Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti virus Failure, and Google Chrome!

Started by Spacelord11011 , Aug 04 2011 05:01 AM

  • This topic is locked This topic is locked

#1
Spacelord11011
Posted 04 August 2011 - 05:01 AM

Spacelord11011

    Member

  • Member
  • PipPip
  • 55 posts
HI,

Something has disabled my antivirus programms.

I was usimg microsoft security essentials, spybot, and there was an old copy of mcafee on here too.

I cannot run OTL, i tried using exehelper and rkill but no joys. And obviously MBAM would run, it shuts down after 4 seconds on the scanner.

his log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/08/2011 at 11:41:35.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 04/08/2011 at 11:41:44.


exeHelper by Raktor
Build 20100414
Run at 11:43:57 on 08/04/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

SAS was running as I posted this, it had found a trojan droppper (I think) but has now stopped working too.


PLease help
  • 0

Advertisements

#2
maliprog
Posted 04 August 2011 - 05:45 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello Spacelord11011 and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

We need to disable malware processes on your system first
  • Download TheKiller to your Desktop
  • Note that TheKiller is renamed as explorer.exe
  • Run it by double click (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Press OK button after program finish
  • Do not restart your system after this step
NOTE: If malware blocks TheKiller from running please try to run it several more times

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post
  • 0

#3
Spacelord11011
Posted 04 August 2011 - 07:18 AM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
hi, thanks in advance for the help.

The killer worked, but OTL still crashes the second I press scan.
  • 0

#4
maliprog
Posted 04 August 2011 - 07:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please try to run OTL scan in safe mode.

Please restart in safe mode:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#5
Spacelord11011
Posted 04 August 2011 - 08:32 AM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Am in safe mode and OTL still crashed....
  • 0

#6
maliprog
Posted 04 August 2011 - 10:56 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's install the free Avast:

http://www.avast.com...ivirus-download

Once you have it installed and it has updated, right click on it and select Open Avast! User Interface then click on Scan Computer, then on
Boot-Time Scan then Schedule Now. Reboot and let it run a scan. It will take many hours (like overnight) and unfortunately you may need to check back with it once in a while to see if it needs an input from you. If the scan hangs that may indicate a hardware problem.
  • 0

#7
Spacelord11011
Posted 05 August 2011 - 11:51 AM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Managed to get it installed and started the scan. Got to a file early on in scan (some sort of trojan in an acer file) and when i tried to delete/repair it I got unhandled exceotion then it rebooted. It then reset the comp to before Avast was installed. Tried to start again but i left it for 2 mins after installing Avast and it reset it self to before Avast again. I'll try again and quarantine the file later if you want?
  • 0

#8
maliprog
Posted 05 August 2011 - 12:40 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please leave AVAST for now. We will need it later. Let's try to find out what are we dealing with.

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

#9
Spacelord11011
Posted 05 August 2011 - 01:43 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
ok, combo fix ran fine and the log popped up but before i could copy it the file closed, is there any way to recover it?

Before the reboot tho i noted it said 'You are infected with RootkitZeroAccess!
It has infected the tcp/ip stack

is that any help?
  • 0

#10
Spacelord11011
Posted 05 August 2011 - 01:44 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
never mind found the file

ComboFix 11-08-05.02 - Spence 05/08/2011 20:23:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3071.1514 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files\Mozilla Firefox\Plugins\npclntax_HotbarSA.dll
c:\program files\Steam\steam.exe
c:\users\Spence\AppData\Local\Temp\jna1131674980921651803.dll
c:\users\Spence\AppData\Roaming\bcrypt.html
c:\users\Spence\AppData\Roaming\inst.exe
c:\users\Spence\AppData\Roaming\williamhill_toolbar_installer.exe
c:\windows\$NtUninstallKB56216$\4026717285\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB56216$\4026717285\click.tlb
c:\windows\$NtUninstallKB56216$\4026717285\L\qnbwvoto
c:\windows\$NtUninstallKB56216$\4026717285\loader.tlb
c:\windows\$NtUninstallKB56216$\4026717285\U\@00000001
c:\windows\$NtUninstallKB56216$\4026717285\U\@000000c0
c:\windows\$NtUninstallKB56216$\4026717285\U\@000000cb
c:\windows\$NtUninstallKB56216$\4026717285\U\@000000cf
c:\windows\$NtUninstallKB56216$\4026717285\U\@80000000
c:\windows\$NtUninstallKB56216$\4026717285\U\@800000c0
c:\windows\$NtUninstallKB56216$\4026717285\U\@800000cb
c:\windows\$NtUninstallKB56216$\4026717285\U\@800000cf
c:\windows\$NtUninstallKB56216$\542509577
c:\windows\iun6002.exe
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\$NtUninstallKB56216$ . . . . Failed to delete
c:\windows\assembly\GAC_MSIL\desktop.ini . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 19:29 . 2011-08-05 19:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-05 06:03 . 2011-07-20 08:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A1F779B-21E2-468F-B3B4-9A774ED12388}\mpengine.dll
2011-08-04 22:14 . 2011-08-05 16:30 -------- d-----w- c:\programdata\AVAST Software
2011-08-04 22:14 . 2011-08-04 22:14 -------- d-----w- c:\program files\AVAST Software
2011-08-04 11:14 . 2011-08-04 11:14 -------- d-----w- C:\_OTM
2011-08-04 11:12 . 2011-08-04 11:12 -------- d-----w- c:\program files\ERUNT
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\users\Spence\AppData\Roaming\SUPERAntiSpyware.com
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-04 10:48 . 2010-11-09 13:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-04 10:48 . 2010-11-09 13:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-08-04 10:48 . 2011-08-04 10:48 -------- d-----w- C:\VIPRERESCUE
2011-08-04 10:40 . 2011-08-04 10:40 -------- d--h--w- c:\windows\PIF
2011-08-04 10:38 . 2011-08-04 10:38 -------- d-----w- c:\users\Spence\AppData\Roaming\Malwarebytes
2011-08-04 10:31 . 2011-08-04 10:31 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 10:31 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 10:31 . 2011-08-04 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 10:31 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 08:26 . 2011-08-04 08:32 -------- d-----w- c:\users\Spence\AppData\Roaming\BoneTown
2011-08-03 15:22 . 2011-08-03 20:49 -------- d-----w- c:\users\Spence\AppData\Local\Canon Easy-PhotoPrint EX
2011-08-03 15:17 . 2011-08-03 15:17 -------- d--h--w- c:\programdata\CanonIJEPPEX
2011-08-03 13:34 . 2011-08-03 13:34 -------- d-----w- c:\program files\VirtualFem
2011-08-03 13:18 . 2011-08-03 13:35 -------- d-----w- c:\program files\VirtuaGirl HD
2011-08-03 13:14 . 2011-08-03 13:47 -------- d-----w- c:\program files\Digamour
2011-08-02 20:42 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5E6DB64-7C2F-49CF-8541-EE8F621FB698}\mpengine.dll
2011-07-31 15:48 . 2011-07-31 15:48 -------- d-----w- c:\program files\iPod
2011-07-31 15:48 . 2011-07-31 15:49 -------- d-----w- c:\program files\iTunes
2011-07-31 15:43 . 2011-07-31 15:43 -------- d-----w- c:\program files\Bonjour
2011-07-31 11:13 . 2011-07-31 11:13 -------- d-----w- c:\program files\Apple Software Update
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2011-07-22 11:09 . 2011-08-03 20:49 -------- d-----w- c:\programdata\CanonIJPLM
2011-07-22 10:40 . 2011-07-22 10:40 -------- d--h--w- c:\programdata\CanonBJ
2011-07-22 10:39 . 2009-10-22 04:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA4.DLL
2011-07-22 10:39 . 2009-10-22 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA4.DLL
2011-07-22 10:38 . 2011-07-22 10:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-07-22 10:37 . 2009-10-22 04:00 276992 ----a-w- c:\windows\system32\CNMLMA4.DLL
2011-07-22 10:36 . 2009-09-10 09:00 179200 ----a-w- c:\windows\system32\CNMIUA4.DLL
2011-07-22 10:35 . 2011-07-22 11:09 -------- d-----w- c:\program files\Canon
2011-07-15 08:23 . 2011-06-15 10:46 11342848 ----a-w- C:\AAEdit.exe
2011-07-13 16:34 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:34 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:34 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 13:29 . 2011-07-12 13:29 -------- d-----w- c:\program files\Illusion Registry Fixer
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:32 . 2011-07-12 15:19 -------- d-----w- c:\users\Spence\.dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-12-07 23:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-28 06:08 . 2011-06-16 11:43 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 11:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 11:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 11:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 11:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 11:43 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 11:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 11:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2010-12-07 16:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 07:06 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 07:06 . 2011-05-10 07:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-03-30 19:40 . 2010-03-16 12:32 26792 ----a-w- c:\program files\REFLEXIVE UNIVERSAL PATCHER v1.0.EXE
2010-06-28 06:54 . 2009-11-16 15:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 68856]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-28 30192]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-12-23 148888]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-5-3 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-6-29 1838904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 cftizlhu;cftizlhu;c:\windows\system32\drivers\cftizlhu.sys [x]
R1 cmmjaehg;cmmjaehg;c:\windows\system32\drivers\cmmjaehg.sys [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000Core.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000UA.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-05 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-05-21 14:40]
.
2011-08-05 c:\windows\Tasks\User_Feed_Synchronization-{B76032BB-D0B0-421D-A822-E7A46C595341}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=9568
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|http://search.babylon.com/home?AF=9568
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Babylon: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
HKCU-Run-SpeedUpMyPC - c:\program files\Uniblue\SpeedUpMyPC\launcher.exe
HKLM-Run-Setresolution - c:\acer\config\1440x900.cmd
HKLM-Run-NPSStartup - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Steam App 34000 - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\downloads\\FMGenie93\\FMGenie93\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000003d
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="55-8280-E46F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:86,c8,a2,1f,e9,45,48,50,15,f6,61,21,00,0e,29,2e,54,85,60,80,64,
14,f2,c4,c4,5d,c8,ae,b2,06,77,93,d0,75,62,55,db,0c,e8,6e,56,8b,78,34,53,78,\
"rkeysecu"=hex:9a,3d,11,0a,ae,4b,4b,73,70,49,bd,1a,cb,8e,32,29
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\windows\System32\WerFault.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-05 20:38:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 19:38
.
Pre-Run: 3,492,433,920 bytes free
Post-Run: 27,431,419,904 bytes free
.
- - End Of File - - 807327C2D195AAD6682CA8CFBEEFCBDA
  • 0

Advertisements

#11
maliprog
Posted 05 August 2011 - 01:56 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This is very nasty infection. Let's see what we can do.

  • Download AntiZeroAccess to Desktop
  • Double click on it to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Type y and press enter to run the scan
  • Please post AntiZeroAccess_Log.txt contents in your next post. This file is saved in the same location as AntiZeroAccess program.

  • 0

#12
Spacelord11011
Posted 05 August 2011 - 02:03 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Webroot AntiZeroAccess 0.8 Log File
Execution time: 05/08/2011 - 21:02
Host operation System: Windows Vista X86 version 6.0.6001 Service Pack 1
21:03:03 - CheckSystem - Begin to check system...
21:03:03 - OpenRootDrive - Opening system root volume and physical drive....
21:03:03 - C Root Drive: Disk number: 0 Start sector: 0x02400800 Partition Size: 0x117CF800 sectors.
21:03:03 - PrevX Main driver extracted in "C:\Windows\system32\drivers\ZeroAccess.sys".
21:03:03 - InstallAndStartDriver - Main driver was installed and now is running.
21:03:03 - CheckSystem - Disk class driver state is OK.
21:03:06 - CheckFile - Unable to read "sptd.sys" file. CreateFile last eror: 0x00000020.
21:03:07 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
21:03:07 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
21:03:07 - Execution Ended!
  • 0

#13
maliprog
Posted 05 August 2011 - 02:14 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Some more scans:

Step 1

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
It would be helpful if you could post each log in separate post
  • 0

#14
Spacelord11011
Posted 05 August 2011 - 05:40 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
/08/06 00:27:37.0074 3080 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 00:27:37.0193 3080 ================================================================================
2011/08/06 00:27:37.0193 3080 SystemInfo:
2011/08/06 00:27:37.0193 3080
2011/08/06 00:27:37.0193 3080 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/06 00:27:37.0193 3080 Product type: Workstation
2011/08/06 00:27:37.0193 3080 ComputerName: SPENCE-PC
2011/08/06 00:27:37.0194 3080 UserName: Spence
2011/08/06 00:27:37.0194 3080 Windows directory: C:\Windows
2011/08/06 00:27:37.0194 3080 System windows directory: C:\Windows
2011/08/06 00:27:37.0194 3080 Processor architecture: Intel x86
2011/08/06 00:27:37.0194 3080 Number of processors: 2
2011/08/06 00:27:37.0194 3080 Page size: 0x1000
2011/08/06 00:27:37.0194 3080 Boot type: Normal boot
2011/08/06 00:27:37.0194 3080 ================================================================================
2011/08/06 00:27:38.0060 3080 Initialize success
2011/08/06 00:33:15.0365 2492 Deinitialize success
  • 0

#15
Spacelord11011
Posted 05 August 2011 - 05:41 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
2011/08/06 00:33:19.0677 1056 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 00:33:19.0797 1056 ================================================================================
2011/08/06 00:33:19.0797 1056 SystemInfo:
2011/08/06 00:33:19.0797 1056
2011/08/06 00:33:19.0797 1056 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/06 00:33:19.0797 1056 Product type: Workstation
2011/08/06 00:33:19.0797 1056 ComputerName: SPENCE-PC
2011/08/06 00:33:19.0797 1056 UserName: Spence
2011/08/06 00:33:19.0797 1056 Windows directory: C:\Windows
2011/08/06 00:33:19.0797 1056 System windows directory: C:\Windows
2011/08/06 00:33:19.0797 1056 Processor architecture: Intel x86
2011/08/06 00:33:19.0797 1056 Number of processors: 2
2011/08/06 00:33:19.0797 1056 Page size: 0x1000
2011/08/06 00:33:19.0797 1056 Boot type: Normal boot
2011/08/06 00:33:19.0797 1056 ================================================================================
2011/08/06 00:33:20.0459 1056 Initialize success
2011/08/06 00:33:42.0293 0852 ================================================================================
2011/08/06 00:33:42.0293 0852 Scan started
2011/08/06 00:33:42.0293 0852 Mode: Manual;
2011/08/06 00:33:42.0293 0852 ================================================================================
2011/08/06 00:33:42.0790 0852 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/08/06 00:33:42.0896 0852 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/06 00:33:43.0001 0852 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/06 00:33:43.0027 0852 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/06 00:33:43.0111 0852 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/06 00:33:43.0244 0852 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/08/06 00:33:43.0336 0852 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/06 00:33:43.0440 0852 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/06 00:33:43.0580 0852 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/06 00:33:43.0632 0852 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/06 00:33:43.0712 0852 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/06 00:33:43.0751 0852 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/06 00:33:43.0840 0852 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/06 00:33:43.0955 0852 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/06 00:33:44.0049 0852 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/06 00:33:44.0154 0852 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
2011/08/06 00:33:44.0276 0852 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/06 00:33:44.0326 0852 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/08/06 00:33:44.0428 0852 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/06 00:33:44.0501 0852 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/06 00:33:44.0632 0852 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/06 00:33:44.0718 0852 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/06 00:33:44.0760 0852 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/06 00:33:44.0865 0852 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/06 00:33:44.0906 0852 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/06 00:33:44.0978 0852 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/06 00:33:45.0016 0852 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/06 00:33:45.0114 0852 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/06 00:33:45.0392 0852 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/06 00:33:45.0483 0852 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/06 00:33:45.0605 0852 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/06 00:33:45.0684 0852 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/08/06 00:33:45.0747 0852 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/06 00:33:45.0851 0852 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/06 00:33:45.0883 0852 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/06 00:33:45.0954 0852 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/06 00:33:46.0092 0852 DfsC (4ee0d21b9de0d2e88bff9b7300211e9f) C:\Windows\system32\Drivers\dfsc.sys
2011/08/06 00:33:46.0099 0852 DfsC - detected Rootkit.Win32.ZAccess.e (0)
2011/08/06 00:33:46.0227 0852 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/06 00:33:46.0348 0852 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/06 00:33:46.0497 0852 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/06 00:33:46.0565 0852 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/06 00:33:46.0678 0852 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/06 00:33:46.0847 0852 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/06 00:33:47.0006 0852 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/06 00:33:47.0119 0852 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/06 00:33:47.0249 0852 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/06 00:33:47.0280 0852 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/06 00:33:47.0385 0852 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/06 00:33:47.0418 0852 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/06 00:33:47.0549 0852 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/06 00:33:47.0612 0852 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/06 00:33:47.0679 0852 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/06 00:33:47.0810 0852 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/08/06 00:33:47.0901 0852 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/06 00:33:48.0003 0852 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/06 00:33:48.0119 0852 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/06 00:33:48.0270 0852 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/06 00:33:48.0301 0852 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/06 00:33:48.0387 0852 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/06 00:33:48.0460 0852 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/06 00:33:48.0502 0852 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/06 00:33:48.0586 0852 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/06 00:33:48.0637 0852 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/08/06 00:33:48.0750 0852 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/06 00:33:48.0855 0852 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/06 00:33:48.0947 0852 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/06 00:33:48.0978 0852 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/06 00:33:49.0089 0852 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/08/06 00:33:49.0230 0852 IntcAzAudAddService (febdd0310fba3da13f56ede2e9f7b5dc) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/06 00:33:49.0346 0852 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/06 00:33:49.0445 0852 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/06 00:33:49.0555 0852 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/06 00:33:49.0673 0852 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/06 00:33:49.0763 0852 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/06 00:33:49.0868 0852 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/06 00:33:49.0984 0852 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/06 00:33:50.0153 0852 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/06 00:33:50.0265 0852 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/06 00:33:50.0312 0852 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/06 00:33:50.0494 0852 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/06 00:33:50.0568 0852 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/06 00:33:50.0653 0852 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/06 00:33:50.0843 0852 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/06 00:33:50.0912 0852 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/06 00:33:51.0003 0852 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/06 00:33:51.0038 0852 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/06 00:33:51.0129 0852 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/06 00:33:51.0269 0852 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/06 00:33:51.0628 0852 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/06 00:33:51.0790 0852 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/06 00:33:51.0891 0852 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/06 00:33:51.0914 0852 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
2011/08/06 00:33:52.0009 0852 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
2011/08/06 00:33:52.0046 0852 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
2011/08/06 00:33:52.0130 0852 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/06 00:33:52.0172 0852 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/06 00:33:52.0348 0852 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/06 00:33:52.0413 0852 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/06 00:33:52.0454 0852 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/06 00:33:52.0546 0852 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/06 00:33:52.0651 0852 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/06 00:33:52.0689 0852 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
2011/08/06 00:33:52.0795 0852 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/06 00:33:52.0994 0852 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/06 00:33:53.0028 0852 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/06 00:33:53.0123 0852 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/06 00:33:53.0202 0852 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/06 00:33:53.0265 0852 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/06 00:33:53.0338 0852 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/06 00:33:53.0400 0852 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/06 00:33:53.0498 0852 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/06 00:33:53.0543 0852 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/06 00:33:53.0647 0852 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/06 00:33:53.0735 0852 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/06 00:33:53.0842 0852 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/06 00:33:53.0933 0852 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/06 00:33:53.0958 0852 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/06 00:33:54.0123 0852 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/06 00:33:54.0180 0852 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/06 00:33:54.0225 0852 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/06 00:33:54.0276 0852 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/06 00:33:54.0335 0852 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/06 00:33:54.0442 0852 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/08/06 00:33:54.0527 0852 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/06 00:33:54.0620 0852 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/06 00:33:54.0713 0852 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/06 00:33:54.0792 0852 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/06 00:33:54.0817 0852 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/06 00:33:54.0906 0852 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/06 00:33:55.0013 0852 netr73 (fbbdcacbc128670983cca59345be5454) C:\Windows\system32\DRIVERS\netr73.sys
2011/08/06 00:33:55.0067 0852 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/06 00:33:55.0174 0852 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/06 00:33:55.0228 0852 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/06 00:33:55.0405 0852 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/06 00:33:55.0608 0852 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/06 00:33:55.0724 0852 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/08/06 00:33:55.0787 0852 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/06 00:33:55.0853 0852 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/06 00:33:55.0905 0852 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/06 00:33:56.0183 0852 nvlddmkm (89a8b4a677669cd68b182862943ba8a7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/06 00:33:56.0340 0852 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/06 00:33:56.0368 0852 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/06 00:33:56.0469 0852 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/06 00:33:56.0506 0852 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/06 00:33:56.0641 0852 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/06 00:33:56.0761 0852 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/08/06 00:33:56.0820 0852 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/06 00:33:56.0866 0852 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/06 00:33:56.0976 0852 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/08/06 00:33:57.0013 0852 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/08/06 00:33:57.0111 0852 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/06 00:33:57.0136 0852 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/06 00:33:57.0253 0852 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/08/06 00:33:57.0301 0852 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/06 00:33:57.0439 0852 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/06 00:33:57.0465 0852 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/06 00:33:57.0574 0852 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/06 00:33:57.0597 0852 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/08/06 00:33:57.0688 0852 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/08/06 00:33:57.0705 0852 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/08/06 00:33:57.0844 0852 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/06 00:33:57.0949 0852 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/06 00:33:57.0977 0852 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/06 00:33:58.0146 0852 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/06 00:33:58.0228 0852 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/06 00:33:58.0260 0852 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/06 00:33:58.0318 0852 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/06 00:33:58.0374 0852 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/06 00:33:58.0428 0852 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/06 00:33:58.0511 0852 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/06 00:33:58.0545 0852 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/06 00:33:58.0619 0852 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/06 00:33:58.0689 0852 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/06 00:33:58.0879 0852 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/06 00:33:58.0988 0852 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
2011/08/06 00:33:59.0092 0852 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/06 00:33:59.0139 0852 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/06 00:33:59.0234 0852 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/06 00:33:59.0265 0852 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/06 00:33:59.0354 0852 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/06 00:33:59.0510 0852 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/06 00:33:59.0553 0852 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/06 00:33:59.0671 0852 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/06 00:33:59.0750 0852 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/06 00:33:59.0861 0852 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/06 00:33:59.0901 0852 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/06 00:33:59.0995 0852 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/06 00:34:00.0048 0852 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/06 00:34:00.0172 0852 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/06 00:34:00.0291 0852 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/08/06 00:34:00.0291 0852 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/08/06 00:34:00.0298 0852 sptd - detected LockedFile.Multi.Generic (1)
2011/08/06 00:34:00.0399 0852 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/08/06 00:34:00.0451 0852 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/06 00:34:00.0552 0852 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/06 00:34:00.0597 0852 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/08/06 00:34:00.0695 0852 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/08/06 00:34:00.0724 0852 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/08/06 00:34:00.0851 0852 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/06 00:34:00.0890 0852 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/06 00:34:00.0981 0852 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/06 00:34:01.0006 0852 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/06 00:34:01.0140 0852 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/08/06 00:34:01.0273 0852 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/06 00:34:01.0372 0852 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/06 00:34:01.0475 0852 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/06 00:34:01.0501 0852 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/06 00:34:01.0587 0852 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/06 00:34:01.0631 0852 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/06 00:34:01.0769 0852 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/06 00:34:01.0871 0852 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/06 00:34:01.0902 0852 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/06 00:34:02.0010 0852 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/08/06 00:34:02.0097 0852 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/06 00:34:02.0207 0852 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/08/06 00:34:02.0304 0852 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/06 00:34:02.0417 0852 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/06 00:34:02.0519 0852 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/06 00:34:02.0619 0852 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/06 00:34:02.0711 0852 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/06 00:34:02.0750 0852 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/06 00:34:02.0852 0852 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/06 00:34:02.0973 0852 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/06 00:34:03.0020 0852 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/06 00:34:03.0127 0852 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/06 00:34:03.0224 0852 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/06 00:34:03.0254 0852 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/06 00:34:03.0334 0852 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/06 00:34:03.0390 0852 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/06 00:34:03.0474 0852 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/06 00:34:03.0521 0852 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/06 00:34:03.0756 0852 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/06 00:34:03.0840 0852 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/06 00:34:03.0882 0852 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/06 00:34:03.0979 0852 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/06 00:34:04.0003 0852 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/06 00:34:04.0096 0852 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/06 00:34:04.0118 0852 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/06 00:34:04.0220 0852 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/06 00:34:04.0305 0852 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/06 00:34:04.0358 0852 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/06 00:34:04.0450 0852 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 00:34:04.0467 0852 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 00:34:04.0599 0852 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/06 00:34:04.0635 0852 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/06 00:34:04.0795 0852 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/06 00:34:04.0907 0852 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/06 00:34:04.0947 0852 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/06 00:34:05.0046 0852 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/06 00:34:05.0120 0852 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/08/06 00:34:05.0150 0852 MBR (0x1B8) (ef932eaa6ef4c94e66a7f6ceec7eb422) \Device\Harddisk0\DR0
2011/08/06 00:34:05.0219 0852 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/08/06 00:34:05.0269 0852 Boot (0x1200) (0fb338194689206495244d5ff17925f2) \Device\Harddisk0\DR0\Partition0
2011/08/06 00:34:05.0313 0852 Boot (0x1200) (0b020f6f0adc11f9632a4a2f58ee300d) \Device\Harddisk0\DR0\Partition1
2011/08/06 00:34:05.0322 0852 Boot (0x1200) (191029dbb14cca863e30f373d3ea2b8a) \Device\Harddisk2\DR2\Partition0
2011/08/06 00:34:05.0329 0852 ================================================================================
2011/08/06 00:34:05.0329 0852 Scan finished
2011/08/06 00:34:05.0329 0852 ================================================================================
2011/08/06 00:34:05.0340 2464 Detected object count: 2
2011/08/06 00:34:05.0340 2464 Actual detected object count: 2
2011/08/06 00:34:32.0082 2464 DfsC (4ee0d21b9de0d2e88bff9b7300211e9f) C:\Windows\system32\Drivers\dfsc.sys
2011/08/06 00:34:32.0083 2464 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
2011/08/06 00:34:32.0721 2464 Backup copy not found, trying to cure infected file..
2011/08/06 00:34:32.0721 2464 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)
2011/08/06 00:34:32.0722 2464 C:\Windows\system32\Drivers\dfsc.sys - processing error
2011/08/06 00:34:32.0722 2464 Rootkit.Win32.ZAccess.e(DfsC) - User select action: Cure
2011/08/06 00:34:32.0722 2464 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/06 00:34:53.0268 1744 Deinitialize success
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP