Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zero access infection, Internet browser shuts down, and google searches redirect.


  • This topic is locked This topic is locked
29 replies to this topic

#1 david79

david79

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 01 March 2012 - 02:18 PM

I'm sure I have been infected by a virus. And need help cleaning my computer. My problem is whenever
I open the browser Internet Explorer it closes down automatically within a few minutes. When I try other
browsers such as Google Chrome or Safari, and I do a google search, it will redirect me to an ABNOW
site. I have Windows XP Professional Version 2002 Service Pack 3. At the time of my problem arising,
I was just browsing the internet, when I discovered something was wrong. I think I might have visited a harmful website.
I did not make any system changes or installations.
The steps I have taken to try to fix these problems were run my MCAFEE Antivirus scanner. I downloaded Spybot
and Malawarebytes Antimalaware and ran the scans. These did find some issues and I had the software fix them but
the original problem is still there. I did a system restore but no luck there either. Could you help me fix this issue please. Thanks.

Here is the link to my first post with what i've been explained to do. http://www.bleepingcomputer.com/forums/topic444412.html

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 9:18:29 on 2012-03-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2972.2203 [GMT -8:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\svchost.exe -k Cognizance
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
svchost.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
\\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=Userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111220114017.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\directdrawvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DirectDrawVideoOutput.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\directsoundaudiooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DirectSoundAudioOutput.dll",DllRegisterServer
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: stockbee.biz
Trusted Zone: tagged.com\www
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 124.106.5.2 124.106.7.2
TCP: Interfaces\{971B06C5-8800-402A-853B-B26D252394FB} : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{FC4194F8-E1A9-4929-BFB6-BE242A3DC622} : DhcpNameServer = 124.106.5.2 124.106.7.2
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
Notify: SDWinLogon - SDWinLogon.dll
Notify: TPSvc - TPSvc.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ASWLNPkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-26 464176]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-5-13 108752]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-13 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-13 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-1-4 72080]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-26 89792]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-13 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-15 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-5-9 1168632]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-13 256512]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-10-2 95200]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-26 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-26 214904]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-10-26 214904]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-26 166288]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-26 160608]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-26 150856]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-2-27 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-2-27 1185704]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2008-5-13 475520]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-26 57600]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-8 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-4 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-26 180816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-26 59456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-26 338176]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-10-26 83856]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S2 avg7core;Oracleorahomemanagementserver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avg7updsvc;Avgems;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avgclean;F700iat;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avhook;Websensecamreportserver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 avp;A8djavs;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 aw_host;Xpadminserver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 cmdagent;Cinemsup;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 CTMFLT;Pgfilter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 DivisCTP;HcwPP2;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 DMUSBUSBDCam;Webupdate;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 fsssvc;InterBaseServer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-10 135664]
S2 ikfilesec;S3ssavage;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ikhfile;HSFHWICH;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 LMIRfsClientNP;StarOpen;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mbr;Wmp54gsvc;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mclogmanagerservice;Arhidfltr;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mcredirector;Msftesql;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mcvsrte;ESDCR;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mpfirewl;Aswupdsv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 naiavfilter1;Sit_prt;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 navapsvc;Tpsrv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 navex15;Ood2000;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 nod32krn;Utscsi;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pav_security;Zpnodecollector;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 pavagente;Btnetfilter;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vetefile;IAimFP5;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 vsmon;Defwatch;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 webrootenterpriseclientservice;Usbohci;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 ZDCNDIS5;Personalsecuredriveservice;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-10 135664]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-10-26 83856]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-26 87656]
.
=============== Created Last 30 ================
.
2012-03-01 02:13:50 526184 ----a-w- c:\windows\system32\XceedCry.dll
2012-03-01 02:13:50 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2012-03-01 02:13:49 224016 ----a-w- c:\windows\system32\Tabctl32.ocx
2012-03-01 02:13:49 132880 ----a-w- c:\windows\system32\Msinet.ocx
2012-03-01 02:13:45 -------- d-----w- c:\program files\Driver Magician
2012-02-28 09:27:10 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-28 09:26:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-28 09:26:13 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-28 09:26:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-27 22:03:55 -------- d-----w- c:\program files\STOPzilla!
2012-02-27 22:03:52 -------- d-----w- c:\program files\common files\iS3
2012-02-27 22:03:52 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2012-02-27 20:57:44 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-27 20:57:32 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-02-27 20:57:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-02-27 20:33:00 -------- d-----w- c:\windows\pss
2012-02-27 19:37:30 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-27 19:35:53 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-27 19:35:53 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-27 16:26:20 -------- d-sh--w- c:\documents and settings\administrator\local settings\application data\1cf6efbe
2012-02-27 01:22:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2012-02-22 19:22:48 -------- d-----w- c:\program files\TS Support
2012-02-22 19:22:48 -------- d-----w- c:\documents and settings\administrator\application data\TS Support
2012-02-22 19:22:00 -------- d-----w- c:\documents and settings\all users\application data\TS Support
2012-02-22 19:21:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\TS Support
2012-02-15 08:03:20 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 08:03:20 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-01 03:58:00 547880 ----a-r- c:\windows\system32\SZComp5.dll
2012-02-01 03:58:00 482344 ----a-r- c:\windows\system32\SZBase5.dll
2012-02-01 03:58:00 24616 ----a-r- c:\windows\system32\SZIO5.dll
2012-02-01 03:58:00 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-01 03:57:58 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-01 03:57:58 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-01 03:57:58 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-01 03:57:58 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-01 03:57:58 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-01 03:57:58 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-01 03:57:56 810024 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-01 03:57:56 232488 ----a-r- c:\windows\system32\IS3Win325.dll
.
==================== Find3M ====================
.
2012-02-22 08:18:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-20 22:01:31 72080 ----a-w- c:\documents and settings\administrator\g2mdlhlpx.exe
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-04 21:06:32 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 9:19:54.48 ===============

Attached Files


Edited by david79, 01 March 2012 - 02:21 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 02 March 2012 - 02:47 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 March 2012 - 06:23 AM

Gringo,

I had a problem while running the ComboFix. I disabled all my security programs. But the problem is when I run the Combofix, it did bring up a window
saying that i need to update or install the windows recovery console. I did click yes, and I can see in the combofix box, it connects and downloads all
the way to 100%. But after that the Combofix box closes and nothing else happens. I tried a few times but with the same results. I even rebooted my
laptop and tried but no luck. Computer is fine, besides the original problem.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 02 March 2012 - 08:31 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 March 2012 - 09:28 AM

Hello. Here are the two logs.

05:54:08.0000 1364 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
05:54:10.0015 1364 ============================================================
05:54:10.0015 1364 Current date / time: 2012/03/02 05:54:10.0015
05:54:10.0015 1364 SystemInfo:
05:54:10.0015 1364
05:54:10.0015 1364 OS Version: 5.1.2600 ServicePack: 3.0
05:54:10.0015 1364 Product type: Workstation
05:54:10.0015 1364 ComputerName: DAVIDARMSTRONG
05:54:10.0015 1364 UserName: Administrator
05:54:10.0015 1364 Windows directory: C:\WINDOWS
05:54:10.0015 1364 System windows directory: C:\WINDOWS
05:54:10.0015 1364 Processor architecture: Intel x86
05:54:10.0015 1364 Number of processors: 2
05:54:10.0015 1364 Page size: 0x1000
05:54:10.0015 1364 Boot type: Normal boot
05:54:10.0015 1364 ============================================================
05:54:11.0625 1364 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:54:11.0625 1364 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
05:54:15.0343 1364 \Device\Harddisk0\DR0:
05:54:15.0390 1364 MBR used
05:54:15.0390 1364 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A17F07E
05:54:15.0390 1364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3A182F7E, BlocksNum 0x201CC3
05:54:15.0390 1364 \Device\Harddisk1\DR3:
05:54:15.0390 1364 MBR used
05:54:15.0390 1364 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
05:54:15.0437 1364 Initialize success
05:54:15.0437 1364 ============================================================
05:54:36.0953 1656 ============================================================
05:54:36.0953 1656 Scan started
05:54:36.0953 1656 Mode: Manual;
05:54:36.0953 1656 ============================================================
05:54:37.0390 1656 Abiosdsk - ok
05:54:37.0515 1656 abp480n5 - ok
05:54:37.0562 1656 Accelerometer (6c2e405d98e6342a9d66a2493e7ab15e) C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
05:54:37.0562 1656 Accelerometer - ok
05:54:37.0734 1656 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:54:37.0750 1656 ACPI - ok
05:54:37.0890 1656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
05:54:37.0890 1656 ACPIEC - ok
05:54:38.0296 1656 ADIHdAudAddService (ff60db2aca88543c025eacba25cee5c1) C:\WINDOWS\system32\drivers\ADIHdAud.sys
05:54:38.0296 1656 ADIHdAudAddService - ok
05:54:38.0406 1656 adpu160m - ok
05:54:38.0453 1656 AEAudio (fff87a9b1ab36ee4b7bec98a4cb01b79) C:\WINDOWS\system32\drivers\AEAudio.sys
05:54:38.0453 1656 AEAudio - ok
05:54:38.0515 1656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:54:38.0515 1656 aec - ok
05:54:38.0671 1656 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:54:38.0671 1656 AFD - ok
05:54:38.0843 1656 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
05:54:38.0859 1656 AgereSoftModem - ok
05:54:38.0953 1656 Aha154x - ok
05:54:38.0968 1656 aic78u2 - ok
05:54:38.0984 1656 aic78xx - ok
05:54:39.0171 1656 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
05:54:39.0203 1656 AliIde - ok
05:54:39.0328 1656 amsint - ok
05:54:39.0375 1656 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
05:54:39.0390 1656 Arp1394 - ok
05:54:39.0484 1656 asc - ok
05:54:39.0484 1656 asc3350p - ok
05:54:39.0500 1656 asc3550 - ok
05:54:39.0562 1656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:54:39.0562 1656 AsyncMac - ok
05:54:39.0609 1656 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:54:39.0609 1656 atapi - ok
05:54:39.0703 1656 Atdisk - ok
05:54:39.0781 1656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:54:39.0781 1656 Atmarpc - ok
05:54:39.0921 1656 ATSwpWDF (a9f9d1d24441889beb1aa2b917457e23) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
05:54:39.0921 1656 ATSwpWDF - ok
05:54:39.0984 1656 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:54:39.0984 1656 audstub - ok
05:54:40.0140 1656 b57w2k (a9d0f6efc61d1ff69b55c495f85dd868) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
05:54:40.0156 1656 b57w2k - ok
05:54:40.0312 1656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:54:40.0312 1656 Beep - ok
05:54:40.0406 1656 btaudio (5bcf6090b825def29065bdbd59691dbe) C:\WINDOWS\system32\drivers\btaudio.sys
05:54:40.0468 1656 btaudio - ok
05:54:40.0625 1656 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
05:54:40.0625 1656 BTDriver - ok
05:54:40.0781 1656 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
05:54:40.0781 1656 BTKRNL - ok
05:54:40.0937 1656 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
05:54:41.0000 1656 BTWDNDIS - ok
05:54:41.0140 1656 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
05:54:41.0203 1656 BTWUSB - ok
05:54:41.0343 1656 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:54:41.0343 1656 cbidf2k - ok
05:54:41.0453 1656 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
05:54:41.0468 1656 CCDECODE - ok
05:54:41.0546 1656 cd20xrnt - ok
05:54:41.0593 1656 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:54:41.0609 1656 Cdaudio - ok
05:54:41.0734 1656 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:54:41.0734 1656 Cdfs - ok
05:54:41.0890 1656 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:54:41.0890 1656 Cdrom - ok
05:54:42.0046 1656 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\WINDOWS\system32\drivers\cfwids.sys
05:54:42.0046 1656 cfwids - ok
05:54:42.0156 1656 Changer - ok
05:54:42.0234 1656 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
05:54:42.0234 1656 CmBatt - ok
05:54:42.0343 1656 CmdIde - ok
05:54:42.0484 1656 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
05:54:42.0484 1656 Compbatt - ok
05:54:42.0593 1656 Cpqarray - ok
05:54:42.0734 1656 dac2w2k - ok
05:54:42.0750 1656 dac960nt - ok
05:54:42.0828 1656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:54:42.0828 1656 Disk - ok
05:54:42.0984 1656 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:54:42.0984 1656 dmboot - ok
05:54:43.0109 1656 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:54:43.0109 1656 dmio - ok
05:54:43.0250 1656 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:54:43.0250 1656 dmload - ok
05:54:43.0390 1656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:54:43.0390 1656 DMusic - ok
05:54:43.0453 1656 dpti2o - ok
05:54:43.0500 1656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:54:43.0515 1656 drmkaud - ok
05:54:43.0781 1656 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:54:43.0781 1656 Fastfat - ok
05:54:43.0906 1656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:54:43.0921 1656 Fdc - ok
05:54:44.0046 1656 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:54:44.0046 1656 Fips - ok
05:54:44.0171 1656 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:54:44.0187 1656 Flpydisk - ok
05:54:44.0312 1656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
05:54:44.0312 1656 FltMgr - ok
05:54:44.0531 1656 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:54:44.0531 1656 Fs_Rec - ok
05:54:44.0687 1656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:54:44.0687 1656 Ftdisk - ok
05:54:44.0859 1656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:54:44.0859 1656 GEARAspiWDM - ok
05:54:45.0015 1656 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:54:45.0015 1656 Gpc - ok
05:54:45.0203 1656 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
05:54:45.0203 1656 HBtnKey - ok
05:54:45.0359 1656 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:54:45.0359 1656 HDAudBus - ok
05:54:45.0546 1656 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:54:45.0546 1656 HidUsb - ok
05:54:45.0734 1656 hpdskflt (e8a95df23097bca840814d42f2ee5164) C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
05:54:45.0734 1656 hpdskflt - ok
05:54:45.0812 1656 hpn - ok
05:54:45.0875 1656 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys
05:54:45.0875 1656 HpqKbFiltr - ok
05:54:46.0093 1656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:54:46.0093 1656 HTTP - ok
05:54:46.0125 1656 i2omgmt - ok
05:54:46.0140 1656 i2omp - ok
05:54:46.0171 1656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
05:54:46.0171 1656 i8042prt - ok
05:54:46.0531 1656 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
05:54:46.0703 1656 ialm - ok
05:54:46.0843 1656 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\DRIVERS\iaStor.sys
05:54:46.0843 1656 iaStor - ok
05:54:47.0046 1656 IFXTPM (667cfdb801df771f47b7c39373c2d850) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
05:54:47.0046 1656 IFXTPM - ok
05:54:47.0234 1656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:54:47.0234 1656 Imapi - ok
05:54:47.0328 1656 ini910u - ok
05:54:47.0390 1656 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:54:47.0390 1656 IntelIde - ok
05:54:47.0531 1656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:54:47.0531 1656 intelppm - ok
05:54:47.0640 1656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
05:54:47.0640 1656 Ip6Fw - ok
05:54:47.0718 1656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:54:47.0718 1656 IpFilterDriver - ok
05:54:47.0875 1656 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:54:47.0875 1656 IpInIp - ok
05:54:48.0000 1656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:54:48.0000 1656 IpNat - ok
05:54:48.0187 1656 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:54:48.0187 1656 IPSec - ok
05:54:48.0359 1656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:54:48.0359 1656 IRENUM - ok
05:54:48.0468 1656 is3srv (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\drivers\is3srv.sys
05:54:48.0546 1656 is3srv - ok
05:54:48.0656 1656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:54:48.0671 1656 isapnp - ok
05:54:48.0718 1656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:54:48.0718 1656 Kbdclass - ok
05:54:48.0843 1656 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:54:48.0843 1656 kbdhid - ok
05:54:48.0984 1656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:54:48.0984 1656 kmixer - ok
05:54:49.0125 1656 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:54:49.0140 1656 KSecDD - ok
05:54:49.0234 1656 lbrtfdc - ok
05:54:49.0515 1656 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\WINDOWS\system32\drivers\mfeapfk.sys
05:54:49.0531 1656 mfeapfk - ok
05:54:49.0593 1656 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
05:54:49.0593 1656 mfeavfk - ok
05:54:49.0687 1656 mfeavfk01 - ok
05:54:49.0765 1656 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
05:54:49.0765 1656 mfebopk - ok
05:54:49.0812 1656 mfefirek (215666a8a85023ef019b510cbb67f678) C:\WINDOWS\system32\drivers\mfefirek.sys
05:54:49.0812 1656 mfefirek - ok
05:54:49.0968 1656 mfehidk (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
05:54:49.0968 1656 mfehidk - ok
05:54:50.0093 1656 mfendisk (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:54:50.0093 1656 mfendisk - ok
05:54:50.0109 1656 mfendiskmp (62acda4e958e2a392557ba3c6c754a58) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
05:54:50.0109 1656 mfendiskmp - ok
05:54:50.0156 1656 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\WINDOWS\system32\drivers\mferkdet.sys
05:54:50.0296 1656 mferkdet - ok
05:54:50.0421 1656 mfetdi2k (922e64ca38e38106498fb3435a8e399d) C:\WINDOWS\system32\drivers\mfetdi2k.sys
05:54:50.0437 1656 mfetdi2k - ok
05:54:50.0578 1656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:54:50.0578 1656 mnmdd - ok
05:54:50.0718 1656 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:54:50.0718 1656 Modem - ok
05:54:50.0750 1656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:54:50.0750 1656 Mouclass - ok
05:54:50.0890 1656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:54:50.0890 1656 mouhid - ok
05:54:51.0015 1656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:54:51.0015 1656 MountMgr - ok
05:54:51.0171 1656 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys
05:54:51.0171 1656 MQAC - ok
05:54:51.0203 1656 mraid35x - ok
05:54:51.0296 1656 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:54:51.0296 1656 MRxDAV - ok
05:54:51.0453 1656 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:54:51.0468 1656 MRxSmb - ok
05:54:51.0625 1656 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:54:51.0625 1656 Msfs - ok
05:54:51.0781 1656 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:54:51.0796 1656 MSKSSRV - ok
05:54:51.0921 1656 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:54:51.0937 1656 MSPCLOCK - ok
05:54:52.0046 1656 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:54:52.0062 1656 MSPQM - ok
05:54:52.0093 1656 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:54:52.0093 1656 mssmbios - ok
05:54:52.0250 1656 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
05:54:52.0265 1656 MSTEE - ok
05:54:52.0406 1656 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:54:52.0406 1656 Mup - ok
05:54:52.0562 1656 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
05:54:52.0562 1656 NABTSFEC - ok
05:54:52.0734 1656 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:54:52.0734 1656 NDIS - ok
05:54:52.0781 1656 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
05:54:52.0796 1656 NdisIP - ok
05:54:52.0921 1656 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:54:52.0921 1656 NdisTapi - ok
05:54:53.0062 1656 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:54:53.0062 1656 Ndisuio - ok
05:54:53.0218 1656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:54:53.0218 1656 NdisWan - ok
05:54:53.0328 1656 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:54:53.0328 1656 NDProxy - ok
05:54:53.0453 1656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:54:53.0453 1656 NetBIOS - ok
05:54:53.0578 1656 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:54:53.0578 1656 NetBT - ok
05:54:53.0781 1656 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
05:54:53.0796 1656 NETw5x32 - ok
05:54:53.0921 1656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
05:54:53.0921 1656 NIC1394 - ok
05:54:54.0140 1656 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:54:54.0140 1656 Npfs - ok
05:54:54.0187 1656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:54:54.0187 1656 Ntfs - ok
05:54:54.0328 1656 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
05:54:54.0375 1656 NuidFltr - ok
05:54:54.0406 1656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:54:54.0406 1656 Null - ok
05:54:54.0562 1656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:54:54.0562 1656 NwlnkFlt - ok
05:54:54.0593 1656 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:54:54.0609 1656 NwlnkFwd - ok
05:54:54.0750 1656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
05:54:54.0750 1656 ohci1394 - ok
05:54:54.0937 1656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:54:54.0937 1656 Parport - ok
05:54:55.0015 1656 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:54:55.0015 1656 PartMgr - ok
05:54:55.0062 1656 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:54:55.0078 1656 ParVdm - ok
05:54:55.0203 1656 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:54:55.0203 1656 PCI - ok
05:54:55.0296 1656 PCIDump - ok
05:54:55.0343 1656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:54:55.0390 1656 PCIIde - ok
05:54:55.0453 1656 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
05:54:55.0468 1656 Pcmcia - ok
05:54:55.0593 1656 PDCOMP - ok
05:54:55.0609 1656 PDFRAME - ok
05:54:55.0687 1656 PDRELI - ok
05:54:55.0703 1656 PDRFRAME - ok
05:54:55.0750 1656 perc2 - ok
05:54:55.0765 1656 perc2hib - ok
05:54:55.0843 1656 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:54:55.0843 1656 PptpMiniport - ok
05:54:55.0984 1656 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:54:56.0000 1656 PSched - ok
05:54:56.0187 1656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:54:56.0187 1656 Ptilink - ok
05:54:56.0328 1656 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:54:56.0328 1656 PxHelp20 - ok
05:54:56.0343 1656 ql1080 - ok
05:54:56.0359 1656 Ql10wnt - ok
05:54:56.0375 1656 ql12160 - ok
05:54:56.0390 1656 ql1240 - ok
05:54:56.0406 1656 ql1280 - ok
05:54:56.0468 1656 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:54:56.0484 1656 RasAcd - ok
05:54:56.0609 1656 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
05:54:56.0609 1656 Rasirda - ok
05:54:56.0750 1656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:54:56.0750 1656 Rasl2tp - ok
05:54:56.0875 1656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:54:56.0875 1656 RasPppoe - ok
05:54:56.0921 1656 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:54:56.0921 1656 Raspti - ok
05:54:57.0078 1656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:54:57.0078 1656 Rdbss - ok
05:54:57.0250 1656 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:54:57.0250 1656 RDPCDD - ok
05:54:57.0406 1656 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:54:57.0421 1656 rdpdr - ok
05:54:57.0562 1656 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
05:54:57.0578 1656 RDPWD - ok
05:54:57.0671 1656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:54:57.0687 1656 redbook - ok
05:54:57.0890 1656 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
05:54:57.0921 1656 RimUsb - ok
05:54:58.0109 1656 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
05:54:58.0125 1656 RimVSerPort - ok
05:54:58.0265 1656 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
05:54:58.0265 1656 RMCAST - ok
05:54:58.0312 1656 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
05:54:58.0328 1656 ROOTMODEM - ok
05:54:58.0500 1656 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\WINDOWS\system32\drivers\RsvLock.sys
05:54:58.0500 1656 RsvLock - ok
05:54:58.0703 1656 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\WINDOWS\system32\drivers\SafeBoot.sys
05:54:58.0703 1656 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
05:54:58.0703 1656 SafeBoot ( LockedFile.Multi.Generic ) - warning
05:54:58.0703 1656 SafeBoot - detected LockedFile.Multi.Generic (1)
05:54:58.0875 1656 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\WINDOWS\system32\drivers\SbAlg.sys
05:54:58.0875 1656 SbAlg - ok
05:54:59.0000 1656 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\WINDOWS\system32\drivers\SbFsLock.sys
05:54:59.0015 1656 SbFsLock - ok
05:54:59.0296 1656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:54:59.0296 1656 Secdrv - ok
05:54:59.0453 1656 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:54:59.0453 1656 serenum - ok
05:54:59.0500 1656 Serial (82060b23b694480933fe130c94abb0c2) C:\WINDOWS\system32\DRIVERS\serial.sys
05:54:59.0500 1656 Serial ( Virus.Win32.ZAccess.g ) - infected
05:54:59.0500 1656 Serial - detected Virus.Win32.ZAccess.g (0)
05:54:59.0671 1656 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
05:54:59.0671 1656 SFAUDIO - ok
05:54:59.0812 1656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:54:59.0812 1656 Sfloppy - ok
05:54:59.0859 1656 Simbad - ok
05:55:00.0062 1656 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
05:55:00.0078 1656 SLIP - ok
05:55:00.0218 1656 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
05:55:00.0296 1656 SMCIRDA - ok
05:55:00.0484 1656 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
05:55:00.0500 1656 SNP2UVC - ok
05:55:00.0593 1656 Sparrow - ok
05:55:00.0671 1656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:55:00.0671 1656 splitter - ok
05:55:00.0828 1656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:55:00.0828 1656 sr - ok
05:55:00.0984 1656 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:55:01.0000 1656 Srv - ok
05:55:01.0250 1656 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
05:55:01.0312 1656 StillCam - ok
05:55:01.0468 1656 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
05:55:01.0468 1656 streamip - ok
05:55:01.0625 1656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:55:01.0625 1656 swenum - ok
05:55:01.0718 1656 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:55:01.0718 1656 swmidi - ok
05:55:01.0765 1656 symc810 - ok
05:55:01.0843 1656 symc8xx - ok
05:55:01.0937 1656 sym_hi - ok
05:55:02.0015 1656 sym_u3 - ok
05:55:02.0109 1656 SynTP (926e0bb4cac05d9a0c3b59dc16fe2f1c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
05:55:02.0109 1656 SynTP - ok
05:55:02.0265 1656 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:55:02.0265 1656 sysaudio - ok
05:55:02.0390 1656 szkg5 (447e6a7c3e7e1cd550a8af889a8209e9) C:\WINDOWS\system32\DRIVERS\szkg.sys
05:55:02.0390 1656 szkg5 - ok
05:55:02.0453 1656 szkgfs (24abe4a9d7faf255f1e4c4fd27b7fe58) C:\WINDOWS\system32\drivers\szkgfs.sys
05:55:02.0453 1656 szkgfs - ok
05:55:02.0593 1656 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:55:02.0593 1656 Tcpip - ok
05:55:02.0765 1656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:55:02.0765 1656 TDPIPE - ok
05:55:02.0921 1656 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:55:02.0921 1656 TDTCP - ok
05:55:03.0078 1656 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:55:03.0078 1656 TermDD - ok
05:55:03.0296 1656 TosIde - ok
05:55:03.0453 1656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:55:03.0453 1656 Udfs - ok
05:55:03.0562 1656 ultra - ok
05:55:03.0656 1656 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:55:03.0656 1656 Update - ok
05:55:03.0859 1656 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:55:03.0984 1656 USBAAPL - ok
05:55:04.0125 1656 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:55:04.0125 1656 usbccgp - ok
05:55:04.0265 1656 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:55:04.0265 1656 usbehci - ok
05:55:04.0421 1656 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:55:04.0421 1656 usbhub - ok
05:55:04.0546 1656 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:55:04.0562 1656 usbprint - ok
05:55:04.0593 1656 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:55:04.0609 1656 usbscan - ok
05:55:04.0687 1656 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:55:04.0687 1656 USBSTOR - ok
05:55:04.0859 1656 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:55:04.0859 1656 usbuhci - ok
05:55:05.0218 1656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:55:05.0218 1656 VgaSave - ok
05:55:05.0359 1656 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
05:55:05.0359 1656 ViaIde - ok
05:55:05.0531 1656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:55:05.0531 1656 VolSnap - ok
05:55:05.0906 1656 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:55:05.0906 1656 Wanarp - ok
05:55:06.0046 1656 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
05:55:06.0046 1656 Wdf01000 - ok
05:55:06.0062 1656 WDICA - ok
05:55:06.0109 1656 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:55:06.0109 1656 wdmaud - ok
05:55:06.0359 1656 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:55:06.0359 1656 WmiAcpi - ok
05:55:06.0437 1656 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:55:06.0437 1656 WS2IFSL - ok
05:55:06.0578 1656 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
05:55:06.0578 1656 WSTCODEC - ok
05:55:06.0625 1656 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:55:06.0625 1656 WudfPf - ok
05:55:06.0750 1656 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
05:55:06.0765 1656 WudfRd - ok
05:55:07.0062 1656 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk0\DR0
05:55:07.0281 1656 \Device\Harddisk0\DR0 - ok
05:55:07.0281 1656 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR3
05:55:07.0281 1656 \Device\Harddisk1\DR3 - ok
05:55:07.0312 1656 Boot (0x1200) (4a177dd932801643631d97c3866f7950) \Device\Harddisk0\DR0\Partition0
05:55:07.0312 1656 \Device\Harddisk0\DR0\Partition0 - ok
05:55:07.0343 1656 Boot (0x1200) (a67b392960db99c28c1d97977dece5a9) \Device\Harddisk0\DR0\Partition1
05:55:07.0343 1656 \Device\Harddisk0\DR0\Partition1 - ok
05:55:07.0343 1656 Boot (0x1200) (7f16ea063ed664be9ccb735aefceb872) \Device\Harddisk1\DR3\Partition0
05:55:07.0343 1656 \Device\Harddisk1\DR3\Partition0 - ok
05:55:07.0343 1656 ============================================================
05:55:07.0343 1656 Scan finished
05:55:07.0343 1656 ============================================================
05:55:07.0359 2976 Detected object count: 2
05:55:07.0359 2976 Actual detected object count: 2
05:55:49.0734 2976 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
05:55:49.0734 2976 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip
05:55:49.0937 2976 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
05:55:52.0468 2976 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
05:55:55.0968 2976 Backup copy found, using it..
05:55:55.0968 2976 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
05:56:06.0546 2976 Serial ( Virus.Win32.ZAccess.g ) - User select action: Cure
05:56:47.0921 7600 Deinitialize success





aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-01 03:40:21
-----------------------------
03:40:21.968 OS Version: Windows 5.1.2600 Service Pack 3
03:40:21.968 Number of processors: 2 586 0x170A
03:40:21.968 ComputerName: DAVIDARMSTRONG UserName: Administrator
03:40:22.687 Initialze error 0
03:45:29.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:45:29.609 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
03:45:29.656 Disk 0 MBR read successfully
03:45:29.671 Disk 0 MBR scan
03:45:29.671 Disk 0 unknown MBR code
03:45:29.687 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 475902 MB offset 63
03:45:29.734 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 974663550
03:45:29.750 Disk 0 scanning sectors +976768065
03:45:29.781 Disk 0 scanning C:\WINDOWS\system32\drivers
03:45:29.796 Service scanning
03:45:31.046 Modules scanning
03:45:32.406 Disk 0 trace - called modules:
03:45:32.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a385bc0]<<
03:45:32.484 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afe3030]
03:45:32.828 3 CLASSPNP.SYS[f7537fd7] -> nt!IofCallDriver -> [0x8a348c98]
03:45:32.843 \Driver\00001038[0x8a4614c8] -> IRP_MJ_CREATE -> 0x8a385bc0
03:45:32.843 Scan finished successfully
03:47:31.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
03:47:31.718 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-02 06:18:33
-----------------------------
06:18:33.265 OS Version: Windows 5.1.2600 Service Pack 3
06:18:33.265 Number of processors: 2 586 0x170A
06:18:33.265 ComputerName: DAVIDARMSTRONG UserName: Administrator
06:18:33.531 Initialze error 0
06:24:27.968 AVAST engine defs: 12030200
06:24:46.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:24:46.671 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
06:24:46.718 Disk 0 MBR read successfully
06:24:46.734 Disk 0 MBR scan
06:24:46.796 Disk 0 unknown MBR code
06:24:46.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 475902 MB offset 63
06:24:46.875 Disk 0 Partition 2 00 0C FAT32 LBA MSDOS5.0 1027 MB offset 974663550
06:24:46.921 Disk 0 scanning sectors +976768065
06:24:47.015 Disk 0 scanning C:\WINDOWS\system32\drivers
06:24:47.031 Service scanning
06:24:47.890 Modules scanning
06:24:50.156 Disk 0 trace - called modules:
06:24:50.234 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8e570bc0]<<
06:24:50.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b008030]
06:24:50.609 3 CLASSPNP.SYS[f7527fd7] -> nt!IofCallDriver -> [0x833cac98]
06:24:50.625 \Driver\00004991[0x894d74f8] -> IRP_MJ_CREATE -> 0x8e570bc0
06:24:50.703 AVAST engine scan C:\WINDOWS
06:24:50.765 AVAST engine scan C:\WINDOWS\system32
06:24:50.875 AVAST engine scan C:\WINDOWS\system32\drivers
06:24:50.937 AVAST engine scan C:\Documents and Settings\Administrator
06:24:50.984 AVAST engine scan C:\Documents and Settings\All Users
06:24:51.000 Scan finished successfully
06:25:25.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
06:25:25.906 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 02 March 2012 - 02:00 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 March 2012 - 03:03 PM

I ran the fixTDSS program, but had a problem. I followed the proceed button, it restarted my computer. While my computer was
going through the restarting process, a blue screen flashes for about a second. All I can read is A problem has occurred or something to that effect.
Then it takes me to a black screen, and says Windows shut down because of a problem and gives me options of starting windows normal or
last good known configuration. I had to choose last known configuration because when i tried the start windows normally it just keeps bringing me
back to the black screen.

When i get back in and onto my desktop, the fixtdss program ask me to Run the program, I hit Run and a message says Tool Failure. Tool must first run without postboot.

Thats all that happened.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 02 March 2012 - 03:13 PM

Hello

OK now try and run combofix again for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 02 March 2012 - 03:26 PM

Gringo,

It gave me the same problem as before earlier. Here is the message.

I had a problem while running the ComboFix. I disabled all my security programs. But the problem is when I run the Combofix, it did bring up a window
saying that i need to update or install the windows recovery console. I did click yes, and I can see in the combofix box, it connects and downloads all
the way to 100%. But after that the Combofix box closes and nothing else happens. I tried a few times but with the same results. I even rebooted my
laptop and tried but no luck. Computer is fine, besides the original problem.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 02 March 2012 - 03:53 PM

Burn recovery console cd

  • Download recovery_console_cd.zip file to your drive and extract it to its own folder (c:\recoverycd for example).
  • Download floppy disk setup package xp Pro for your operating system (XP Pro) and save it to the folder you extracted the zip to.
  • Rename the floppy disk setup package to Bootdisk.exe.
  • Insert a blank cd into your burner.
  • Double-click the RecoveryCD.bat file and follow the prompts to burn a cd that will allow you to boot to the recovery console.

Boot into recovery console

  • insert the cd that we made into cd player
  • restart the computer
  • screen will say "Windows set up" just wait
  • at the welcome screen press "R"
  • type 1 to enter c:\windows
  • type in the following and press enter
  • fixmbr

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 03 March 2012 - 01:35 AM

I followed your last instructions. I restarted my computer with the burned cd in my player. It went through the first step and I saw
windows setup, But after that I got a blue screen instead of a welcome screen,
I took a picture of it and attached it so you can read what it said. Thanks.

Attached Files



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 03 March 2012 - 01:47 AM

OK I want you to try once more


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 03 March 2012 - 02:05 AM

Ok, i just tried it again. Got the same result. The blue screen I showed you. Just to be sure, you wanted me to redo the second step right. Just
insert the CD back and restart my computer?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:27 AM

Posted 03 March 2012 - 02:10 AM

Hello


You are doing fine

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 david79

david79
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 03 March 2012 - 02:17 AM

After the aswMBR scan, I get a warning sign. it reads this.

Writing a new master boot record to you system partition could damage your partition tables and causre
your partition table to become inaccessible. This application writes standard windows MBR code.

Are you sure you want to fix MBR?

Do I click yes. I'm asking because the instructions didn't mention this warning box. Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users