Jump to content

toomuchcoffee123

Members
  • Posts

    6
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Actually quite nicely. I was wondering if we were finished or not, as ever since the last change we made I have yet to receive any warning from AVG about a virus. So I am assuming everything is fine, in which case we can conclude case closed! Thank you so much Maniac, you saved me a lot of trouble. <3
  2. Here is the link to the webpage after I scanned the file. https://www.virustotal.com/file/dee094858742553976c17fff053af3de84e2d2b1203096064336f42ad749df89/analysis/1333920481/
  3. Here is my file that I got from scanning with combofix log.txt
  4. So I did all that was asked (I'm fairly certain); my dds.txt file is attatched to the post, as well as my attach.txt log. I wasn't sure if that was needed as well, but might as well add it just in case. Here are the following log reports starting with my TDSSKiller, followed by the mbam: TDSSKiller log: 12:31:43.0968 2420 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 12:31:44.0468 2420 ============================================================ 12:31:44.0468 2420 Current date / time: 2012/04/08 12:31:44.0468 12:31:44.0468 2420 SystemInfo: 12:31:44.0468 2420 12:31:44.0468 2420 OS Version: 5.1.2600 ServicePack: 3.0 12:31:44.0468 2420 Product type: Workstation 12:31:44.0468 2420 ComputerName: MASTERSHAKE 12:31:44.0468 2420 UserName: Owner 12:31:44.0468 2420 Windows directory: C:\WINDOWS 12:31:44.0468 2420 System windows directory: C:\WINDOWS 12:31:44.0468 2420 Processor architecture: Intel x86 12:31:44.0468 2420 Number of processors: 2 12:31:44.0468 2420 Page size: 0x1000 12:31:44.0468 2420 Boot type: Normal boot 12:31:44.0468 2420 ============================================================ 12:31:45.0640 2420 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xEC93A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054 12:31:45.0640 2420 \Device\Harddisk0\DR0: 12:31:45.0640 2420 MBR used 12:31:45.0640 2420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385031 12:31:45.0656 2420 Initialize success 12:31:45.0656 2420 ============================================================ 12:32:26.0156 2492 ============================================================ 12:32:26.0156 2492 Scan started 12:32:26.0156 2492 Mode: Manual; SigCheck; TDLFS; 12:32:26.0156 2492 ============================================================ 12:32:26.0343 2492 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE 12:32:26.0468 2492 !SASCORE - ok 12:32:27.0234 2492 Abiosdsk - ok 12:32:28.0046 2492 abp480n5 - ok 12:32:28.0875 2492 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 12:32:29.0390 2492 ACPI - ok 12:32:30.0171 2492 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 12:32:30.0265 2492 ACPIEC - ok 12:32:31.0046 2492 adpu160m - ok 12:32:31.0875 2492 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 12:32:32.0000 2492 aec - ok 12:32:32.0812 2492 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 12:32:32.0828 2492 AegisP ( UnsignedFile.Multi.Generic ) - warning 12:32:32.0828 2492 AegisP - detected UnsignedFile.Multi.Generic (1) 12:32:33.0640 2492 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys 12:32:33.0703 2492 AFD - ok 12:32:34.0468 2492 Aha154x - ok 12:32:35.0250 2492 aic78u2 - ok 12:32:36.0046 2492 aic78xx - ok 12:32:36.0828 2492 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll 12:32:36.0921 2492 Alerter - ok 12:32:37.0703 2492 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe 12:32:37.0750 2492 ALG - ok 12:32:38.0531 2492 AliIde - ok 12:32:39.0437 2492 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys 12:32:39.0531 2492 Ambfilt - ok 12:32:40.0265 2492 ami0nt - ok 12:32:41.0031 2492 amoagent - ok 12:32:41.0843 2492 amsint - ok 12:32:42.0609 2492 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll 12:32:42.0671 2492 AppMgmt - ok 12:32:43.0390 2492 areschatserver - ok 12:32:44.0203 2492 asc - ok 12:32:44.0984 2492 asc3350p - ok 12:32:45.0781 2492 asc3550 - ok 12:32:46.0531 2492 ashampoodefragservice - ok 12:32:46.0875 2492 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 12:32:46.0890 2492 aspnet_state - ok 12:32:47.0578 2492 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 12:32:47.0671 2492 AsyncMac - ok 12:32:48.0468 2492 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 12:32:48.0578 2492 atapi - ok 12:32:49.0343 2492 Atdisk - ok 12:32:50.0093 2492 atfsd - ok 12:32:50.0859 2492 atinevxx - ok 12:32:51.0578 2492 atksgt - ok 12:32:52.0406 2492 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 12:32:52.0500 2492 Atmarpc - ok 12:32:53.0312 2492 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll 12:32:53.0406 2492 AudioSrv - ok 12:32:54.0234 2492 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 12:32:54.0328 2492 audstub - ok 12:32:54.0578 2492 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 12:32:54.0765 2492 AVGIDSAgent - ok 12:32:55.0578 2492 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 12:32:55.0578 2492 AVGIDSDriver - ok 12:32:56.0375 2492 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 12:32:56.0375 2492 AVGIDSEH - ok 12:32:57.0187 2492 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 12:32:57.0203 2492 AVGIDSFilter - ok 12:32:58.0000 2492 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 12:32:58.0015 2492 AVGIDSShim - ok 12:32:58.0859 2492 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 12:32:58.0875 2492 Avgldx86 - ok 12:32:59.0703 2492 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 12:32:59.0703 2492 Avgmfx86 - ok 12:33:00.0484 2492 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 12:33:00.0484 2492 Avgrkx86 - ok 12:33:01.0328 2492 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 12:33:01.0343 2492 Avgtdix - ok 12:33:01.0500 2492 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 12:33:01.0515 2492 avgwd - ok 12:33:02.0265 2492 BCM43XV - ok 12:33:03.0093 2492 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 12:33:03.0203 2492 Beep - ok 12:33:03.0953 2492 belgium_id_card_service - ok 12:33:04.0734 2492 bh611 - ok 12:33:05.0500 2492 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll 12:33:05.0656 2492 BITS - ok 12:33:06.0359 2492 bridgemp - ok 12:33:07.0140 2492 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll 12:33:07.0265 2492 Browser - ok 12:33:08.0078 2492 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 12:33:08.0171 2492 cbidf2k - ok 12:33:08.0953 2492 cd20xrnt - ok 12:33:09.0765 2492 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 12:33:09.0859 2492 Cdaudio - ok 12:33:10.0703 2492 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 12:33:10.0812 2492 Cdfs - ok 12:33:11.0625 2492 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 12:33:11.0656 2492 Cdrom - ok 12:33:12.0406 2492 Changer - ok 12:33:13.0187 2492 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe 12:33:13.0296 2492 CiSvc - ok 12:33:14.0062 2492 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe 12:33:14.0171 2492 ClipSrv - ok 12:33:14.0453 2492 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:33:14.0484 2492 clr_optimization_v2.0.50727_32 - ok 12:33:14.0625 2492 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:33:14.0656 2492 clr_optimization_v4.0.30319_32 - ok 12:33:15.0359 2492 CmdIde - ok 12:33:16.0093 2492 COMSysApp - ok 12:33:16.0921 2492 Cpqarray - ok 12:33:17.0687 2492 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll 12:33:17.0796 2492 CryptSvc - ok 12:33:18.0531 2492 csctl50 - ok 12:33:19.0281 2492 CTEAPSFX.DLL - ok 12:33:20.0046 2492 cwafadmincontroller - ok 12:33:20.0796 2492 cwafeventrouter - ok 12:33:21.0578 2492 dac2w2k - ok 12:33:22.0343 2492 dac960nt - ok 12:33:23.0156 2492 DcomLaunch (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\system32\rpcss.dll 12:33:23.0250 2492 DcomLaunch - ok 12:33:24.0031 2492 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll 12:33:24.0062 2492 Dhcp - ok 12:33:24.0890 2492 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys 12:33:24.0937 2492 Disk - ok 12:33:25.0656 2492 DivisCTP - ok 12:33:26.0375 2492 dmadmin - ok 12:33:27.0250 2492 dmboot (aee02de337d8e038d31630ea26286c8e) C:\WINDOWS\system32\drivers\dmboot.sys 12:33:27.0343 2492 dmboot ( UnsignedFile.Multi.Generic ) - warning 12:33:27.0343 2492 dmboot - detected UnsignedFile.Multi.Generic (1) 12:33:28.0140 2492 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 12:33:28.0265 2492 dmio - ok 12:33:29.0093 2492 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 12:33:29.0187 2492 dmload - ok 12:33:30.0000 2492 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll 12:33:30.0109 2492 dmserver - ok 12:33:30.0921 2492 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 12:33:31.0015 2492 DMusic - ok 12:33:31.0796 2492 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll 12:33:31.0843 2492 Dnscache - ok 12:33:32.0593 2492 Dot3svc (b4109c8c3d54c83246997a777724f318) C:\WINDOWS\System32\dot3svc.dll 12:33:32.0640 2492 Dot3svc - ok 12:33:33.0390 2492 dot4ufd - ok 12:33:34.0187 2492 dpti2o - ok 12:33:34.0984 2492 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 12:33:35.0078 2492 drmkaud - ok 12:33:35.0828 2492 DVDVRRdr_xp - ok 12:33:36.0593 2492 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll 12:33:36.0703 2492 EapHost - ok 12:33:37.0546 2492 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 12:33:37.0546 2492 ElbyCDIO - ok 12:33:38.0265 2492 elosystemservice - ok 12:33:39.0046 2492 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll 12:33:39.0140 2492 ERSvc - ok 12:33:39.0906 2492 ESMCR - ok 12:33:40.0703 2492 Eventlog (c519e15665cd89a91ad383fce3cb556a) C:\WINDOWS\system32\services.exe 12:33:40.0750 2492 Eventlog - ok 12:33:41.0500 2492 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll 12:33:41.0531 2492 EventSystem - ok 12:33:42.0343 2492 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys 12:33:42.0375 2492 exFat - ok 12:33:43.0187 2492 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 12:33:43.0312 2492 Fastfat - ok 12:33:44.0062 2492 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll 12:33:44.0093 2492 FastUserSwitchingCompatibility - ok 12:33:44.0859 2492 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe 12:33:44.0953 2492 Fax - ok 12:33:45.0750 2492 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 12:33:45.0843 2492 Fdc - ok 12:33:46.0671 2492 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 12:33:46.0781 2492 Fips - ok 12:33:47.0562 2492 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 12:33:47.0671 2492 Flpydisk - ok 12:33:48.0453 2492 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 12:33:48.0562 2492 FltMgr - ok 12:33:48.0750 2492 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 12:33:48.0765 2492 FontCache3.0.0.0 - ok 12:33:49.0437 2492 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys 12:33:49.0453 2492 Fs_Rec - ok 12:33:50.0234 2492 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 12:33:50.0343 2492 Ftdisk - ok 12:33:51.0062 2492 ghoststartservice - ok 12:33:51.0890 2492 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 12:33:52.0000 2492 Gpc - ok 12:33:52.0765 2492 guardian2 - ok 12:33:53.0562 2492 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 12:33:53.0656 2492 HDAudBus - ok 12:33:53.0812 2492 helpsvc - ok 12:33:54.0453 2492 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll 12:33:54.0546 2492 HidServ - ok 12:33:55.0359 2492 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 12:33:55.0453 2492 hidusb - ok 12:33:56.0218 2492 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll 12:33:56.0343 2492 hkmsvc - ok 12:33:57.0140 2492 hpn - ok 12:33:57.0906 2492 hpqwmi - ok 12:33:58.0750 2492 HTTP (937031c085718c1c04a9c0864625ec6b) C:\WINDOWS\system32\Drivers\HTTP.sys 12:33:58.0781 2492 HTTP - ok 12:33:59.0531 2492 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll 12:33:59.0625 2492 HTTPFilter - ok 12:34:00.0578 2492 i2omgmt - ok 12:34:01.0375 2492 i2omp - ok 12:34:02.0187 2492 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys 12:34:02.0296 2492 i8042prt - ok 12:34:02.0562 2492 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 12:34:02.0609 2492 idsvc - ok 12:34:03.0328 2492 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 12:34:03.0421 2492 Imapi - ok 12:34:04.0218 2492 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe 12:34:04.0343 2492 ImapiService - ok 12:34:05.0125 2492 ini910u - ok 12:34:06.0187 2492 IntcAzAudAddService (85ab23f3e4ba6696fae8beb9d434edd6) C:\WINDOWS\system32\drivers\RtkHDAud.sys 12:34:06.0375 2492 IntcAzAudAddService - ok 12:34:07.0203 2492 IntelIde - ok 12:34:07.0984 2492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 12:34:08.0093 2492 intelppm - ok 12:34:08.0890 2492 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 12:34:09.0000 2492 Ip6Fw - ok 12:34:09.0828 2492 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 12:34:09.0921 2492 IpFilterDriver - ok 12:34:10.0750 2492 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 12:34:10.0843 2492 IpInIp - ok 12:34:11.0609 2492 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 12:34:11.0718 2492 IpNat - ok 12:34:12.0484 2492 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 12:34:12.0593 2492 IPSec - ok 12:34:13.0390 2492 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 12:34:13.0437 2492 IRENUM - ok 12:34:14.0281 2492 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 12:34:14.0375 2492 isapnp - ok 12:34:14.0500 2492 JavaQuickStarterService (92e16f5d034e7864da308ba6309a98b7) C:\Program Files\Java\jre7\bin\jqs.exe 12:34:14.0515 2492 JavaQuickStarterService - ok 12:34:15.0218 2492 JL2005C - ok 12:34:16.0046 2492 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 12:34:16.0140 2492 Kbdclass - ok 12:34:16.0953 2492 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 12:34:17.0046 2492 kbdhid - ok 12:34:17.0796 2492 keymaestro - ok 12:34:18.0625 2492 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 12:34:18.0734 2492 kmixer - ok 12:34:19.0437 2492 kraidsvc - ok 12:34:20.0250 2492 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys 12:34:20.0296 2492 KSecDD - ok 12:34:21.0078 2492 LanmanServer (3695b8d03745b2f8022b161238347a9d) C:\WINDOWS\System32\srvsvc.dll 12:34:21.0125 2492 LanmanServer - ok 12:34:21.0890 2492 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll 12:34:21.0937 2492 lanmanworkstation - ok 12:34:22.0687 2492 lbrtfdc - ok 12:34:23.0406 2492 liveupdate - ok 12:34:24.0187 2492 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll 12:34:24.0296 2492 LmHosts - ok 12:34:25.0046 2492 lxdm_device - ok 12:34:25.0812 2492 M2500 - ok 12:34:26.0640 2492 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 12:34:26.0656 2492 MBAMProtector - ok 12:34:26.0781 2492 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 12:34:26.0812 2492 MBAMService - ok 12:34:27.0578 2492 mcrdsvc - ok 12:34:28.0359 2492 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll 12:34:28.0453 2492 Messenger - ok 12:34:28.0656 2492 Microsoft SharePoint Workspace Audit Service - ok 12:34:29.0484 2492 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 12:34:29.0578 2492 Modem - ok 12:34:30.0421 2492 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys 12:34:30.0484 2492 Monfilt - ok 12:34:31.0296 2492 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 12:34:31.0406 2492 Mouclass - ok 12:34:32.0187 2492 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 12:34:32.0281 2492 mouhid - ok 12:34:33.0062 2492 MountMgr (1a1faa5102466f418494e94ff9b0b091) C:\WINDOWS\system32\drivers\MountMgr.sys 12:34:33.0078 2492 MountMgr - ok 12:34:33.0906 2492 mraid35x - ok 12:34:34.0640 2492 MRESP50 - ok 12:34:35.0453 2492 MRxDAV (4fefd389d71126ee581b9f9cb2918be4) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 12:34:35.0515 2492 MRxDAV - ok 12:34:36.0390 2492 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 12:34:36.0437 2492 MRxSmb - ok 12:34:37.0187 2492 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe 12:34:37.0281 2492 MSDTC - ok 12:34:38.0093 2492 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 12:34:38.0187 2492 Msfs - ok 12:34:38.0937 2492 MSIServer - ok 12:34:39.0765 2492 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 12:34:39.0859 2492 MSKSSRV - ok 12:34:40.0671 2492 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 12:34:40.0765 2492 MSPCLOCK - ok 12:34:41.0531 2492 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 12:34:41.0625 2492 MSPQM - ok 12:34:42.0437 2492 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 12:34:42.0546 2492 mssmbios - ok 12:34:43.0265 2492 mssqlserverolapservice - ok 12:34:44.0062 2492 mstee (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\update.dll 12:34:44.0062 2492 Suspicious file (NoAccess): C:\WINDOWS\system32\update.dll. md5: 11028c6a84a967070cb1286550f2058f 12:34:44.0062 2492 mstee ( Backdoor.Multi.ZAccess.gen ) - infected 12:34:44.0062 2492 mstee - detected Backdoor.Multi.ZAccess.gen (0) 12:34:44.0906 2492 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys 12:34:44.0953 2492 Mup - ok 12:34:45.0828 2492 mv61xxmm (75b85f6a5cdccb602ec98e0d37ccc072) C:\WINDOWS\system32\drivers\mv61xxmm.sys 12:34:45.0843 2492 mv61xxmm - ok 12:34:46.0671 2492 mv64xxmm (6090786daa545a3ec7d34a46a8cd1661) C:\WINDOWS\system32\drivers\mv64xxmm.sys 12:34:46.0687 2492 mv64xxmm ( UnsignedFile.Multi.Generic ) - warning 12:34:46.0687 2492 mv64xxmm - detected UnsignedFile.Multi.Generic (1) 12:34:47.0468 2492 mvxxmm (45a7b1dc4c099ae8d424190a23aa8168) C:\WINDOWS\system32\drivers\mvxxmm.sys 12:34:47.0484 2492 mvxxmm - ok 12:34:48.0265 2492 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll 12:34:48.0390 2492 napagent - ok 12:34:49.0125 2492 Ncrc710 - ok 12:34:50.0218 2492 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 12:34:50.0312 2492 NDIS - ok 12:34:51.0093 2492 NdisTapi (091735a5f20acb1dc147383a905ae002) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12:34:51.0125 2492 NdisTapi - ok 12:34:51.0968 2492 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 12:34:52.0062 2492 Ndisuio - ok 12:34:52.0875 2492 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 12:34:52.0984 2492 NdisWan - ok 12:34:53.0796 2492 NDProxy (816460bd4b4acd27937d1d0813e2e9e9) C:\WINDOWS\system32\drivers\NDProxy.sys 12:34:53.0828 2492 NDProxy - ok 12:34:54.0640 2492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 12:34:54.0734 2492 NetBIOS - ok 12:34:55.0578 2492 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 12:34:55.0718 2492 NetBT - ok 12:34:56.0453 2492 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:34:56.0578 2492 NetDDE - ok 12:34:56.0578 2492 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe 12:34:56.0671 2492 NetDDEdsdm - ok 12:34:57.0421 2492 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:34:57.0515 2492 Netlogon - ok 12:34:58.0281 2492 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll 12:34:58.0375 2492 Netman - ok 12:34:59.0109 2492 netrcacm - ok 12:34:59.0421 2492 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 12:34:59.0437 2492 NetTcpPortSharing - ok 12:35:00.0109 2492 Nla (fcee5fcb99f7c724593365c706d28388) C:\WINDOWS\System32\mswsock.dll 12:35:00.0156 2492 Nla - ok 12:35:00.0875 2492 Nmea - ok 12:35:01.0687 2492 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 12:35:01.0781 2492 Npfs - ok 12:35:02.0484 2492 npkcsvc - ok 12:35:03.0359 2492 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys 12:35:03.0406 2492 Ntfs - ok 12:35:04.0156 2492 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:35:04.0234 2492 NtLmSsp - ok 12:35:05.0046 2492 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll 12:35:05.0140 2492 NtmsSvc - ok 12:35:05.0968 2492 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 12:35:06.0062 2492 Null - ok 12:35:07.0078 2492 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12:35:07.0578 2492 nv - ok 12:35:08.0343 2492 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe 12:35:08.0375 2492 NVSvc - ok 12:35:08.0484 2492 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 12:35:08.0546 2492 nvUpdatusService - ok 12:35:09.0343 2492 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 12:35:09.0453 2492 NwlnkFlt - ok 12:35:10.0281 2492 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 12:35:10.0375 2492 NwlnkFwd - ok 12:35:11.0171 2492 oracledbconsoleorcl (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SQLBrowser.dll 12:35:11.0171 2492 Suspicious file (NoAccess): C:\WINDOWS\system32\SQLBrowser.dll. md5: 11028c6a84a967070cb1286550f2058f 12:35:11.0171 2492 oracledbconsoleorcl ( Backdoor.Multi.ZAccess.gen ) - infected 12:35:11.0171 2492 oracledbconsoleorcl - detected Backdoor.Multi.ZAccess.gen (0) 12:35:11.0296 2492 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:35:11.0328 2492 ose - ok 12:35:11.0484 2492 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 12:35:11.0703 2492 osppsvc - ok 12:35:12.0484 2492 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 12:35:12.0593 2492 Parport - ok 12:35:13.0406 2492 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 12:35:13.0500 2492 PartMgr - ok 12:35:14.0312 2492 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 12:35:14.0453 2492 ParVdm - ok 12:35:15.0187 2492 pavagente - ok 12:35:16.0015 2492 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 12:35:16.0125 2492 PCI - ok 12:35:16.0937 2492 PCIDump - ok 12:35:17.0890 2492 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 12:35:18.0000 2492 PCIIde - ok 12:35:18.0843 2492 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 12:35:18.0953 2492 Pcmcia - ok 12:35:20.0187 2492 pcouffin - ok 12:35:20.0984 2492 PDCOMP - ok 12:35:21.0796 2492 PDFRAME - ok 12:35:22.0546 2492 PDRELI - ok 12:35:23.0343 2492 PDRFRAME - ok 12:35:24.0140 2492 perc2 - ok 12:35:24.0937 2492 perc2hib - ok 12:35:25.0687 2492 PGPwded - ok 12:35:26.0937 2492 PlugPlay (c519e15665cd89a91ad383fce3cb556a) C:\WINDOWS\system32\services.exe 12:35:27.0265 2492 PlugPlay - ok 12:35:28.0000 2492 pmem - ok 12:35:28.0781 2492 pnkbstra (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\webrootenterpriseupdateservice.dll 12:35:28.0796 2492 Suspicious file (NoAccess): C:\WINDOWS\system32\webrootenterpriseupdateservice.dll. md5: 11028c6a84a967070cb1286550f2058f 12:35:28.0796 2492 pnkbstra ( Backdoor.Multi.ZAccess.gen ) - infected 12:35:28.0796 2492 pnkbstra - detected Backdoor.Multi.ZAccess.gen (0) 12:35:29.0515 2492 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:35:29.0609 2492 PolicyAgent - ok 12:35:30.0406 2492 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 12:35:30.0500 2492 PptpMiniport - ok 12:35:31.0250 2492 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:35:31.0343 2492 ProtectedStorage - ok 12:35:32.0109 2492 proxyhostservice - ok 12:35:32.0953 2492 PSched (d8e11d311785f89f1d70a28b0e879127) C:\WINDOWS\system32\DRIVERS\psched.sys 12:35:32.0984 2492 PSched - ok 12:35:33.0812 2492 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 12:35:33.0906 2492 Ptilink - ok 12:35:34.0687 2492 pwisvc - ok 12:35:35.0453 2492 ql1080 - ok 12:35:36.0250 2492 Ql10wnt - ok 12:35:37.0031 2492 ql12160 - ok 12:35:37.0859 2492 ql1240 - ok 12:35:39.0031 2492 ql1280 - ok 12:35:39.0796 2492 radclock - ok 12:35:40.0625 2492 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 12:35:40.0718 2492 RasAcd - ok 12:35:41.0500 2492 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll 12:35:41.0593 2492 RasAuto - ok 12:35:42.0406 2492 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 12:35:42.0500 2492 Rasl2tp - ok 12:35:43.0281 2492 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll 12:35:43.0406 2492 RasMan - ok 12:35:44.0218 2492 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 12:35:44.0312 2492 RasPppoe - ok 12:35:45.0156 2492 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 12:35:45.0250 2492 Raspti - ok 12:35:46.0000 2492 rchost - ok 12:35:46.0843 2492 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys 12:35:46.0906 2492 Rdbss - ok 12:35:47.0687 2492 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 12:35:47.0781 2492 RDPCDD - ok 12:35:48.0546 2492 rdpdr (47ea20320e3d6fdc7b7bb22b2b881ca6) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 12:35:48.0578 2492 rdpdr - ok 12:35:49.0390 2492 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys 12:35:49.0453 2492 RDPWD - ok 12:35:50.0203 2492 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe 12:35:50.0312 2492 RDSessMgr - ok 12:35:51.0093 2492 redbook (30f5e0388e2b2bbabd33b7a68390af19) C:\WINDOWS\system32\DRIVERS\redbook.sys 12:35:51.0093 2492 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 30f5e0388e2b2bbabd33b7a68390af19, Fake md5: f828dd7e1419b6653894a8f97a0094c5 12:35:51.0093 2492 redbook ( Virus.Win32.ZAccess.aml ) - infected 12:35:51.0093 2492 redbook - detected Virus.Win32.ZAccess.aml (0) 12:35:51.0859 2492 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll 12:35:51.0953 2492 RemoteAccess - ok 12:35:52.0703 2492 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll 12:35:52.0796 2492 RemoteRegistry - ok 12:35:53.0562 2492 RMSvc - ok 12:35:54.0328 2492 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe 12:35:54.0421 2492 RpcLocator - ok 12:35:55.0250 2492 RpcSs (9222562d44021b988b9f9f62207fb6f2) C:\WINDOWS\System32\rpcss.dll 12:35:55.0296 2492 RpcSs - ok 12:35:56.0093 2492 rrspy - ok 12:35:56.0906 2492 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys 12:35:56.0937 2492 rspndr - ok 12:35:57.0687 2492 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe 12:35:57.0781 2492 RSVP - ok 12:35:58.0593 2492 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\WINDOWS\system32\DRIVERS\rt73.sys 12:35:58.0656 2492 RT73 - ok 12:35:59.0468 2492 RTLE8023xp (41fa2d39c227073a448aa7000b636280) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 12:35:59.0484 2492 RTLE8023xp - ok 12:36:00.0234 2492 s117mdm - ok 12:36:00.0968 2492 s117mgmt - ok 12:36:01.0703 2492 s117nd5 - ok 12:36:02.0484 2492 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe 12:36:02.0578 2492 SamSs - ok 12:36:02.0656 2492 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 12:36:02.0671 2492 SASDIFSV - ok 12:36:02.0703 2492 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 12:36:02.0718 2492 SASKUTIL - ok 12:36:03.0468 2492 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe 12:36:03.0593 2492 SCardSvr - ok 12:36:04.0375 2492 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll 12:36:04.0468 2492 Schedule - ok 12:36:05.0218 2492 se2Cnd5 - ok 12:36:05.0984 2492 SE2Emgmt - ok 12:36:06.0109 2492 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 12:36:06.0125 2492 SeaPort - ok 12:36:06.0937 2492 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 12:36:06.0984 2492 Secdrv - ok 12:36:07.0796 2492 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll 12:36:07.0890 2492 seclogon - ok 12:36:08.0625 2492 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll 12:36:08.0718 2492 SENS - ok 12:36:09.0484 2492 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 12:36:09.0578 2492 serenum - ok 12:36:10.0359 2492 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 12:36:10.0468 2492 Serial - ok 12:36:11.0218 2492 servicemgr - ok 12:36:12.0031 2492 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 12:36:12.0140 2492 Sfloppy - ok 12:36:12.0953 2492 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll 12:36:13.0015 2492 SharedAccess - ok 12:36:13.0828 2492 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll 12:36:13.0890 2492 ShellHWDetection - ok 12:36:14.0671 2492 Simbad - ok 12:36:15.0390 2492 slee_81_service - ok 12:36:16.0156 2492 smservauth - ok 12:36:17.0000 2492 Sparrow - ok 12:36:17.0765 2492 SPLITCAM - ok 12:36:18.0968 2492 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 12:36:19.0062 2492 splitter - ok 12:36:19.0812 2492 Spooler (258dd5d4283fd9f9a7166be9ae45ce73) C:\WINDOWS\system32\spoolsv.exe 12:36:19.0843 2492 Spooler - ok 12:36:20.0656 2492 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 12:36:20.0703 2492 sr - ok 12:36:21.0468 2492 srescan - ok 12:36:22.0250 2492 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll 12:36:22.0312 2492 srservice - ok 12:36:23.0171 2492 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys 12:36:23.0203 2492 Srv - ok 12:36:23.0968 2492 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll 12:36:24.0031 2492 SSDPSRV - ok 12:36:24.0125 2492 Steam Client Service - ok 12:36:24.0906 2492 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll 12:36:25.0000 2492 stisvc - ok 12:36:25.0812 2492 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 12:36:25.0906 2492 swenum - ok 12:36:26.0750 2492 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 12:36:26.0843 2492 swmidi - ok 12:36:27.0593 2492 swmsflt - ok 12:36:28.0312 2492 SwPrv - ok 12:36:29.0140 2492 symc810 - ok 12:36:29.0984 2492 symc8xx - ok 12:36:30.0750 2492 symlcbrd - ok 12:36:31.0546 2492 sym_hi - ok 12:36:32.0312 2492 sym_u3 - ok 12:36:33.0062 2492 syntp - ok 12:36:33.0906 2492 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 12:36:34.0015 2492 sysaudio - ok 12:36:34.0812 2492 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe 12:36:34.0937 2492 SysmonLog - ok 12:36:35.0718 2492 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll 12:36:35.0750 2492 TapiSrv - ok 12:36:36.0546 2492 Tcpip (f738697d2aa60ac4ba9b9ded1412d4b2) C:\WINDOWS\system32\DRIVERS\tcpip.sys 12:36:36.0578 2492 Tcpip ( UnsignedFile.Multi.Generic ) - warning 12:36:36.0578 2492 Tcpip - detected UnsignedFile.Multi.Generic (1) 12:36:37.0359 2492 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 12:36:37.0453 2492 TDPIPE - ok 12:36:38.0265 2492 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys 12:36:38.0281 2492 TDTCP - ok 12:36:39.0125 2492 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 12:36:39.0218 2492 TermDD - ok 12:36:40.0062 2492 TermService (5128852a18ae46c387f87bf27da4c9dd) C:\WINDOWS\System32\termsrv.dll 12:36:40.0109 2492 TermService - ok 12:36:40.0890 2492 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll 12:36:40.0906 2492 Themes - ok 12:36:41.0656 2492 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe 12:36:41.0703 2492 TlntSvr - ok 12:36:42.0484 2492 TosIde - ok 12:36:43.0218 2492 trioservice - ok 12:36:44.0000 2492 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll 12:36:44.0140 2492 TrkWks - ok 12:36:44.0937 2492 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 12:36:45.0046 2492 Udfs - ok 12:36:45.0812 2492 ultra - ok 12:36:45.0890 2492 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys 12:36:45.0921 2492 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning 12:36:45.0921 2492 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1) 12:36:46.0734 2492 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 12:36:46.0843 2492 Update - ok 12:36:46.0906 2492 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe 12:36:46.0921 2492 UPHClean ( UnsignedFile.Multi.Generic ) - warning 12:36:46.0921 2492 UPHClean - detected UnsignedFile.Multi.Generic (1) 12:36:47.0718 2492 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll 12:36:47.0781 2492 upnphost - ok 12:36:48.0531 2492 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe 12:36:48.0625 2492 UPS - ok 12:36:49.0359 2492 us30service - ok 12:36:50.0187 2492 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 12:36:50.0281 2492 usbccgp - ok 12:36:51.0078 2492 usbehci (52674b5dbee499342a599c7771abecaa) C:\WINDOWS\system32\DRIVERS\usbehci.sys 12:36:51.0109 2492 usbehci - ok 12:36:51.0906 2492 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 12:36:52.0015 2492 usbhub - ok 12:36:52.0828 2492 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 12:36:52.0921 2492 USBSTOR - ok 12:36:53.0750 2492 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 12:36:53.0859 2492 usbuhci - ok 12:36:54.0671 2492 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys 12:36:54.0671 2492 VClone ( UnsignedFile.Multi.Generic ) - warning 12:36:54.0671 2492 VClone - detected UnsignedFile.Multi.Generic (1) 12:36:55.0406 2492 vds - ok 12:36:56.0187 2492 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 12:36:56.0296 2492 VgaSave - ok 12:36:57.0109 2492 ViaIde - ok 12:36:57.0937 2492 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 12:36:58.0031 2492 VolSnap - ok 12:36:58.0796 2492 vpctcom - ok 12:36:59.0609 2492 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe 12:36:59.0671 2492 VSS - ok 12:37:00.0406 2492 w300bus - ok 12:37:01.0218 2492 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll 12:37:01.0265 2492 W32Time - ok 12:37:02.0093 2492 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 12:37:02.0187 2492 Wanarp - ok 12:37:02.0984 2492 WDICA - ok 12:37:03.0781 2492 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 12:37:03.0890 2492 wdmaud - ok 12:37:04.0656 2492 WebClient (703591cd1403bc19e7198ca7b314e132) C:\WINDOWS\System32\webclnt.dll 12:37:04.0671 2492 WebClient - ok 12:37:05.0406 2492 webupdate - ok 12:37:06.0281 2492 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll 12:37:06.0390 2492 winmgmt - ok 12:37:06.0546 2492 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 12:37:06.0593 2492 wlidsvc - ok 12:37:07.0359 2492 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\mspmsnsv.dll 12:37:07.0406 2492 WmdmPmSN - ok 12:37:08.0203 2492 Wmi (c8a6c82f90b055149925dc7526b2d78c) C:\WINDOWS\System32\advapi32.dll 12:37:08.0234 2492 Wmi - ok 12:37:09.0062 2492 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe 12:37:09.0171 2492 WmiApSrv - ok 12:37:09.0265 2492 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe 12:37:09.0328 2492 WMPNetworkSvc - ok 12:37:09.0656 2492 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 12:37:09.0703 2492 WPFFontCache_v0400 - ok 12:37:10.0375 2492 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll 12:37:10.0484 2492 wscsvc - ok 12:37:11.0250 2492 wuauserv (fc1e3b06ae8d160b686c5d04b5e85371) C:\WINDOWS\system32\wuauserv.dll 12:37:11.0265 2492 wuauserv - ok 12:37:12.0093 2492 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 12:37:12.0140 2492 WudfPf - ok 12:37:12.0968 2492 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 12:37:13.0000 2492 WudfRd - ok 12:37:13.0796 2492 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll 12:37:13.0812 2492 WudfSvc - ok 12:37:14.0578 2492 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll 12:37:14.0671 2492 WZCSVC - ok 12:37:15.0437 2492 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll 12:37:15.0578 2492 xmlprov - ok 12:37:16.0296 2492 zebrceb - ok 12:37:16.0328 2492 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 12:37:16.0546 2492 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 12:37:16.0546 2492 \Device\Harddisk0\DR0 - detected TDSS File System (1) 12:37:16.0578 2492 Boot (0x1200) (1c796130a815603bb72054ee90755e60) \Device\Harddisk0\DR0\Partition0 12:37:16.0578 2492 \Device\Harddisk0\DR0\Partition0 - ok 12:37:16.0578 2492 ============================================================ 12:37:16.0578 2492 Scan finished 12:37:16.0578 2492 ============================================================ 12:37:16.0687 2160 Detected object count: 12 12:37:16.0687 2160 Actual detected object count: 12 12:38:37.0765 2160 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 12:38:37.0765 2160 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:38:37.0765 2160 dmboot ( UnsignedFile.Multi.Generic ) - skipped by user 12:38:37.0765 2160 dmboot ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:38:38.0500 2160 HKLM\SYSTEM\ControlSet001\services\mstee - will be deleted on reboot 12:38:38.0500 2160 HKLM\SYSTEM\ControlSet002\services\mstee - will be deleted on reboot 12:38:38.0500 2160 C:\WINDOWS\system32\update.dll - will be deleted on reboot 12:38:38.0500 2160 mstee ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete 12:38:38.0500 2160 mv64xxmm ( UnsignedFile.Multi.Generic ) - skipped by user 12:38:38.0500 2160 mv64xxmm ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:38:39.0234 2160 HKLM\SYSTEM\ControlSet001\services\oracledbconsoleorcl - will be deleted on reboot 12:38:39.0234 2160 HKLM\SYSTEM\ControlSet002\services\oracledbconsoleorcl - will be deleted on reboot 12:38:39.0234 2160 C:\WINDOWS\system32\SQLBrowser.dll - will be deleted on reboot 12:38:39.0234 2160 oracledbconsoleorcl ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete 12:38:40.0046 2160 HKLM\SYSTEM\ControlSet001\services\pnkbstra - will be deleted on reboot 12:38:40.0046 2160 HKLM\SYSTEM\ControlSet002\services\pnkbstra - will be deleted on reboot 12:38:40.0046 2160 C:\WINDOWS\system32\webrootenterpriseupdateservice.dll - will be deleted on reboot 12:38:40.0046 2160 pnkbstra ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete 12:38:40.0937 2160 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine 12:38:40.0937 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\@ - copied to quarantine 12:38:40.0937 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\cfg.ini - copied to quarantine 12:38:40.0953 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\Desktop.ini - copied to quarantine 12:38:40.0968 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\L\ogjwnzdf - copied to quarantine 12:38:41.0015 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\oemid - copied to quarantine 12:38:41.0015 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000001.@ - copied to quarantine 12:38:41.0062 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000002.@ - copied to quarantine 12:38:41.0078 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000004.@ - copied to quarantine 12:38:41.0093 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000000.@ - copied to quarantine 12:38:41.0093 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000004.@ - copied to quarantine 12:38:41.0109 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000032.@ - copied to quarantine 12:38:41.0109 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\version - copied to quarantine 12:38:41.0343 2160 Backup copy found, using it.. 12:38:41.0359 2160 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot 12:39:56.0859 2160 C:\WINDOWS\$NtUninstallKB18262$\2350460360 - will be deleted on reboot 12:39:56.0859 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\@ - will be deleted on reboot 12:39:56.0859 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\cfg.ini - will be deleted on reboot 12:39:57.0125 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\Desktop.ini - will be deleted on reboot 12:39:57.0125 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\oemid - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000001.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000002.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\00000004.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000000.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000004.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\U\80000032.@ - will be deleted on reboot 12:39:57.0140 2160 C:\WINDOWS\$NtUninstallKB18262$\2769478212\version - will be deleted on reboot 12:39:57.0140 2160 redbook ( Virus.Win32.ZAccess.aml ) - User select action: Cure 12:39:57.0140 2160 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user 12:39:57.0140 2160 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:39:57.0140 2160 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user 12:39:57.0140 2160 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:39:57.0140 2160 UPHClean ( UnsignedFile.Multi.Generic ) - skipped by user 12:39:57.0140 2160 UPHClean ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:39:57.0156 2160 VClone ( UnsignedFile.Multi.Generic ) - skipped by user 12:39:57.0156 2160 VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip 12:39:57.0156 2160 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 12:39:57.0156 2160 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 12:40:11.0937 0856 Deinitialize success Malwarebytes anti-malware log: Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.08.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: MASTERSHAKE [administrator] Protection: Enabled 4/8/2012 12:46:11 PM mbam-log-2012-04-08 (12-46-11).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206667 Time elapsed: 7 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) dds.txt attach.txt
  5. So not sure how I came across it as I never installed anything from the internet; so I must have gotten it while cruising the web. I keep getting AVG popups warning me of trojans; it seems to want to keep reinstalling them everytime I delete them. The latest thing AVG detected and removed was windows/system32/lxcf_device.dll. Other info I think may be of use: I am using windows XP; AVG seems to find something about every 10-15 minutes of having my computer on; I have used several malware removing programs with no success of resolving the issue, so this is my last hope before reformating. Here are my dds.txt and attach.txt files that I read to attatch when I post. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.