Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti-virus redirect/facebook phishing virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 glen55

glen55

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 12 December 2012 - 12:20 PM

Chronology:

(1) This may have started when I enabled Java recently.
(2) Yesterday I went onto Facebook and got a "Your account is blocked." screen, asking me to provide security info to unblock my account. Stupidly, I gave it my debit card number, but then I realized what was going on and got my debit card blocked within 5 minutes.
(3) This morning I discovered that my McAfee and Eset security programs do not work.
(4) Every time I try to go to a legit anti-virus site such as malwarebytes I am redirected to google.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6002.18005
Run by Glen at 9:08:18 on 2012-12-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1216 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ShadowExplorer\sesvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D34343839333226706F3D35343939383641
uDefault_Page_URL = hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D34343839333226706F3D35343939383641
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.alienware.com/mothership
mDefault_Page_URL = hxxp://www.alienware.com/Mothership?Comp=%ALIENFACTORY_Company%&SysCode=%ALIENFACTORY_SystemCode%&ai=636E3D34343839333226706F3D35343939383641
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [Ymcuenevwo] c:\users\glen\appdata\roaming\quuk\boik.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: $talisma_url$
Trusted Zone: internet
Trusted Zone: line6.net
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com
Trusted Zone: westlaw.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{3D9EE210-8DD5-4959-8EDB-B9B3A529BC63} : DHCPNameServer = 192.168.1.254
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 172.31.254.2 mykillernic
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\glen\appdata\roaming\mozilla\firefox\profiles\5dr886yj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://bamaonline.com/
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\glen\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\glen\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\glen\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-8 64648]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-8 163400]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-24 21504]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-8-2 4608]
R2 sesvc;ShadowExplorer Service;c:\program files\shadowexplorer\sesvc.exe [2012-3-23 9216]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2009-3-28 5120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-8-30 382312]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-2-26 245760]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-11-10 40848]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-11-10 10384]
R3 NBv834x;Killer NIC Gaming Adapter Service;c:\windows\system32\drivers\NBv834x.sys [2008-1-31 104480]
R3 NBvEdge;Killer NIC NDIS-Edge Service;c:\windows\system32\drivers\NBvEdge.sys [2008-1-31 23072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset smart security\ekrn.exe" --> c:\program files\eset\eset smart security\ekrn.exe [?]
S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2012-2-26 71424]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2012-2-26 11520]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 L6TPrtDG;Service - Line 6 TonePort DI-G;c:\windows\system32\drivers\L6TPrtDG.sys [2009-4-20 531456]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-9-9 27192]
S3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\system32\SUPDSvc2.exe [2012-12-5 129536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-11 16:11:57 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{45a88094-4049-4a2e-83e3-5a7a8cb0c76c}\mpengine.dll
2012-12-11 03:28:24 -------- d-----w- c:\users\glen\appdata\roaming\Wuhy
2012-12-11 03:28:24 -------- d-----w- c:\users\glen\appdata\roaming\Quuk
2012-12-11 03:28:24 -------- d-----w- c:\users\glen\appdata\roaming\Izyzi
2012-12-06 02:54:18 -------- d-----w- c:\programdata\Samsung
2012-12-06 02:53:49 25088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\spd__pc.dll
2012-12-06 02:53:10 1724416 ------w- c:\windows\gdiplus.dll
2012-12-06 02:53:10 1558432 ------w- c:\windows\TotalUninstaller.exe
2012-12-06 02:30:26 310272 ----a-w- c:\windows\system32\UPDIO2.dll
2012-12-06 02:30:26 24064 ----a-w- c:\windows\system32\spd__l.dll
2012-12-06 02:30:26 135168 ----a-w- c:\windows\system32\SUPDSvcA2.dll
2012-12-06 02:30:25 65536 ----a-w- c:\windows\system32\spd__ci.dll
2012-12-06 02:30:25 254464 ----a-w- c:\windows\system32\SUPDRun.exe
2012-12-06 02:30:25 151552 ----a-w- c:\windows\system32\spd__ci.exe
2012-12-06 02:30:25 129536 ----a-w- c:\windows\system32\SUPDSvc2.exe
2012-12-03 23:30:43 -------- d-----w- c:\users\glen\appdata\roaming\PC-FAX TX
2012-11-29 06:07:34 -------- d-----w- c:\program files\VideoLAN
.
==================== Find3M ====================
.
2012-12-12 15:34:54 5449 --sha-w- c:\windows\system32\mmf.sys
2012-12-06 02:32:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-06 02:32:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-07 15:46:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 15:46:45 746984 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 9:09:42.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 12 December 2012 - 02:08 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 12 December 2012 - 05:33 PM

Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (13.0)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#4 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 12 December 2012 - 05:48 PM

# AdwCleaner v2.100 - Logfile created 12/12/2012 at 14:37:38
# Updated 09/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Glen - GAMES
# Boot Mode : Normal
# Running from : C:\Users\Glen\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Glen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\Conduit
Folder Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\ConduitEngine
Folder Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\CT1561552
Folder Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Folder Deleted : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

Profile name : default
File : C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\prefs.js

C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\5dr886yj.default\user.js ... Deleted !

Deleted : user_pref("CT1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1561552.CTID", "CT1561552");
Deleted : user_pref("CT1561552.CurrentServerDate", "5-9-2010");
Deleted : user_pref("CT1561552.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1561552.EMailNotifierPollDate", "Sat Sep 04 2010 16:20:35 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT1561552.FirstServerDate", "5-9-2010");
Deleted : user_pref("CT1561552.FirstTime", true);
Deleted : user_pref("CT1561552.FirstTimeFF3", true);
Deleted : user_pref("CT1561552.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1561552.Initialize", true);
Deleted : user_pref("CT1561552.InitializeCommonPrefs", true);
Deleted : user_pref("CT1561552.InstalledDate", "Sat Sep 04 2010 16:10:13 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT1561552.InvalidateCache", false);
Deleted : user_pref("CT1561552.IsGrouping", false);
Deleted : user_pref("CT1561552.IsMulticommunity", false);
Deleted : user_pref("CT1561552.IsOpenThankYouPage", true);
Deleted : user_pref("CT1561552.IsOpenUninstallPage", true);
Deleted : user_pref("CT1561552.LanguagePackLastCheckTime", "Sat Sep 04 2010 16:10:13 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1561552.LastLogin_2.5.6.0", "Sat Sep 04 2010 16:10:33 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT1561552.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT1561552.Locale", "en-us");
Deleted : user_pref("CT1561552.LoginCache", 4);
Deleted : user_pref("CT1561552.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1561552.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1561552.RadioIsPodcast", false);
Deleted : user_pref("CT1561552.RadioLastCheckTime", "Sat Sep 04 2010 16:10:12 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT1561552.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");
Deleted : user_pref("CT1561552.RadioMediaID", "13448970");
Deleted : user_pref("CT1561552.RadioMediaType", "Media Player");
Deleted : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");
Deleted : user_pref("CT1561552.RadioStationName", "Danceradio");
Deleted : user_pref("CT1561552.RadioStationURL", "hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx");
Deleted : user_pref("CT1561552.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1561552.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT1561552.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156[...]
Deleted : user_pref("CT1561552.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Sat Sep 04 2010 16:10:34 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1561552.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT1561552.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT1561552.SettingsLastCheckTime", "Sat Sep 04 2010 16:10:10 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT1561552.SettingsLastUpdate", "1283553808");
Deleted : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Sat Sep 04 2010 16:10:09 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT1561552.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT1561552.UserID", "UN78460500037637838");
Deleted : user_pref("CT1561552.ValidationData_Search", 0);
Deleted : user_pref("CT1561552.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1561552.alertChannelId", "15257");
Deleted : user_pref("CT1561552.clientLogIsEnabled", true);
Deleted : user_pref("CT1561552.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT1561552.components.1000034", true);
Deleted : user_pref("CT1561552.components.1000234", false);
Deleted : user_pref("CT1561552.myStuffEnabled", true);
Deleted : user_pref("CT1561552.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1561552.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1561552,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 16:21:30 GMT-07[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jun 20 2011 23:21:51 GMT-0700 (Pacif[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 20 2011 20:11:17 GMT-0700 (Pacific D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "3519c808-c69d-4d5e-a320-a7bec5329d8b");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jun 17 2011 22:49:42 GMT-0700 (Pacific Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 23:21:32 GMT-0700 (Pacific Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "05/08/2011 02");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat May 07 2011 16:21:30 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 20 2011 23:21:34 GMT-0700 (Pacific Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon Jun 20 2011 20:56:48 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Mon Jun 20 2011 20:56:49 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN00941850220254669");
Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Mon Jun 20 2011 23:21:32 GMT-0700 (Pacif[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon Jun 20 2011 22:56:48 GMT-0700 (Paci[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultthis.engineName", "Hotspot Shield Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&Sea[...]

Profile name : default
File : C:\Users\Boss\AppData\Roaming\Mozilla\Firefox\Profiles\ygxxp0ry.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Glen\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [12847 octets] - [12/12/2012 14:37:38]

########## EOF - C:\AdwCleaner[S1].txt - [12908 octets] ##########

#5 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 12 December 2012 - 06:04 PM

RogueKiller V8.4.0 [Dec 12 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Glen [Admin rights]
Mode : Remove -- Date : 12/12/2012 15:00:38

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Runservice.exe -- C:\Windows\runservice.exe -> KILLED [TermProc]
[SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ISUSPM (C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Ymcuenevwo (C:\Users\Glen\AppData\Roaming\Quuk\boik.exe) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1141470212-1413866164-2127220638-1000[...]\Run : Ymcuenevwo (C:\Users\Glen\AppData\Roaming\Quuk\boik.exe) -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost
172.31.254.2 mykillernic


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: NVIDIA STRIPE 931.52G +++++
--- User ---
[MBR] 716e873fde1afb0dbd1a2578e0b14df6
[BSP] fd0718c1004fc85a868d3309571905be : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 945738 Mo
1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1936873472 | Size: 8137 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_D_12122012_02d1500.txt >>
RKreport[1]_S_12122012_02d1451.txt ; RKreport[2]_S_12122012_02d1500.txt ; RKreport[3]_D_12122012_02d1500.txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 12 December 2012 - 10:50 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 13 December 2012 - 12:24 AM

Sorry, Gringo, I have a question before I launch into that.

You say Recovery Console is XP only. I have Vista. If it becomes necessary for me to run it, can I just move to the next step?

Edited by glen55, 13 December 2012 - 12:24 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 13 December 2012 - 08:42 AM

Hello


because you have vista it will not ask you - it will just keep going




gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 14 December 2012 - 11:10 AM

Gringo, I ran Combofix. Every 15 minutes or so I went into check it. The last time I saw it running it had been going about 50 minutes.

The next time I checked it, the computer had gone into sleep mode. I brought the computer out of sleep. Combofix appeared to still be running, saying "Scanning for infected files," with the cursor blinking and the message about how the scan usually takes 10 minutes but can take longer still up.

It has been running another 20 minutes by now, but I'm not going to be able to stick around all day to keep it out of sleep mode. Is Combofix OK if it goes into sleep mode and comes back out, or do I need to restart it at a time when I can sit by the computer and keep it out of sleep over a long period of time?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 14 December 2012 - 11:40 AM

Hello

I have never tried it so I would not know - go ahead and stop it and when you are ready to try it again I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 14 December 2012 - 03:29 PM

OK, here's what happened:

(1) I started in safe mode and ran Combofix
(2) Combofix ran for about 2.5 hours
(3) Combofix said I was infected with rootkit something and needed to reboot. I didn't write it down.
(4) I rebooted but did not catch it in time to put it in safe mode. I got a message somethin about an application failed to start because of [string of letters and numbers that I didn't write down]. Nothing else happened except the Windows desktop came up, not in safe mode.
(5) I rebooted in safe mode and ran Combofix again.
(6) This time it ran for about 5-10 minutes and came up and said I had a rootkit infection and needed to reboot.
(7) I rebooted, this time in safe mode.
(8) Nothing happened.
(9) I started Combofix. It ran through its initial paces but the dos box never came up. Instead, after the initial 11 steps it goes through, it just went away and never came back.
(10) I started Combofix again, and it did just what it did in (9) again.
(11) Now I have waited over 10 minutes, and Combofix has never reappeared or done anything. The computer is just sitting there in safe mode on the Windows desktop screen.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 14 December 2012 - 03:54 PM

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 14 December 2012 - 04:55 PM

(1) I ran TDSSkiller, clicked Change Parameters and checked Loaded Modules.
(2) It rebooted. However, after reboot, TDSSkiller did not run automatically.
(3) Instead there was a box asking me if I wanted to run 008896BD-0A7B-4F3E-7DCF9EE48B6.exe, publisher Kaspersky Labs.
(4) I figured Kaspersky Labs = TDSSKiller, and this was probably it, so I clicked run.
(5) It appeared to be TDSSKILLER. I clicked on Change Parameters, checked all boxes, and clicked OK.
(6) It scanned and found 17 suspicious files.
(7) I never got the option to "Skip" or "Continue." It just listed the files in a box.
(8) Finally, I clicked Continue. There was no "Cure" option to select. There were two options at the top that I didn't write down; one was copying the files and I don't recall the other.
(9) I thought I must have missed something, so I ran it again. Exact same thing.
(10) I did not get any screen or message saying Reboot now to finish the cleaning process, but I rebooted anyway.
(11) I did get a "TDSSKiller...Log.txt" message in my root drive. I am going to make 4 more replies and paste each message into its own reply, and then I will attempt to run aswMBR.

09:54:40.0246 5660 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
09:54:40.0903 5660 ============================================================
09:54:40.0903 5660 Current date / time: 2011/10/15 09:54:40.0903
09:54:40.0903 5660 SystemInfo:
09:54:40.0903 5660
09:54:40.0903 5660 OS Version: 6.0.6002 ServicePack: 2.0
09:54:40.0903 5660 Product type: Workstation
09:54:40.0903 5660 ComputerName: GAMES
09:54:40.0904 5660 UserName: Glen
09:54:40.0904 5660 Windows directory: C:\Windows
09:54:40.0904 5660 System windows directory: C:\Windows
09:54:40.0904 5660 Processor architecture: Intel x86
09:54:40.0904 5660 Number of processors: 2
09:54:40.0904 5660 Page size: 0x1000
09:54:40.0904 5660 Boot type: Normal boot
09:54:40.0904 5660 ============================================================
09:54:46.0140 5660 Initialize success
09:54:49.0162 2788 ============================================================
09:54:49.0162 2788 Scan started
09:54:49.0162 2788 Mode: Manual;
09:54:49.0162 2788 ============================================================
09:54:55.0561 2788 728fb9b6 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3065614194:2372945481.exe
09:54:55.0742 2788 Suspicious file (Hidden): C:\Windows\3065614194:2372945481.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
09:54:55.0742 2788 728fb9b6 ( HiddenFile.Multi.Generic ) - warning
09:54:55.0742 2788 728fb9b6 - detected HiddenFile.Multi.Generic (1)
09:54:56.0016 2788 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:54:56.0089 2788 ACPI - ok
09:54:56.0402 2788 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:54:56.0519 2788 adp94xx - ok
09:54:56.0659 2788 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:54:56.0672 2788 adpahci - ok
09:54:56.0809 2788 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:54:56.0819 2788 adpu160m - ok
09:54:56.0881 2788 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:54:56.0889 2788 adpu320 - ok
09:54:57.0126 2788 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:54:57.0206 2788 AFD - ok
09:54:57.0320 2788 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:54:57.0324 2788 agp440 - ok
09:54:57.0385 2788 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:54:57.0407 2788 aic78xx - ok
09:54:57.0464 2788 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:54:57.0477 2788 aliide - ok
09:54:57.0572 2788 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:54:57.0585 2788 amdagp - ok
09:54:57.0656 2788 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:54:57.0668 2788 amdide - ok
09:54:57.0749 2788 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:54:57.0776 2788 AmdK7 - ok
09:54:57.0841 2788 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:54:57.0850 2788 AmdK8 - ok
09:54:58.0127 2788 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:54:58.0129 2788 arc - ok
09:54:58.0265 2788 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:54:58.0281 2788 arcsas - ok
09:54:58.0592 2788 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:54:58.0607 2788 AsyncMac - ok
09:54:58.0859 2788 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:54:58.0860 2788 atapi - ok
09:54:59.0196 2788 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
09:54:59.0197 2788 atksgt - ok
09:54:59.0594 2788 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:54:59.0604 2788 Beep - ok
09:54:59.0836 2788 blbdrive - ok
09:55:00.0180 2788 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:55:00.0207 2788 bowser - ok
09:55:00.0398 2788 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:55:01.0523 2788 BrFiltLo - ok
09:55:01.0697 2788 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:55:01.0698 2788 BrFiltUp - ok
09:55:01.0890 2788 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:55:01.0936 2788 Brserid - ok
09:55:02.0148 2788 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:55:02.0187 2788 BrSerWdm - ok
09:55:02.0552 2788 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:55:02.0587 2788 BrUsbMdm - ok
09:55:02.0943 2788 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:55:02.0961 2788 BrUsbSer - ok
09:55:03.0251 2788 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:55:03.0266 2788 BTHMODEM - ok
09:55:03.0562 2788 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:55:03.0595 2788 cdfs - ok
09:55:03.0895 2788 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:55:03.0902 2788 cdrom - ok
09:55:04.0137 2788 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:55:04.0146 2788 circlass - ok
09:55:04.0374 2788 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:55:04.0419 2788 CLFS - ok
09:55:04.0955 2788 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
09:55:04.0969 2788 CmBatt - ok
09:55:05.0166 2788 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:55:05.0176 2788 cmdide - ok
09:55:05.0300 2788 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:55:05.0301 2788 Compbatt - ok
09:55:05.0551 2788 cpuz132 - ok
09:55:05.0683 2788 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:55:05.0684 2788 crcdisk - ok
09:55:05.0784 2788 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:55:05.0810 2788 Crusoe - ok
09:55:06.0086 2788 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:55:06.0095 2788 DfsC - ok
09:55:06.0298 2788 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
09:55:06.0313 2788 DgiVecp - ok
09:55:06.0494 2788 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:55:06.0518 2788 disk - ok
09:55:06.0661 2788 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:55:06.0685 2788 Dot4 - ok
09:55:06.0751 2788 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:55:06.0751 2788 Dot4Print - ok
09:55:06.0820 2788 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:55:06.0826 2788 dot4usb - ok
09:55:06.0920 2788 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:55:06.0933 2788 drmkaud - ok
09:55:07.0095 2788 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:55:07.0098 2788 DXGKrnl - ok
09:55:07.0205 2788 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:55:07.0207 2788 E1G60 - ok
09:55:07.0349 2788 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:55:07.0361 2788 Ecache - ok
09:55:07.0485 2788 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
09:55:07.0486 2788 ehdrv - ok
09:55:07.0697 2788 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:55:07.0796 2788 elxstor - ok
09:55:07.0961 2788 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\Windows\system32\DRIVERS\epfw.sys
09:55:07.0961 2788 epfw - ok
09:55:08.0145 2788 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:55:08.0157 2788 exfat - ok
09:55:08.0294 2788 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:55:08.0301 2788 fastfat - ok
09:55:08.0434 2788 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:55:08.0435 2788 fdc - ok
09:55:08.0535 2788 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:55:08.0547 2788 FileInfo - ok
09:55:08.0627 2788 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:55:08.0628 2788 Filetrace - ok
09:55:08.0665 2788 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:55:08.0666 2788 flpydisk - ok
09:55:08.0831 2788 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:55:08.0849 2788 FltMgr - ok
09:55:09.0056 2788 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:55:09.0057 2788 Fs_Rec - ok
09:55:09.0200 2788 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:55:09.0201 2788 gagp30kx - ok
09:55:09.0336 2788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:55:09.0337 2788 GEARAspiWDM - ok
09:55:09.0618 2788 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:55:09.0629 2788 HdAudAddService - ok
09:55:09.0734 2788 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:55:09.0777 2788 HDAudBus - ok
09:55:09.0934 2788 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:55:09.0959 2788 HidBth - ok
09:55:10.0032 2788 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:55:10.0039 2788 HidIr - ok
09:55:10.0217 2788 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:55:10.0231 2788 HidUsb - ok
09:55:10.0303 2788 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:55:10.0307 2788 HpCISSs - ok
09:55:10.0510 2788 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:55:10.0549 2788 HTTP - ok
09:55:10.0618 2788 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:55:10.0627 2788 i2omp - ok
09:55:10.0776 2788 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:55:10.0777 2788 i8042prt - ok
09:55:10.0828 2788 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:55:10.0837 2788 iaStorV - ok
09:55:10.0968 2788 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:55:10.0976 2788 iirsp - ok
09:55:11.0358 2788 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
09:55:11.0365 2788 IntcAzAudAddService - ok
09:55:11.0613 2788 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:55:11.0614 2788 intelide - ok
09:55:11.0756 2788 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:55:11.0767 2788 intelppm - ok
09:55:11.0943 2788 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:55:11.0951 2788 IpFilterDriver - ok
09:55:12.0040 2788 IpInIp - ok
09:55:12.0123 2788 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:55:12.0135 2788 IPMIDRV - ok
09:55:12.0243 2788 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:55:12.0252 2788 IPNAT - ok
09:55:12.0415 2788 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:55:12.0429 2788 IRENUM - ok
09:55:12.0552 2788 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:55:12.0553 2788 isapnp - ok
09:55:12.0778 2788 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:55:12.0779 2788 iScsiPrt - ok
09:55:12.0851 2788 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:55:12.0860 2788 iteatapi - ok
09:55:13.0008 2788 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:55:13.0055 2788 iteraid - ok
09:55:13.0222 2788 jfdcd - ok
09:55:13.0400 2788 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:55:13.0400 2788 kbdclass - ok
09:55:13.0493 2788 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:55:13.0507 2788 kbdhid - ok
09:55:13.0796 2788 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:55:13.0808 2788 KSecDD - ok
09:55:14.0005 2788 L6TPrtDG (8b70e4e9ee5fccdab0919aa6d58be6ec) C:\Windows\system32\Drivers\L6TPrtDG.sys
09:55:14.0033 2788 L6TPrtDG - ok
09:55:14.0251 2788 LEqdUsb (a87790c7fdcbc2b3c1e39815f8e8cbda) C:\Windows\system32\Drivers\LEqdUsb.Sys
09:55:14.0251 2788 LEqdUsb - ok
09:55:14.0368 2788 LHidEqd (a628afe7eb25c9814a1019b369c595c4) C:\Windows\system32\Drivers\LHidEqd.Sys
09:55:14.0369 2788 LHidEqd - ok
09:55:14.0546 2788 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:55:15.0024 2788 LHidFilt - ok
09:55:15.0250 2788 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
09:55:15.0251 2788 lirsgt - ok
09:55:15.0344 2788 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:55:15.0350 2788 lltdio - ok
09:55:15.0510 2788 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:55:15.0511 2788 LMouFilt - ok
09:55:15.0622 2788 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:55:15.0631 2788 LSI_FC - ok
09:55:15.0718 2788 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:55:15.0728 2788 LSI_SAS - ok
09:55:15.0827 2788 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:55:15.0856 2788 LSI_SCSI - ok
09:55:15.0968 2788 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:55:15.0983 2788 luafv - ok
09:55:16.0163 2788 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:55:16.0177 2788 megasas - ok
09:55:16.0316 2788 mfenlfk (aedda57376e051e8e152b72d2df5387c) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:55:16.0317 2788 mfenlfk - ok
09:55:16.0473 2788 mfewfpk (547c95b8a73fd111b0d7af7c0f6736a3) C:\Windows\system32\drivers\mfewfpk.sys
09:55:16.0474 2788 mfewfpk - ok
09:55:16.0572 2788 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:55:16.0582 2788 Modem - ok
09:55:16.0722 2788 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:55:16.0731 2788 monitor - ok
09:55:16.0841 2788 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:55:16.0841 2788 mouclass - ok
09:55:16.0945 2788 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
09:55:16.0961 2788 moufiltr - ok
09:55:17.0032 2788 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:55:17.0044 2788 mouhid - ok
09:55:17.0160 2788 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:55:17.0161 2788 MountMgr - ok
09:55:17.0269 2788 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:55:17.0278 2788 mpio - ok
09:55:17.0360 2788 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:55:17.0374 2788 mpsdrv - ok
09:55:17.0496 2788 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:55:17.0505 2788 Mraid35x - ok
09:55:17.0632 2788 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:55:17.0643 2788 MRxDAV - ok
09:55:17.0737 2788 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:55:17.0746 2788 mrxsmb - ok
09:55:17.0877 2788 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:55:17.0916 2788 mrxsmb10 - ok
09:55:18.0084 2788 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:55:18.0097 2788 mrxsmb20 - ok
09:55:18.0176 2788 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:55:18.0184 2788 msahci - ok
09:55:18.0286 2788 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:55:18.0302 2788 msdsm - ok
09:55:18.0428 2788 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:55:18.0437 2788 Msfs - ok
09:55:18.0558 2788 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:55:18.0559 2788 msisadrv - ok
09:55:18.0648 2788 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:55:18.0649 2788 MSKSSRV - ok
09:55:18.0787 2788 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:55:18.0799 2788 MSPCLOCK - ok
09:55:18.0895 2788 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:55:18.0896 2788 MSPQM - ok
09:55:18.0999 2788 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:55:19.0012 2788 MsRPC - ok
09:55:19.0086 2788 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:55:19.0086 2788 mssmbios - ok
09:55:19.0206 2788 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:55:19.0212 2788 MSTEE - ok
09:55:19.0311 2788 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:55:19.0312 2788 Mup - ok
09:55:19.0448 2788 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:55:19.0477 2788 NativeWifiP - ok
09:55:19.0617 2788 NBv834x (b9a1a38ff5828737ecaf0bfcee8330f4) C:\Windows\system32\DRIVERS\nbv834x.sys
09:55:19.0617 2788 NBv834x - ok
09:55:19.0680 2788 NBvEdge (4f52c7edbb7dc9ce4536e20f2e92303f) C:\Windows\system32\DRIVERS\NBvEdge.sys
09:55:19.0680 2788 NBvEdge - ok
09:55:19.0892 2788 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:55:19.0928 2788 NDIS - ok
09:55:20.0146 2788 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:55:20.0160 2788 NdisTapi - ok
09:55:20.0266 2788 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:55:20.0291 2788 Ndisuio - ok
09:55:20.0469 2788 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:55:20.0483 2788 NdisWan - ok
09:55:20.0575 2788 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:55:20.0590 2788 NDProxy - ok
09:55:20.0785 2788 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:55:20.0802 2788 NetBIOS - ok
09:55:20.0949 2788 netbt (45d4ffd9c424db8cada3f80e0527db0b) C:\Windows\system32\DRIVERS\netbt.sys
09:55:20.0949 2788 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 45d4ffd9c424db8cada3f80e0527db0b, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
09:55:20.0950 2788 netbt ( Rootkit.Win32.ZAccess.e ) - infected
09:55:20.0950 2788 netbt - detected Rootkit.Win32.ZAccess.e (0)
09:55:21.0101 2788 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:55:21.0112 2788 nfrd960 - ok
09:55:21.0231 2788 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:55:21.0237 2788 Npfs - ok
09:55:21.0334 2788 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:55:21.0346 2788 nsiproxy - ok
09:55:21.0495 2788 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:55:21.0617 2788 Ntfs - ok
09:55:21.0676 2788 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:55:21.0677 2788 ntrigdigi - ok
09:55:21.0800 2788 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:55:21.0809 2788 NuidFltr - ok
09:55:21.0876 2788 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:55:21.0888 2788 Null - ok
09:55:22.0097 2788 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:55:22.0101 2788 NVENETFD - ok
09:55:22.0927 2788 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:55:22.0972 2788 nvlddmkm - ok
09:55:23.0262 2788 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:55:23.0263 2788 nvraid - ok
09:55:23.0379 2788 nvrd32 (ca4cceff1d43f48a289536451fd39d04) C:\Windows\system32\DRIVERS\nvrd32.sys
09:55:23.0380 2788 nvrd32 - ok
09:55:23.0459 2788 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:55:23.0468 2788 nvstor - ok
09:55:23.0535 2788 nvstor32 (f2d7ccd75132f19119108e07a4fd0a12) C:\Windows\system32\DRIVERS\nvstor32.sys
09:55:23.0580 2788 nvstor32 - ok
09:55:23.0738 2788 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:55:23.0747 2788 nv_agp - ok
09:55:23.0824 2788 NwlnkFlt - ok
09:55:23.0900 2788 NwlnkFwd - ok
09:55:24.0133 2788 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:55:24.0140 2788 ohci1394 - ok
09:55:24.0296 2788 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:55:24.0309 2788 Parport - ok
09:55:24.0433 2788 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:55:24.0442 2788 partmgr - ok
09:55:24.0520 2788 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:55:24.0533 2788 Parvdm - ok
09:55:24.0698 2788 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:55:24.0708 2788 pci - ok
09:55:24.0788 2788 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:55:24.0788 2788 pciide - ok
09:55:24.0840 2788 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:55:24.0849 2788 pcmcia - ok
09:55:24.0960 2788 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:55:25.0139 2788 PEAUTH - ok
09:55:25.0336 2788 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
09:55:25.0346 2788 Point32 - ok
09:55:25.0445 2788 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:55:25.0456 2788 PptpMiniport - ok
09:55:25.0535 2788 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:55:25.0548 2788 Processor - ok
09:55:25.0656 2788 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:55:25.0664 2788 PSched - ok
09:55:25.0787 2788 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
09:55:25.0795 2788 PxHelp20 - ok
09:55:26.0033 2788 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:55:26.0099 2788 ql2300 - ok
09:55:26.0213 2788 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:55:26.0223 2788 ql40xx - ok
09:55:26.0323 2788 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:55:26.0334 2788 QWAVEdrv - ok
09:55:26.0518 2788 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
09:55:26.0896 2788 R300 - ok
09:55:27.0097 2788 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:55:27.0109 2788 RasAcd - ok
09:55:27.0245 2788 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:55:27.0268 2788 Rasl2tp - ok
09:55:27.0385 2788 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:55:27.0410 2788 RasPppoe - ok
09:55:27.0574 2788 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:55:27.0585 2788 RasSstp - ok
09:55:27.0724 2788 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:55:27.0730 2788 rdbss - ok
09:55:27.0806 2788 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:55:27.0818 2788 RDPCDD - ok
09:55:27.0903 2788 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:55:27.0905 2788 rdpdr - ok
09:55:27.0949 2788 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:55:27.0950 2788 RDPENCDD - ok
09:55:28.0017 2788 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:55:28.0028 2788 RDPWD - ok
09:55:28.0185 2788 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
09:55:28.0193 2788 Revoflt - ok
09:55:28.0288 2788 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:55:28.0297 2788 rspndr - ok
09:55:28.0393 2788 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:55:28.0419 2788 RTL8169 - ok
09:55:28.0462 2788 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:55:28.0470 2788 sbp2port - ok
09:55:28.0526 2788 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:55:28.0548 2788 secdrv - ok
09:55:28.0631 2788 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:55:28.0638 2788 Serenum - ok
09:55:28.0711 2788 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:55:28.0726 2788 Serial - ok
09:55:28.0958 2788 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:55:28.0981 2788 sermouse - ok
09:55:29.0168 2788 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:55:29.0205 2788 sffdisk - ok
09:55:29.0426 2788 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:55:29.0446 2788 sffp_mmc - ok
09:55:29.0653 2788 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:55:29.0685 2788 sffp_sd - ok
09:55:29.0888 2788 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:55:29.0902 2788 sfloppy - ok
09:55:30.0121 2788 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:55:30.0156 2788 sisagp - ok
09:55:30.0387 2788 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:55:30.0398 2788 SiSRaid2 - ok
09:55:30.0620 2788 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:55:30.0653 2788 SiSRaid4 - ok
09:55:30.0946 2788 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:55:31.0009 2788 Smb - ok
09:55:31.0481 2788 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
09:55:31.0807 2788 smserial - ok
09:55:32.0113 2788 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:55:32.0113 2788 spldr - ok
09:55:32.0394 2788 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:55:32.0479 2788 srv - ok
09:55:32.0752 2788 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:55:32.0803 2788 srv2 - ok
09:55:33.0176 2788 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:55:33.0214 2788 srvnet - ok
09:55:33.0561 2788 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
09:55:33.0562 2788 SSPORT - ok
09:55:33.0868 2788 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:55:33.0869 2788 swenum - ok
09:55:34.0026 2788 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:55:34.0038 2788 Symc8xx - ok
09:55:34.0264 2788 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:55:34.0283 2788 Sym_hi - ok
09:55:34.0512 2788 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:55:34.0519 2788 Sym_u3 - ok
09:55:34.0840 2788 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
09:55:34.0849 2788 taphss - ok
09:55:35.0101 2788 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
09:55:35.0105 2788 Tcpip - ok
09:55:35.0545 2788 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
09:55:35.0549 2788 Tcpip6 - ok
09:55:35.0922 2788 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:55:35.0932 2788 tcpipreg - ok
09:55:36.0207 2788 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:55:36.0216 2788 TDPIPE - ok
09:55:36.0373 2788 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:55:36.0381 2788 TDTCP - ok
09:55:36.0613 2788 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:55:36.0705 2788 tdx - ok
09:55:36.0821 2788 TermDD - ok
09:55:36.0851 2788 TfFsMon - ok
09:55:36.0906 2788 TfNetMon - ok
09:55:36.0951 2788 TfSysMon - ok
09:55:37.0028 2788 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:55:37.0032 2788 tssecsrv - ok
09:55:37.0133 2788 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:55:37.0133 2788 tunmp - ok
09:55:37.0305 2788 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:55:37.0305 2788 tunnel - ok
09:55:37.0461 2788 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:55:37.0462 2788 uagp35 - ok
09:55:37.0646 2788 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:55:37.0661 2788 udfs - ok
09:55:37.0804 2788 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:55:37.0812 2788 uliagpkx - ok
09:55:37.0943 2788 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:55:37.0967 2788 uliahci - ok
09:55:38.0079 2788 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:55:38.0093 2788 UlSata - ok
09:55:38.0168 2788 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:55:38.0186 2788 ulsata2 - ok
09:55:38.0238 2788 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:55:38.0251 2788 umbus - ok
09:55:38.0331 2788 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:55:38.0332 2788 USBAAPL - ok
09:55:38.0402 2788 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:55:38.0412 2788 usbccgp - ok
09:55:38.0542 2788 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:55:38.0555 2788 usbcir - ok
09:55:38.0660 2788 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:55:38.0661 2788 usbehci - ok
09:55:38.0755 2788 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:55:38.0855 2788 usbhub - ok
09:55:39.0072 2788 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:55:39.0073 2788 usbohci - ok
09:55:39.0242 2788 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:55:39.0243 2788 usbprint - ok
09:55:39.0299 2788 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:55:39.0310 2788 usbscan - ok
09:55:39.0361 2788 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:55:39.0361 2788 USBSTOR - ok
09:55:39.0423 2788 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
09:55:39.0425 2788 usbuhci - ok
09:55:39.0481 2788 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:55:39.0482 2788 vga - ok
09:55:39.0563 2788 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:55:39.0564 2788 VgaSave - ok
09:55:39.0590 2788 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:55:39.0609 2788 viaagp - ok
09:55:39.0765 2788 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:55:39.0787 2788 ViaC7 - ok
09:55:39.0884 2788 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:55:39.0885 2788 viaide - ok
09:55:40.0015 2788 viamraid (25700f5d901d8a8f4c7e851788a2707d) C:\Windows\system32\drivers\viamraid.sys
09:55:40.0022 2788 viamraid - ok
09:55:40.0209 2788 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:55:40.0211 2788 volmgr - ok
09:55:40.0418 2788 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:55:40.0493 2788 volmgrx - ok
09:55:40.0686 2788 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:55:40.0717 2788 volsnap - ok
09:55:40.0940 2788 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:55:40.0961 2788 vsmraid - ok
09:55:41.0106 2788 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:55:41.0117 2788 WacomPen - ok
09:55:41.0241 2788 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:41.0255 2788 Wanarp - ok
09:55:41.0302 2788 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:55:41.0302 2788 Wanarpv6 - ok
09:55:41.0442 2788 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:55:41.0443 2788 Wd - ok
09:55:41.0704 2788 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:55:41.0794 2788 Wdf01000 - ok
09:55:42.0027 2788 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
09:55:42.0064 2788 WimFltr - ok
09:55:42.0280 2788 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:55:42.0281 2788 WmiAcpi - ok
09:55:42.0495 2788 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
09:55:42.0515 2788 WpdUsb - ok
09:55:42.0698 2788 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:55:42.0708 2788 ws2ifsl - ok
09:55:42.0912 2788 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:55:42.0930 2788 WUDFRd - ok
09:55:43.0035 2788 MBR (0x1B8) (048134312428ad1a401581be277e58b7) \Device\Harddisk0\DR0
09:55:43.0738 2788 \Device\Harddisk0\DR0 - ok
09:55:43.0749 2788 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
09:55:43.0753 2788 \Device\Harddisk1\DR1 - ok
09:55:43.0759 2788 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk4\DR4
09:55:43.0764 2788 \Device\Harddisk4\DR4 - ok
09:55:43.0776 2788 Boot (0x1200) (1ed3877143a909339cd08c7b049cb0d0) \Device\Harddisk0\DR0\Partition0
09:55:43.0789 2788 \Device\Harddisk0\DR0\Partition0 - ok
09:55:43.0792 2788 Boot (0x1200) (a3ce4109817fdd4b88c133b7cd039b76) \Device\Harddisk1\DR1\Partition0
09:55:43.0793 2788 \Device\Harddisk1\DR1\Partition0 - ok
09:55:43.0796 2788 Boot (0x1200) (79da90a26417393fafae66ba55dd728f) \Device\Harddisk4\DR4\Partition0
09:55:43.0797 2788 \Device\Harddisk4\DR4\Partition0 - ok
09:55:43.0797 2788 ============================================================
09:55:43.0797 2788 Scan finished
09:55:43.0797 2788 ============================================================
09:55:43.0804 4856 Detected object count: 2
09:55:43.0804 4856 Actual detected object count: 2
09:55:57.0231 4856 728fb9b6 ( HiddenFile.Multi.Generic ) - skipped by user
09:55:57.0231 4856 728fb9b6 ( HiddenFile.Multi.Generic ) - User select action: Skip
09:55:58.0740 4856 Backup copy found, using it..
09:55:58.0804 4856 C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
09:55:58.0804 4856 netbt ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
09:56:08.0536 5024 Deinitialize success

09:29:29.0776 2628 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
09:29:30.0348 2628 ============================================================
09:29:30.0348 2628 Current date / time: 2011/11/27 09:29:30.0348
09:29:30.0348 2628 SystemInfo:
09:29:30.0348 2628
09:29:30.0348 2628 OS Version: 6.0.6002 ServicePack: 2.0
09:29:30.0348 2628 Product type: Workstation
09:29:30.0348 2628 ComputerName: GAMES
09:29:30.0348 2628 UserName: Glen
09:29:30.0348 2628 Windows directory: C:\Windows
09:29:30.0348 2628 System windows directory: C:\Windows
09:29:30.0348 2628 Processor architecture: Intel x86
09:29:30.0348 2628 Number of processors: 2
09:29:30.0348 2628 Page size: 0x1000
09:29:30.0348 2628 Boot type: Safe boot with network
09:29:30.0348 2628 ============================================================
09:29:31.0404 2628 Initialize success
09:29:33.0851 2700 ============================================================
09:29:33.0851 2700 Scan started
09:29:33.0851 2700 Mode: Manual;
09:29:33.0851 2700 ============================================================
09:29:36.0078 2700 728fb9b6 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3065614194:2372945481.exe
09:29:36.0079 2700 Suspicious file (Hidden): C:\Windows\3065614194:2372945481.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
09:29:36.0079 2700 728fb9b6 ( Rootkit.Win32.PMax.gen ) - infected
09:29:36.0079 2700 728fb9b6 - detected Rootkit.Win32.PMax.gen (0)
09:29:36.0266 2700 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:29:36.0268 2700 ACPI - ok
09:29:36.0399 2700 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:29:36.0404 2700 adp94xx - ok
09:29:36.0423 2700 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:29:36.0434 2700 adpahci - ok
09:29:36.0454 2700 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:29:36.0455 2700 adpu160m - ok
09:29:36.0484 2700 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:29:36.0486 2700 adpu320 - ok
09:29:36.0619 2700 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:29:36.0622 2700 AFD - ok
09:29:36.0655 2700 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:29:36.0657 2700 agp440 - ok
09:29:36.0712 2700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:29:36.0735 2700 aic78xx - ok
09:29:36.0773 2700 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:29:36.0774 2700 aliide - ok
09:29:36.0794 2700 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:29:36.0796 2700 amdagp - ok
09:29:36.0804 2700 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:29:36.0805 2700 amdide - ok
09:29:36.0827 2700 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:29:36.0843 2700 AmdK7 - ok
09:29:36.0916 2700 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:29:36.0917 2700 AmdK8 - ok
09:29:37.0126 2700 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:29:37.0127 2700 arc - ok
09:29:37.0175 2700 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:29:37.0176 2700 arcsas - ok
09:29:37.0229 2700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:29:37.0230 2700 AsyncMac - ok
09:29:37.0278 2700 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:29:37.0281 2700 atapi - ok
09:29:37.0350 2700 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
09:29:37.0354 2700 atksgt - ok
09:29:37.0406 2700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:29:37.0407 2700 Beep - ok
09:29:37.0521 2700 blbdrive - ok
09:29:37.0724 2700 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:29:37.0725 2700 bowser - ok
09:29:37.0758 2700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:29:37.0759 2700 BrFiltLo - ok
09:29:37.0771 2700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:29:37.0772 2700 BrFiltUp - ok
09:29:37.0827 2700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
09:29:37.0828 2700 Brserid - ok
09:29:37.0864 2700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:29:37.0866 2700 BrSerWdm - ok
09:29:37.0887 2700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:29:37.0888 2700 BrUsbMdm - ok
09:29:37.0899 2700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
09:29:37.0900 2700 BrUsbSer - ok
09:29:37.0920 2700 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:29:37.0921 2700 BTHMODEM - ok
09:29:38.0000 2700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:29:38.0001 2700 cdfs - ok
09:29:38.0047 2700 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:29:38.0049 2700 cdrom - ok
09:29:38.0076 2700 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:29:38.0077 2700 circlass - ok
09:29:38.0137 2700 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:29:38.0170 2700 CLFS - ok
09:29:38.0270 2700 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys
09:29:38.0271 2700 CmBatt - ok
09:29:38.0298 2700 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:29:38.0299 2700 cmdide - ok
09:29:38.0338 2700 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:29:38.0339 2700 Compbatt - ok
09:29:38.0471 2700 cpuz132 - ok
09:29:38.0570 2700 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:29:38.0580 2700 crcdisk - ok
09:29:38.0617 2700 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:29:38.0619 2700 Crusoe - ok
09:29:38.0760 2700 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
09:29:38.0761 2700 DfsC - ok
09:29:38.0851 2700 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
09:29:38.0852 2700 DgiVecp - ok
09:29:38.0965 2700 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:29:38.0966 2700 disk - ok
09:29:39.0057 2700 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
09:29:39.0059 2700 Dot4 - ok
09:29:39.0107 2700 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
09:29:39.0108 2700 Dot4Print - ok
09:29:39.0150 2700 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
09:29:39.0151 2700 dot4usb - ok
09:29:39.0183 2700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:29:39.0186 2700 drmkaud - ok
09:29:39.0234 2700 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:29:39.0241 2700 DXGKrnl - ok
09:29:39.0275 2700 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:29:39.0277 2700 E1G60 - ok
09:29:39.0403 2700 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:29:39.0405 2700 Ecache - ok
09:29:39.0490 2700 ehdrv (fe7824239d132ad9ebd8645fe1199b30) C:\Windows\system32\DRIVERS\ehdrv.sys
09:29:39.0533 2700 ehdrv - ok
09:29:39.0607 2700 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:29:39.0610 2700 elxstor - ok
09:29:39.0733 2700 epfw (73411c14a8c6062bb6a510772cf2f38c) C:\Windows\system32\DRIVERS\epfw.sys
09:29:39.0736 2700 epfw - ok
09:29:39.0801 2700 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:29:39.0803 2700 exfat - ok
09:29:39.0868 2700 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:29:39.0876 2700 fastfat - ok
09:29:39.0925 2700 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
09:29:39.0926 2700 fdc - ok
09:29:39.0991 2700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:29:39.0993 2700 FileInfo - ok
09:29:40.0068 2700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:29:40.0085 2700 Filetrace - ok
09:29:40.0123 2700 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:29:40.0124 2700 flpydisk - ok
09:29:40.0162 2700 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:29:40.0182 2700 FltMgr - ok
09:29:40.0254 2700 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:29:40.0254 2700 Fs_Rec - ok
09:29:40.0395 2700 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:29:40.0397 2700 gagp30kx - ok
09:29:40.0467 2700 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:29:40.0468 2700 GEARAspiWDM - ok
09:29:40.0646 2700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:29:40.0689 2700 HdAudAddService - ok
09:29:40.0775 2700 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:29:40.0780 2700 HDAudBus - ok
09:29:40.0813 2700 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:29:40.0835 2700 HidBth - ok
09:29:40.0900 2700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:29:40.0901 2700 HidIr - ok
09:29:40.0946 2700 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:29:40.0947 2700 HidUsb - ok
09:29:41.0027 2700 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:29:41.0028 2700 HpCISSs - ok
09:29:41.0092 2700 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:29:41.0102 2700 HTTP - ok
09:29:41.0123 2700 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:29:41.0125 2700 i2omp - ok
09:29:41.0215 2700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:29:41.0217 2700 i8042prt - ok
09:29:41.0232 2700 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:29:41.0235 2700 iaStorV - ok
09:29:41.0334 2700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:29:41.0336 2700 iirsp - ok
09:29:41.0574 2700 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
09:29:41.0774 2700 IntcAzAudAddService - ok
09:29:41.0853 2700 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
09:29:41.0854 2700 intelide - ok
09:29:41.0896 2700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:29:41.0897 2700 intelppm - ok
09:29:42.0020 2700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:29:42.0021 2700 IpFilterDriver - ok
09:29:42.0034 2700 IpInIp - ok
09:29:42.0059 2700 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:29:42.0061 2700 IPMIDRV - ok
09:29:42.0123 2700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:29:42.0125 2700 IPNAT - ok
09:29:42.0224 2700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:29:42.0225 2700 IRENUM - ok
09:29:42.0249 2700 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:29:42.0257 2700 isapnp - ok
09:29:42.0343 2700 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:29:42.0350 2700 iScsiPrt - ok
09:29:42.0407 2700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:29:42.0409 2700 iteatapi - ok
09:29:42.0565 2700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:29:42.0571 2700 iteraid - ok
09:29:42.0703 2700 jfdcd - ok
09:29:42.0823 2700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:29:42.0824 2700 kbdclass - ok
09:29:42.0941 2700 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:29:42.0952 2700 kbdhid - ok
09:29:43.0087 2700 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:29:43.0133 2700 KSecDD - ok
09:29:43.0234 2700 L6TPrtDG (8b70e4e9ee5fccdab0919aa6d58be6ec) C:\Windows\system32\Drivers\L6TPrtDG.sys
09:29:43.0245 2700 L6TPrtDG - ok
09:29:43.0386 2700 LEqdUsb (a87790c7fdcbc2b3c1e39815f8e8cbda) C:\Windows\system32\Drivers\LEqdUsb.Sys
09:29:43.0387 2700 LEqdUsb - ok
09:29:43.0442 2700 LHidEqd (a628afe7eb25c9814a1019b369c595c4) C:\Windows\system32\Drivers\LHidEqd.Sys
09:29:43.0443 2700 LHidEqd - ok
09:29:43.0486 2700 LHidFilt (f5e165b4e3df145f6e8bf3c0573f94d8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:29:43.0501 2700 LHidFilt - ok
09:29:43.0666 2700 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
09:29:43.0668 2700 lirsgt - ok
09:29:43.0713 2700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:29:43.0714 2700 lltdio - ok
09:29:43.0736 2700 LMouFilt (b46e39b8ae439d7ce75a923e7f950040) C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:29:43.0742 2700 LMouFilt - ok
09:29:43.0768 2700 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:29:43.0770 2700 LSI_FC - ok
09:29:43.0793 2700 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:29:43.0794 2700 LSI_SAS - ok
09:29:43.0805 2700 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:29:43.0807 2700 LSI_SCSI - ok
09:29:43.0850 2700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:29:43.0852 2700 luafv - ok
09:29:43.0917 2700 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:29:43.0918 2700 megasas - ok
09:29:43.0990 2700 mfenlfk (b32816ad34a71457ea48f05947853c24) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:29:43.0991 2700 mfenlfk ( Rootkit.Win32.ZAccess.e ) - infected
09:29:43.0991 2700 mfenlfk - detected Rootkit.Win32.ZAccess.e (0)
09:29:44.0039 2700 mfewfpk (547c95b8a73fd111b0d7af7c0f6736a3) C:\Windows\system32\drivers\mfewfpk.sys
09:29:44.0042 2700 mfewfpk - ok
09:29:44.0091 2700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:29:44.0092 2700 Modem - ok
09:29:44.0130 2700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:29:44.0131 2700 monitor - ok
09:29:44.0182 2700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:29:44.0183 2700 mouclass - ok
09:29:44.0272 2700 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
09:29:44.0275 2700 moufiltr - ok
09:29:44.0322 2700 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:29:44.0324 2700 mouhid - ok
09:29:44.0359 2700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:29:44.0361 2700 MountMgr - ok
09:29:44.0435 2700 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:29:44.0461 2700 mpio - ok
09:29:44.0508 2700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:29:44.0509 2700 mpsdrv - ok
09:29:44.0564 2700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:29:44.0565 2700 Mraid35x - ok
09:29:44.0615 2700 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:29:44.0617 2700 MRxDAV - ok
09:29:44.0662 2700 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:29:44.0664 2700 mrxsmb - ok
09:29:44.0743 2700 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:29:44.0745 2700 mrxsmb10 - ok
09:29:44.0760 2700 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:29:44.0761 2700 mrxsmb20 - ok
09:29:44.0778 2700 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
09:29:44.0780 2700 msahci - ok
09:29:44.0823 2700 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:29:44.0825 2700 msdsm - ok
09:29:44.0878 2700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:29:44.0878 2700 Msfs - ok
09:29:44.0936 2700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:29:44.0937 2700 msisadrv - ok
09:29:44.0991 2700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:29:44.0992 2700 MSKSSRV - ok
09:29:45.0037 2700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:29:45.0038 2700 MSPCLOCK - ok
09:29:45.0116 2700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:29:45.0117 2700 MSPQM - ok
09:29:45.0174 2700 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:29:45.0177 2700 MsRPC - ok
09:29:45.0207 2700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:29:45.0207 2700 mssmbios - ok
09:29:45.0248 2700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:29:45.0249 2700 MSTEE - ok
09:29:45.0269 2700 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:29:45.0271 2700 Mup - ok
09:29:45.0333 2700 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:29:45.0336 2700 NativeWifiP - ok
09:29:45.0367 2700 NBv834x (b9a1a38ff5828737ecaf0bfcee8330f4) C:\Windows\system32\DRIVERS\nbv834x.sys
09:29:45.0368 2700 NBv834x - ok
09:29:45.0388 2700 NBvEdge (4f52c7edbb7dc9ce4536e20f2e92303f) C:\Windows\system32\DRIVERS\NBvEdge.sys
09:29:45.0389 2700 NBvEdge - ok
09:29:45.0523 2700 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:29:45.0558 2700 NDIS - ok
09:29:45.0663 2700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:29:45.0664 2700 NdisTapi - ok
09:29:45.0707 2700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:29:45.0708 2700 Ndisuio - ok
09:29:45.0761 2700 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:29:45.0763 2700 NdisWan - ok
09:29:45.0817 2700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:29:45.0819 2700 NDProxy - ok
09:29:45.0895 2700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:29:45.0896 2700 NetBIOS - ok
09:29:45.0950 2700 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:29:45.0952 2700 netbt - ok
09:29:46.0012 2700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:29:46.0013 2700 nfrd960 - ok
09:29:46.0055 2700 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:29:46.0056 2700 Npfs - ok
09:29:46.0101 2700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:29:46.0104 2700 nsiproxy - ok
09:29:46.0186 2700 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:29:46.0204 2700 Ntfs - ok
09:29:46.0228 2700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:29:46.0229 2700 ntrigdigi - ok
09:29:46.0293 2700 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
09:29:46.0294 2700 NuidFltr - ok
09:29:46.0344 2700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:29:46.0345 2700 Null - ok
09:29:46.0425 2700 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:29:46.0500 2700 NVENETFD - ok
09:29:46.0900 2700 nvlddmkm (1f144bd1fecb52fe4dc18fafe70ff7af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:29:47.0035 2700 nvlddmkm - ok
09:29:47.0106 2700 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
09:29:47.0113 2700 nvraid - ok
09:29:47.0147 2700 nvrd32 (ca4cceff1d43f48a289536451fd39d04) C:\Windows\system32\DRIVERS\nvrd32.sys
09:29:47.0148 2700 nvrd32 - ok
09:29:47.0177 2700 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
09:29:47.0179 2700 nvstor - ok
09:29:47.0194 2700 nvstor32 (f2d7ccd75132f19119108e07a4fd0a12) C:\Windows\system32\DRIVERS\nvstor32.sys
09:29:47.0196 2700 nvstor32 - ok
09:29:47.0261 2700 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:29:47.0263 2700 nv_agp - ok
09:29:47.0275 2700 NwlnkFlt - ok
09:29:47.0290 2700 NwlnkFwd - ok
09:29:47.0360 2700 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
09:29:47.0360 2700 ohci1394 - ok
09:29:47.0400 2700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:29:47.0406 2700 Parport - ok
09:29:47.0451 2700 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:29:47.0452 2700 partmgr - ok
09:29:47.0498 2700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:29:47.0499 2700 Parvdm - ok
09:29:47.0548 2700 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:29:47.0568 2700 pci - ok
09:29:47.0631 2700 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
09:29:47.0632 2700 pciide - ok
09:29:47.0655 2700 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
09:29:47.0658 2700 pcmcia - ok
09:29:47.0713 2700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:29:47.0735 2700 PEAUTH - ok
09:29:47.0812 2700 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
09:29:47.0813 2700 Point32 - ok
09:29:47.0897 2700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:29:47.0898 2700 PptpMiniport - ok
09:29:47.0925 2700 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:29:47.0926 2700 Processor - ok
09:29:48.0016 2700 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:29:48.0017 2700 PSched - ok
09:29:48.0036 2700 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
09:29:48.0037 2700 PxHelp20 - ok
09:29:48.0102 2700 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:29:48.0110 2700 ql2300 - ok
09:29:48.0139 2700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:29:48.0149 2700 ql40xx - ok
09:29:48.0201 2700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:29:48.0201 2700 QWAVEdrv - ok
09:29:48.0270 2700 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
09:29:48.0312 2700 R300 - ok
09:29:48.0341 2700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:29:48.0342 2700 RasAcd - ok
09:29:48.0389 2700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:29:48.0390 2700 Rasl2tp - ok
09:29:48.0471 2700 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:29:48.0478 2700 RasPppoe - ok
09:29:48.0660 2700 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:29:48.0662 2700 RasSstp - ok
09:29:48.0718 2700 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:29:48.0721 2700 rdbss - ok
09:29:48.0750 2700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:29:48.0750 2700 RDPCDD - ok
09:29:48.0798 2700 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:29:48.0800 2700 rdpdr - ok
09:29:48.0827 2700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:29:48.0828 2700 RDPENCDD - ok
09:29:48.0881 2700 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:29:48.0883 2700 RDPWD - ok
09:29:48.0956 2700 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys
09:29:48.0957 2700 Revoflt - ok
09:29:49.0065 2700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:29:49.0074 2700 rspndr - ok
09:29:49.0168 2700 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
09:29:49.0169 2700 RTL8169 - ok
09:29:49.0227 2700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:29:49.0228 2700 sbp2port - ok
09:29:49.0270 2700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:29:49.0272 2700 secdrv - ok
09:29:49.0295 2700 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
09:29:49.0296 2700 Serenum - ok
09:29:49.0325 2700 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:29:49.0380 2700 Serial - ok
09:29:49.0412 2700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
09:29:49.0421 2700 sermouse - ok
09:29:49.0513 2700 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:29:49.0514 2700 sffdisk - ok
09:29:49.0591 2700 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:29:49.0592 2700 sffp_mmc - ok
09:29:49.0674 2700 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:29:49.0675 2700 sffp_sd - ok
09:29:49.0805 2700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
09:29:49.0806 2700 sfloppy - ok
09:29:49.0829 2700 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:29:49.0830 2700 sisagp - ok
09:29:49.0853 2700 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:29:49.0854 2700 SiSRaid2 - ok
09:29:49.0873 2700 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:29:49.0875 2700 SiSRaid4 - ok
09:29:49.0932 2700 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:29:49.0934 2700 Smb - ok
09:29:49.0995 2700 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
09:29:50.0040 2700 smserial - ok
09:29:50.0108 2700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:29:50.0109 2700 spldr - ok
09:29:50.0167 2700 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:29:50.0171 2700 srv - ok
09:29:50.0221 2700 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:29:50.0224 2700 srv2 - ok
09:29:50.0280 2700 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:29:50.0282 2700 srvnet - ok
09:29:50.0336 2700 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
09:29:50.0337 2700 SSPORT - ok
09:29:50.0456 2700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:29:50.0471 2700 swenum - ok
09:29:50.0569 2700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:29:50.0571 2700 Symc8xx - ok
09:29:50.0678 2700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:29:50.0693 2700 Sym_hi - ok
09:29:50.0754 2700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:29:50.0755 2700 Sym_u3 - ok
09:29:50.0885 2700 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
09:29:50.0887 2700 taphss - ok
09:29:50.0956 2700 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:29:50.0968 2700 Tcpip - ok
09:29:50.0983 2700 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:29:50.0988 2700 Tcpip6 - ok
09:29:51.0036 2700 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:29:51.0038 2700 tcpipreg - ok
09:29:51.0080 2700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:29:51.0081 2700 TDPIPE - ok
09:29:51.0145 2700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:29:51.0146 2700 TDTCP - ok
09:29:51.0194 2700 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:29:51.0196 2700 tdx - ok
09:29:51.0239 2700 TermDD - ok
09:29:51.0263 2700 TfFsMon - ok
09:29:51.0292 2700 TfNetMon - ok
09:29:51.0334 2700 TfSysMon - ok
09:29:51.0356 2700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:29:51.0357 2700 tssecsrv - ok
09:29:51.0413 2700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:29:51.0414 2700 tunmp - ok
09:29:51.0444 2700 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:29:51.0446 2700 tunnel - ok
09:29:51.0511 2700 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:29:51.0514 2700 uagp35 - ok
09:29:51.0569 2700 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:29:51.0573 2700 udfs - ok
09:29:51.0598 2700 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:29:51.0599 2700 uliagpkx - ok
09:29:51.0625 2700 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:29:51.0628 2700 uliahci - ok
09:29:51.0657 2700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:29:51.0659 2700 UlSata - ok
09:29:51.0685 2700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:29:51.0687 2700 ulsata2 - ok
09:29:51.0709 2700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:29:51.0711 2700 umbus - ok
09:29:51.0762 2700 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
09:29:51.0764 2700 USBAAPL - ok
09:29:51.0817 2700 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:29:51.0819 2700 usbccgp - ok
09:29:51.0849 2700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:29:51.0850 2700 usbcir - ok
09:29:51.0925 2700 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:29:51.0926 2700 usbehci - ok
09:29:51.0970 2700 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:29:51.0973 2700 usbhub - ok
09:29:52.0012 2700 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
09:29:52.0014 2700 usbohci - ok
09:29:52.0031 2700 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:29:52.0032 2700 usbprint - ok
09:29:52.0081 2700 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:29:52.0082 2700 usbscan - ok
09:29:52.0134 2700 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:29:52.0134 2700 USBSTOR - ok
09:29:52.0184 2700 usbuhci (165bb1f0801118dc86aa3fc87d3d101c) C:\Windows\system32\DRIVERS\usbuhci.sys
09:29:52.0186 2700 usbuhci - ok
09:29:52.0232 2700 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:29:52.0234 2700 vga - ok
09:29:52.0261 2700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:29:52.0263 2700 VgaSave - ok
09:29:52.0290 2700 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:29:52.0291 2700 viaagp - ok
09:29:52.0347 2700 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:29:52.0348 2700 ViaC7 - ok
09:29:52.0377 2700 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:29:52.0378 2700 viaide - ok
09:29:52.0413 2700 viamraid (25700f5d901d8a8f4c7e851788a2707d) C:\Windows\system32\drivers\viamraid.sys
09:29:52.0415 2700 viamraid - ok
09:29:52.0467 2700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:29:52.0486 2700 volmgr - ok
09:29:52.0645 2700 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:29:52.0649 2700 volmgrx - ok
09:29:52.0702 2700 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:29:52.0705 2700 volsnap - ok
09:29:52.0756 2700 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:29:52.0758 2700 vsmraid - ok
09:29:52.0790 2700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:29:52.0791 2700 WacomPen - ok
09:29:52.0821 2700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:29:52.0823 2700 Wanarp - ok
09:29:52.0826 2700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:29:52.0827 2700 Wanarpv6 - ok
09:29:52.0883 2700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
09:29:52.0885 2700 Wd - ok
09:29:52.0938 2700 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
09:29:52.0962 2700 Wdf01000 - ok
09:29:53.0062 2700 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
09:29:53.0078 2700 WimFltr - ok
09:29:53.0179 2700 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:29:53.0180 2700 WmiAcpi - ok
09:29:53.0260 2700 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
09:29:53.0265 2700 WpdUsb - ok
09:29:53.0314 2700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:29:53.0319 2700 ws2ifsl - ok
09:29:53.0369 2700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:29:53.0379 2700 WUDFRd - ok
09:29:53.0442 2700 MBR (0x1B8) (048134312428ad1a401581be277e58b7) \Device\Harddisk0\DR0
09:29:53.0652 2700 \Device\Harddisk0\DR0 - ok
09:29:53.0664 2700 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
09:29:53.0669 2700 \Device\Harddisk1\DR1 - ok
09:29:53.0674 2700 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk4\DR4
09:29:53.0680 2700 \Device\Harddisk4\DR4 - ok
09:29:53.0684 2700 Boot (0x1200) (1ed3877143a909339cd08c7b049cb0d0) \Device\Harddisk0\DR0\Partition0
09:29:53.0685 2700 \Device\Harddisk0\DR0\Partition0 - ok
09:29:53.0688 2700 Boot (0x1200) (a3ce4109817fdd4b88c133b7cd039b76) \Device\Harddisk1\DR1\Partition0
09:29:53.0689 2700 \Device\Harddisk1\DR1\Partition0 - ok
09:29:53.0692 2700 Boot (0x1200) (79da90a26417393fafae66ba55dd728f) \Device\Harddisk4\DR4\Partition0
09:29:53.0693 2700 \Device\Harddisk4\DR4\Partition0 - ok
09:29:53.0693 2700 ============================================================
09:29:53.0693 2700 Scan finished
09:29:53.0693 2700 ============================================================
09:29:53.0777 2692 Detected object count: 2
09:29:53.0777 2692 Actual detected object count: 2
09:30:12.0374 2692 HKLM\SYSTEM\ControlSet001\services\728fb9b6 - will be deleted on reboot
09:30:12.0415 2692 HKLM\SYSTEM\ControlSet003\services\728fb9b6 - will be deleted on reboot
09:30:12.0426 2692 C:\Windows\3065614194:2372945481.exe - will be deleted on reboot
09:30:12.0426 2692 728fb9b6 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
09:30:12.0585 2692 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\mfenlfk.sys) error 1813
09:30:24.0095 2692 Backup copy not found, trying to cure infected file..
09:30:24.0128 2692 Cure success, using it..
09:30:24.0149 2692 C:\Windows\system32\DRIVERS\mfenlfk.sys - will be cured on reboot
09:30:27.0312 2692 C:\Windows\System32\c_40533.nls - will be deleted on reboot
09:30:27.0358 2692 C:\Windows\System32\c_40533.nl_ - will be deleted on reboot
09:30:28.0548 2692 mfenlfk ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
09:30:40.0092 2624 Deinitialize success

13:16:48.0798 2888 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:16:49.0297 2888 ============================================================
13:16:49.0297 2888 Current date / time: 2012/12/14 13:16:49.0297
13:16:49.0297 2888 SystemInfo:
13:16:49.0297 2888
13:16:49.0297 2888 OS Version: 6.0.6002 ServicePack: 2.0
13:16:49.0297 2888 Product type: Workstation
13:16:49.0297 2888 ComputerName: GAMES
13:16:49.0297 2888 UserName: Glen
13:16:49.0297 2888 Windows directory: C:\Windows
13:16:49.0297 2888 System windows directory: C:\Windows
13:16:49.0297 2888 Processor architecture: Intel x86
13:16:49.0297 2888 Number of processors: 2
13:16:49.0297 2888 Page size: 0x1000
13:16:49.0297 2888 Boot type: Normal boot
13:16:49.0297 2888 ============================================================
13:16:50.0109 2888 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:16:50.0140 2888 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:16:50.0140 2888 ============================================================
13:16:50.0140 2888 \Device\Harddisk0\DR0:
13:16:50.0140 2888 MBR partitions:
13:16:50.0140 2888 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x737257C1
13:16:50.0140 2888 \Device\Harddisk1\DR1:
13:16:50.0140 2888 MBR partitions:
13:16:50.0140 2888 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
13:16:50.0140 2888 ============================================================
13:16:50.0218 2888 C: <-> \Device\Harddisk0\DR0\Partition1
13:16:50.0233 2888 F: <-> \Device\Harddisk1\DR1\Partition1
13:16:50.0233 2888 ============================================================
13:16:50.0233 2888 Initialize success
13:16:50.0233 2888 ============================================================
13:17:02.0963 3196 Deinitialize success

#14 glen55

glen55
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 14 December 2012 - 05:03 PM

READ THIS

It is not letting me post all 4 logs. It keeps telling me my post is too long, and to shorten it. I have posted 3 logs and have a 4th I cannot post. I am trying to enter everything as a separate reply, but the forum is not letting me.

Edit: After I saw this posted separately, I tried to add the 4th log to this, but it was too long. Perhaps the 4th log is too long even all by itself. However, the file is stated on the C: drive screen as being 1.1 MB, whereas the 3rd log file--which I think made it on here fine--is 4.14MB.

I will paste in the aswMBR report in my next reply. I guess it might wind up just being pasted in below this.

Edited by glen55, 14 December 2012 - 05:19 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:44 AM

Posted 14 December 2012 - 05:29 PM

I have seen enough so don't worry



I would like you to rerun combofix for me now
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users