Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.zeroaccess!kmem/fake virus scan


  • This topic is locked This topic is locked
45 replies to this topic

#1 jjoyce1

jjoyce1

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 01:48 AM

I posted a question about trojan.zeroaccess!kmem being removed and then my laptop shut down. When it restarted, a fake virus protection,Internet Security, started and I was unable to use anything. I restarted it in safe mode with networking and followed the guide from step six as directed. These are my logs from safe mode. The second attachment of the GMER results could not be added onto this document. I'm not sure if the attach document worked either because of safe mode.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19190
Run by Josh at 23:03:13 on 2012-03-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3034.1778 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.dell.com
uStart Page = hxxp://isearch.avg.com/?cid={BF63EB54-2A55-4BDB-AAD7-5EFF8AC93E7F}&mid=13e0b8145a2447d1bc19d16c22dac1fb-ea703176c865be7c89f97405b22f19847b88dc36&lang=en&ds=ft011&pr=sa&d=2012-03-01 22:11:24&v=10.0.0.7&sap=hp
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Defender BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\norton security suite\engine\5.1.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: PC Tools Browser Defender: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Internet Security] c:\users\josh\appdata\roaming\isecurity.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ISTray] "c:\program files\pc tools\pc tools security\pctsGui.exe" /hideGUI
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_ActiveX.exe -update activex
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B62E2112-8375-4C23-BA79-B1EFEDC5C7E6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{BD36FA21-A555-43AC-848F-DBB888F7447E} : DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\h9ywme18.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7B5048393f-ed75-4aa8-b400-f03935137a51%7D&mid=13e0b8145a2447d1bc19d16c22dac1fb-ea703176c865be7c89f97405b22f19847b88dc36&ds=ft011&v=10.0.0.7&lang=en&pr=sa&d=2012-03-01%2022%3A11%3A24
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5048393f-ed75-4aa8-b400-f03935137a51%7D&mid=13e0b8145a2447d1bc19d16c22dac1fb-ea703176c865be7c89f97405b22f19847b88dc36&ds=ft011&v=10.0.0.7&lang=en&pr=sa&d=2012-03-01%2022%3A11%3A24&sap=ku&q=
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\users\josh\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2012-3-1 331880]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2012-3-1 342168]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-10-13 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-10-13 744568]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools\pc tools security\pctsAuxs.exe [2012-3-1 402336]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools\pc tools security\pctsSvc.exe [2012-3-1 1117624]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-18 820344]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120229.002\IDSvix86.sys [2012-2-29 368248]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2012-3-1 185560]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-10-13 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-10-13 331384]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2010-2-19 81920]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools\pc tools security\bdt\BDTUpdateService.exe [2012-3-1 546768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 135664]
S2 N360;Norton Security Suite;c:\program files\norton security suite\norton security suite\engine\5.1.0.29\ccsvchst.exe [2011-10-13 130008]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-3-1 909152]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-24 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-19 41272]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [2012-3-1 56840]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-02 04:25:39 767952 ----a-w- c:\windows\BDTSupport.dll
2012-03-02 04:25:39 56840 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-03-02 04:25:38 2246608 ----a-w- c:\windows\PCTBDCore.dll
2012-03-02 04:25:38 1681360 ----a-w- c:\windows\PCTBDRes.dll
2012-03-02 04:25:38 149456 ----a-w- c:\windows\SGDetectionTool.dll
2012-03-02 04:25:10 253352 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2012-03-02 04:25:10 107864 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2012-03-02 04:25:08 17848 ----a-w- c:\windows\system32\drivers\pctBTFix.sys
2012-03-02 04:25:05 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2012-03-02 04:24:58 -------- d-----w- c:\program files\PC Tools
2012-03-02 04:18:36 909728 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2012-03-02 04:18:36 342168 ----a-w- c:\windows\system32\drivers\pctDS.sys
2012-03-02 04:18:35 331880 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2012-03-02 04:18:35 162584 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2012-03-02 04:18:34 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-03-02 04:18:34 -------- d-----w- c:\program files\common files\PC Tools
2012-03-02 04:17:45 -------- d-----w- c:\programdata\PC Tools
2012-03-02 04:17:44 -------- d-----w- c:\users\josh\appdata\roaming\TestApp
2012-03-02 04:11:26 -------- d-----w- c:\programdata\AVG Secure Search
2012-03-02 04:11:24 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-03-02 04:11:23 -------- d--h--w- c:\programdata\Common Files
2012-03-02 04:11:23 -------- d-----w- c:\program files\AVG Secure Search
2012-03-02 03:59:11 -------- d-----w- c:\users\josh\appdata\local\MigWiz
2012-03-02 01:20:11 876032 ----a-w- c:\users\josh\appdata\roaming\isecurity.exe
2012-03-01 15:52:34 -------- d-----w- C:\656af2d7b3b7eb85ce7083748c8e
2012-02-29 16:34:06 82433 ----a-w- c:\windows\system32\KV8pH075.com
2012-02-27 15:34:02 82433 ----a-w- c:\windows\system32\KV8pH075.com_
2012-02-27 03:46:59 82433 ----a-w- c:\programdata\hp0yVdu8.exe_
2012-02-27 03:46:59 82433 ----a-w- c:\programdata\hp0yVdu8.exe
2012-02-27 02:56:18 141312 ----a-w- c:\programdata\microsoft\windows\drm\A68B.tmp
2012-02-08 01:36:29 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-02-07 00:35:30 -------- d-----w- c:\users\josh\appdata\roaming\EuroTalk
2012-02-06 16:57:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-05 18:41:11 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-03 15:06:49 7680 ----a-w- c:\windows\system\svchost.exe
2012-02-01 15:26:29 -------- d-----w- c:\users\josh\appdata\roaming\com.adobe.dmp.contentviewer
.
==================== Find3M ====================
.
2012-03-02 04:28:17 54784 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-02-07 18:12:34 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-06 23:56:11 66560 ----a-w- c:\windows\system32\drivers\smb.sys
2012-02-06 23:00:08 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-06 17:05:14 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-01-12 19:52:56 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22:01 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-15 06:18:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-15 06:17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-15 06:17:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-12-15 06:17:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-15 05:21:27 385024 ----a-w- c:\windows\system32\html.iec
2011-12-15 04:45:13 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-15 04:43:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-14 16:17:47 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
============= FINISH: 23:04:38.28 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 02:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 05:26 PM

I ran combo fix and it did not give me a log. Instead, it shut down my computer twice and then started going to a blue screen. The blue screen did not stay up long enough for me to read it. Something about it shutting down and trying to repair. Then it started in normal mode. I had been working in safe mode. Everything was gone from the desktop except the recycle bin. And many error messages came up. I then restarted in safe mode and ran combo fix again. It is doing the same thing except now the internet will not work in safe mode with networking and a lot of the icons that were there before are gone.

#4 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 05:40 PM

If this is fixed I promise I will make a donation!

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 09:08 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 10:16 PM

Like I said. I dont have internet, not even in safemode with networking. So i don't know how to download these things?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 10:18 PM

Do you have another computer that you can use to move our tools back and forth


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 10:23 PM

No, I'm using an iPad though to read your replies and to write back.

#9 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 10:29 PM

I had already downloaded tdsskiller for the first steps of the process, but I don't know how to get to it. I also have PC TOOls spyware doctor on the desktop of safe mode from the other steps too.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 10:34 PM

hello


I want you to try system restore and see if you can get the intenet back and while you are at it go back before the virus and see if it clears up allot of the problems.




can you download the files with the ipad and move them to the sick computer by usb?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 10:42 PM

The iPad doesn't have a USB port :/ I'm waiting to see if system restore works but it doesn't look like it will. Next step if it does not work?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 10:51 PM

Hello


I need you to find a way to download or tools so I can see what is going on


there is nothing I can do blind - have a friend or family come over with a laptop or let you borrow one\


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 02 March 2012 - 11:09 PM

Ok I don't know if you saw the post where I sad tdss killer was still on the sick computer? I dont know if that helps. Haha But I'll get a computer with a USB tomorrow.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:50 AM

Posted 02 March 2012 - 11:31 PM

well you don't know how to get to it at this time correct?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 jjoyce1

jjoyce1
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 03 March 2012 - 12:27 AM

hi :)I borrowed a laptop. the sick computer is not letting me use safe mode with networking anymore. It let me go to directory mode after pressing F8. It let me run the TDSSkiller that was already on the sick computer and this is the report from it shown below. I have no idea if this is needed but I would like to know the next step now that i have a USB and a netbook.

22:55:18.0890 3108 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:55:20.0902 3108 ============================================================
22:55:20.0902 3108 Current date / time: 2012/03/02 22:55:20.0902
22:55:20.0902 3108 SystemInfo:
22:55:20.0902 3108
22:55:20.0902 3108 OS Version: 6.0.6002 ServicePack: 2.0
22:55:20.0902 3108 Product type: Workstation
22:55:20.0902 3108 ComputerName: JOSH-PC
22:55:20.0902 3108 UserName: Josh
22:55:20.0902 3108 Windows directory: C:\Windows
22:55:20.0902 3108 System windows directory: C:\Windows
22:55:20.0902 3108 Processor architecture: Intel x86
22:55:20.0902 3108 Number of processors: 2
22:55:20.0902 3108 Page size: 0x1000
22:55:20.0902 3108 Boot type: Unknown 3
22:55:20.0902 3108 ============================================================
22:56:15.0393 3108 Initialize success
22:57:17.0184 2152 ============================================================
22:57:17.0184 2152 Scan started
22:57:17.0184 2152 Mode: Manual;
22:57:17.0184 2152 ============================================================
22:57:17.0762 2152 92003537 - ok
22:57:17.0840 2152 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:57:17.0840 2152 ACPI - ok
22:57:17.0980 2152 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:57:17.0980 2152 adp94xx - ok
22:57:18.0198 2152 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:57:18.0198 2152 adpahci - ok
22:57:18.0339 2152 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:57:18.0339 2152 adpu160m - ok
22:57:18.0495 2152 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:57:18.0495 2152 adpu320 - ok
22:57:18.0604 2152 AFD - ok
22:57:18.0682 2152 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:57:18.0682 2152 agp440 - ok
22:57:18.0791 2152 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:57:18.0807 2152 aic78xx - ok
22:57:18.0978 2152 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:57:18.0978 2152 aliide - ok
22:57:19.0103 2152 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:57:19.0103 2152 amdagp - ok
22:57:19.0212 2152 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:57:19.0212 2152 amdide - ok
22:57:19.0353 2152 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:57:19.0353 2152 AmdK7 - ok
22:57:19.0493 2152 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:57:19.0493 2152 AmdK8 - ok
22:57:19.0680 2152 ApfiltrService (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:57:19.0680 2152 ApfiltrService - ok
22:57:19.0868 2152 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:57:19.0868 2152 arc - ok
22:57:20.0024 2152 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:57:20.0039 2152 arcsas - ok
22:57:20.0133 2152 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:57:20.0133 2152 AsyncMac - ok
22:57:20.0320 2152 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
22:57:20.0336 2152 atapi - ok
22:57:20.0460 2152 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
22:57:20.0460 2152 BCM42RLY - ok
22:57:20.0710 2152 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:57:20.0710 2152 BCM43XX - ok
22:57:20.0913 2152 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:57:20.0913 2152 Beep - ok
22:57:21.0069 2152 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:57:21.0069 2152 blbdrive - ok
22:57:21.0350 2152 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:57:21.0350 2152 bowser - ok
22:57:21.0521 2152 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:57:21.0521 2152 BrFiltLo - ok
22:57:21.0693 2152 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:57:21.0693 2152 BrFiltUp - ok
22:57:21.0880 2152 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:57:21.0880 2152 Brserid - ok
22:57:22.0036 2152 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:57:22.0036 2152 BrSerWdm - ok
22:57:22.0239 2152 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:57:22.0239 2152 BrUsbMdm - ok
22:57:22.0395 2152 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:57:22.0395 2152 BrUsbSer - ok
22:57:22.0551 2152 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:57:22.0551 2152 BTHMODEM - ok
22:57:22.0785 2152 catchme - ok
22:57:22.0925 2152 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:57:22.0925 2152 cdfs - ok
22:57:23.0066 2152 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:57:23.0066 2152 cdrom - ok
22:57:23.0300 2152 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:57:23.0300 2152 circlass - ok
22:57:23.0487 2152 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:57:23.0487 2152 CLFS - ok
22:57:23.0690 2152 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:57:23.0690 2152 CmBatt - ok
22:57:23.0908 2152 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:57:23.0908 2152 cmdide - ok
22:57:24.0048 2152 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:57:24.0048 2152 Compbatt - ok
22:57:24.0220 2152 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:57:24.0220 2152 crcdisk - ok
22:57:24.0438 2152 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:57:24.0438 2152 Crusoe - ok
22:57:24.0579 2152 DfsC - ok
22:57:24.0688 2152 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:57:24.0688 2152 disk - ok
22:57:24.0813 2152 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:57:24.0813 2152 drmkaud - ok
22:57:24.0938 2152 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:57:24.0938 2152 DXGKrnl - ok
22:57:25.0187 2152 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
22:57:25.0203 2152 e1express - ok
22:57:25.0343 2152 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:57:25.0343 2152 E1G60 - ok
22:57:25.0530 2152 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:57:25.0530 2152 Ecache - ok
22:57:25.0733 2152 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:57:25.0733 2152 elxstor - ok
22:57:25.0905 2152 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
22:57:25.0905 2152 ErrDev - ok
22:57:26.0201 2152 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:57:26.0201 2152 exfat - ok
22:57:26.0342 2152 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:57:26.0357 2152 fastfat - ok
22:57:26.0482 2152 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:57:26.0482 2152 fdc - ok
22:57:26.0591 2152 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:57:26.0591 2152 FileInfo - ok
22:57:26.0716 2152 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:57:26.0716 2152 Filetrace - ok
22:57:26.0888 2152 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:57:26.0888 2152 flpydisk - ok
22:57:27.0090 2152 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:57:27.0106 2152 FltMgr - ok
22:57:27.0371 2152 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:57:27.0371 2152 Fs_Rec - ok
22:57:27.0558 2152 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:57:27.0558 2152 gagp30kx - ok
22:57:27.0886 2152 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:57:27.0886 2152 GEARAspiWDM - ok
22:57:28.0245 2152 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:57:28.0260 2152 HDAudBus - ok
22:57:28.0448 2152 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:57:28.0448 2152 HidBth - ok
22:57:28.0650 2152 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:57:28.0650 2152 HidIr - ok
22:57:28.0838 2152 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:57:28.0838 2152 HidUsb - ok
22:57:28.0978 2152 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:57:28.0978 2152 HpCISSs - ok
22:57:29.0103 2152 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:57:29.0103 2152 HTTP - ok
22:57:29.0212 2152 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:57:29.0228 2152 i2omp - ok
22:57:29.0462 2152 i8042prt (1060f1377f395a242e27719440ece602) C:\Windows\system32\DRIVERS\i8042prt.sys
22:57:29.0462 2152 i8042prt - ok
22:57:29.0680 2152 iaStor (80c633722da72e97f3f5b3b11325696d) C:\Windows\system32\drivers\iastor.sys
22:57:29.0680 2152 iaStor - ok
22:57:29.0867 2152 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:57:29.0883 2152 iaStorV - ok
22:57:30.0226 2152 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:57:30.0382 2152 igfx - ok
22:57:30.0507 2152 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:57:30.0507 2152 iirsp - ok
22:57:30.0663 2152 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:57:30.0663 2152 intelide - ok
22:57:30.0772 2152 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:57:30.0772 2152 intelppm - ok
22:57:30.0834 2152 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:57:30.0834 2152 IpFilterDriver - ok
22:57:30.0881 2152 IpInIp - ok
22:57:31.0022 2152 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:57:31.0022 2152 IPMIDRV - ok
22:57:31.0084 2152 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:57:31.0084 2152 IPNAT - ok
22:57:31.0240 2152 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:57:31.0240 2152 IRENUM - ok
22:57:31.0412 2152 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:57:31.0412 2152 isapnp - ok
22:57:31.0568 2152 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:57:31.0583 2152 iScsiPrt - ok
22:57:31.0739 2152 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:57:31.0739 2152 iteatapi - ok
22:57:31.0833 2152 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:57:31.0848 2152 iteraid - ok
22:57:31.0989 2152 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:57:31.0989 2152 kbdclass - ok
22:57:32.0145 2152 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
22:57:32.0145 2152 kbdhid - ok
22:57:32.0394 2152 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
22:57:32.0410 2152 KSecDD - ok
22:57:32.0597 2152 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:57:32.0597 2152 lltdio - ok
22:57:32.0722 2152 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:57:32.0722 2152 LSI_FC - ok
22:57:32.0878 2152 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:57:32.0894 2152 LSI_SAS - ok
22:57:33.0003 2152 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:57:33.0003 2152 LSI_SCSI - ok
22:57:33.0128 2152 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:57:33.0128 2152 luafv - ok
22:57:33.0268 2152 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
22:57:33.0268 2152 MBAMSwissArmy - ok
22:57:33.0377 2152 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:57:33.0377 2152 megasas - ok
22:57:33.0564 2152 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:57:33.0564 2152 MegaSR - ok
22:57:33.0689 2152 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:57:33.0689 2152 Modem - ok
22:57:33.0798 2152 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:57:33.0798 2152 monitor - ok
22:57:33.0923 2152 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:57:33.0923 2152 mouclass - ok
22:57:34.0079 2152 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:57:34.0079 2152 mouhid - ok
22:57:34.0220 2152 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:57:34.0220 2152 MountMgr - ok
22:57:34.0376 2152 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:57:34.0407 2152 mpio - ok
22:57:34.0547 2152 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:57:34.0547 2152 mpsdrv - ok
22:57:34.0688 2152 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:57:34.0688 2152 Mraid35x - ok
22:57:34.0875 2152 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:57:34.0875 2152 MRxDAV - ok
22:57:35.0015 2152 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:57:35.0015 2152 mrxsmb - ok
22:57:35.0249 2152 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:57:35.0249 2152 mrxsmb10 - ok
22:57:35.0390 2152 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:57:35.0390 2152 mrxsmb20 - ok
22:57:35.0499 2152 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
22:57:35.0499 2152 msahci - ok
22:57:35.0608 2152 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:57:35.0608 2152 msdsm - ok
22:57:35.0733 2152 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:57:35.0733 2152 Msfs - ok
22:57:35.0873 2152 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:57:35.0873 2152 msisadrv - ok
22:57:36.0076 2152 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:57:36.0076 2152 MSKSSRV - ok
22:57:36.0185 2152 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:57:36.0185 2152 MSPCLOCK - ok
22:57:36.0232 2152 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:57:36.0248 2152 MSPQM - ok
22:57:36.0294 2152 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:57:36.0294 2152 MsRPC - ok
22:57:36.0372 2152 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:57:36.0372 2152 mssmbios - ok
22:57:36.0435 2152 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:57:36.0435 2152 MSTEE - ok
22:57:36.0606 2152 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:57:36.0606 2152 Mup - ok
22:57:36.0716 2152 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:57:36.0716 2152 NativeWifiP - ok
22:57:36.0856 2152 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:57:36.0856 2152 NDIS - ok
22:57:37.0028 2152 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:57:37.0028 2152 NdisTapi - ok
22:57:37.0246 2152 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:57:37.0246 2152 Ndisuio - ok
22:57:37.0371 2152 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:57:37.0371 2152 NdisWan - ok
22:57:37.0480 2152 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:57:37.0480 2152 NDProxy - ok
22:57:37.0605 2152 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:57:37.0605 2152 NetBIOS - ok
22:57:37.0776 2152 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:57:37.0776 2152 netbt - ok
22:57:37.0932 2152 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:57:37.0932 2152 nfrd960 - ok
22:57:38.0120 2152 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:57:38.0120 2152 Npfs - ok
22:57:38.0369 2152 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:57:38.0369 2152 nsiproxy - ok
22:57:38.0556 2152 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:57:38.0572 2152 Ntfs - ok
22:57:38.0759 2152 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:57:38.0759 2152 ntrigdigi - ok
22:57:38.0900 2152 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:57:38.0900 2152 NuidFltr - ok
22:57:39.0024 2152 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:57:39.0024 2152 Null - ok
22:57:39.0071 2152 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:57:39.0071 2152 nvraid - ok
22:57:39.0165 2152 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:57:39.0165 2152 nvstor - ok
22:57:39.0305 2152 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:57:39.0321 2152 nv_agp - ok
22:57:39.0414 2152 NwlnkFlt - ok
22:57:39.0586 2152 NwlnkFwd - ok
22:57:39.0867 2152 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:57:39.0867 2152 ohci1394 - ok
22:57:40.0038 2152 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:57:40.0038 2152 Parport - ok
22:57:40.0226 2152 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:57:40.0226 2152 partmgr - ok
22:57:40.0335 2152 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:57:40.0335 2152 Parvdm - ok
22:57:40.0475 2152 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:57:40.0491 2152 pci - ok
22:57:40.0647 2152 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:57:40.0647 2152 pciide - ok
22:57:40.0803 2152 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:57:40.0803 2152 pcmcia - ok
22:57:40.0990 2152 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\Windows\system32\Drivers\PCTBD.sys
22:57:40.0990 2152 PCTBD - ok
22:57:41.0349 2152 PCTCore (0edb74bd0d52d6d94cf862322e48b94e) C:\Windows\system32\drivers\PCTCore.sys
22:57:41.0396 2152 PCTCore - ok
22:57:41.0505 2152 pctDS (8734f7346b39a710491e0ddb136da2a3) C:\Windows\system32\drivers\pctDS.sys
22:57:41.0505 2152 pctDS - ok
22:57:41.0708 2152 PCTSD (ec49993baa9a86adf1cb6fa1cd895882) C:\Windows\system32\Drivers\PCTSD.sys
22:57:41.0708 2152 PCTSD - ok
22:57:41.0848 2152 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:57:41.0864 2152 PEAUTH - ok
22:57:42.0020 2152 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:57:42.0020 2152 PptpMiniport - ok
22:57:42.0144 2152 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:57:42.0144 2152 Processor - ok
22:57:42.0269 2152 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:57:42.0285 2152 PSched - ok
22:57:42.0534 2152 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:57:42.0550 2152 ql2300 - ok
22:57:42.0706 2152 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:57:42.0706 2152 ql40xx - ok
22:57:42.0893 2152 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:57:42.0893 2152 QWAVEdrv - ok
22:57:43.0190 2152 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:57:43.0205 2152 R300 - ok
22:57:43.0408 2152 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:57:43.0408 2152 RasAcd - ok
22:57:43.0564 2152 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:57:43.0564 2152 Rasl2tp - ok
22:57:43.0720 2152 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:57:43.0720 2152 RasPppoe - ok
22:57:43.0923 2152 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:57:43.0923 2152 RasSstp - ok
22:57:44.0110 2152 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:57:44.0110 2152 rdbss - ok
22:57:44.0235 2152 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:57:44.0235 2152 RDPCDD - ok
22:57:44.0375 2152 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:57:44.0375 2152 rdpdr - ok
22:57:44.0500 2152 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:57:44.0500 2152 RDPENCDD - ok
22:57:44.0750 2152 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:57:44.0750 2152 RDPWD - ok
22:57:44.0952 2152 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:57:44.0952 2152 rspndr - ok
22:57:45.0124 2152 RTSTOR (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
22:57:45.0124 2152 RTSTOR - ok
22:57:45.0249 2152 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:57:45.0249 2152 sbp2port - ok
22:57:45.0420 2152 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:57:45.0420 2152 secdrv - ok
22:57:45.0530 2152 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:57:45.0530 2152 Serenum - ok
22:57:45.0686 2152 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:57:45.0748 2152 Serial - ok
22:57:45.0857 2152 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:57:45.0857 2152 sermouse - ok
22:57:45.0966 2152 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:57:45.0966 2152 sffdisk - ok
22:57:46.0107 2152 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:57:46.0107 2152 sffp_mmc - ok
22:57:46.0216 2152 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:57:46.0216 2152 sffp_sd - ok
22:57:46.0341 2152 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:57:46.0341 2152 sfloppy - ok
22:57:46.0668 2152 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:57:46.0668 2152 sisagp - ok
22:57:47.0043 2152 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:57:47.0043 2152 SiSRaid2 - ok
22:57:47.0355 2152 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:57:47.0355 2152 SiSRaid4 - ok
22:57:47.0776 2152 Smb (ed23daaaccaf6f7efcfaf0cc155873e8) C:\Windows\system32\DRIVERS\smb.sys
22:57:47.0776 2152 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: ed23daaaccaf6f7efcfaf0cc155873e8, Fake md5: 7b75299a4d201d6a6533603d6914ab04
22:57:47.0776 2152 Smb ( Rootkit.Win32.ZAccess.c ) - infected
22:57:47.0776 2152 Smb - detected Rootkit.Win32.ZAccess.c (0)
22:57:48.0057 2152 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:57:48.0057 2152 spldr - ok
22:57:48.0260 2152 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:57:48.0260 2152 srv - ok
22:57:48.0431 2152 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:57:48.0431 2152 srv2 - ok
22:57:48.0587 2152 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:57:48.0587 2152 srvnet - ok
22:57:48.0790 2152 STHDA (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
22:57:48.0790 2152 STHDA - ok
22:57:48.0915 2152 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:57:48.0915 2152 swenum - ok
22:57:49.0086 2152 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:57:49.0102 2152 Symc8xx - ok
22:57:49.0227 2152 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:57:49.0227 2152 Sym_hi - ok
22:57:49.0336 2152 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:57:49.0336 2152 Sym_u3 - ok
22:57:49.0570 2152 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:57:49.0586 2152 Tcpip - ok
22:57:49.0757 2152 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:57:49.0757 2152 Tcpip6 - ok
22:57:49.0913 2152 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:57:49.0913 2152 tcpipreg - ok
22:57:50.0147 2152 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:57:50.0147 2152 TDPIPE - ok
22:57:50.0303 2152 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:57:50.0303 2152 TDTCP - ok
22:57:50.0459 2152 tdx - ok
22:57:50.0600 2152 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:57:50.0600 2152 TermDD - ok
22:57:50.0787 2152 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:57:50.0787 2152 tssecsrv - ok
22:57:50.0958 2152 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:57:50.0974 2152 tunmp - ok
22:57:51.0348 2152 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:57:51.0348 2152 tunnel - ok
22:57:51.0489 2152 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:57:51.0489 2152 uagp35 - ok
22:57:51.0614 2152 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:57:51.0614 2152 udfs - ok
22:57:51.0785 2152 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:57:51.0785 2152 uliagpkx - ok
22:57:51.0910 2152 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:57:51.0926 2152 uliahci - ok
22:57:52.0082 2152 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:57:52.0160 2152 UlSata - ok
22:57:52.0331 2152 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:57:52.0331 2152 ulsata2 - ok
22:57:52.0456 2152 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:57:52.0456 2152 umbus - ok
22:57:52.0628 2152 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:57:52.0628 2152 USBAAPL - ok
22:57:52.0799 2152 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:57:52.0799 2152 usbccgp - ok
22:57:52.0940 2152 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:57:52.0940 2152 usbcir - ok
22:57:53.0127 2152 usbehci (8d75aec2bba8d041976d1831a03e42fc) C:\Windows\system32\DRIVERS\usbehci.sys
22:57:53.0127 2152 usbehci - ok
22:57:53.0267 2152 usbhub (7ae1e0745b06e9dd5df66ede062bacfa) C:\Windows\system32\DRIVERS\usbhub.sys
22:57:53.0267 2152 usbhub - ok
22:57:53.0392 2152 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:57:53.0408 2152 usbohci - ok
22:57:53.0564 2152 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:57:53.0564 2152 usbprint - ok
22:57:53.0766 2152 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:57:53.0766 2152 USBSTOR - ok
22:57:53.0969 2152 usbuhci (407fa9318014a409c4575b77493950c8) C:\Windows\system32\DRIVERS\usbuhci.sys
22:57:53.0969 2152 usbuhci - ok
22:57:54.0188 2152 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:57:54.0188 2152 vga - ok
22:57:54.0344 2152 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:57:54.0344 2152 VgaSave - ok
22:57:54.0515 2152 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:57:54.0515 2152 viaagp - ok
22:57:54.0656 2152 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:57:54.0656 2152 ViaC7 - ok
22:57:54.0874 2152 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:57:54.0874 2152 viaide - ok
22:57:55.0030 2152 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:57:55.0030 2152 volmgr - ok
22:57:55.0077 2152 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:57:55.0077 2152 volmgrx - ok
22:57:55.0202 2152 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:57:55.0202 2152 volsnap - ok
22:57:55.0326 2152 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:57:55.0326 2152 vsmraid - ok
22:57:55.0623 2152 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:57:55.0623 2152 WacomPen - ok
22:57:55.0810 2152 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:57:55.0810 2152 Wanarp - ok
22:57:55.0872 2152 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:57:55.0872 2152 Wanarpv6 - ok
22:57:56.0138 2152 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:57:56.0138 2152 Wd - ok
22:57:56.0340 2152 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:57:56.0356 2152 Wdf01000 - ok
22:57:56.0699 2152 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:57:56.0699 2152 WmiAcpi - ok
22:57:56.0996 2152 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:57:56.0996 2152 WpdUsb - ok
22:57:57.0167 2152 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:57:57.0167 2152 ws2ifsl - ok
22:57:57.0370 2152 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:57:57.0370 2152 WUDFRd - ok
22:57:57.0557 2152 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
22:57:57.0573 2152 yukonwlh - ok
22:57:57.0604 2152 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:57:57.0635 2152 \Device\Harddisk0\DR0 - ok
22:57:57.0651 2152 Boot (0x1200) (f988d2af3d926a1c5cf195f5e298adaa) \Device\Harddisk0\DR0\Partition0
22:57:57.0651 2152 \Device\Harddisk0\DR0\Partition0 - ok
22:57:57.0651 2152 Boot (0x1200) (4670713dfb9d6cd71a2aeca085a313f4) \Device\Harddisk0\DR0\Partition1
22:57:57.0651 2152 \Device\Harddisk0\DR0\Partition1 - ok
22:57:57.0651 2152 ============================================================
22:57:57.0651 2152 Scan finished
22:57:57.0651 2152 ============================================================
22:57:57.0666 1384 Detected object count: 1
22:57:57.0666 1384 Actual detected object count: 1
22:58:09.0491 1384 Backup copy found, using it..
22:58:09.0507 1384 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
22:58:32.0985 1384 Smb ( Rootkit.Win32.ZAccess.c ) - User select action: Cure




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users