 3820 sermouse - ok
00:17:05.0020 3820 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:17:05.0020 3820 sffdisk - ok
00:17:05.0052 3820 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:17:05.0052 3820 sffp_mmc - ok
00:17:05.0083 3820 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:17:05.0083 3820 sffp_sd - ok
00:17:05.0114 3820 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:17:05.0114 3820 sfloppy - ok
00:17:05.0145 3820 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:17:05.0161 3820 sisagp - ok
00:17:05.0192 3820 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:17:05.0192 3820 SiSRaid2 - ok
00:17:05.0223 3820 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:17:05.0223 3820 SiSRaid4 - ok
00:17:05.0301 3820 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:17:05.0301 3820 Smb - ok
00:17:05.0348 3820 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:17:05.0348 3820 spldr - ok
00:17:05.0364 3820 SRTSP - ok
00:17:05.0379 3820 SRTSPX - ok
00:17:05.0504 3820 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:17:05.0504 3820 srv - ok
00:17:05.0582 3820 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:17:05.0582 3820 srv2 - ok
00:17:05.0613 3820 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:17:05.0613 3820 srvnet - ok
00:17:05.0738 3820 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\Windows\system32\Drivers\StkAMini.sys
00:17:05.0754 3820 StkAMini - ok
00:17:05.0847 3820 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\Windows\system32\Drivers\StkScan.sys
00:17:05.0847 3820 StkScan - ok
00:17:05.0878 3820 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:17:05.0894 3820 swenum - ok
00:17:05.0925 3820 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:17:05.0925 3820 Symc8xx - ok
00:17:05.0956 3820 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:17:05.0956 3820 Sym_hi - ok
00:17:05.0972 3820 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:17:05.0988 3820 Sym_u3 - ok
00:17:06.0097 3820 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
00:17:06.0112 3820 SynTP - ok
00:17:06.0253 3820 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
00:17:06.0284 3820 Tcpip - ok
00:17:06.0315 3820 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
00:17:06.0331 3820 Tcpip6 - ok
00:17:06.0378 3820 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:17:06.0378 3820 tcpipreg - ok
00:17:06.0424 3820 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:17:06.0424 3820 TDPIPE - ok
00:17:06.0456 3820 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:17:06.0456 3820 TDTCP - ok
00:17:06.0502 3820 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:17:06.0502 3820 tdx - ok
00:17:06.0565 3820 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:17:06.0565 3820 TermDD - ok
00:17:06.0658 3820 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:06.0658 3820 tssecsrv - ok
00:17:06.0690 3820 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:17:06.0690 3820 tunmp - ok
00:17:06.0752 3820 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:17:06.0768 3820 tunnel - ok
00:17:06.0799 3820 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:17:06.0799 3820 uagp35 - ok
00:17:06.0861 3820 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:17:06.0877 3820 udfs - ok
00:17:06.0908 3820 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:17:06.0908 3820 uliagpkx - ok
00:17:06.0939 3820 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:17:06.0955 3820 uliahci - ok
00:17:06.0970 3820 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:17:06.0986 3820 UlSata - ok
00:17:07.0002 3820 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:17:07.0002 3820 ulsata2 - ok
00:17:07.0017 3820 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:17:07.0033 3820 umbus - ok
00:17:07.0095 3820 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
00:17:07.0095 3820 USBAAPL - ok
00:17:07.0173 3820 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:17:07.0189 3820 usbaudio - ok
00:17:07.0220 3820 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:17:07.0220 3820 usbccgp - ok
00:17:07.0267 3820 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:17:07.0267 3820 usbcir - ok
00:17:07.0298 3820 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:17:07.0298 3820 usbehci - ok
00:17:07.0329 3820 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:17:07.0329 3820 usbhub - ok
00:17:07.0345 3820 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
00:17:07.0360 3820 usbohci - ok
00:17:07.0423 3820 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:17:07.0438 3820 usbprint - ok
00:17:07.0470 3820 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:17:07.0470 3820 USBSTOR - ok
00:17:07.0501 3820 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:17:07.0501 3820 usbuhci - ok
00:17:07.0563 3820 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:17:07.0563 3820 usbvideo - ok
00:17:07.0626 3820 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:07.0626 3820 vga - ok
00:17:07.0657 3820 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:17:07.0657 3820 VgaSave - ok
00:17:07.0688 3820 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:17:07.0688 3820 viaagp - ok
00:17:07.0719 3820 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:17:07.0719 3820 ViaC7 - ok
00:17:07.0735 3820 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
00:17:07.0750 3820 viaide - ok
00:17:07.0766 3820 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:17:07.0766 3820 volmgr - ok
00:17:07.0844 3820 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:17:07.0844 3820 volmgrx - ok
00:17:07.0891 3820 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:17:07.0891 3820 volsnap - ok
00:17:07.0922 3820 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:17:07.0922 3820 vsmraid - ok
00:17:07.0984 3820 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:17:07.0984 3820 WacomPen - ok
00:17:08.0016 3820 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:08.0016 3820 Wanarp - ok
00:17:08.0031 3820 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:08.0031 3820 Wanarpv6 - ok
00:17:08.0078 3820 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:17:08.0078 3820 Wd - ok
00:17:08.0125 3820 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
00:17:08.0125 3820 WDC_SAM - ok
00:17:08.0172 3820 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:17:08.0187 3820 Wdf01000 - ok
00:17:08.0328 3820 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
00:17:08.0343 3820 winachsf - ok
00:17:08.0468 3820 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:17:08.0468 3820 WmiAcpi - ok
00:17:08.0593 3820 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:17:08.0593 3820 WpdUsb - ok
00:17:08.0624 3820 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:17:08.0624 3820 ws2ifsl - ok
00:17:08.0718 3820 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:08.0718 3820 WUDFRd - ok
00:17:08.0780 3820 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
00:17:08.0780 3820 XAudio - ok
00:17:08.0858 3820 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
00:17:08.0858 3820 yukonwlh - ok
00:17:08.0889 3820 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
00:17:08.0936 3820 \Device\Harddisk0\DR0 - ok
00:17:08.0936 3820 Boot (0x1200) (34b2549e0f0de0f0e628362e6ffb157c) \Device\Harddisk0\DR0\Partition0
00:17:08.0936 3820 \Device\Harddisk0\DR0\Partition0 - ok
00:17:09.0014 3820 Boot (0x1200) (3dc891bcb625a236600331b86c19ae82) \Device\Harddisk0\DR0\Partition1
00:17:09.0030 3820 \Device\Harddisk0\DR0\Partition1 - ok
00:17:09.0030 3820 ============================================================
00:17:09.0030 3820 Scan finished
00:17:09.0030 3820 ============================================================
00:17:09.0045 2708 Detected object count: 1
00:17:09.0045 2708 Actual detected object count: 1
00:17:23.0444 2708 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
00:17:23.0460 2708 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
00:17:23.0803 2708 Backup copy found, using it..
00:17:23.0834 2708 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
00:17:28.0795 2708 cdrom ( Virus.Win32.ZAccess.k ) - User select action: Cure
00:17:41.0025 1852 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 20 February 2012 - 12:36 AM

can you run aswMBR for me now?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 20 February 2012 - 01:17 AM

Sorry about the wait. Here's the other log:

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-20 00:26:48
-----------------------------
00:26:48.282 OS Version: Windows 6.0.6002 Service Pack 2
00:26:48.282 Number of processors: 2 586 0x301
00:26:48.282 ComputerName: SETUPSHOP-PC UserName: Set Up Shop
00:27:21.854 Initialize success
00:27:42.714 AVAST engine defs: 12021901
00:29:52.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
00:29:52.724 Disk 0 Vendor: SAMSUNG_HM251JI 2SS00_03 Size: 238475MB BusType: 3
00:29:52.755 Disk 0 MBR read successfully
00:29:52.755 Disk 0 MBR scan
00:29:53.301 Disk 0 unknown MBR code
00:29:53.332 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227333 MB offset 63
00:29:53.878 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11138 MB offset 465580032
00:29:54.159 Disk 0 scanning sectors +488390656
00:29:56.094 Disk 0 scanning C:\Windows\system32\drivers
00:30:28.776 Service scanning
00:31:13.692 Modules scanning
00:32:08.729 Disk 0 trace - called modules:
00:32:08.776 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
00:32:08.791 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x858580c8]
00:32:08.791 3 CLASSPNP.SYS[827a08b3] -> nt!IofCallDriver -> [0x8562a110]
00:32:08.807 5 acpi.sys[8260e6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x8564d5a8]
00:32:10.476 AVAST engine scan C:\Windows
00:32:18.791 AVAST engine scan C:\Windows\system32
00:39:34.718 AVAST engine scan C:\Windows\system32\drivers
00:39:58.704 AVAST engine scan C:\Users\Set Up Shop
00:55:55.845 AVAST engine scan C:\ProgramData
01:01:27.273 Scan finished successfully
01:16:06.366 Disk 0 MBR has been saved successfully to "C:\Users\Set Up Shop\Desktop\MBR.dat"
01:16:06.381 The log file has been saved successfully to "C:\Users\Set Up Shop\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 20 February 2012 - 01:19 AM

Good - I want you to try to run combofix now for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 AgoodLEARNER

AgoodLEARNER
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:23 PM

Posted 20 February 2012 - 02:50 AM

I started combofix at 1:40 and its now 2:45 and it did the same thing. Nothing. I don't know why it doesn't work on my computer. Do you see anything on the logs that still needs to be fixed?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users