This topic is locked
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.20.01
Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6001.18000
Compaq :: COMPAQ-PC [administrator]
29/02/2012 09:51:16
mbam-log-2012-02-29 (09-55-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183776
Time elapsed: 4 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 15
C:\Windows\System32\HssDrv.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\apache.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\asc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\AsIO.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\bdfdll.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\cdfsvc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\cqmgstor.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\helpsvc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\iPassPeriodicUpdateApp.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\McciCMService.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\mfesmfk.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\nvlddmkm.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\rt61.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\SMTPSVC.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\sprtsvc_ddoctorv2.dll (RootKit.0Access.H) -> No action taken.
(end)
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
"Trojan.Zeroaccess! khem" is getting on my nerves... :(
Started by
thatguy89
, Feb 24 2012 09:11 AM
136 replies to this topic
#31
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 03:59 AM
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.20.01
Windows Vista Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.6001.18000
Compaq :: COMPAQ-PC [administrator]
29/02/2012 09:51:16
mbam-log-2012-02-29 (09-55-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 183776
Time elapsed: 4 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 15
C:\Windows\System32\HssDrv.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\apache.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\asc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\AsIO.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\bdfdll.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\cdfsvc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\cqmgstor.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\helpsvc.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\iPassPeriodicUpdateApp.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\McciCMService.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\mfesmfk.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\nvlddmkm.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\rt61.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\SMTPSVC.dll (RootKit.0Access.H) -> No action taken.
C:\Windows\System32\sprtsvc_ddoctorv2.dll (RootKit.0Access.H) -> No action taken.
(end)
Register to Remove
#32
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 04:23 AM
and I know it probably seems absolutely pointless but here's the common result i get from gmer just before it crashes (thought i'd stop and save the results before the common crashing point, usually something to do with "VisualShadowDump1"....)
Attached Files
-
gmer.txt 1.65KB
291 downloads
#33
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 04:26 AM
PS. that's what it comes up with after about a minute of scanning LOL 
When it goes further there's quite a lot of stuff it picks up but obviously I can't show that because it will crash really soon after starting now...
When it goes further there's quite a lot of stuff it picks up but obviously I can't show that because it will crash really soon after starting now...
#34
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 05:39 AM
Ah pardon me, its not "visualshadowdump" but rather "/device/harddiskVolumeShadowCopy1" where gmer crashes (i just had a very bad memory from before.) I just tried using it again and thats what came up.. Wasnt far off haha
#35
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 29 February 2012 - 06:35 AM
Hi,
Thanks for all of that information. It was really helpful.
This infection is one of the worst ones out right now and can be rather resilient so this may take some time.
----------
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.
----------
Please download TDSSKiller.zip
Thanks for all of that information. It was really helpful.
This infection is one of the worst ones out right now and can be rather resilient so this may take some time. ----------
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.
----------
Please download TDSSKiller.zip
- Extract it to your desktop
- Double click TDSSKiller.exe
- when the window opens, click on Change Parameters
- under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
- click OK
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
#36
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 12:53 PM
That seemed to work just fine!
First thing that popped up after the reboot was "The Recycle Bin on C:\ is corrupted. Would you like to empty the Recycle Bin for this drive?" as it has been doing for a while. I'm just ignoring it for now...
Let's hope this is the beginning of the end for the tricky little bugger!
18:41:17.0946 2040 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
18:41:17.0962 2040 ============================================================
18:41:17.0962 2040 Current date / time: 2012/02/29 18:41:17.0962
18:41:17.0962 2040 SystemInfo:
18:41:17.0962 2040
18:41:17.0962 2040 OS Version: 6.0.6001 ServicePack: 1.0
18:41:17.0962 2040 Product type: Workstation
18:41:17.0962 2040 ComputerName: COMPAQ-PC
18:41:17.0962 2040 UserName: Compaq
18:41:17.0962 2040 Windows directory: C:\Windows
18:41:17.0962 2040 System windows directory: C:\Windows
18:41:17.0962 2040 Processor architecture: Intel x86
18:41:17.0962 2040 Number of processors: 2
18:41:17.0962 2040 Page size: 0x1000
18:41:17.0962 2040 Boot type: Safe boot with network
18:41:17.0962 2040 ============================================================
18:41:19.0724 2040 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:41:19.0724 2040 Drive \Device\Harddisk1\DR1 - Size: 0x3CC00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:41:19.0724 2040 \Device\Harddisk0\DR0:
18:41:19.0724 2040 MBR used
18:41:19.0724 2040 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1BCA9000
18:41:19.0724 2040 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BCA9800, BlocksNum 0x151A800
18:41:19.0724 2040 \Device\Harddisk1\DR1:
18:41:19.0724 2040 MBR used
18:41:19.0724 2040 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1E5FE0
18:41:20.0021 2040 Initialize success
18:41:20.0021 2040 ============================================================
18:41:47.0087 0780 ============================================================
18:41:47.0087 0780 Scan started
18:41:47.0087 0780 Mode: Manual; TDLFS;
18:41:47.0087 0780 ============================================================
18:41:48.0725 0780 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
18:41:48.0740 0780 ACPI - ok
18:41:48.0787 0780 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:41:48.0803 0780 adp94xx - ok
18:41:48.0928 0780 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:41:48.0943 0780 adpahci - ok
18:41:48.0959 0780 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:41:48.0959 0780 adpu160m - ok
18:41:48.0974 0780 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:41:48.0974 0780 adpu320 - ok
18:41:49.0052 0780 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
18:41:49.0068 0780 AFD - ok
18:41:49.0193 0780 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:41:49.0193 0780 agp440 - ok
18:41:49.0224 0780 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:41:49.0224 0780 aic78xx - ok
18:41:49.0240 0780 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
18:41:49.0240 0780 aliide - ok
18:41:49.0271 0780 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:41:49.0271 0780 amdagp - ok
18:41:49.0286 0780 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
18:41:49.0286 0780 amdide - ok
18:41:49.0333 0780 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:41:49.0333 0780 AmdK7 - ok
18:41:49.0349 0780 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:41:49.0349 0780 AmdK8 - ok
18:41:49.0520 0780 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:41:49.0520 0780 arc - ok
18:41:49.0567 0780 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:41:49.0567 0780 arcsas - ok
18:41:49.0614 0780 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:41:49.0614 0780 AsyncMac - ok
18:41:49.0645 0780 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
18:41:49.0645 0780 atapi - ok
18:41:49.0739 0780 athr (02d34ac487df3da4e3f01874e61eb619) C:\Windows\system32\DRIVERS\athr.sys
18:41:49.0770 0780 athr - ok
18:41:49.0910 0780 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:41:49.0910 0780 Beep - ok
18:41:50.0176 0780 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
18:41:50.0207 0780 BHDrvx86 - ok
18:41:50.0316 0780 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:41:50.0316 0780 blbdrive - ok
18:41:50.0363 0780 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
18:41:50.0363 0780 bowser - ok
18:41:50.0425 0780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:41:50.0425 0780 BrFiltLo - ok
18:41:50.0441 0780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:41:50.0441 0780 BrFiltUp - ok
18:41:50.0472 0780 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:41:50.0472 0780 Brserid - ok
18:41:50.0488 0780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:41:50.0488 0780 BrSerWdm - ok
18:41:50.0503 0780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:41:50.0503 0780 BrUsbMdm - ok
18:41:50.0519 0780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:41:50.0519 0780 BrUsbSer - ok
18:41:50.0566 0780 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:41:50.0566 0780 BTHMODEM - ok
18:41:50.0722 0780 catchme - ok
18:41:50.0831 0780 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:41:50.0831 0780 cdfs - ok
18:41:50.0878 0780 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
18:41:50.0878 0780 cdrom - ok
18:41:50.0909 0780 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:41:50.0909 0780 circlass - ok
18:41:50.0956 0780 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
18:41:50.0956 0780 CLFS - ok
18:41:51.0065 0780 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:41:51.0065 0780 CmBatt - ok
18:41:51.0174 0780 cmdGuard (61273223115b06a063cc8d4e640f63e3) C:\Windows\system32\DRIVERS\cmdguard.sys
18:41:51.0190 0780 cmdGuard - ok
18:41:51.0330 0780 cmdHlp (b4c05b0bfcb90c030085893a39863b6f) C:\Windows\system32\DRIVERS\cmdhlp.sys
18:41:51.0330 0780 cmdHlp - ok
18:41:51.0377 0780 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
18:41:51.0377 0780 cmdide - ok
18:41:51.0424 0780 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:41:51.0424 0780 Compbatt - ok
18:41:51.0455 0780 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:41:51.0455 0780 crcdisk - ok
18:41:51.0470 0780 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:41:51.0470 0780 Crusoe - ok
18:41:51.0533 0780 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
18:41:51.0548 0780 DfsC - ok
18:41:51.0642 0780 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
18:41:51.0642 0780 disk - ok
18:41:51.0798 0780 drmkaud (a261867e0862be565bc1f86d387c0805) C:\Windows\system32\drivers\drmkaud.sys
18:41:51.0798 0780 drmkaud - ok
18:41:51.0845 0780 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
18:41:51.0860 0780 DXGKrnl - ok
18:41:51.0907 0780 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:41:51.0923 0780 E1G60 - ok
18:41:52.0016 0780 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
18:41:52.0016 0780 Ecache - ok
18:41:52.0141 0780 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:41:52.0141 0780 eeCtrl - ok
18:41:52.0266 0780 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:41:52.0282 0780 elxstor - ok
18:41:52.0391 0780 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:41:52.0406 0780 EraserUtilRebootDrv - ok
18:41:52.0547 0780 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:41:52.0547 0780 ErrDev - ok
18:41:52.0594 0780 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
18:41:52.0609 0780 exfat - ok
18:41:52.0656 0780 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
18:41:52.0687 0780 fastfat - ok
18:41:52.0781 0780 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:41:52.0781 0780 fdc - ok
18:41:52.0843 0780 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:41:52.0843 0780 FileInfo - ok
18:41:52.0859 0780 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:41:52.0859 0780 Filetrace - ok
18:41:52.0874 0780 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:41:52.0874 0780 flpydisk - ok
18:41:52.0921 0780 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
18:41:52.0921 0780 FltMgr - ok
18:41:52.0937 0780 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:41:52.0937 0780 Fs_Rec - ok
18:41:52.0952 0780 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:41:52.0968 0780 gagp30kx - ok
18:41:53.0015 0780 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:41:53.0015 0780 GEARAspiWDM - ok
18:41:53.0046 0780 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:41:53.0046 0780 HdAudAddService - ok
18:41:53.0062 0780 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:41:53.0062 0780 HDAudBus - ok
18:41:53.0077 0780 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:41:53.0077 0780 HidBth - ok
18:41:53.0108 0780 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:41:53.0108 0780 HidIr - ok
18:41:53.0171 0780 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
18:41:53.0171 0780 HidUsb - ok
18:41:53.0186 0780 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:41:53.0186 0780 HpCISSs - ok
18:41:53.0233 0780 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:41:53.0233 0780 HpqKbFiltr - ok
18:41:53.0280 0780 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
18:41:53.0296 0780 HTTP - ok
18:41:53.0311 0780 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:41:53.0327 0780 i2omp - ok
18:41:53.0374 0780 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:41:53.0374 0780 i8042prt - ok
18:41:53.0405 0780 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:41:53.0405 0780 iaStorV - ok
18:41:53.0748 0780 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20120224.002\IDSvix86.sys
18:41:53.0748 0780 IDSVix86 - ok
18:41:53.0904 0780 igfx (0391268713612372e4e0eceaadad41d5) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:41:53.0982 0780 igfx - ok
18:41:54.0060 0780 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:41:54.0060 0780 iirsp - ok
18:41:54.0138 0780 inspect (bd2e5fab6f73c57ff67d3e1428e5b8ee) C:\Windows\system32\DRIVERS\inspect.sys
18:41:54.0138 0780 inspect - ok
18:41:54.0263 0780 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys
18:41:54.0263 0780 IntcHdmiAddService - ok
18:41:54.0294 0780 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
18:41:54.0294 0780 intelide - ok
18:41:54.0341 0780 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:41:54.0341 0780 intelppm - ok
18:41:54.0403 0780 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:41:54.0403 0780 IpFilterDriver - ok
18:41:54.0419 0780 IpInIp - ok
18:41:54.0450 0780 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:41:54.0450 0780 IPMIDRV - ok
18:41:54.0466 0780 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:41:54.0481 0780 IPNAT - ok
18:41:54.0544 0780 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:41:54.0544 0780 IRENUM - ok
18:41:54.0590 0780 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:41:54.0590 0780 isapnp - ok
18:41:54.0653 0780 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
18:41:54.0653 0780 iScsiPrt - ok
18:41:54.0715 0780 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:41:54.0715 0780 iteatapi - ok
18:41:54.0762 0780 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:41:54.0762 0780 iteraid - ok
18:41:54.0824 0780 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:41:54.0824 0780 kbdclass - ok
18:41:54.0887 0780 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
18:41:54.0887 0780 kbdhid - ok
18:41:54.0949 0780 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
18:41:54.0949 0780 KSecDD - ok
18:41:55.0105 0780 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:41:55.0105 0780 lltdio - ok
18:41:55.0152 0780 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:41:55.0168 0780 LSI_FC - ok
18:41:55.0183 0780 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:41:55.0183 0780 LSI_SAS - ok
18:41:55.0214 0780 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:41:55.0214 0780 LSI_SCSI - ok
18:41:55.0230 0780 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:41:55.0230 0780 luafv - ok
18:41:55.0292 0780 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\Windows\system32\drivers\ma_cmidi.sys
18:41:55.0292 0780 MA_CMIDI - ok
18:41:55.0339 0780 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:41:55.0339 0780 megasas - ok
18:41:55.0386 0780 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:41:55.0386 0780 MegaSR - ok
18:41:55.0417 0780 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:41:55.0417 0780 Modem - ok
18:41:55.0448 0780 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:41:55.0448 0780 monitor - ok
18:41:55.0464 0780 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:41:55.0464 0780 mouclass - ok
18:41:55.0495 0780 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
18:41:55.0511 0780 mouhid - ok
18:41:55.0511 0780 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:41:55.0511 0780 MountMgr - ok
18:41:55.0542 0780 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:41:55.0542 0780 mpio - ok
18:41:55.0558 0780 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:41:55.0558 0780 mpsdrv - ok
18:41:55.0573 0780 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:41:55.0573 0780 Mraid35x - ok
18:41:55.0589 0780 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
18:41:55.0589 0780 MRxDAV - ok
18:41:55.0636 0780 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:41:55.0636 0780 mrxsmb - ok
18:41:55.0682 0780 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:41:55.0682 0780 mrxsmb10 - ok
18:41:55.0714 0780 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:41:55.0714 0780 mrxsmb20 - ok
18:41:55.0745 0780 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
18:41:55.0745 0780 msahci - ok
18:41:55.0760 0780 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:41:55.0760 0780 msdsm - ok
18:41:55.0792 0780 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:41:55.0792 0780 Msfs - ok
18:41:55.0823 0780 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:41:55.0823 0780 msisadrv - ok
18:41:55.0838 0780 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:41:55.0838 0780 MSKSSRV - ok
18:41:55.0854 0780 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:41:55.0854 0780 MSPCLOCK - ok
18:41:55.0870 0780 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:41:55.0870 0780 MSPQM - ok
18:41:55.0901 0780 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
18:41:55.0901 0780 MsRPC - ok
18:41:55.0916 0780 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:41:55.0916 0780 mssmbios - ok
18:41:55.0932 0780 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:41:55.0948 0780 MSTEE - ok
18:41:55.0963 0780 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
18:41:55.0963 0780 Mup - ok
18:41:56.0026 0780 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
18:41:56.0041 0780 NativeWifiP - ok
18:41:56.0353 0780 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVENG.SYS
18:41:56.0353 0780 NAVENG - ok
18:41:56.0587 0780 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20120227.002\NAVEX15.SYS
18:41:56.0634 0780 NAVEX15 - ok
18:41:56.0774 0780 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
18:41:56.0774 0780 NDIS - ok
18:41:56.0837 0780 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:41:56.0837 0780 NdisTapi - ok
18:41:56.0868 0780 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:41:56.0868 0780 Ndisuio - ok
18:41:56.0899 0780 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
18:41:56.0899 0780 NdisWan - ok
18:41:56.0946 0780 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:41:56.0946 0780 NDProxy - ok
18:41:56.0993 0780 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:41:57.0008 0780 NetBIOS - ok
18:41:57.0040 0780 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
18:41:57.0040 0780 netbt - ok
18:41:57.0149 0780 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:41:57.0196 0780 NETw3v32 - ok
18:41:57.0258 0780 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:41:57.0258 0780 nfrd960 - ok
18:41:57.0336 0780 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
18:41:57.0336 0780 Npfs - ok
18:41:57.0398 0780 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:41:57.0398 0780 nsiproxy - ok
18:41:57.0492 0780 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
18:41:57.0523 0780 Ntfs - ok
18:41:57.0586 0780 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:41:57.0601 0780 ntrigdigi - ok
18:41:57.0632 0780 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:41:57.0632 0780 Null - ok
18:41:57.0679 0780 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:41:57.0679 0780 nvraid - ok
18:41:57.0726 0780 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:41:57.0726 0780 nvstor - ok
18:41:57.0742 0780 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:41:57.0742 0780 nv_agp - ok
18:41:57.0757 0780 NwlnkFlt - ok
18:41:57.0773 0780 NwlnkFwd - ok
18:41:57.0820 0780 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
18:41:57.0820 0780 ohci1394 - ok
18:41:57.0944 0780 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:41:57.0960 0780 Parport - ok
18:41:57.0960 0780 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
18:41:57.0976 0780 partmgr - ok
18:41:58.0007 0780 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:41:58.0007 0780 Parvdm - ok
18:41:58.0100 0780 pbfilter (2f6e885c432927a186c2e352c8a1cbf4) C:\Program Files\PeerBlock\pbfilter.sys
18:41:58.0100 0780 pbfilter - ok
18:41:58.0210 0780 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
18:41:58.0210 0780 pci - ok
18:41:58.0225 0780 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
18:41:58.0225 0780 pciide - ok
18:41:58.0272 0780 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:41:58.0288 0780 pcmcia - ok
18:41:58.0334 0780 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:41:58.0366 0780 PEAUTH - ok
18:41:58.0490 0780 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:41:58.0490 0780 PptpMiniport - ok
18:41:58.0506 0780 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:41:58.0522 0780 Processor - ok
18:41:58.0584 0780 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
18:41:58.0584 0780 PSched - ok
18:41:58.0709 0780 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:41:58.0740 0780 ql2300 - ok
18:41:58.0771 0780 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:41:58.0787 0780 ql40xx - ok
18:41:58.0818 0780 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:41:58.0818 0780 QWAVEdrv - ok
18:41:58.0912 0780 RapportBuka (e2aa111b00f5205ffd52a57f48b4f642) C:\Windows\system32\drivers\RapportBuka.sys
18:41:58.0912 0780 RapportBuka - ok
18:41:59.0177 0780 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
18:41:59.0317 0780 RapportCerberus_34302 - ok
18:41:59.0442 0780 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
18:41:59.0458 0780 RapportEI - ok
18:41:59.0707 0780 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
18:41:59.0738 0780 RapportIaso - ok
18:41:59.0879 0780 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\Windows\system32\Drivers\RapportKELL.sys
18:41:59.0879 0780 RapportKELL - ok
18:42:00.0019 0780 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
18:42:00.0019 0780 RapportPG - ok
18:42:00.0113 0780 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:42:00.0113 0780 RasAcd - ok
18:42:00.0144 0780 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:42:00.0144 0780 Rasl2tp - ok
18:42:00.0160 0780 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
18:42:00.0160 0780 RasPppoe - ok
18:42:00.0191 0780 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
18:42:00.0191 0780 RasSstp - ok
18:42:00.0222 0780 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
18:42:00.0222 0780 rdbss - ok
18:42:00.0238 0780 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:42:00.0238 0780 RDPCDD - ok
18:42:00.0269 0780 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:42:00.0284 0780 rdpdr - ok
18:42:00.0300 0780 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:42:00.0300 0780 RDPENCDD - ok
18:42:00.0316 0780 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
18:42:00.0316 0780 RDPWD - ok
18:42:00.0347 0780 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:42:00.0362 0780 rspndr - ok
18:42:00.0487 0780 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:42:00.0487 0780 RTL8169 - ok
18:42:00.0550 0780 RTSTOR (2b7da5a2d2c4aae01098d910007edac5) C:\Windows\system32\drivers\RTSTOR.SYS
18:42:00.0550 0780 RTSTOR - ok
18:42:00.0612 0780 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:42:00.0612 0780 SASDIFSV - ok
18:42:00.0643 0780 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:42:00.0643 0780 SASKUTIL - ok
18:42:00.0752 0780 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:42:00.0752 0780 sbp2port - ok
18:42:00.0784 0780 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
18:42:00.0784 0780 sdbus - ok
18:42:00.0862 0780 SE1008mdm (8f6b775f31d01f1f4d04a683c8d0d349) C:\Windows\system32\DRIVERS\SE1008mdm.sys
18:42:00.0877 0780 SE1008mdm - ok
18:42:00.0924 0780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:42:00.0924 0780 secdrv - ok
18:42:00.0986 0780 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:42:01.0002 0780 Serenum - ok
18:42:01.0033 0780 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:42:01.0033 0780 Serial - ok
18:42:01.0080 0780 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:42:01.0080 0780 sermouse - ok
18:42:01.0174 0780 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:42:01.0174 0780 sffdisk - ok
18:42:01.0220 0780 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:42:01.0236 0780 sffp_mmc - ok
18:42:01.0252 0780 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:42:01.0252 0780 sffp_sd - ok
18:42:01.0283 0780 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:42:01.0283 0780 sfloppy - ok
18:42:01.0330 0780 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:42:01.0330 0780 sisagp - ok
18:42:01.0376 0780 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:42:01.0376 0780 SiSRaid2 - ok
18:42:01.0439 0780 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:42:01.0439 0780 SiSRaid4 - ok
18:42:01.0454 0780 Smb (db1d560bfcbdd3b5ad6ee03f74f9ff8a) C:\Windows\system32\DRIVERS\smb.sys
18:42:01.0470 0780 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: db1d560bfcbdd3b5ad6ee03f74f9ff8a, Fake md5: 031e6bcd53c9b2b9ace111eafec347b6
18:42:01.0470 0780 Smb ( Virus.Win32.ZAccess.c ) - infected
18:42:01.0470 0780 Smb - detected Virus.Win32.ZAccess.c (0)
18:42:01.0532 0780 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:42:01.0532 0780 spldr - ok
18:42:01.0704 0780 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
18:42:01.0704 0780 sptd - ok
18:42:01.0860 0780 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
18:42:01.0876 0780 SRTSP - ok
18:42:01.0907 0780 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
18:42:01.0907 0780 SRTSPX - ok
18:42:01.0954 0780 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
18:42:01.0954 0780 srv - ok
18:42:02.0000 0780 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
18:42:02.0000 0780 srv2 - ok
18:42:02.0032 0780 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
18:42:02.0032 0780 srvnet - ok
18:42:02.0110 0780 STHDA (5d09e4934bc269c93ebe7c96e34aa8ee) C:\Windows\system32\DRIVERS\stwrt.sys
18:42:02.0125 0780 STHDA - ok
18:42:02.0234 0780 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:42:02.0234 0780 swenum - ok
18:42:02.0359 0780 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:42:02.0359 0780 Symc8xx - ok
18:42:02.0453 0780 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS
18:42:02.0468 0780 SymDS - ok
18:42:02.0671 0780 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
18:42:02.0702 0780 SymEFA - ok
18:42:02.0843 0780 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:42:02.0843 0780 SymEvent - ok
18:42:02.0968 0780 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS
18:42:02.0968 0780 SymIRON - ok
18:42:03.0014 0780 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS
18:42:03.0014 0780 SYMTDIv - ok
18:42:03.0061 0780 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:42:03.0061 0780 Sym_hi - ok
18:42:03.0077 0780 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:42:03.0077 0780 Sym_u3 - ok
18:42:03.0124 0780 SynTP (aee6e411a915f50101895ba8dc5c15d4) C:\Windows\system32\DRIVERS\SynTP.sys
18:42:03.0124 0780 SynTP - ok
18:42:03.0186 0780 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
18:42:03.0217 0780 Tcpip - ok
18:42:03.0358 0780 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
18:42:03.0358 0780 Tcpip6 - ok
18:42:03.0404 0780 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
18:42:03.0420 0780 tcpipreg - ok
18:42:03.0436 0780 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:42:03.0436 0780 TDPIPE - ok
18:42:03.0451 0780 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:42:03.0451 0780 TDTCP - ok
18:42:03.0498 0780 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
18:42:03.0498 0780 tdx - ok
18:42:03.0514 0780 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
18:42:03.0514 0780 TermDD - ok
18:42:03.0560 0780 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:42:03.0560 0780 tssecsrv - ok
18:42:03.0576 0780 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:42:03.0576 0780 tunmp - ok
18:42:03.0623 0780 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
18:42:03.0623 0780 tunnel - ok
18:42:03.0654 0780 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:42:03.0654 0780 uagp35 - ok
18:42:03.0670 0780 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
18:42:03.0670 0780 udfs - ok
18:42:03.0701 0780 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:42:03.0701 0780 uliagpkx - ok
18:42:03.0716 0780 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:42:03.0732 0780 uliahci - ok
18:42:03.0732 0780 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:42:03.0732 0780 UlSata - ok
18:42:03.0763 0780 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:42:03.0763 0780 ulsata2 - ok
18:42:03.0779 0780 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:42:03.0779 0780 umbus - ok
18:42:03.0826 0780 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
18:42:03.0841 0780 USBAAPL - ok
18:42:03.0888 0780 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
18:42:03.0888 0780 usbaudio - ok
18:42:03.0935 0780 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:42:03.0935 0780 usbccgp - ok
18:42:03.0966 0780 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:42:03.0966 0780 usbcir - ok
18:42:03.0997 0780 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
18:42:03.0997 0780 usbehci - ok
18:42:04.0013 0780 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
18:42:04.0013 0780 usbhub - ok
18:42:04.0028 0780 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:42:04.0028 0780 usbohci - ok
18:42:04.0075 0780 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:42:04.0075 0780 usbprint - ok
18:42:04.0122 0780 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\DRIVERS\usbser.sys
18:42:04.0122 0780 usbser - ok
18:42:04.0153 0780 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:42:04.0153 0780 USBSTOR - ok
18:42:04.0184 0780 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:42:04.0200 0780 usbuhci - ok
18:42:04.0231 0780 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:42:04.0231 0780 usbvideo - ok
18:42:04.0262 0780 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:42:04.0278 0780 vga - ok
18:42:04.0294 0780 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:42:04.0294 0780 VgaSave - ok
18:42:04.0309 0780 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:42:04.0325 0780 viaagp - ok
18:42:04.0356 0780 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:42:04.0356 0780 ViaC7 - ok
18:42:04.0356 0780 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
18:42:04.0372 0780 viaide - ok
18:42:04.0387 0780 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:42:04.0387 0780 volmgr - ok
18:42:04.0418 0780 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
18:42:04.0434 0780 volmgrx - ok
18:42:04.0465 0780 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
18:42:04.0465 0780 volsnap - ok
18:42:04.0496 0780 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:42:04.0496 0780 vsmraid - ok
18:42:04.0512 0780 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:42:04.0528 0780 WacomPen - ok
18:42:04.0543 0780 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:04.0543 0780 Wanarp - ok
18:42:04.0559 0780 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:42:04.0559 0780 Wanarpv6 - ok
18:42:04.0606 0780 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:42:04.0606 0780 Wd - ok
18:42:04.0637 0780 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:42:04.0637 0780 Wdf01000 - ok
18:42:04.0699 0780 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:42:04.0699 0780 WmiAcpi - ok
18:42:04.0777 0780 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
18:42:04.0793 0780 WpdUsb - ok
18:42:04.0824 0780 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:42:04.0824 0780 ws2ifsl - ok
18:42:04.0855 0780 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:42:04.0871 0780 WUDFRd - ok
18:42:04.0918 0780 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
18:42:04.0918 0780 yukonwlh - ok
18:42:04.0949 0780 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0
18:42:05.0074 0780 \Device\Harddisk0\DR0 - ok
18:42:05.0074 0780 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
18:42:07.0757 0780 \Device\Harddisk1\DR1 - ok
18:42:07.0772 0780 Boot (0x1200) (607723e75431d691f63fe7373284ce5f) \Device\Harddisk0\DR0\Partition0
18:42:07.0772 0780 \Device\Harddisk0\DR0\Partition0 - ok
18:42:07.0804 0780 Boot (0x1200) (939c99ffb5fda050b1289e260d4c4de3) \Device\Harddisk0\DR0\Partition1
18:42:07.0819 0780 \Device\Harddisk0\DR0\Partition1 - ok
18:42:07.0819 0780 Boot (0x1200) (9823f138f9f1c0e42112687cfe20b466) \Device\Harddisk1\DR1\Partition0
18:42:07.0819 0780 \Device\Harddisk1\DR1\Partition0 - ok
18:42:07.0819 0780 ============================================================
18:42:07.0819 0780 Scan finished
18:42:07.0819 0780 ============================================================
18:42:07.0835 1976 Detected object count: 1
18:42:07.0835 1976 Actual detected object count: 1
18:42:28.0832 1976 C:\Windows\system32\DRIVERS\smb.sys - copied to quarantine
18:42:29.0004 1976 Backup copy found, using it..
18:42:29.0020 1976 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
18:42:30.0314 1976 Smb ( Virus.Win32.ZAccess.c ) - User select action: Cure
18:42:39.0659 0536 Deinitialize success
#37
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 29 February 2012 - 01:31 PM
Hi,
Yep that removed another nasty...Let's keep our fingers crossed. Please do the following...
Remove all copies of ComboFix using right-click >> delete.
Download the tool found here and place it directly into your C:\ folder. Once it is there please run the program and post the log that is created.
If you have any problems with the tool let me know what happens.
Yep that removed another nasty...Let's keep our fingers crossed. Please do the following...
Remove all copies of ComboFix using right-click >> delete.
Download the tool found here and place it directly into your C:\ folder. Once it is there please run the program and post the log that is created.
If you have any problems with the tool let me know what happens.
#38
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 01:38 PM
So, I tried again to use gmer.exe and yes it still stalled at the same point as before BUT this time it didnt pick up what was there before, hopefully thats a plus.
I've got combo fix running at the moment. For the first five minutes the hard disk light on my laptop was constantly flashing combined with the sound of a harddrive laboriously chugging away which seemed promising, but its calmed itself down now and it hasnt progressed beyond the "scan times may easily double" as per usual...
#39
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 01:39 PM
Ah i replied before i saw yours! Ill delete it now and try again...
#40
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 01:50 PM
Hmm(writing from my ipod) it started scanning for a few seconds then the computer died. I moved it from downloads to c: .. I'll try again, when deleting combofix is it just the desktop file that needs deleting?
Register to Remove
#41
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 01:52 PM
Oh dear thats embarrassing, the battery died! I'll be a bit less impulsive with the replying from now on lol
#42
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 02:16 PM
Ok (from ipod)
right click and deleted combofix
downloaded svchost.com from provided link
moved file to C:/
opened
made system restore point
'scanning times may double'
and thats it. Have it running now and its still stuck in the same place
theres a little "—" flashing on and off underneath the text but thats been it for 20 mins now...
#43
jeffce
-
- Authentic Member
-
- 8,693 posts
Malware Guy
Posted 29 February 2012 - 02:52 PM
Just let it keep running for a while. It may take some time to finish due to the infection that is on your system.
#44
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 29 February 2012 - 05:32 PM
Hey jeff, i'll have to give combo fix another try in the morning. In the meantime, i found a forum on pchelpforum where someone is having a similar problem with combo fix and he was recommended to use "Free ESET online antivirus scanner." do you think that would be worth giving a shot aswell??
#45
thatguy89
-
- Authentic Member
-
- 80 posts
Authentic Member
Posted 01 March 2012 - 02:55 AM
Im not sure why but combofix just wont make any progress. After a while i opened task manager and in 'processes' combo fix (CF13446.3XE) is using 0% cpu... The only thing remotely interested in doing anything is 'swxcacls.3XE' a freeware implementation of XCACLS, and its 'memory' is constantly increasing albeit very slowly. Do you know it its working properly?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
