This post is more than 5 years old
59 Posts
0
3419
win32 root/kit slowly killing computer need help please
here is the r/kill file
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 05/25/2011 at 0:08:45.
Operating System: Microsoft Windows XP
Processes terminated by Rkill or while it was running:
C:\Documents and Settings\All Users\Application Data\yiMjvSkpKyOa.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\WINDOWS\System32\vssvc.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\iExplore.exe
D:\iExplore.exe
Rkill completed on 05/25/2011 at 0:09:17.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 05/25/2011 at 0:47:01.
Operating System: Microsoft Windows XP
ejcurry
59 Posts
1
June 1st, 2011 09:00
i rreloaded the sound device and got sound back. IE explorer is running a little slow but e everything else seems fine. If i can have windows do its update everything will be back to 100%
kevinf80_1d0ac6
1.1K Posts
0
May 30th, 2011 02:00
I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE
** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE
Please proceed as follows :-
Please perform the following scan:
2. Attach.txt
Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE
ejcurry
59 Posts
0
May 30th, 2011 06:00
here is the dds log
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Run by Ernest at 7:08:48 on 2011-05-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.403 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ernest\Desktop\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:60505
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: del.icio.us Toolbar Helper: {7aa07ae6-01ef-44ec-93ca-9d7cd41ccdb6} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110528164850.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: del.icio.us: {981fe6a8-260c-4930-960f-c3bc82746cb0} - c:\program files\del.icio.us\internet explorer buttons\dlcsIE.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259001713093
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ernest\application data\mozilla\firefox\profiles\bx84xqj1.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60505
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\ernest\application data\mozilla\firefox\profiles\bx84xqj1.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\ernest\local settings\application data\yahoo!\browserplus\2.8.1\plugins\npybrowserplus_2.8.1.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-4 84200]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-3-4 54776]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-4 153280]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-4 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-4 88736]
R4 PCTCore;PCTools KDS;c:\windows\system32\drivers\pctcore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
R4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctds.sys --> c:\windows\system32\drivers\pctDS.sys [?]
R4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctefa.sys --> c:\windows\system32\drivers\pctEFA.sys [?]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe" /mccoresvc --> c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [?]
S2 McShield;McShield;"c:\program files\common files\mcafee\systemcore\\mcshield.exe" --> c:\program files\common files\mcafee\systemcore\\mcshield.exe [?]
S2 mfefire;McAfee Firewall Core Service;"c:\program files\common files\mcafee\systemcore\\mfefire.exe" --> c:\program files\common files\mcafee\systemcore\\mfefire.exe [?]
S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?]
S2 MOBKbackup;McAfee Online Backup;"c:\program files\mcafee online backup\mobkbackup.exe" --> c:\program files\mcafee online backup\MOBKbackup.exe [?]
S2 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\secunia\psi\psia.exe" --start-service --> c:\program files\secunia\psi\PSIA.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\secunia\psi\sua.exe" --start-service --> c:\program files\secunia\psi\sua.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-4 56064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\mcafee security scan\3.0.199\mcchsvc.exe" --> c:\program files\mcafee security scan\3.0.199\McCHSvc.exe [?]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-4 52320]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-4 88736]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-4 84488]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
SUnknown sdCoreService;sdCoreService;
.
=============== Created Last 30 ================
.
2011-05-30 01:16:15 -------- d-----w- c:\program files\common files\PC Tools
2011-05-30 01:16:14 -------- d-----w- c:\program files\PC Tools Security
2011-05-30 01:14:13 -------- d-----w- c:\documents and settings\all users\application data\PC Tools
2011-05-30 00:40:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 00:39:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 19:12:16 -------- d-----w- c:\documents and settings\ernest\application data\DriverCure
2011-05-29 19:12:15 -------- d-----w- c:\documents and settings\ernest\application data\ParetoLogic
2011-05-29 19:11:54 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2011-05-29 10:57:38 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-28 21:43:17 -------- d-----w- c:\documents and settings\ernest\application data\McAfee
2011-05-28 21:34:05 -------- d-----w- c:\documents and settings\all users\application data\Citrix
2011-05-28 21:27:56 -------- d-----w- c:\documents and settings\ernest\local settings\application data\Citrix
2011-05-28 21:27:46 103784 ----a-w- c:\documents and settings\ernest\GoToAssistDownloadHelper.exe
2011-05-28 19:25:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 05:55:50 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-21 05:55:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 04:39:32 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-05-21 04:39:32 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-05-21 04:39:30 66520 ---ha-w- c:\program files\mozilla firefox\plugins\npnul32.dll
2011-05-21 04:39:27 505816 ---ha-w- c:\program files\mozilla firefox\sqlite3.dll
2011-05-21 04:39:26 1014232 ---ha-w- c:\program files\mozilla firefox\js3250.dll
2011-05-21 03:39:01 -------- d-sh--w- c:\documents and settings\ernest\IECompatCache
2011-05-21 03:37:55 -------- d-sh--w- c:\documents and settings\ernest\PrivacIE
2011-05-21 03:35:20 -------- d-sh--w- c:\documents and settings\ernest\IETldCache
2011-05-21 03:14:48 -------- dc----w- c:\windows\ie8
2011-05-19 02:58:24 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 01:44:02 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-17 01:36:10 -------- d--h--w- c:\program files\Coupons
2011-04-30 23:19:18 466944 ---ha-w- c:\program files\mozilla firefox\plugins\NPcol500.dll
2011-04-30 23:19:18 466944 ---ha-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-04-30 23:19:13 -------- d-----w- c:\documents and settings\ernest\application data\Catalina Marketing Corp
.
==================== Find3M ====================
.
2011-04-14 19:01:38 95824 ---ha-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ---ha-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01:38 56064 ---ha-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ---ha-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ---ha-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 153280 ---ha-w- c:\windows\system32\drivers\mfeavfk.sys
2011-03-18 17:33:19 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BEVS-75LAT0 rev.02.06M02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF77038B0]<<
_asm { PUSH ECX; MOV EAX, [ESP+0x8]; PUSH EBX; PUSH EBP; PUSH ESI; PUSH EDI; CMP EAX, [0xf7709904]; JNZ 0x22; MOV EBX, [ESP+0x1c]; CALL 0xfffffffffffffcc0; }
1 ntkrnlpa!IofCallDriver[0x804EF1A0] -> \Device\Harddisk0\DR0[0x86507030]
3 CLASSPNP[0xF761E05B] -> ntkrnlpa!IofCallDriver[0x804EF1A0] -> [0x84DBD270]
\Driver\Disk[0x8563EBF8] -> IRP_MJ_CREATE -> 0xF77038B0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
user & kernel MBR OK
.
============= FINISH: 7:11:14.28 ===============
ejcurry
59 Posts
0
May 30th, 2011 06:00
here is the 2nd log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2009 12:41:25 PM
System Uptime: 5/29/2011 8:37:18 PM (11 hours ago)
.
Motherboard: Dell Inc. | | 0MG532
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/133mhz
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | Microprocessor | 1830/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 46.616 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_01D81028&REV_01\3&61AAA01&0&D8
Manufacturer: Microsoft
Name: Microsoft UAA Bus Driver for High Definition Audio
PNP Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_01D81028&REV_01\3&61AAA01&0&D8
Service: HDAudBus
.
==== System Restore Points ===================
.
RP414: 5/29/2011 8:41:50 PM - System Checkpoint
RP415: 5/30/2011 6:42:44 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player
Adobe Shockwave Player 11.5
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BlackBerry Desktop Software 6.0.1
BlackBerry Device Software Updater
BlackBerry® Media Sync
Bonjour
Color Schemer Studio
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Coupon Printer for Windows
Crystal Reports for .NET Framework 2.0 (x86)
del.icio.us Buttons for Internet Explorer
Dell Photo AIO Printer 924
Flock 1.2
Garmin City Navigator North America NT 2011.20 Update
GoToAssist Corporate
GTK+ Runtime 2.14.7 rev a (remove only)
H&R Block Alabama 2009
H&R Block Deluxe + Efile + State 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver
iPhone Configuration Utility
iTunes
Jasc Paint Shop Pro 8
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Last.fm 1.5.4.24567
Magic M4A to MP3 Converter 3.1
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SOSHOME22)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
MobileMe Control Panel
Mozilla Firefox (3.6.17)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero OEM
OpenAL
OpenOffice.org 2.2
Personal Ancestral File 5
Pidgin
PowerDVD
Q10 Editor
QuickTime
RoughDraft 3.0
Safari
Secunia PSI (2.0.0.3001)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Sims2DB Version 1.02
Sims2Pack Clean Installer
SUPERAntiSpyware
Switched-On Schoolhouse 2008 - Home Edition
Synaptics Pointing Device Driver
System Requirements Lab
The Sims 2
The Sims 2 Nightlife
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Seasons
TurboTax 2010
TurboTax 2010 waliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
UltraKiss V3.2a
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB907265)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 1 for Windows XP Media Center Edition 2005 with HDTV Support (KB873369)
Walmart MP3 Music Downloads
WebFldrs XP
Windows Driver Package - Broadcom Bluetooth (02/24/2004 5.1.2535.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Media Center Edition 2005 KB888316
WinRAR archiver
Works Suite OS Pack
Works Synchronization
WritePad Sync Lite
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.8.1
Yahoo! Messenger
yWriter4
.
==== Event Viewer Messages From Past Week ========
.
5/29/2011 9:10:30 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
5/28/2011 9:01:28 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service dlcc_device with arguments "" in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E441069}
5/28/2011 9:00:59 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
5/28/2011 9:00:58 PM, error: Service Control Manager [7000] - The dlcc_device service failed to start due to the following error: The system cannot find the file specified.
5/28/2011 2:13:49 PM, error: Service Control Manager [7000] - The Secunia Update Agent service failed to start due to the following error: The system cannot find the file specified.
5/28/2011 2:13:46 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/28/2011 2:12:07 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/28/2011 2:11:30 PM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.
5/28/2011 2:11:30 PM, error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The system cannot find the file specified.
5/28/2011 2:11:15 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2011 2:11:15 PM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The system cannot find the file specified.
5/28/2011 2:10:09 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'loader.tlb' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
5/28/2011 2:07:07 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2011 2:07:07 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2011 2:07:07 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
5/28/2011 2:07:07 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
5/28/2011 2:07:07 PM, error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the path specified.
5/28/2011 2:01:46 PM, error: Service Control Manager [7022] - The McAfee Firewall Core Service service hung on starting.
5/28/2011 2:01:46 PM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/28/2011 2:01:46 PM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/28/2011 2:01:46 PM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/28/2011 2:01:46 PM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
5/27/2011 6:13:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
5/27/2011 6:09:01 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001302D58D4C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/27/2011 10:00:50 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MOBKbackup service.
5/25/2011 12:02:22 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
5/24/2011 7:03:10 PM, error: Service Control Manager [7034] - The Windows User Mode Driver Framework service terminated unexpectedly. It has done this 1 time(s).
5/23/2011 6:08:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.105 for the Network Card with network address 001302D58D4C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
.
kevinf80_1d0ac6
1.1K Posts
0
May 30th, 2011 13:00
There is a proxy server running in Firefox, did you set that up or know of its existence, continue as follows :-
Please read carefully and follow these steps.
Step 2
Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-
Link 1
Link 2
Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
**** Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.
*EXTRA NOTES*
Let me see the logs from TDSSKiller and Combofix in next reply, also tell me about the Proxy server running in Firefox, did you set it up?
Kevin
ejcurry
59 Posts
0
May 30th, 2011 16:00
i did not know firefox was running a proxy server. i have it running none.
i ran tdsskiller 3 times and got 3 different logs
here they are
1)2011/05/30 16:37:49.0567 3648 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 16:37:50.0114 3648 ================================================================================
2011/05/30 16:37:50.0114 3648 SystemInfo:
2011/05/30 16:37:50.0114 3648
2011/05/30 16:37:50.0114 3648 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 16:37:50.0114 3648 Product type: Workstation
2011/05/30 16:37:50.0114 3648 ComputerName: SHINY
2011/05/30 16:37:50.0114 3648 UserName: Ernest
2011/05/30 16:37:50.0114 3648 Windows directory: C:\WINDOWS
2011/05/30 16:37:50.0114 3648 System windows directory: C:\WINDOWS
2011/05/30 16:37:50.0114 3648 Processor architecture: Intel x86
2011/05/30 16:37:50.0114 3648 Number of processors: 2
2011/05/30 16:37:50.0114 3648 Page size: 0x1000
2011/05/30 16:37:50.0114 3648 Boot type: Normal boot
2011/05/30 16:37:50.0114 3648 ================================================================================
2011/05/30 16:37:54.0457 3648 Initialize success
2011/05/30 16:37:57.0942 2244 ================================================================================
2011/05/30 16:37:57.0942 2244 Scan started
2011/05/30 16:37:57.0942 2244 Mode: Manual;
2011/05/30 16:37:57.0942 2244 ================================================================================
2011/05/30 16:38:02.0848 2244 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 16:38:02.0911 2244 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 16:38:02.0989 2244 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 16:38:03.0020 2244 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 16:38:03.0176 2244 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 16:38:03.0317 2244 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 16:38:03.0364 2244 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 16:38:03.0426 2244 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 16:38:03.0489 2244 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 16:38:03.0551 2244 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/30 16:38:03.0645 2244 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 16:38:03.0832 2244 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/30 16:38:03.0864 2244 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/30 16:38:03.0879 2244 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/30 16:38:03.0911 2244 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/30 16:38:03.0957 2244 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/30 16:38:04.0051 2244 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/30 16:38:04.0114 2244 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 16:38:04.0192 2244 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 16:38:04.0207 2244 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 16:38:04.0239 2244 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 16:38:04.0301 2244 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/30 16:38:04.0411 2244 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/30 16:38:04.0551 2244 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 16:38:04.0598 2244 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 16:38:04.0723 2244 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 16:38:04.0801 2244 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 16:38:04.0864 2244 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/30 16:38:04.0879 2244 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 16:38:04.0926 2244 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 16:38:05.0004 2244 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 16:38:05.0067 2244 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 16:38:05.0114 2244 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 16:38:05.0145 2244 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 16:38:05.0161 2244 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 16:38:05.0239 2244 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 16:38:05.0364 2244 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 16:38:05.0411 2244 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 16:38:05.0473 2244 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/30 16:38:05.0567 2244 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 16:38:05.0614 2244 HidBth (cda7c5208286249ba83aca396ce84cf7) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/05/30 16:38:05.0676 2244 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 16:38:05.0801 2244 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/30 16:38:06.0020 2244 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/30 16:38:06.0098 2244 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 16:38:06.0192 2244 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 16:38:06.0317 2244 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/30 16:38:06.0395 2244 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 16:38:06.0489 2244 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 16:38:06.0598 2244 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 16:38:06.0692 2244 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 16:38:06.0754 2244 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 16:38:06.0817 2244 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 16:38:06.0864 2244 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 16:38:06.0911 2244 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 16:38:06.0957 2244 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 16:38:06.0989 2244 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 16:38:07.0020 2244 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 16:38:07.0114 2244 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 16:38:07.0192 2244 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 16:38:07.0379 2244 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/30 16:38:07.0473 2244 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/30 16:38:07.0551 2244 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/30 16:38:07.0598 2244 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/30 16:38:07.0676 2244 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/30 16:38:07.0739 2244 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/30 16:38:07.0786 2244 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 16:38:07.0817 2244 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 16:38:07.0848 2244 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/30 16:38:07.0911 2244 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/30 16:38:07.0957 2244 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/30 16:38:08.0004 2244 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 16:38:08.0082 2244 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2011/05/30 16:38:08.0207 2244 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 16:38:08.0254 2244 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 16:38:08.0286 2244 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 16:38:08.0301 2244 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 16:38:08.0379 2244 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 16:38:08.0457 2244 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 16:38:08.0504 2244 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 16:38:08.0567 2244 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 16:38:08.0598 2244 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 16:38:08.0629 2244 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 16:38:08.0676 2244 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 16:38:08.0707 2244 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 16:38:08.0754 2244 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 16:38:08.0786 2244 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 16:38:08.0817 2244 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 16:38:08.0926 2244 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 16:38:08.0989 2244 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 16:38:09.0020 2244 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 16:38:09.0051 2244 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 16:38:09.0114 2244 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 16:38:09.0145 2244 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 16:38:09.0239 2244 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 16:38:09.0332 2244 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 16:38:09.0395 2244 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 16:38:09.0442 2244 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 16:38:09.0457 2244 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 16:38:09.0520 2244 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/30 16:38:09.0536 2244 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 16:38:09.0598 2244 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 16:38:09.0692 2244 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 16:38:09.0801 2244 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 16:38:09.0848 2244 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 16:38:10.0129 2244 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 16:38:10.0161 2244 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 16:38:10.0223 2244 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/30 16:38:10.0270 2244 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 16:38:10.0317 2244 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 16:38:10.0489 2244 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 16:38:10.0520 2244 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 16:38:10.0551 2244 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 16:38:10.0582 2244 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 16:38:10.0661 2244 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 16:38:10.0754 2244 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 16:38:10.0926 2244 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 16:38:11.0036 2244 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 16:38:11.0192 2244 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 16:38:11.0239 2244 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/30 16:38:11.0317 2244 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/30 16:38:11.0364 2244 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/30 16:38:11.0426 2244 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/30 16:38:11.0473 2244 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/30 16:38:11.0504 2244 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/30 16:38:11.0582 2244 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/30 16:38:11.0770 2244 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/30 16:38:11.0786 2244 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/30 16:38:11.0848 2244 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/30 16:38:11.0895 2244 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 16:38:12.0051 2244 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/30 16:38:12.0192 2244 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/30 16:38:12.0239 2244 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/30 16:38:12.0286 2244 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 16:38:12.0504 2244 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 16:38:12.0551 2244 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 16:38:12.0598 2244 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 16:38:12.0723 2244 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/30 16:38:12.0848 2244 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 16:38:12.0973 2244 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 16:38:13.0145 2244 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 16:38:13.0176 2244 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 16:38:13.0239 2244 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 16:38:13.0286 2244 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 16:38:13.0332 2244 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 16:38:13.0364 2244 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 16:38:13.0457 2244 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 16:38:13.0598 2244 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 16:38:13.0754 2244 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/30 16:38:13.0832 2244 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 16:38:13.0864 2244 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 16:38:13.0895 2244 usbhub (1b68f4fbbf6c72458cbbac71cdf84a6f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 16:38:13.0911 2244 usbhub - detected Rootkit.Win32.ZAccess.c (0)
2011/05/30 16:38:13.0957 2244 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 16:38:14.0004 2244 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 16:38:14.0051 2244 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 16:38:14.0082 2244 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 16:38:14.0145 2244 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 16:38:14.0223 2244 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 16:38:14.0364 2244 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/30 16:38:14.0567 2244 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 16:38:14.0661 2244 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/30 16:38:14.0754 2244 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 16:38:14.0832 2244 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 16:38:14.0942 2244 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/30 16:38:14.0973 2244 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 16:38:15.0036 2244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 16:38:15.0286 2244 ================================================================================
2011/05/30 16:38:15.0286 2244 Scan finished
2011/05/30 16:38:15.0286 2244 ================================================================================
2011/05/30 16:38:15.0301 3796 Detected object count: 1
2011/05/30 16:38:15.0301 3796 Actual detected object count: 1
2011/05/30 16:38:34.0770 3796 usbhub (1b68f4fbbf6c72458cbbac71cdf84a6f) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 16:38:41.0832 3796 Backup copy found, using it..
2011/05/30 16:38:41.0926 3796 C:\WINDOWS\system32\DRIVERS\usbhub.sys - will be cured after reboot
2011/05/30 16:38:41.0926 3796 Rootkit.Win32.ZAccess.c(usbhub) - User select action: Cure
2011/05/30 16:38:56.0457 0588 Deinitialize success
2)2011/05/30 16:45:31.0609 2940 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 16:45:32.0109 2940 ================================================================================
2011/05/30 16:45:32.0109 2940 SystemInfo:
2011/05/30 16:45:32.0109 2940
2011/05/30 16:45:32.0109 2940 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 16:45:32.0109 2940 Product type: Workstation
2011/05/30 16:45:32.0109 2940 ComputerName: SHINY
2011/05/30 16:45:32.0109 2940 UserName: Ernest
2011/05/30 16:45:32.0109 2940 Windows directory: C:\WINDOWS
2011/05/30 16:45:32.0109 2940 System windows directory: C:\WINDOWS
2011/05/30 16:45:32.0109 2940 Processor architecture: Intel x86
2011/05/30 16:45:32.0109 2940 Number of processors: 2
2011/05/30 16:45:32.0109 2940 Page size: 0x1000
2011/05/30 16:45:32.0109 2940 Boot type: Normal boot
2011/05/30 16:45:32.0109 2940 ================================================================================
2011/05/30 16:45:36.0531 2940 Initialize success
2011/05/30 17:33:23.0640 2860 ================================================================================
2011/05/30 17:33:23.0640 2860 Scan started
2011/05/30 17:33:23.0640 2860 Mode: Manual;
2011/05/30 17:33:23.0640 2860 ================================================================================
2011/05/30 17:33:24.0546 2860 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 17:33:24.0609 2860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 17:33:24.0718 2860 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 17:33:24.0750 2860 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 17:33:24.0906 2860 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 17:33:25.0125 2860 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 17:33:25.0171 2860 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 17:33:25.0234 2860 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 17:33:25.0296 2860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 17:33:25.0421 2860 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/30 17:33:25.0484 2860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 17:33:25.0625 2860 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/30 17:33:25.0656 2860 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/30 17:33:25.0703 2860 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/30 17:33:25.0734 2860 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/30 17:33:25.0765 2860 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/30 17:33:25.0875 2860 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/30 17:33:25.0937 2860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 17:33:26.0000 2860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 17:33:26.0093 2860 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 17:33:26.0140 2860 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 17:33:26.0234 2860 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/30 17:33:26.0328 2860 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/30 17:33:26.0421 2860 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 17:33:26.0453 2860 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 17:33:26.0578 2860 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 17:33:26.0656 2860 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 17:33:26.0718 2860 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/30 17:33:26.0734 2860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 17:33:26.0796 2860 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 17:33:26.0859 2860 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 17:33:26.0968 2860 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 17:33:27.0031 2860 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 17:33:27.0078 2860 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 17:33:27.0109 2860 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 17:33:27.0171 2860 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 17:33:27.0265 2860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 17:33:27.0281 2860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 17:33:27.0343 2860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/30 17:33:27.0421 2860 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 17:33:27.0468 2860 HidBth (cda7c5208286249ba83aca396ce84cf7) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/05/30 17:33:27.0531 2860 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 17:33:27.0687 2860 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/30 17:33:27.0859 2860 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/30 17:33:27.0968 2860 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 17:33:28.0078 2860 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 17:33:28.0187 2860 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/30 17:33:28.0281 2860 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 17:33:28.0578 2860 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 17:33:28.0671 2860 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 17:33:28.0718 2860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 17:33:28.0765 2860 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 17:33:28.0812 2860 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 17:33:28.0906 2860 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 17:33:28.0968 2860 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 17:33:29.0046 2860 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 17:33:29.0078 2860 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 17:33:29.0156 2860 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 17:33:29.0250 2860 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 17:33:29.0359 2860 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 17:33:29.0500 2860 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/30 17:33:29.0593 2860 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/30 17:33:29.0703 2860 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/30 17:33:29.0734 2860 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/30 17:33:29.0812 2860 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/30 17:33:29.0921 2860 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/30 17:33:30.0000 2860 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:33:30.0015 2860 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:33:30.0062 2860 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/30 17:33:30.0156 2860 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/30 17:33:30.0218 2860 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/30 17:33:30.0328 2860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 17:33:30.0437 2860 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2011/05/30 17:33:30.0500 2860 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 17:33:30.0531 2860 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 17:33:30.0625 2860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 17:33:30.0718 2860 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 17:33:30.0796 2860 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 17:33:30.0890 2860 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 17:33:30.0953 2860 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 17:33:31.0000 2860 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 17:33:31.0062 2860 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 17:33:31.0093 2860 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 17:33:31.0156 2860 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 17:33:31.0203 2860 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 17:33:31.0296 2860 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 17:33:31.0328 2860 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 17:33:31.0359 2860 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 17:33:31.0437 2860 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 17:33:31.0468 2860 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 17:33:31.0515 2860 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 17:33:31.0546 2860 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 17:33:31.0656 2860 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 17:33:31.0687 2860 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 17:33:31.0765 2860 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 17:33:31.0859 2860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 17:33:31.0906 2860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 17:33:31.0984 2860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 17:33:32.0046 2860 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 17:33:32.0078 2860 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/30 17:33:32.0109 2860 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 17:33:32.0156 2860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 17:33:32.0234 2860 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 17:33:32.0312 2860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 17:33:32.0390 2860 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 17:33:32.0609 2860 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 17:33:32.0656 2860 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 17:33:32.0718 2860 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/30 17:33:32.0781 2860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 17:33:32.0843 2860 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 17:33:33.0046 2860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 17:33:33.0109 2860 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 17:33:33.0140 2860 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 17:33:33.0187 2860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 17:33:33.0265 2860 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 17:33:33.0343 2860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 17:33:33.0437 2860 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 17:33:33.0500 2860 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 17:33:33.0625 2860 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 17:33:33.0671 2860 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/30 17:33:33.0734 2860 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/30 17:33:33.0796 2860 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/30 17:33:33.0859 2860 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/30 17:33:33.0937 2860 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/30 17:33:33.0968 2860 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/30 17:33:34.0031 2860 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/30 17:33:34.0140 2860 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/30 17:33:34.0203 2860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 17:33:34.0296 2860 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/30 17:33:34.0328 2860 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/30 17:33:34.0359 2860 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/30 17:33:34.0390 2860 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 17:33:34.0593 2860 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 17:33:34.0687 2860 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 17:33:34.0750 2860 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 17:33:34.0906 2860 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/30 17:33:35.0015 2860 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 17:33:35.0109 2860 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 17:33:35.0265 2860 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 17:33:35.0359 2860 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 17:33:35.0421 2860 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 17:33:35.0468 2860 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 17:33:35.0546 2860 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 17:33:35.0593 2860 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 17:33:35.0718 2860 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 17:33:35.0859 2860 Update (64aeb05c5730e24b1e4a0a763492b980) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 17:33:35.0859 2860 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\update.sys. Real md5: 64aeb05c5730e24b1e4a0a763492b980, Fake md5: ced744117e91bdc0beb810f7d8608183
2011/05/30 17:33:35.0875 2860 Update - detected Rootkit.Win32.ZAccess.c (0)
2011/05/30 17:33:35.0968 2860 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/30 17:33:36.0046 2860 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 17:33:36.0078 2860 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 17:33:36.0109 2860 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 17:33:36.0218 2860 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 17:33:36.0281 2860 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 17:33:36.0328 2860 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 17:33:36.0375 2860 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 17:33:36.0406 2860 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 17:33:36.0468 2860 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 17:33:36.0593 2860 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/30 17:33:36.0734 2860 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 17:33:36.0843 2860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/30 17:33:37.0000 2860 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 17:33:37.0093 2860 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 17:33:37.0265 2860 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/30 17:33:37.0312 2860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 17:33:37.0375 2860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 17:33:37.0609 2860 ================================================================================
2011/05/30 17:33:37.0609 2860 Scan finished
2011/05/30 17:33:37.0609 2860 ================================================================================
2011/05/30 17:33:37.0625 3264 Detected object count: 1
2011/05/30 17:33:37.0625 3264 Actual detected object count: 1
2011/05/30 17:33:52.0734 3264 Update (64aeb05c5730e24b1e4a0a763492b980) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 17:33:52.0734 3264 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\update.sys. Real md5: 64aeb05c5730e24b1e4a0a763492b980, Fake md5: ced744117e91bdc0beb810f7d8608183
2011/05/30 17:33:53.0265 3264 Backup copy found, using it..
2011/05/30 17:33:53.0281 3264 C:\WINDOWS\system32\DRIVERS\update.sys - will be cured after reboot
2011/05/30 17:33:53.0281 3264 Rootkit.Win32.ZAccess.c(Update) - User select action: Cure
2011/05/30 17:35:42.0312 3020 Deinitialize success
2)
2011/05/30 16:45:31.0609 2940 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 16:45:32.0109 2940 ================================================================================
2011/05/30 16:45:32.0109 2940 SystemInfo:
2011/05/30 16:45:32.0109 2940
2011/05/30 16:45:32.0109 2940 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 16:45:32.0109 2940 Product type: Workstation
2011/05/30 16:45:32.0109 2940 ComputerName: SHINY
2011/05/30 16:45:32.0109 2940 UserName: Ernest
2011/05/30 16:45:32.0109 2940 Windows directory: C:\WINDOWS
2011/05/30 16:45:32.0109 2940 System windows directory: C:\WINDOWS
2011/05/30 16:45:32.0109 2940 Processor architecture: Intel x86
2011/05/30 16:45:32.0109 2940 Number of processors: 2
2011/05/30 16:45:32.0109 2940 Page size: 0x1000
2011/05/30 16:45:32.0109 2940 Boot type: Normal boot
2011/05/30 16:45:32.0109 2940 ================================================================================
2011/05/30 16:45:36.0531 2940 Initialize success
2011/05/30 17:33:23.0640 2860 ================================================================================
2011/05/30 17:33:23.0640 2860 Scan started
2011/05/30 17:33:23.0640 2860 Mode: Manual;
2011/05/30 17:33:23.0640 2860 ================================================================================
2011/05/30 17:33:24.0546 2860 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 17:33:24.0609 2860 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 17:33:24.0718 2860 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 17:33:24.0750 2860 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 17:33:24.0906 2860 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 17:33:25.0125 2860 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 17:33:25.0171 2860 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 17:33:25.0234 2860 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 17:33:25.0296 2860 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 17:33:25.0421 2860 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/30 17:33:25.0484 2860 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 17:33:25.0625 2860 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/30 17:33:25.0656 2860 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/30 17:33:25.0703 2860 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/30 17:33:25.0734 2860 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/30 17:33:25.0765 2860 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/30 17:33:25.0875 2860 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/30 17:33:25.0937 2860 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 17:33:26.0000 2860 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 17:33:26.0093 2860 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 17:33:26.0140 2860 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 17:33:26.0234 2860 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/30 17:33:26.0328 2860 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/30 17:33:26.0421 2860 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 17:33:26.0453 2860 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 17:33:26.0578 2860 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 17:33:26.0656 2860 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 17:33:26.0718 2860 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/30 17:33:26.0734 2860 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 17:33:26.0796 2860 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 17:33:26.0859 2860 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 17:33:26.0968 2860 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 17:33:27.0031 2860 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 17:33:27.0078 2860 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 17:33:27.0109 2860 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 17:33:27.0171 2860 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 17:33:27.0265 2860 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 17:33:27.0281 2860 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 17:33:27.0343 2860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/30 17:33:27.0421 2860 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 17:33:27.0468 2860 HidBth (cda7c5208286249ba83aca396ce84cf7) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/05/30 17:33:27.0531 2860 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 17:33:27.0687 2860 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/30 17:33:27.0859 2860 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/30 17:33:27.0968 2860 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 17:33:28.0078 2860 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 17:33:28.0187 2860 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/30 17:33:28.0281 2860 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 17:33:28.0578 2860 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 17:33:28.0671 2860 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 17:33:28.0718 2860 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 17:33:28.0765 2860 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 17:33:28.0812 2860 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 17:33:28.0906 2860 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 17:33:28.0968 2860 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 17:33:29.0046 2860 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 17:33:29.0078 2860 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 17:33:29.0156 2860 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 17:33:29.0250 2860 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 17:33:29.0359 2860 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 17:33:29.0500 2860 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/30 17:33:29.0593 2860 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/30 17:33:29.0703 2860 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/30 17:33:29.0734 2860 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/30 17:33:29.0812 2860 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/30 17:33:29.0921 2860 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/30 17:33:30.0000 2860 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:33:30.0015 2860 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:33:30.0062 2860 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/30 17:33:30.0156 2860 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/30 17:33:30.0218 2860 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/30 17:33:30.0328 2860 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 17:33:30.0437 2860 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2011/05/30 17:33:30.0500 2860 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 17:33:30.0531 2860 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 17:33:30.0625 2860 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 17:33:30.0718 2860 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 17:33:30.0796 2860 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 17:33:30.0890 2860 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 17:33:30.0953 2860 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 17:33:31.0000 2860 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 17:33:31.0062 2860 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 17:33:31.0093 2860 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 17:33:31.0156 2860 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 17:33:31.0203 2860 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 17:33:31.0296 2860 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 17:33:31.0328 2860 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 17:33:31.0359 2860 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 17:33:31.0437 2860 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 17:33:31.0468 2860 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 17:33:31.0515 2860 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 17:33:31.0546 2860 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 17:33:31.0656 2860 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 17:33:31.0687 2860 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 17:33:31.0765 2860 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 17:33:31.0859 2860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 17:33:31.0906 2860 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 17:33:31.0984 2860 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 17:33:32.0046 2860 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 17:33:32.0078 2860 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/30 17:33:32.0109 2860 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 17:33:32.0156 2860 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 17:33:32.0234 2860 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 17:33:32.0312 2860 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 17:33:32.0390 2860 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 17:33:32.0609 2860 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 17:33:32.0656 2860 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 17:33:32.0718 2860 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/30 17:33:32.0781 2860 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 17:33:32.0843 2860 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 17:33:33.0046 2860 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 17:33:33.0109 2860 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 17:33:33.0140 2860 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 17:33:33.0187 2860 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 17:33:33.0265 2860 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 17:33:33.0343 2860 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 17:33:33.0437 2860 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 17:33:33.0500 2860 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 17:33:33.0625 2860 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 17:33:33.0671 2860 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/30 17:33:33.0734 2860 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/30 17:33:33.0796 2860 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/30 17:33:33.0859 2860 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/30 17:33:33.0937 2860 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/30 17:33:33.0968 2860 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/30 17:33:34.0031 2860 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/30 17:33:34.0140 2860 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/30 17:33:34.0203 2860 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 17:33:34.0296 2860 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/30 17:33:34.0328 2860 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/30 17:33:34.0359 2860 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/30 17:33:34.0390 2860 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 17:33:34.0593 2860 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 17:33:34.0687 2860 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 17:33:34.0750 2860 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 17:33:34.0906 2860 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/30 17:33:35.0015 2860 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 17:33:35.0109 2860 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 17:33:35.0265 2860 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 17:33:35.0359 2860 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 17:33:35.0421 2860 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 17:33:35.0468 2860 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 17:33:35.0546 2860 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 17:33:35.0593 2860 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 17:33:35.0718 2860 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 17:33:35.0859 2860 Update (64aeb05c5730e24b1e4a0a763492b980) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 17:33:35.0859 2860 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\update.sys. Real md5: 64aeb05c5730e24b1e4a0a763492b980, Fake md5: ced744117e91bdc0beb810f7d8608183
2011/05/30 17:33:35.0875 2860 Update - detected Rootkit.Win32.ZAccess.c (0)
2011/05/30 17:33:35.0968 2860 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/30 17:33:36.0046 2860 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 17:33:36.0078 2860 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 17:33:36.0109 2860 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 17:33:36.0218 2860 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 17:33:36.0281 2860 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 17:33:36.0328 2860 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 17:33:36.0375 2860 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 17:33:36.0406 2860 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 17:33:36.0468 2860 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 17:33:36.0593 2860 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/30 17:33:36.0734 2860 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 17:33:36.0843 2860 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/30 17:33:37.0000 2860 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 17:33:37.0093 2860 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 17:33:37.0265 2860 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/30 17:33:37.0312 2860 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 17:33:37.0375 2860 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 17:33:37.0609 2860 ================================================================================
2011/05/30 17:33:37.0609 2860 Scan finished
2011/05/30 17:33:37.0609 2860 ================================================================================
2011/05/30 17:33:37.0625 3264 Detected object count: 1
2011/05/30 17:33:37.0625 3264 Actual detected object count: 1
2011/05/30 17:33:52.0734 3264 Update (64aeb05c5730e24b1e4a0a763492b980) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 17:33:52.0734 3264 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\update.sys. Real md5: 64aeb05c5730e24b1e4a0a763492b980, Fake md5: ced744117e91bdc0beb810f7d8608183
2011/05/30 17:33:53.0265 3264 Backup copy found, using it..
2011/05/30 17:33:53.0281 3264 C:\WINDOWS\system32\DRIVERS\update.sys - will be cured after reboot
2011/05/30 17:33:53.0281 3264 Rootkit.Win32.ZAccess.c(Update) - User select action: Cure
2011/05/30 17:35:42.0312 3020 Deinitialize success
3)
2011/05/30 17:43:32.0015 1700 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 17:43:34.0015 1700 ================================================================================
2011/05/30 17:43:34.0015 1700 SystemInfo:
2011/05/30 17:43:34.0015 1700
2011/05/30 17:43:34.0015 1700 OS Version: 5.1.2600 ServicePack: 2.0
2011/05/30 17:43:34.0015 1700 Product type: Workstation
2011/05/30 17:43:34.0015 1700 ComputerName: SHINY
2011/05/30 17:43:34.0015 1700 UserName: Ernest
2011/05/30 17:43:34.0015 1700 Windows directory: C:\WINDOWS
2011/05/30 17:43:34.0015 1700 System windows directory: C:\WINDOWS
2011/05/30 17:43:34.0015 1700 Processor architecture: Intel x86
2011/05/30 17:43:34.0015 1700 Number of processors: 2
2011/05/30 17:43:34.0015 1700 Page size: 0x1000
2011/05/30 17:43:34.0015 1700 Boot type: Normal boot
2011/05/30 17:43:34.0015 1700 ================================================================================
2011/05/30 17:43:38.0296 1700 Initialize success
2011/05/30 17:43:40.0781 4052 ================================================================================
2011/05/30 17:43:40.0781 4052 Scan started
2011/05/30 17:43:40.0781 4052 Mode: Manual;
2011/05/30 17:43:40.0781 4052 ================================================================================
2011/05/30 17:43:45.0656 4052 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/30 17:43:45.0718 4052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/30 17:43:45.0796 4052 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/05/30 17:43:45.0843 4052 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/05/30 17:43:46.0000 4052 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/05/30 17:43:46.0125 4052 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/30 17:43:46.0171 4052 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/30 17:43:46.0218 4052 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/30 17:43:46.0281 4052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/30 17:43:46.0406 4052 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/05/30 17:43:46.0515 4052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/30 17:43:46.0656 4052 BthEnum (d24b8d1784c68a25060fffbe8ed34b76) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/05/30 17:43:46.0687 4052 BTHMODEM (9df0adf74ce1d6371ed60cf92eb1d9a6) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
2011/05/30 17:43:46.0734 4052 BthPan (10355270be12641b9764235da39dcf0f) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/05/30 17:43:46.0765 4052 BTHPORT (95ef6f3f386d93ee1e4d9ca45a50252a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/05/30 17:43:46.0796 4052 BTHUSB (f06d4cb9918b462a84d9ac00027efc30) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/05/30 17:43:46.0890 4052 btwmodem (7d295223c172ab4d61dc256721b2f09e) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
2011/05/30 17:43:46.0953 4052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/30 17:43:47.0031 4052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/30 17:43:47.0093 4052 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/30 17:43:47.0109 4052 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/30 17:43:47.0171 4052 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/05/30 17:43:47.0281 4052 cfwids (7fd604cd7a7a0ff8975af61bdf64c577) C:\WINDOWS\system32\drivers\cfwids.sys
2011/05/30 17:43:47.0468 4052 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/05/30 17:43:47.0515 4052 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/30 17:43:47.0625 4052 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/30 17:43:47.0703 4052 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/30 17:43:47.0765 4052 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/05/30 17:43:47.0812 4052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/30 17:43:47.0875 4052 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/30 17:43:47.0921 4052 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/30 17:43:47.0984 4052 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/30 17:43:48.0015 4052 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/30 17:43:48.0046 4052 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/30 17:43:48.0078 4052 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/30 17:43:48.0125 4052 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/30 17:43:48.0265 4052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/30 17:43:48.0296 4052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/30 17:43:48.0359 4052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/05/30 17:43:48.0421 4052 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/30 17:43:48.0484 4052 HidBth (cda7c5208286249ba83aca396ce84cf7) C:\WINDOWS\system32\DRIVERS\hidbth.sys
2011/05/30 17:43:48.0531 4052 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/30 17:43:48.0671 4052 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
2011/05/30 17:43:48.0750 4052 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
2011/05/30 17:43:48.0828 4052 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/30 17:43:48.0906 4052 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/30 17:43:49.0015 4052 ialm (cc449157474d5e43daea7e20f52c635a) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/30 17:43:49.0109 4052 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/30 17:43:49.0187 4052 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/30 17:43:49.0296 4052 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/30 17:43:49.0375 4052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/30 17:43:49.0421 4052 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/30 17:43:49.0468 4052 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/30 17:43:49.0515 4052 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/30 17:43:49.0562 4052 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/30 17:43:49.0640 4052 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/30 17:43:49.0718 4052 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/30 17:43:49.0750 4052 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/30 17:43:49.0812 4052 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/30 17:43:49.0890 4052 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/30 17:43:50.0125 4052 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/05/30 17:43:50.0203 4052 mfeapfk (113445fc6a858ef453cded5b0a0df665) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/05/30 17:43:50.0265 4052 mfeavfk (dbf6e1b388d5c070d438c61adb990c30) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/05/30 17:43:50.0296 4052 mfebopk (a528b15e330edb83ea649be318d841d5) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/05/30 17:43:50.0390 4052 mfefirek (c7da1b8003c89acedaa13768f7a1c622) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/05/30 17:43:50.0437 4052 mfehidk (5e9679bb2fc4fa38ec8ca906c47acd46) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/05/30 17:43:50.0500 4052 mfendisk (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:43:50.0671 4052 mfendiskmp (b1728195877b18ce63cf0cd00b2871eb) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/05/30 17:43:51.0328 4052 mferkdet (ce1711f7c3f72f6762abd241dcfd5ee1) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/05/30 17:43:51.0671 4052 mfetdi2k (25e12c68b49a64ffc873603dfd578236) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/05/30 17:43:51.0750 4052 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/05/30 17:43:51.0843 4052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/30 17:43:51.0937 4052 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys
2011/05/30 17:43:52.0000 4052 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/30 17:43:52.0031 4052 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/30 17:43:52.0093 4052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/30 17:43:52.0125 4052 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/30 17:43:52.0187 4052 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/30 17:43:52.0406 4052 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/30 17:43:52.0453 4052 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/30 17:43:52.0515 4052 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/30 17:43:52.0562 4052 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/30 17:43:52.0578 4052 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/30 17:43:52.0625 4052 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/30 17:43:52.0718 4052 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/30 17:43:52.0765 4052 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/30 17:43:52.0843 4052 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/30 17:43:52.0875 4052 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/30 17:43:52.0890 4052 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/30 17:43:52.0921 4052 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/30 17:43:52.0937 4052 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/30 17:43:52.0968 4052 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/30 17:43:53.0031 4052 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/05/30 17:43:53.0046 4052 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/30 17:43:53.0140 4052 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/30 17:43:53.0234 4052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/30 17:43:53.0281 4052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/30 17:43:53.0328 4052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/30 17:43:53.0359 4052 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/05/30 17:43:53.0390 4052 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/05/30 17:43:53.0484 4052 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/30 17:43:53.0546 4052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/30 17:43:53.0578 4052 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/30 17:43:53.0640 4052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/30 17:43:53.0671 4052 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/30 17:43:53.0875 4052 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/30 17:43:53.0890 4052 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/30 17:43:53.0968 4052 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
2011/05/30 17:43:54.0031 4052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/30 17:43:54.0062 4052 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/30 17:43:54.0234 4052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/30 17:43:54.0312 4052 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/30 17:43:54.0359 4052 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/30 17:43:54.0390 4052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/30 17:43:54.0468 4052 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/30 17:43:54.0546 4052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/30 17:43:54.0625 4052 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/30 17:43:54.0734 4052 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/30 17:43:54.0781 4052 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/30 17:43:54.0828 4052 RFCOMM (99c4b74981a1413f142a3903130088cb) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/05/30 17:43:54.0875 4052 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/05/30 17:43:54.0921 4052 rimsptsk (dc0111fbfc85a68fa6dad034fcb033f6) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/30 17:43:54.0921 4052 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rimsptsk.sys. Real md5: dc0111fbfc85a68fa6dad034fcb033f6, Fake md5: 1bdba2d2d402415a78a4ba766dfe0f7b
2011/05/30 17:43:54.0921 4052 rimsptsk - detected Rootkit.Win32.ZAccess.c (0)
2011/05/30 17:43:54.0984 4052 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/05/30 17:43:55.0046 4052 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/05/30 17:43:55.0078 4052 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/05/30 17:43:55.0140 4052 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/05/30 17:43:55.0250 4052 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/05/30 17:43:55.0328 4052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/30 17:43:55.0375 4052 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/05/30 17:43:55.0421 4052 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/05/30 17:43:55.0437 4052 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/05/30 17:43:55.0546 4052 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/30 17:43:55.0671 4052 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/30 17:43:55.0718 4052 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/30 17:43:55.0781 4052 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/30 17:43:55.0890 4052 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
2011/05/30 17:43:55.0937 4052 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/30 17:43:55.0968 4052 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/30 17:43:56.0203 4052 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/30 17:43:56.0296 4052 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/30 17:43:56.0343 4052 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/30 17:43:56.0390 4052 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/30 17:43:56.0437 4052 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/30 17:43:56.0484 4052 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/30 17:43:56.0593 4052 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/30 17:43:56.0734 4052 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/30 17:43:56.0812 4052 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/05/30 17:43:56.0906 4052 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/30 17:43:56.0953 4052 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/30 17:43:56.0984 4052 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/30 17:43:57.0015 4052 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/05/30 17:43:57.0093 4052 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/30 17:43:57.0156 4052 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/30 17:43:57.0187 4052 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/30 17:43:57.0218 4052 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/05/30 17:43:57.0328 4052 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/30 17:43:57.0468 4052 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/05/30 17:43:57.0578 4052 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/30 17:43:57.0671 4052 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/30 17:43:57.0828 4052 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/30 17:43:57.0937 4052 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
2011/05/30 17:43:58.0062 4052 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/05/30 17:43:58.0109 4052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/30 17:43:58.0171 4052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/05/30 17:43:58.0390 4052 ================================================================================
2011/05/30 17:43:58.0390 4052 Scan finished
2011/05/30 17:43:58.0390 4052 ================================================================================
2011/05/30 17:43:58.0406 4044 Detected object count: 1
2011/05/30 17:43:58.0406 4044 Actual detected object count: 1
2011/05/30 17:44:13.0078 4044 rimsptsk (dc0111fbfc85a68fa6dad034fcb033f6) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/05/30 17:44:13.0078 4044 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\rimsptsk.sys. Real md5: dc0111fbfc85a68fa6dad034fcb033f6, Fake md5: 1bdba2d2d402415a78a4ba766dfe0f7b
2011/05/30 17:44:14.0421 4044 Backup copy found, using it..
2011/05/30 17:44:14.0453 4044 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys - will be cured after reboot
2011/05/30 17:44:14.0453 4044 Rootkit.Win32.ZAccess.c(rimsptsk) - User select action: Cure
2011/05/30 17:44:24.0531 3812 Deinitialize success
ejcurry
59 Posts
0
May 30th, 2011 17:00
i did not set up the proxy and i lost my audio capabilities and combo fix said i was ru nning mcafee and i un-installed it and rebooted to finish un-installing and combo fix said i was still running mcafee.
ejcurry
59 Posts
0
May 30th, 2011 17:00
here is combo fix log.
ComboFix 11-05-30.06 - Ernest 05/30/2011 18:18:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.602 [GMT -5:00]
Running from: c:\documents and settings\Ernest\Desktop\gotcha.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users.\documents\settings\desktop.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Documents\Settings\desktop.ini
c:\documents and settings\Ernest\GoToAssistDownloadHelper.exe
c:\documents and settings\Ernest\Templates\15356tu05oq8gyvi734qjr0nd853831h8hnu8u
c:\documents and settings\HJ\GoToAssistDownloadHelper.exe
c:\documents and settings\HJ\WINDOWS
C:\install.exe
c:\windows\system32\_005091_.tmp.dll
c:\windows\system32\_005092_.tmp.dll
c:\windows\system32\_005093_.tmp.dll
c:\windows\system32\_005094_.tmp.dll
c:\windows\system32\_005101_.tmp.dll
c:\windows\system32\_005102_.tmp.dll
c:\windows\system32\_005103_.tmp.dll
c:\windows\system32\_005104_.tmp.dll
c:\windows\system32\_005106_.tmp.dll
c:\windows\system32\_005107_.tmp.dll
c:\windows\system32\_005110_.tmp.dll
c:\windows\system32\_005111_.tmp.dll
c:\windows\system32\_005113_.tmp.dll
c:\windows\system32\_005114_.tmp.dll
c:\windows\system32\_005115_.tmp.dll
c:\windows\system32\_005117_.tmp.dll
c:\windows\system32\_005120_.tmp.dll
c:\windows\system32\_005121_.tmp.dll
c:\windows\system32\_005125_.tmp.dll
c:\windows\system32\_005126_.tmp.dll
c:\windows\system32\_005128_.tmp.dll
c:\windows\system32\_005131_.tmp.dll
c:\windows\system32\_005133_.tmp.dll
c:\windows\system32\_005134_.tmp.dll
c:\windows\system32\_005135_.tmp.dll
c:\windows\system32\_005136_.tmp.dll
c:\windows\system32\_005137_.tmp.dll
c:\windows\system32\_005140_.tmp.dll
c:\windows\system32\_005141_.tmp.dll
c:\windows\system32\_005142_.tmp.dll
c:\windows\system32\_005143_.tmp.dll
c:\windows\system32\_005144_.tmp.dll
c:\windows\system32\_005149_.tmp.dll
c:\windows\system32\_005151_.tmp.dll
c:\windows\system32\_005152_.tmp.dll
c:\windows\system32\config\gmcanuam
.
----- BITS: Possible infected sites -----
.
hxxp://download.esdj+|Cv+@J:NGD_DQ{ztHG.X7LjN'{AC76BA86-7AD7-1033-7B44-A94000000001}.S-1-5-21-1547161642-1844237615-725345543-1004XtD$?*7\
c:\windows\system32\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 23:09 . 2011-05-30 23:09 -------- d-----w- C:\gotcha
2011-05-30 01:16 . 2011-05-30 02:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-30 01:14 . 2011-05-30 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-30 00:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 00:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 19:12 . 2011-05-29 19:12 -------- d-----w- c:\documents and settings\Ernest\Application Data\DriverCure
2011-05-29 19:12 . 2011-05-29 19:12 -------- d-----w- c:\documents and settings\Ernest\Application Data\ParetoLogic
2011-05-29 19:11 . 2011-05-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-05-29 10:57 . 2011-05-29 13:52 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-28 21:43 . 2011-05-28 21:43 -------- d-----w- c:\documents and settings\Ernest\Application Data\McAfee
2011-05-28 21:34 . 2011-05-28 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-05-28 21:27 . 2011-05-28 21:27 -------- d-----w- c:\documents and settings\Ernest\Local Settings\Application Data\Citrix
2011-05-28 19:25 . 2011-05-30 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 06:30 . 2011-05-21 06:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-21 05:55 . 2011-05-21 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 04:39 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-05-21 04:39 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-05-21 04:39 . 2011-04-20 23:25 66520 ---ha-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-05-21 04:39 . 2011-04-20 23:25 505816 ---ha-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-21 04:39 . 2011-04-20 23:25 1014232 ---ha-w- c:\program files\Mozilla Firefox\js3250.dll
2011-05-21 03:39 . 2011-05-21 03:39 -------- d-sh--w- c:\documents and settings\Ernest\IECompatCache
2011-05-21 03:37 . 2011-05-21 03:37 -------- d-sh--w- c:\documents and settings\Ernest\PrivacIE
2011-05-21 03:35 . 2011-05-21 03:35 -------- d-sh--w- c:\documents and settings\Ernest\IETldCache
2011-05-21 03:14 . 2011-05-21 05:49 -------- dc----w- c:\windows\ie8
2011-05-19 02:58 . 2011-05-19 03:00 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 01:44 . 2011-05-17 01:44 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-17 01:36 . 2011-05-17 01:36 -------- d--h--w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 22:45 . 2007-10-27 14:14 51328 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-05-30 22:36 . 2009-12-16 23:31 364160 ----a-w- c:\windows\system32\drivers\update.sys
2011-05-30 21:40 . 2009-12-16 23:31 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-18 17:33 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-05-28 21:28 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Donna^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Donna\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HJ^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\HJ\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 ---ha-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-10-21 15:40 430080 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-11-10 23:02 1880064 ---ha-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-16 20:59 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ---ha-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dlcc_device"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
S2 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.199\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.199\McCHSvc.exe [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{CA0164BB-DEA5-4027-9905-4DB4173CEEE2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:60505
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Ernest\Application Data\Mozilla\Firefox\Profiles\bx84xqj1.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60505
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-34210321.sys
SafeBoot-36779428.sys
SafeBoot-60813891.sys
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-RoughDraft - c:\program files\RoughDraft\uninstall.exe
AddRemove-UltraKiss V3.2a - c:\program files\UltraKiss V3.2a\UninstallerData\Uninstall UltraKiss.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 18:30
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3564)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-05-30 18:39:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-30 23:39
.
Pre-Run: 51,044,241,408 bytes free
Post-Run: 53,323,661,312 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 07D88BBD273308C7532BC35A8BCD5028
kevinf80_1d0ac6
1.1K Posts
0
May 30th, 2011 18:00
Step 1
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text from in between the dotted lines below into it:
--------------------------------------------------------------------------------------------------------------------------------
KillAll::
FCopy::
C:\WINDOWS\ERDNT\cache\userinit.exe | c:\windows\system32\userinit.exe
DDS::
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:60505
Firefox::
FF - ProfilePath - c:\documents and settings\Ernest\Application Data\Mozilla\Firefox\Profiles\bx84xqj1.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 60505
--------------------------------------------------------------------------------------------------------------------------------
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 2
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take between one and several hours to complete depending on the size of your system.
Let me seethetwo logs in your reply....
Kevin
ejcurry
59 Posts
0
May 30th, 2011 18:00
here is the next log:
SystemLook 04.09.10 by jpshortstuff
Log created at 19:17 on 30/05/2011 by Ernest
Administrator - Elevation successful
========== filefind ==========
Searching for "userinit.exe"
C:\WINDOWS\ERDNT\cache\userinit.exe --a---- 24576 bytes [23:38 30/05/2011] [11:00 10/08/2004] 39B1FFB03C2296323832ACBAE50D2AFF
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe --ah--- 26112 bytes [22:10 16/12/2009] [00:12 14/04/2008] A93AEE1928A9D7CE3E16D24EC7380F89
C:\WINDOWS\system32\userinit.exe --a---- 24576 bytes [23:31 16/12/2009] [11:00 10/08/2004] 39B1FFB03C2296323832ACBAE50D2AFF
-= EOF =-
kevinf80_1d0ac6
1.1K Posts
0
May 30th, 2011 18:00
Run the following :-
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
-----------------------------------------------------------
:filefind
userinit.exe
-----------------------------------------------------------
Note: The log can also be found on your Desktop entitled SystemLook.txt
Let me see the log in your reply.....
Kevin
ejcurry
59 Posts
0
May 30th, 2011 21:00
here is the combo fix log. doing eset now
ComboFix 11-05-30.06 - Ernest 05/30/2011 20:00:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.543 [GMT -5:00]
Running from: c:\documents and settings\Ernest\Desktop\gotcha.exe
Command switches used :: c:\documents and settings\Ernest\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\ERDNT\cache\userinit.exe --> c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-31 )))))))))))))))))))))))))))))))
.
.
2011-05-30 23:09 . 2011-05-30 23:09 -------- d-----w- C:\gotcha
2011-05-30 01:16 . 2011-05-30 02:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-05-30 01:14 . 2011-05-30 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-05-30 00:40 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-30 00:39 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 19:12 . 2011-05-29 19:12 -------- d-----w- c:\documents and settings\Ernest\Application Data\DriverCure
2011-05-29 19:12 . 2011-05-29 19:12 -------- d-----w- c:\documents and settings\Ernest\Application Data\ParetoLogic
2011-05-29 19:11 . 2011-05-29 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2011-05-29 10:57 . 2011-05-29 13:52 -------- d-----w- c:\windows\system32\MpEngineStore
2011-05-28 21:43 . 2011-05-28 21:43 -------- d-----w- c:\documents and settings\Ernest\Application Data\McAfee
2011-05-28 21:34 . 2011-05-28 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2011-05-28 21:27 . 2011-05-28 21:27 -------- d-----w- c:\documents and settings\Ernest\Local Settings\Application Data\Citrix
2011-05-28 19:25 . 2011-05-30 01:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 06:30 . 2011-05-21 06:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-21 05:55 . 2011-05-21 05:55 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-21 04:39 . 2011-04-20 23:25 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-05-21 04:39 . 2011-04-20 23:25 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-05-21 04:39 . 2011-04-20 23:25 66520 ---ha-w- c:\program files\Mozilla Firefox\plugins\npnul32.dll
2011-05-21 04:39 . 2011-04-20 23:25 505816 ---ha-w- c:\program files\Mozilla Firefox\sqlite3.dll
2011-05-21 04:39 . 2011-04-20 23:25 1014232 ---ha-w- c:\program files\Mozilla Firefox\js3250.dll
2011-05-21 03:39 . 2011-05-21 03:39 -------- d-sh--w- c:\documents and settings\Ernest\IECompatCache
2011-05-21 03:37 . 2011-05-21 03:37 -------- d-sh--w- c:\documents and settings\Ernest\PrivacIE
2011-05-21 03:35 . 2011-05-21 03:35 -------- d-sh--w- c:\documents and settings\Ernest\IETldCache
2011-05-21 03:14 . 2011-05-21 05:49 -------- dc----w- c:\windows\ie8
2011-05-19 02:58 . 2011-05-19 03:00 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-17 01:44 . 2011-05-17 01:44 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-05-17 01:36 . 2011-05-17 01:36 -------- d--h--w- c:\program files\Coupons
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 22:45 . 2007-10-27 14:14 51328 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2011-05-30 22:36 . 2009-12-16 23:31 364160 ----a-w- c:\windows\system32\drivers\update.sys
2011-05-30 21:40 . 2009-12-16 23:31 57600 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-03-18 17:33 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-10-21 430080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-10 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-05-28 21:28 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Donna^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\Donna\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^HJ^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
path=c:\documents and settings\HJ\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk
backup=c:\windows\pss\OpenOffice.org 2.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 ---ha-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-10 11:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
2005-10-21 15:40 430080 ----a-w- c:\program files\Dell Photo AIO Printer 924\dlccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 09:04 59392 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2001-08-23 21:52 331830 ----a-w- c:\program files\Microsoft Works\wkssb.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2001-08-17 04:41 28738 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2004-11-10 23:02 1880064 ---ha-w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-16 20:59 149280 ---ha-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2001-10-06 00:34 24576 ---ha-w- c:\program files\Microsoft Works\wkfud.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"dlcc_device"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
S2 Secunia PSI Agent;Secunia PSI Agent;"c:\program files\Secunia\PSI\PSIA.exe" --start-service --> c:\program files\Secunia\PSI\PSIA.exe [?]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\3.0.199\McCHSvc.exe" --> c:\program files\McAfee Security Scan\3.0.199\McCHSvc.exe [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
2011-05-30 c:\windows\Tasks\User_Feed_Synchronization-{CA0164BB-DEA5-4027-9905-4DB4173CEEE2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.0.1 216.165.129.158
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Ernest\Application Data\Mozilla\Firefox\Profiles\bx84xqj1.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-30 20:09
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2011-05-30 20:17:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-31 01:16
ComboFix2.txt 2011-05-30 23:39
.
Pre-Run: 53,314,641,920 bytes free
Post-Run: 53,307,797,504 bytes free
.
- - End Of File - - 46859BA3F539943F6C2B55F06656190C
here is the eset scan file,
C:\Documents and Settings\Ernest\Application Data\Sun\Java\Deployment\cache\6.0\29\5070075d-6b5a0d81 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\Ernest\Application Data\Sun\Java\Deployment\cache\6.0\39\7a052e27-40674855 multiple threats
C:\Documents and Settings\Ernest\Application Data\Sun\Java\Deployment\cache\6.0\41\1eeb5e69-5dfc45db Java/TrojanDownloader.OpenStream.NCA trojan
C:\Documents and Settings\Ernest\Application Data\Sun\Java\Deployment\cache\6.0\45\6dfd656d-7fadc964 Java/TrojanDownloader.OpenStream.NCA trojan
kevinf80_1d0ac6
1.1K Posts
0
May 31st, 2011 02:00
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Next,
Run the following please :-
Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
-------------------------------------------------------------------
:Files
ipconfig /flushdns /c
:Commands
[EmptyFlash]
[EmptyTemp]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Post the OTM log, also let me know how your system is responding and if any issues or concerns...
Kevin
ejcurry
59 Posts
0
May 31st, 2011 17:00
here is the OTM log.
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Ernest\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Ernest\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes
User: Donna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Flash cache emptied: 405 bytes
User: Ernest
->Temp folder emptied: 131097 bytes
->Temporary Internet Files folder emptied: 16562615 bytes
->Java cache emptied: 3055205 bytes
->FireFox cache emptied: 53044525 bytes
->Flash cache emptied: 41093 bytes
User: HJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 23228807 bytes
the computer is running better, i still have no audio device, and i do not have Mcafee installed, I do not know if the logs say that I have Mcafee on the computer or not but I did un-install it.when I go to my program it looks like alot have reloaded.I could tell that i still had a bug because microsoft security essentials kept popping up saying something was turned off i think my windows update and then Mcafee would lock up and the bug would run. so far so good right now.
kevinf80_1d0ac6
1.1K Posts
0
June 1st, 2011 00:00
Re-install McAfee security, also any software for your Audio set up. If you use Windows drivers for audio do the following :-
Select Start > Right click on "My Computer" > Select "Manage" > Select "Device Manager" > expand "Sound, Video and game controllers" if any entries have yellow question mark or exclamation mark, right click on that entry and select "Update driver" then follow the prompts.
You mention most programs have "Re-Loaded" can you check by selecting > Start > All Programs> see if any program folders are empty?
Let me know what remaining issues or concerns you have, also tell me how your system is responding....
Kevin