Jump to content

Laptop infected with MBR:Alureon-K [Rtk]


tcc
 Share

Recommended Posts

Merged post

Hello,

My wife's laptop is infected with the MBR:Alureon-K [Rtk] virus. Avast is installed and a full scan was performed but did not help in getting rid of it.

I also tried running combofix normally and in safe mode but the system keeps on hanging up.

Really need some help here so she does not keep on getting redirected to other sites when clicking on links.

tia

My wife's been able to surf the net a bit after the above post but at night she put the laptop to sleep and this morning she tried using it and a whole bunch of errors popped up saying something about the hdd being in error and can't be read and Smart HDD popped up saying to repair the fatal errors. Also no icons are showing on the desktop anymore and same with any programs in the Start Menu. I even tried in Safe Mode and same deal.

Seems like it has gotten worse.

I'm stuck and don't know what to do next as all the programs I downloaded can't be accessed on the desktop.

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Nevermind. I was able to copy the program and run it on the laptop.

So here'e the log file.

18:06:41.0156 3632 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

18:06:41.0171 3632 ============================================================

18:06:41.0171 3632 Current date / time: 2012/04/22 18:06:41.0171

18:06:41.0171 3632 SystemInfo:

18:06:41.0171 3632

18:06:41.0171 3632 OS Version: 5.1.2600 ServicePack: 3.0

18:06:41.0171 3632 Product type: Workstation

18:06:41.0171 3632 ComputerName: COMPAQV5000

18:06:41.0171 3632 UserName: Compaq

18:06:41.0171 3632 Windows directory: C:\WINDOWS

18:06:41.0171 3632 System windows directory: C:\WINDOWS

18:06:41.0171 3632 Processor architecture: Intel x86

18:06:41.0171 3632 Number of processors: 1

18:06:41.0171 3632 Page size: 0x1000

18:06:41.0171 3632 Boot type: Normal boot

18:06:41.0171 3632 ============================================================

18:06:41.0921 3632 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:06:41.0921 3632 Drive \Device\Harddisk1\DR3 - Size: 0xF1F80000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

18:06:41.0921 3632 \Device\Harddisk0\DR0:

18:06:41.0921 3632 MBR partitions:

18:06:41.0921 3632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

18:06:41.0921 3632 \Device\Harddisk1\DR3:

18:06:41.0921 3632 MBR partitions:

18:06:41.0921 3632 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x78FBE0

18:06:42.0046 3632 C: <-> \Device\Harddisk0\DR0\Partition0

18:06:42.0046 3632 Initialize success

18:06:42.0046 3632 ============================================================

18:07:10.0375 3652 ============================================================

18:07:10.0375 3652 Scan started

18:07:10.0375 3652 Mode: Manual; SigCheck; TDLFS;

18:07:10.0375 3652 ============================================================

18:07:10.0515 3652 .i8042prt - ok

18:07:10.0671 3652 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

18:07:10.0890 3652 Aavmker4 - ok

18:07:10.0921 3652 Abiosdsk - ok

18:07:10.0937 3652 abp480n5 - ok

18:07:11.0046 3652 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

18:07:11.0062 3652 ACDaemon - ok

18:07:11.0125 3652 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:07:11.0375 3652 ACPI - ok

18:07:11.0453 3652 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:07:11.0625 3652 ACPIEC - ok

18:07:11.0703 3652 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:07:11.0718 3652 AdobeFlashPlayerUpdateSvc - ok

18:07:11.0750 3652 adpu160m - ok

18:07:11.0796 3652 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:07:11.0984 3652 aec - ok

18:07:12.0000 3652 Aha154x - ok

18:07:12.0031 3652 aic78u2 - ok

18:07:12.0062 3652 aic78xx - ok

18:07:12.0125 3652 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:07:12.0281 3652 Alerter - ok

18:07:12.0312 3652 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:07:12.0484 3652 ALG - ok

18:07:12.0515 3652 AliIde - ok

18:07:12.0578 3652 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

18:07:12.0593 3652 AmdK8 - ok

18:07:12.0640 3652 amsint - ok

18:07:12.0671 3652 AppMgmt - ok

18:07:12.0703 3652 asc - ok

18:07:12.0734 3652 asc3350p - ok

18:07:12.0765 3652 asc3550 - ok

18:07:12.0890 3652 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:07:12.0906 3652 aspnet_state - ok

18:07:12.0953 3652 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

18:07:12.0968 3652 aswFsBlk - ok

18:07:13.0015 3652 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

18:07:13.0031 3652 aswMon2 - ok

18:07:13.0062 3652 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys

18:07:13.0078 3652 aswRdr - ok

18:07:13.0156 3652 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

18:07:13.0187 3652 aswSnx - ok

18:07:13.0250 3652 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

18:07:13.0281 3652 aswSP - ok

18:07:13.0312 3652 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

18:07:13.0328 3652 aswTdi - ok

18:07:13.0390 3652 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:07:13.0546 3652 AsyncMac - ok

18:07:13.0593 3652 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:07:13.0750 3652 atapi - ok

18:07:13.0781 3652 Atdisk - ok

18:07:13.0859 3652 Ati HotKey Poller (e548eb303255721145418f85b77b9d8a) C:\WINDOWS\system32\Ati2evxx.exe

18:07:13.0921 3652 Ati HotKey Poller - ok

18:07:14.0031 3652 ati2mtag (6ef070828e7b8c6f45d8f0e9ce28ca8b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:07:14.0140 3652 ati2mtag - ok

18:07:14.0265 3652 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:07:14.0421 3652 Atmarpc - ok

18:07:14.0468 3652 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:07:14.0625 3652 AudioSrv - ok

18:07:14.0687 3652 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:07:14.0859 3652 audstub - ok

18:07:14.0953 3652 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

18:07:14.0968 3652 avast! Antivirus - ok

18:07:15.0093 3652 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

18:07:15.0156 3652 BCM43XX - ok

18:07:15.0218 3652 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:07:15.0421 3652 Beep - ok

18:07:15.0500 3652 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:07:15.0703 3652 BITS - ok

18:07:15.0812 3652 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:07:15.0984 3652 Browser - ok

18:07:16.0046 3652 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys

18:07:16.0078 3652 CAMCAUD - ok

18:07:16.0140 3652 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys

18:07:16.0187 3652 CAMCHALA - ok

18:07:16.0312 3652 catchme - ok

18:07:16.0421 3652 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:07:16.0625 3652 cbidf2k - ok

18:07:16.0656 3652 cd20xrnt - ok

18:07:16.0718 3652 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:07:16.0921 3652 Cdaudio - ok

18:07:16.0968 3652 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:07:17.0109 3652 Cdfs - ok

18:07:17.0140 3652 Cdrom - ok

18:07:17.0171 3652 Changer - ok

18:07:17.0218 3652 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:07:17.0359 3652 CiSvc - ok

18:07:17.0421 3652 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:07:17.0578 3652 ClipSrv - ok

18:07:17.0687 3652 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:07:17.0718 3652 clr_optimization_v2.0.50727_32 - ok

18:07:17.0781 3652 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:07:17.0937 3652 CmBatt - ok

18:07:17.0968 3652 CmdIde - ok

18:07:18.0031 3652 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:07:18.0171 3652 Compbatt - ok

18:07:18.0203 3652 COMSysApp - ok

18:07:18.0250 3652 Cpqarray - ok

18:07:18.0312 3652 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:07:18.0484 3652 CryptSvc - ok

18:07:18.0500 3652 dac2w2k - ok

18:07:18.0531 3652 dac960nt - ok

18:07:18.0593 3652 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:07:18.0703 3652 DcomLaunch - ok

18:07:18.0765 3652 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:07:18.0921 3652 Dhcp - ok

18:07:18.0984 3652 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:07:19.0109 3652 Disk - ok

18:07:19.0140 3652 dmadmin - ok

18:07:19.0250 3652 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:07:19.0468 3652 dmboot - ok

18:07:19.0515 3652 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:07:19.0687 3652 dmio - ok

18:07:19.0750 3652 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:07:19.0906 3652 dmload - ok

18:07:19.0968 3652 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:07:20.0109 3652 dmserver - ok

18:07:20.0171 3652 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:07:20.0312 3652 DMusic - ok

18:07:20.0375 3652 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:07:20.0437 3652 Dnscache - ok

18:07:20.0484 3652 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:07:20.0625 3652 Dot3svc - ok

18:07:20.0656 3652 dpti2o - ok

18:07:20.0718 3652 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:07:20.0859 3652 drmkaud - ok

18:07:20.0906 3652 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

18:07:20.0921 3652 eabfiltr - ok

18:07:20.0968 3652 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

18:07:21.0000 3652 eabusb - ok

18:07:21.0046 3652 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:07:21.0218 3652 EapHost - ok

18:07:21.0328 3652 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

18:07:21.0343 3652 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

18:07:21.0343 3652 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

18:07:21.0453 3652 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:07:21.0625 3652 ERSvc - ok

18:07:21.0671 3652 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:07:21.0750 3652 Eventlog - ok

18:07:21.0796 3652 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:07:21.0828 3652 EventSystem - ok

18:07:21.0906 3652 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:07:22.0062 3652 Fastfat - ok

18:07:22.0156 3652 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:07:22.0187 3652 FastUserSwitchingCompatibility - ok

18:07:22.0250 3652 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:07:22.0390 3652 Fdc - ok

18:07:22.0437 3652 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:07:22.0593 3652 Fips - ok

18:07:22.0625 3652 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:07:22.0781 3652 Flpydisk - ok

18:07:22.0828 3652 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:07:22.0984 3652 FltMgr - ok

18:07:23.0078 3652 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:07:23.0093 3652 FontCache3.0.0.0 - ok

18:07:23.0156 3652 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:07:23.0312 3652 Fs_Rec - ok

18:07:23.0343 3652 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:07:23.0531 3652 Ftdisk - ok

18:07:23.0593 3652 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:07:23.0734 3652 Gpc - ok

18:07:23.0796 3652 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:07:23.0937 3652 helpsvc - ok

18:07:23.0984 3652 HidServ - ok

18:07:24.0046 3652 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:07:24.0187 3652 HidUsb - ok

18:07:24.0234 3652 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:07:24.0421 3652 hkmsvc - ok

18:07:24.0453 3652 hpn - ok

18:07:24.0531 3652 hpqwmi (7463e7cbdf29b50acb90574d5769a160) C:\Program Files\HPQ\shared\hpqwmi.exe

18:07:24.0562 3652 hpqwmi ( UnsignedFile.Multi.Generic ) - warning

18:07:24.0562 3652 hpqwmi - detected UnsignedFile.Multi.Generic (1)

18:07:24.0625 3652 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

18:07:24.0656 3652 HSFHWATI - ok

18:07:24.0750 3652 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:07:24.0859 3652 HSF_DP - ok

18:07:24.0921 3652 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:07:24.0937 3652 HTTP - ok

18:07:24.0984 3652 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:07:25.0156 3652 HTTPFilter - ok

18:07:25.0187 3652 i2omgmt - ok

18:07:25.0218 3652 i2omp - ok

18:07:25.0359 3652 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:07:25.0453 3652 idsvc - ok

18:07:25.0500 3652 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:07:25.0640 3652 Imapi - ok

18:07:25.0703 3652 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:07:25.0859 3652 ImapiService - ok

18:07:25.0890 3652 ini910u - ok

18:07:25.0921 3652 IntelIde - ok

18:07:25.0968 3652 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:07:26.0109 3652 Ip6Fw - ok

18:07:26.0171 3652 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:07:26.0343 3652 IpFilterDriver - ok

18:07:26.0390 3652 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:07:26.0515 3652 IpInIp - ok

18:07:26.0578 3652 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:07:26.0750 3652 IpNat - ok

18:07:26.0796 3652 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:07:26.0796 3652 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 19dd19fb992d6bf67811913b6feae577, Fake md5: 23c74d75e36e7158768dd63d92789a91

18:07:26.0812 3652 IPSec ( Virus.Win32.ZAccess.c ) - infected

18:07:26.0812 3652 IPSec - detected Virus.Win32.ZAccess.c (0)

18:07:26.0843 3652 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:07:26.0984 3652 IRENUM - ok

18:07:27.0031 3652 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:07:27.0187 3652 isapnp - ok

18:07:27.0312 3652 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

18:07:27.0328 3652 JavaQuickStarterService - ok

18:07:27.0453 3652 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:07:27.0609 3652 Kbdclass - ok

18:07:27.0687 3652 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:07:27.0828 3652 kbdhid - ok

18:07:27.0890 3652 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:07:28.0062 3652 kmixer - ok

18:07:28.0125 3652 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:07:28.0156 3652 KSecDD - ok

18:07:28.0203 3652 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:07:28.0250 3652 lanmanserver - ok

18:07:28.0312 3652 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:07:28.0343 3652 lanmanworkstation - ok

18:07:28.0437 3652 Lbd - ok

18:07:28.0453 3652 lbrtfdc - ok

18:07:28.0531 3652 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:07:28.0671 3652 LmHosts - ok

18:07:28.0718 3652 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:07:28.0750 3652 mdmxsdk - ok

18:07:28.0812 3652 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:07:28.0968 3652 Messenger - ok

18:07:29.0015 3652 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:07:29.0171 3652 mnmdd - ok

18:07:29.0218 3652 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:07:29.0375 3652 mnmsrvc - ok

18:07:29.0421 3652 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:07:29.0578 3652 Modem - ok

18:07:29.0625 3652 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:07:29.0765 3652 Mouclass - ok

18:07:29.0828 3652 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:07:30.0015 3652 mouhid - ok

18:07:30.0046 3652 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:07:30.0203 3652 MountMgr - ok

18:07:30.0218 3652 mraid35x - ok

18:07:30.0328 3652 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS

18:07:30.0343 3652 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning

18:07:30.0343 3652 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)

18:07:30.0406 3652 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:07:30.0546 3652 MRxDAV - ok

18:07:30.0609 3652 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:07:30.0656 3652 MRxSmb - ok

18:07:30.0718 3652 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:07:30.0875 3652 MSDTC - ok

18:07:30.0937 3652 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:07:31.0078 3652 Msfs - ok

18:07:31.0109 3652 MSIServer - ok

18:07:31.0140 3652 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:07:31.0265 3652 MSKSSRV - ok

18:07:31.0296 3652 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:07:31.0437 3652 MSPCLOCK - ok

18:07:31.0468 3652 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:07:31.0609 3652 MSPQM - ok

18:07:31.0656 3652 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:07:31.0812 3652 mssmbios - ok

18:07:31.0890 3652 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:07:31.0906 3652 Mup - ok

18:07:31.0968 3652 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:07:32.0125 3652 napagent - ok

18:07:32.0187 3652 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:07:32.0359 3652 NDIS - ok

18:07:32.0406 3652 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:07:32.0437 3652 NdisTapi - ok

18:07:32.0484 3652 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:07:32.0640 3652 Ndisuio - ok

18:07:32.0703 3652 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:07:32.0843 3652 NdisWan - ok

18:07:32.0906 3652 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:07:32.0921 3652 NDProxy - ok

18:07:32.0968 3652 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:07:33.0125 3652 NetBIOS - ok

18:07:33.0156 3652 NetBT - ok

18:07:33.0234 3652 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:07:33.0437 3652 NetDDE - ok

18:07:33.0453 3652 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:07:33.0609 3652 NetDDEdsdm - ok

18:07:33.0640 3652 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:07:33.0781 3652 Netlogon - ok

18:07:33.0828 3652 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:07:33.0968 3652 Netman - ok

18:07:34.0078 3652 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:07:34.0093 3652 NetTcpPortSharing - ok

18:07:34.0187 3652 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:07:34.0250 3652 Nla - ok

18:07:34.0312 3652 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:07:34.0468 3652 Npfs - ok

18:07:34.0531 3652 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:07:34.0734 3652 Ntfs - ok

18:07:34.0781 3652 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:07:34.0937 3652 NtLmSsp - ok

18:07:35.0000 3652 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:07:35.0187 3652 NtmsSvc - ok

18:07:35.0250 3652 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:07:35.0406 3652 Null - ok

18:07:35.0453 3652 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:07:35.0671 3652 NwlnkFlt - ok

18:07:35.0703 3652 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:07:35.0906 3652 NwlnkFwd - ok

18:07:35.0953 3652 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:07:36.0078 3652 Parport - ok

18:07:36.0109 3652 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:07:36.0234 3652 PartMgr - ok

18:07:36.0281 3652 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:07:36.0453 3652 ParVdm - ok

18:07:36.0515 3652 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:07:36.0640 3652 PCI - ok

18:07:36.0656 3652 PCIDump - ok

18:07:36.0734 3652 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:07:36.0906 3652 PCIIde - ok

18:07:36.0968 3652 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:07:37.0078 3652 Pcmcia - ok

18:07:37.0109 3652 PDCOMP - ok

18:07:37.0140 3652 PDFRAME - ok

18:07:37.0171 3652 PDRELI - ok

18:07:37.0203 3652 PDRFRAME - ok

18:07:37.0234 3652 perc2 - ok

18:07:37.0250 3652 perc2hib - ok

18:07:37.0328 3652 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:07:37.0390 3652 PlugPlay - ok

18:07:37.0437 3652 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:07:37.0578 3652 PolicyAgent - ok

18:07:37.0625 3652 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:07:37.0765 3652 PptpMiniport - ok

18:07:37.0812 3652 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:07:37.0968 3652 Processor - ok

18:07:38.0031 3652 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:07:38.0156 3652 ProtectedStorage - ok

18:07:38.0218 3652 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:07:38.0359 3652 PSched - ok

18:07:38.0390 3652 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:07:38.0562 3652 Ptilink - ok

18:07:38.0609 3652 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:07:38.0625 3652 PxHelp20 - ok

18:07:38.0640 3652 ql1080 - ok

18:07:38.0687 3652 Ql10wnt - ok

18:07:38.0718 3652 ql12160 - ok

18:07:38.0750 3652 ql1240 - ok

18:07:38.0781 3652 ql1280 - ok

18:07:38.0812 3652 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:07:39.0015 3652 RasAcd - ok

18:07:39.0078 3652 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:07:39.0218 3652 RasAuto - ok

18:07:39.0265 3652 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:07:39.0390 3652 Rasl2tp - ok

18:07:39.0437 3652 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:07:39.0593 3652 RasMan - ok

18:07:39.0640 3652 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:07:39.0781 3652 RasPppoe - ok

18:07:39.0828 3652 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:07:40.0031 3652 Raspti - ok

18:07:40.0093 3652 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:07:40.0218 3652 Rdbss - ok

18:07:40.0250 3652 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:07:40.0406 3652 RDPCDD - ok

18:07:40.0484 3652 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:07:40.0515 3652 RDPWD - ok

18:07:40.0562 3652 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:07:40.0718 3652 RDSessMgr - ok

18:07:40.0781 3652 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:07:40.0921 3652 redbook - ok

18:07:40.0968 3652 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:07:41.0109 3652 RemoteAccess - ok

18:07:41.0171 3652 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:07:41.0296 3652 RpcLocator - ok

18:07:41.0359 3652 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:07:41.0468 3652 RpcSs - ok

18:07:41.0531 3652 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:07:41.0750 3652 RSVP - ok

18:07:41.0859 3652 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

18:07:41.0906 3652 RTL8023xp - ok

18:07:41.0968 3652 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

18:07:42.0093 3652 rtl8139 - ok

18:07:42.0156 3652 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:07:42.0296 3652 SamSs - ok

18:07:42.0343 3652 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:07:42.0500 3652 SCardSvr - ok

18:07:42.0562 3652 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:07:42.0718 3652 Schedule - ok

18:07:42.0859 3652 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:07:43.0000 3652 Secdrv - ok

18:07:43.0046 3652 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:07:43.0187 3652 seclogon - ok

18:07:43.0234 3652 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:07:43.0390 3652 SENS - ok

18:07:43.0453 3652 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:07:43.0593 3652 Serial - ok

18:07:43.0656 3652 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:07:43.0796 3652 Sfloppy - ok

18:07:43.0875 3652 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:07:44.0046 3652 SharedAccess - ok

18:07:44.0109 3652 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:07:44.0140 3652 ShellHWDetection - ok

18:07:44.0171 3652 Simbad - ok

18:07:44.0218 3652 Sparrow - ok

18:07:44.0265 3652 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:07:44.0421 3652 splitter - ok

18:07:44.0468 3652 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:07:44.0515 3652 Spooler - ok

18:07:44.0578 3652 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:07:44.0718 3652 sr - ok

18:07:44.0796 3652 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:07:44.0953 3652 srservice - ok

18:07:45.0015 3652 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:07:45.0046 3652 Srv - ok

18:07:45.0109 3652 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:07:45.0265 3652 SSDPSRV - ok

18:07:45.0312 3652 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:07:45.0484 3652 stisvc - ok

18:07:45.0546 3652 stllssvr (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\SGHIDI.dll

18:07:45.0562 3652 stllssvr ( Backdoor.Multi.ZAccess.gen ) - infected

18:07:45.0562 3652 stllssvr - detected Backdoor.Multi.ZAccess.gen (0)

18:07:45.0625 3652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:07:45.0750 3652 swenum - ok

18:07:45.0796 3652 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:07:45.0937 3652 swmidi - ok

18:07:45.0968 3652 SwPrv - ok

18:07:46.0000 3652 symc810 - ok

18:07:46.0031 3652 symc8xx - ok

18:07:46.0046 3652 sym_hi - ok

18:07:46.0078 3652 sym_u3 - ok

18:07:46.0140 3652 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:07:46.0171 3652 SynTP - ok

18:07:46.0218 3652 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:07:46.0359 3652 sysaudio - ok

18:07:46.0421 3652 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:07:46.0578 3652 SysmonLog - ok

18:07:46.0625 3652 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:07:46.0812 3652 TapiSrv - ok

18:07:46.0890 3652 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:07:46.0968 3652 Tcpip - ok

18:07:47.0000 3652 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:07:47.0156 3652 TDPIPE - ok

18:07:47.0187 3652 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:07:47.0312 3652 TDTCP - ok

18:07:47.0359 3652 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:07:47.0515 3652 TermDD - ok

18:07:47.0578 3652 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:07:47.0765 3652 TermService - ok

18:07:47.0906 3652 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:07:47.0937 3652 Themes - ok

18:07:47.0968 3652 TosIde - ok

18:07:48.0015 3652 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:07:48.0171 3652 TrkWks - ok

18:07:48.0250 3652 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:07:48.0406 3652 Udfs - ok

18:07:48.0421 3652 ultra - ok

18:07:48.0484 3652 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

18:07:48.0500 3652 UMWdf - ok

18:07:48.0562 3652 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:07:48.0750 3652 Update - ok

18:07:48.0796 3652 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:07:48.0953 3652 upnphost - ok

18:07:48.0984 3652 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:07:49.0140 3652 UPS - ok

18:07:49.0203 3652 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:07:49.0328 3652 usbccgp - ok

18:07:49.0375 3652 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:07:49.0531 3652 usbehci - ok

18:07:49.0593 3652 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:07:49.0750 3652 usbhub - ok

18:07:49.0796 3652 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:07:49.0953 3652 usbohci - ok

18:07:49.0984 3652 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:07:50.0125 3652 usbscan - ok

18:07:50.0187 3652 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:07:50.0328 3652 USBSTOR - ok

18:07:50.0359 3652 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:07:50.0500 3652 VgaSave - ok

18:07:50.0531 3652 ViaIde - ok

18:07:50.0562 3652 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:07:50.0703 3652 VolSnap - ok

18:07:50.0765 3652 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:07:50.0921 3652 VSS - ok

18:07:50.0984 3652 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:07:51.0125 3652 W32Time - ok

18:07:51.0187 3652 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:07:51.0328 3652 Wanarp - ok

18:07:51.0359 3652 WDICA - ok

18:07:51.0390 3652 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:07:51.0546 3652 wdmaud - ok

18:07:51.0593 3652 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:07:51.0734 3652 WebClient - ok

18:07:51.0843 3652 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:07:51.0921 3652 winachsf - ok

18:07:51.0984 3652 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\WINDOWS\system32\windrvNT.sys

18:07:52.0015 3652 windrvNT ( UnsignedFile.Multi.Generic ) - warning

18:07:52.0015 3652 windrvNT - detected UnsignedFile.Multi.Generic (1)

18:07:52.0093 3652 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:07:52.0218 3652 winmgmt - ok

18:07:52.0343 3652 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

18:07:52.0375 3652 WmdmPmSN - ok

18:07:52.0453 3652 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:07:52.0593 3652 WmiAcpi - ok

18:07:52.0671 3652 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:07:52.0812 3652 WmiApSrv - ok

18:07:52.0875 3652 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:07:53.0078 3652 WS2IFSL - ok

18:07:53.0125 3652 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:07:53.0281 3652 wuauserv - ok

18:07:53.0359 3652 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:07:53.0562 3652 WZCSVC - ok

18:07:53.0625 3652 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:07:53.0796 3652 xmlprov - ok

18:07:53.0843 3652 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:07:53.0875 3652 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

18:07:53.0875 3652 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

18:07:53.0906 3652 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

18:07:53.0906 3652 \Device\Harddisk0\DR0 - detected TDSS File System (1)

18:07:53.0937 3652 Boot (0x1200) (533cf9547935d03d5767681cf4742123) \Device\Harddisk0\DR0\Partition0

18:07:53.0937 3652 \Device\Harddisk0\DR0\Partition0 - ok

18:07:53.0953 3652 ============================================================

18:07:53.0953 3652 Scan finished

18:07:53.0953 3652 ============================================================

18:07:54.0078 3644 Detected object count: 8

18:07:54.0078 3644 Actual detected object count: 8

18:08:27.0203 3644 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

18:08:27.0203 3644 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:08:27.0203 3644 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user

18:08:27.0203 3644 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:08:27.0359 3644 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine

18:08:27.0640 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\@ - copied to quarantine

18:08:27.0656 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\cfg.ini - copied to quarantine

18:08:27.0656 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\Desktop.ini - copied to quarantine

18:08:27.0687 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\L\iedmhaai - copied to quarantine

18:08:29.0625 3644 Backup copy found, using it..

18:08:29.0671 3644 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot

18:08:32.0062 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\@ - will be deleted on reboot

18:08:32.0062 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\cfg.ini - will be deleted on reboot

18:08:32.0062 3644 C:\WINDOWS\$NtUninstallKB49855$\2952162633\Desktop.ini - will be deleted on reboot

18:08:32.0062 3644 C:\WINDOWS\$NtUninstallKB49855$\633061716 - will be deleted on reboot

18:08:32.0078 3644 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure

18:08:32.0093 3644 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

18:08:32.0093 3644 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:08:32.0203 3644 C:\WINDOWS\system32\SGHIDI.dll - copied to quarantine

18:08:32.0218 3644 HKLM\SYSTEM\ControlSet001\services\stllssvr - will be deleted on reboot

18:08:32.0250 3644 HKLM\SYSTEM\ControlSet002\services\stllssvr - will be deleted on reboot

18:08:32.0250 3644 HKLM\SYSTEM\ControlSet003\services\stllssvr - will be deleted on reboot

18:08:32.0265 3644 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\svchost:netsvcs - cured

18:08:32.0281 3644 C:\WINDOWS\system32\SGHIDI.dll - will be deleted on reboot

18:08:32.0281 3644 stllssvr ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete

18:08:32.0281 3644 windrvNT ( UnsignedFile.Multi.Generic ) - skipped by user

18:08:32.0281 3644 windrvNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:08:33.0093 3644 \Device\Harddisk0\DR0\# - copied to quarantine

18:08:33.0093 3644 \Device\Harddisk0\DR0 - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

18:08:33.0156 3644 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

18:08:33.0171 3644 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

18:08:33.0171 3644 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

18:08:33.0171 3644 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

18:08:33.0171 3644 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

18:08:33.0187 3644 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

18:08:33.0187 3644 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

18:08:33.0187 3644 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

18:08:33.0203 3644 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

18:08:33.0203 3644 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

18:08:33.0203 3644 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

18:08:33.0218 3644 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

18:08:33.0281 3644 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine

18:08:33.0312 3644 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

18:08:33.0343 3644 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

18:08:33.0343 3644 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

18:08:33.0640 3644 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

18:08:33.0656 3644 \Device\Harddisk0\DR0 - ok

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

18:08:45.0765 3628 Deinitialize success

Link to post
Share on other sites

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

18:08:33.0656 3644 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Please run TDSSKIller again and fix / delete the 2 ( TDSS File System )

Reboot and let me know how it's running.

Link to post
Share on other sites

Ok, ran TDSSKiller again but did not see the above file system errors.

Rebooted and the the laptop keyboard and mouse pad still does not work, no icons/files are on the desktop (which there should be), and no programs in the Start Menu except for IE and Outlook Express.

Here's the current log:

18:18:58.0359 3836 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47

18:18:58.0421 3836 ============================================================

18:18:58.0421 3836 Current date / time: 2012/04/23 18:18:58.0421

18:18:58.0421 3836 SystemInfo:

18:18:58.0421 3836

18:18:58.0421 3836 OS Version: 5.1.2600 ServicePack: 3.0

18:18:58.0421 3836 Product type: Workstation

18:18:58.0421 3836 ComputerName: COMPAQV5000

18:18:58.0421 3836 UserName: Compaq

18:18:58.0421 3836 Windows directory: C:\WINDOWS

18:18:58.0421 3836 System windows directory: C:\WINDOWS

18:18:58.0421 3836 Processor architecture: Intel x86

18:18:58.0421 3836 Number of processors: 1

18:18:58.0421 3836 Page size: 0x1000

18:18:58.0421 3836 Boot type: Normal boot

18:18:58.0421 3836 ============================================================

18:18:59.0390 3836 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

18:18:59.0390 3836 \Device\Harddisk0\DR0:

18:18:59.0390 3836 MBR partitions:

18:18:59.0390 3836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC3D80

18:18:59.0421 3836 C: <-> \Device\Harddisk0\DR0\Partition0

18:18:59.0421 3836 Initialize success

18:18:59.0421 3836 ============================================================

18:19:25.0718 1316 ============================================================

18:19:25.0718 1316 Scan started

18:19:25.0718 1316 Mode: Manual; SigCheck; TDLFS;

18:19:25.0718 1316 ============================================================

18:19:25.0859 1316 .i8042prt - ok

18:19:26.0015 1316 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys

18:19:26.0281 1316 Aavmker4 - ok

18:19:26.0312 1316 Abiosdsk - ok

18:19:26.0328 1316 abp480n5 - ok

18:19:26.0406 1316 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

18:19:26.0421 1316 ACDaemon - ok

18:19:26.0484 1316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:19:27.0781 1316 ACPI - ok

18:19:27.0890 1316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

18:19:28.0078 1316 ACPIEC - ok

18:19:28.0156 1316 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

18:19:28.0171 1316 AdobeFlashPlayerUpdateSvc - ok

18:19:28.0203 1316 adpu160m - ok

18:19:28.0250 1316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

18:19:28.0453 1316 aec - ok

18:19:28.0500 1316 Aha154x - ok

18:19:28.0515 1316 aic78u2 - ok

18:19:28.0546 1316 aic78xx - ok

18:19:28.0593 1316 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll

18:19:28.0765 1316 Alerter - ok

18:19:28.0812 1316 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe

18:19:28.0953 1316 ALG - ok

18:19:29.0000 1316 AliIde - ok

18:19:29.0046 1316 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

18:19:29.0078 1316 AmdK8 - ok

18:19:29.0125 1316 amsint - ok

18:19:29.0156 1316 AppMgmt - ok

18:19:29.0187 1316 asc - ok

18:19:29.0203 1316 asc3350p - ok

18:19:29.0234 1316 asc3550 - ok

18:19:29.0375 1316 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

18:19:29.0390 1316 aspnet_state - ok

18:19:29.0437 1316 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys

18:19:29.0453 1316 aswFsBlk - ok

18:19:29.0484 1316 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys

18:19:29.0515 1316 aswMon2 - ok

18:19:29.0562 1316 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys

18:19:29.0578 1316 aswRdr - ok

18:19:29.0671 1316 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys

18:19:29.0718 1316 aswSnx - ok

18:19:29.0796 1316 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys

18:19:29.0828 1316 aswSP - ok

18:19:29.0859 1316 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys

18:19:29.0875 1316 aswTdi - ok

18:19:29.0921 1316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:19:30.0093 1316 AsyncMac - ok

18:19:30.0140 1316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:19:30.0312 1316 atapi - ok

18:19:30.0343 1316 Atdisk - ok

18:19:30.0421 1316 Ati HotKey Poller (e548eb303255721145418f85b77b9d8a) C:\WINDOWS\system32\Ati2evxx.exe

18:19:30.0484 1316 Ati HotKey Poller - ok

18:19:30.0578 1316 ati2mtag (6ef070828e7b8c6f45d8f0e9ce28ca8b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

18:19:30.0671 1316 ati2mtag - ok

18:19:30.0734 1316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:19:30.0890 1316 Atmarpc - ok

18:19:30.0937 1316 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll

18:19:31.0109 1316 AudioSrv - ok

18:19:31.0156 1316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:19:31.0343 1316 audstub - ok

18:19:31.0437 1316 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

18:19:31.0453 1316 avast! Antivirus - ok

18:19:31.0578 1316 BCM43XX (fa4a4a50b4b2647afedc676cc68c69cc) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

18:19:31.0640 1316 BCM43XX - ok

18:19:31.0671 1316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:19:31.0875 1316 Beep - ok

18:19:31.0953 1316 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll

18:19:32.0171 1316 BITS - ok

18:19:32.0234 1316 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll

18:19:32.0406 1316 Browser - ok

18:19:32.0453 1316 CAMCAUD (c2ef37f09cfee9665e6cd7c0b0afb84f) C:\WINDOWS\system32\drivers\camc6aud.sys

18:19:32.0484 1316 CAMCAUD - ok

18:19:32.0531 1316 CAMCHALA (512df898de5c0654647acd5c82f0bd99) C:\WINDOWS\system32\drivers\camc6hal.sys

18:19:32.0593 1316 CAMCHALA - ok

18:19:32.0703 1316 catchme - ok

18:19:32.0812 1316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:19:33.0031 1316 cbidf2k - ok

18:19:33.0062 1316 cd20xrnt - ok

18:19:33.0109 1316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:19:33.0328 1316 Cdaudio - ok

18:19:33.0390 1316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

18:19:33.0515 1316 Cdfs - ok

18:19:33.0546 1316 Cdrom - ok

18:19:33.0578 1316 Changer - ok

18:19:33.0609 1316 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe

18:19:33.0765 1316 CiSvc - ok

18:19:33.0828 1316 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe

18:19:34.0000 1316 ClipSrv - ok

18:19:34.0109 1316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:19:34.0125 1316 clr_optimization_v2.0.50727_32 - ok

18:19:34.0203 1316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

18:19:34.0375 1316 CmBatt - ok

18:19:34.0406 1316 CmdIde - ok

18:19:34.0453 1316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

18:19:34.0609 1316 Compbatt - ok

18:19:34.0625 1316 COMSysApp - ok

18:19:34.0671 1316 Cpqarray - ok

18:19:34.0718 1316 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll

18:19:34.0890 1316 CryptSvc - ok

18:19:34.0906 1316 dac2w2k - ok

18:19:34.0937 1316 dac960nt - ok

18:19:35.0000 1316 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:19:35.0109 1316 DcomLaunch - ok

18:19:35.0171 1316 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll

18:19:35.0343 1316 Dhcp - ok

18:19:35.0390 1316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

18:19:35.0546 1316 Disk - ok

18:19:35.0562 1316 dmadmin - ok

18:19:35.0640 1316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

18:19:35.0859 1316 dmboot - ok

18:19:35.0906 1316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

18:19:36.0093 1316 dmio - ok

18:19:36.0125 1316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:19:36.0312 1316 dmload - ok

18:19:36.0390 1316 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll

18:19:36.0531 1316 dmserver - ok

18:19:36.0578 1316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

18:19:36.0734 1316 DMusic - ok

18:19:36.0781 1316 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll

18:19:36.0843 1316 Dnscache - ok

18:19:36.0906 1316 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll

18:19:37.0078 1316 Dot3svc - ok

18:19:37.0109 1316 dpti2o - ok

18:19:37.0156 1316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

18:19:37.0312 1316 drmkaud - ok

18:19:37.0359 1316 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys

18:19:37.0375 1316 eabfiltr - ok

18:19:37.0406 1316 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys

18:19:37.0421 1316 eabusb - ok

18:19:37.0484 1316 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll

18:19:37.0671 1316 EapHost - ok

18:19:37.0781 1316 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

18:19:37.0812 1316 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

18:19:37.0812 1316 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

18:19:37.0921 1316 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll

18:19:38.0093 1316 ERSvc - ok

18:19:38.0156 1316 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:19:38.0250 1316 Eventlog - ok

18:19:38.0312 1316 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll

18:19:38.0343 1316 EventSystem - ok

18:19:38.0406 1316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

18:19:38.0593 1316 Fastfat - ok

18:19:38.0656 1316 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:19:38.0703 1316 FastUserSwitchingCompatibility - ok

18:19:38.0750 1316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

18:19:38.0890 1316 Fdc - ok

18:19:38.0953 1316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

18:19:39.0140 1316 Fips - ok

18:19:39.0171 1316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

18:19:39.0312 1316 Flpydisk - ok

18:19:39.0375 1316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

18:19:39.0515 1316 FltMgr - ok

18:19:39.0609 1316 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

18:19:39.0625 1316 FontCache3.0.0.0 - ok

18:19:39.0687 1316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:19:39.0859 1316 Fs_Rec - ok

18:19:39.0906 1316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:19:40.0109 1316 Ftdisk - ok

18:19:40.0171 1316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:19:40.0328 1316 Gpc - ok

18:19:40.0375 1316 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

18:19:40.0531 1316 helpsvc - ok

18:19:40.0562 1316 HidServ - ok

18:19:40.0625 1316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:19:40.0781 1316 HidUsb - ok

18:19:40.0828 1316 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll

18:19:41.0000 1316 hkmsvc - ok

18:19:41.0031 1316 hpn - ok

18:19:41.0156 1316 hpqwmi (7463e7cbdf29b50acb90574d5769a160) C:\Program Files\HPQ\shared\hpqwmi.exe

18:19:41.0171 1316 hpqwmi ( UnsignedFile.Multi.Generic ) - warning

18:19:41.0171 1316 hpqwmi - detected UnsignedFile.Multi.Generic (1)

18:19:41.0234 1316 HSFHWATI (14794f142befc962ab142584607a6631) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

18:19:41.0265 1316 HSFHWATI - ok

18:19:41.0343 1316 HSF_DP (f99bb4e2b462198b2b0a82d0949f0c41) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

18:19:41.0468 1316 HSF_DP - ok

18:19:41.0531 1316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

18:19:41.0578 1316 HTTP - ok

18:19:41.0640 1316 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll

18:19:41.0796 1316 HTTPFilter - ok

18:19:41.0828 1316 i2omgmt - ok

18:19:41.0859 1316 i2omp - ok

18:19:42.0031 1316 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

18:19:42.0171 1316 idsvc - ok

18:19:42.0234 1316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:19:42.0406 1316 Imapi - ok

18:19:42.0468 1316 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe

18:19:42.0640 1316 ImapiService - ok

18:19:42.0671 1316 ini910u - ok

18:19:42.0703 1316 IntelIde - ok

18:19:42.0750 1316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

18:19:42.0890 1316 Ip6Fw - ok

18:19:42.0937 1316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:19:43.0125 1316 IpFilterDriver - ok

18:19:43.0171 1316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:19:43.0296 1316 IpInIp - ok

18:19:43.0343 1316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:19:43.0531 1316 IpNat - ok

18:19:43.0578 1316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:19:43.0718 1316 IPSec - ok

18:19:43.0765 1316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:19:43.0906 1316 IRENUM - ok

18:19:43.0953 1316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:19:44.0125 1316 isapnp - ok

18:19:44.0234 1316 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe

18:19:44.0250 1316 JavaQuickStarterService - ok

18:19:44.0343 1316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:19:44.0500 1316 Kbdclass - ok

18:19:44.0562 1316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:19:44.0703 1316 kbdhid - ok

18:19:44.0750 1316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

18:19:44.0937 1316 kmixer - ok

18:19:45.0000 1316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

18:19:45.0031 1316 KSecDD - ok

18:19:45.0093 1316 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll

18:19:45.0125 1316 lanmanserver - ok

18:19:45.0171 1316 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll

18:19:45.0234 1316 lanmanworkstation - ok

18:19:45.0265 1316 Lbd - ok

18:19:45.0281 1316 lbrtfdc - ok

18:19:45.0343 1316 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll

18:19:45.0500 1316 LmHosts - ok

18:19:45.0546 1316 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

18:19:45.0578 1316 mdmxsdk - ok

18:19:45.0640 1316 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll

18:19:45.0781 1316 Messenger - ok

18:19:45.0828 1316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:19:46.0031 1316 mnmdd - ok

18:19:46.0109 1316 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe

18:19:46.0265 1316 mnmsrvc - ok

18:19:46.0312 1316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

18:19:46.0484 1316 Modem - ok

18:19:46.0546 1316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:19:46.0703 1316 Mouclass - ok

18:19:46.0781 1316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:19:46.0968 1316 mouhid - ok

18:19:47.0000 1316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

18:19:47.0156 1316 MountMgr - ok

18:19:47.0187 1316 mraid35x - ok

18:19:47.0281 1316 MRENDIS5 (594b9d8194e3f4ecbf0325bd10bbeb05) c:\PROGRA~1\COMMON~1\motive\MRENDIS5.SYS

18:19:47.0296 1316 MRENDIS5 ( UnsignedFile.Multi.Generic ) - warning

18:19:47.0296 1316 MRENDIS5 - detected UnsignedFile.Multi.Generic (1)

18:19:47.0343 1316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:19:47.0484 1316 MRxDAV - ok

18:19:47.0531 1316 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:19:47.0578 1316 MRxSmb - ok

18:19:47.0640 1316 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe

18:19:47.0781 1316 MSDTC - ok

18:19:47.0843 1316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

18:19:48.0031 1316 Msfs - ok

18:19:48.0062 1316 MSIServer - ok

18:19:48.0109 1316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:19:48.0265 1316 MSKSSRV - ok

18:19:48.0312 1316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:19:48.0453 1316 MSPCLOCK - ok

18:19:48.0500 1316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

18:19:48.0640 1316 MSPQM - ok

18:19:48.0687 1316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:19:48.0812 1316 mssmbios - ok

18:19:48.0890 1316 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

18:19:48.0906 1316 Mup - ok

18:19:49.0000 1316 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll

18:19:49.0171 1316 napagent - ok

18:19:49.0250 1316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

18:19:49.0406 1316 NDIS - ok

18:19:49.0453 1316 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:19:49.0484 1316 NdisTapi - ok

18:19:49.0515 1316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:19:49.0671 1316 Ndisuio - ok

18:19:49.0718 1316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:19:49.0875 1316 NdisWan - ok

18:19:49.0921 1316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

18:19:49.0953 1316 NDProxy - ok

18:19:50.0000 1316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:19:50.0125 1316 NetBIOS - ok

18:19:50.0171 1316 NetBT - ok

18:19:50.0250 1316 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:19:50.0406 1316 NetDDE - ok

18:19:50.0421 1316 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe

18:19:50.0562 1316 NetDDEdsdm - ok

18:19:50.0609 1316 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:19:50.0750 1316 Netlogon - ok

18:19:50.0796 1316 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll

18:19:50.0968 1316 Netman - ok

18:19:51.0078 1316 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:19:51.0109 1316 NetTcpPortSharing - ok

18:19:51.0187 1316 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll

18:19:51.0265 1316 Nla - ok

18:19:51.0328 1316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

18:19:51.0484 1316 Npfs - ok

18:19:51.0546 1316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

18:19:51.0734 1316 Ntfs - ok

18:19:51.0781 1316 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:19:51.0937 1316 NtLmSsp - ok

18:19:52.0000 1316 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll

18:19:52.0203 1316 NtmsSvc - ok

18:19:52.0265 1316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:19:52.0453 1316 Null - ok

18:19:52.0515 1316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:19:52.0734 1316 NwlnkFlt - ok

18:19:52.0765 1316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:19:52.0984 1316 NwlnkFwd - ok

18:19:53.0031 1316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

18:19:53.0187 1316 Parport - ok

18:19:53.0218 1316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

18:19:53.0343 1316 PartMgr - ok

18:19:53.0390 1316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:19:53.0578 1316 ParVdm - ok

18:19:53.0609 1316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

18:19:53.0765 1316 PCI - ok

18:19:53.0796 1316 PCIDump - ok

18:19:53.0859 1316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:19:54.0062 1316 PCIIde - ok

18:19:54.0109 1316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:19:54.0250 1316 Pcmcia - ok

18:19:54.0281 1316 PDCOMP - ok

18:19:54.0296 1316 PDFRAME - ok

18:19:54.0328 1316 PDRELI - ok

18:19:54.0359 1316 PDRFRAME - ok

18:19:54.0375 1316 perc2 - ok

18:19:54.0406 1316 perc2hib - ok

18:19:54.0484 1316 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe

18:19:54.0546 1316 PlugPlay - ok

18:19:54.0609 1316 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:19:54.0734 1316 PolicyAgent - ok

18:19:54.0796 1316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:19:54.0953 1316 PptpMiniport - ok

18:19:54.0984 1316 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

18:19:55.0125 1316 Processor - ok

18:19:55.0187 1316 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:19:55.0312 1316 ProtectedStorage - ok

18:19:55.0359 1316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

18:19:55.0515 1316 PSched - ok

18:19:55.0546 1316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:19:55.0734 1316 Ptilink - ok

18:19:55.0781 1316 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:19:55.0796 1316 PxHelp20 - ok

18:19:55.0828 1316 ql1080 - ok

18:19:55.0859 1316 Ql10wnt - ok

18:19:55.0875 1316 ql12160 - ok

18:19:55.0906 1316 ql1240 - ok

18:19:55.0937 1316 ql1280 - ok

18:19:55.0968 1316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:19:56.0156 1316 RasAcd - ok

18:19:56.0203 1316 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll

18:19:56.0343 1316 RasAuto - ok

18:19:56.0390 1316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:19:56.0531 1316 Rasl2tp - ok

18:19:56.0593 1316 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll

18:19:56.0750 1316 RasMan - ok

18:19:56.0828 1316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:19:56.0968 1316 RasPppoe - ok

18:19:57.0015 1316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:19:57.0218 1316 Raspti - ok

18:19:57.0265 1316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:19:57.0390 1316 Rdbss - ok

18:19:57.0437 1316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:19:57.0625 1316 RDPCDD - ok

18:19:57.0703 1316 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

18:19:57.0734 1316 RDPWD - ok

18:19:57.0781 1316 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe

18:19:57.0921 1316 RDSessMgr - ok

18:19:57.0968 1316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:19:58.0109 1316 redbook - ok

18:19:58.0171 1316 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll

18:19:58.0328 1316 RemoteAccess - ok

18:19:58.0390 1316 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe

18:19:58.0531 1316 RpcLocator - ok

18:19:58.0593 1316 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll

18:19:58.0687 1316 RpcSs - ok

18:19:58.0750 1316 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe

18:19:58.0937 1316 RSVP - ok

18:19:58.0984 1316 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

18:19:59.0031 1316 RTL8023xp - ok

18:19:59.0078 1316 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

18:19:59.0218 1316 rtl8139 - ok

18:19:59.0281 1316 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe

18:19:59.0421 1316 SamSs - ok

18:19:59.0484 1316 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe

18:19:59.0625 1316 SCardSvr - ok

18:19:59.0671 1316 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll

18:19:59.0812 1316 Schedule - ok

18:19:59.0875 1316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:20:00.0015 1316 Secdrv - ok

18:20:00.0046 1316 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll

18:20:00.0203 1316 seclogon - ok

18:20:00.0234 1316 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll

18:20:00.0390 1316 SENS - ok

18:20:00.0453 1316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

18:20:00.0593 1316 Serial - ok

18:20:00.0656 1316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:20:00.0796 1316 Sfloppy - ok

18:20:00.0875 1316 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll

18:20:01.0046 1316 SharedAccess - ok

18:20:01.0109 1316 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:20:01.0140 1316 ShellHWDetection - ok

18:20:01.0171 1316 Simbad - ok

18:20:01.0203 1316 Sparrow - ok

18:20:01.0265 1316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

18:20:01.0421 1316 splitter - ok

18:20:01.0468 1316 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

18:20:01.0515 1316 Spooler - ok

18:20:01.0578 1316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

18:20:01.0718 1316 sr - ok

18:20:01.0781 1316 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll

18:20:01.0937 1316 srservice - ok

18:20:02.0000 1316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

18:20:02.0046 1316 Srv - ok

18:20:02.0109 1316 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll

18:20:02.0265 1316 SSDPSRV - ok

18:20:02.0312 1316 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll

18:20:02.0500 1316 stisvc - ok

18:20:02.0562 1316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:20:02.0703 1316 swenum - ok

18:20:02.0750 1316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

18:20:02.0890 1316 swmidi - ok

18:20:02.0921 1316 SwPrv - ok

18:20:02.0953 1316 symc810 - ok

18:20:02.0984 1316 symc8xx - ok

18:20:03.0000 1316 sym_hi - ok

18:20:03.0031 1316 sym_u3 - ok

18:20:03.0093 1316 SynTP (f484c77f748729129d5cc9c965d9f701) C:\WINDOWS\system32\DRIVERS\SynTP.sys

18:20:03.0125 1316 SynTP - ok

18:20:03.0187 1316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

18:20:03.0312 1316 sysaudio - ok

18:20:03.0375 1316 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe

18:20:03.0531 1316 SysmonLog - ok

18:20:03.0578 1316 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll

18:20:03.0750 1316 TapiSrv - ok

18:20:03.0828 1316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:20:03.0921 1316 Tcpip - ok

18:20:03.0968 1316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:20:04.0109 1316 TDPIPE - ok

18:20:04.0156 1316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

18:20:04.0312 1316 TDTCP - ok

18:20:04.0359 1316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:20:04.0515 1316 TermDD - ok

18:20:04.0578 1316 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll

18:20:04.0750 1316 TermService - ok

18:20:04.0812 1316 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll

18:20:04.0843 1316 Themes - ok

18:20:04.0875 1316 TosIde - ok

18:20:04.0921 1316 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll

18:20:05.0078 1316 TrkWks - ok

18:20:05.0140 1316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

18:20:05.0281 1316 Udfs - ok

18:20:05.0312 1316 ultra - ok

18:20:05.0359 1316 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

18:20:05.0390 1316 UMWdf - ok

18:20:05.0453 1316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

18:20:05.0656 1316 Update - ok

18:20:05.0703 1316 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll

18:20:05.0890 1316 upnphost - ok

18:20:05.0921 1316 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe

18:20:06.0093 1316 UPS - ok

18:20:06.0156 1316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:20:06.0281 1316 usbccgp - ok

18:20:06.0343 1316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:20:06.0484 1316 usbehci - ok

18:20:06.0546 1316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:20:06.0703 1316 usbhub - ok

18:20:06.0734 1316 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

18:20:06.0875 1316 usbohci - ok

18:20:06.0921 1316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:20:07.0062 1316 usbscan - ok

18:20:07.0140 1316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:20:07.0281 1316 USBSTOR - ok

18:20:07.0312 1316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

18:20:07.0453 1316 VgaSave - ok

18:20:07.0484 1316 ViaIde - ok

18:20:07.0531 1316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

18:20:07.0671 1316 VolSnap - ok

18:20:07.0734 1316 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe

18:20:07.0906 1316 VSS - ok

18:20:07.0968 1316 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll

18:20:08.0140 1316 W32Time - ok

18:20:08.0203 1316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:20:08.0343 1316 Wanarp - ok

18:20:08.0375 1316 WDICA - ok

18:20:08.0406 1316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

18:20:08.0546 1316 wdmaud - ok

18:20:08.0593 1316 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll

18:20:08.0750 1316 WebClient - ok

18:20:08.0843 1316 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

18:20:08.0937 1316 winachsf - ok

18:20:08.0984 1316 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\WINDOWS\system32\windrvNT.sys

18:20:09.0031 1316 windrvNT ( UnsignedFile.Multi.Generic ) - warning

18:20:09.0031 1316 windrvNT - detected UnsignedFile.Multi.Generic (1)

18:20:09.0093 1316 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll

18:20:09.0265 1316 winmgmt - ok

18:20:09.0328 1316 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll

18:20:09.0359 1316 WmdmPmSN - ok

18:20:09.0437 1316 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

18:20:09.0578 1316 WmiAcpi - ok

18:20:09.0625 1316 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe

18:20:09.0781 1316 WmiApSrv - ok

18:20:09.0828 1316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:20:10.0000 1316 WS2IFSL - ok

18:20:10.0046 1316 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll

18:20:10.0187 1316 wuauserv - ok

18:20:10.0281 1316 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll

18:20:10.0468 1316 WZCSVC - ok

18:20:10.0515 1316 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll

18:20:10.0671 1316 xmlprov - ok

18:20:10.0718 1316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:20:11.0140 1316 \Device\Harddisk0\DR0 - ok

18:20:11.0156 1316 Boot (0x1200) (533cf9547935d03d5767681cf4742123) \Device\Harddisk0\DR0\Partition0

18:20:11.0156 1316 \Device\Harddisk0\DR0\Partition0 - ok

18:20:11.0171 1316 ============================================================

18:20:11.0171 1316 Scan finished

18:20:11.0171 1316 ============================================================

18:20:11.0296 1984 Detected object count: 4

18:20:11.0296 1984 Actual detected object count: 4

18:22:01.0546 1984 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

18:22:01.0546 1984 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:22:01.0562 1984 hpqwmi ( UnsignedFile.Multi.Generic ) - skipped by user

18:22:01.0562 1984 hpqwmi ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:22:01.0562 1984 MRENDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user

18:22:01.0562 1984 MRENDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:22:01.0578 1984 windrvNT ( UnsignedFile.Multi.Generic ) - skipped by user

18:22:01.0578 1984 windrvNT ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:22:14.0078 3952 Deinitialize success

Link to post
Share on other sites

Actually had to run it twic as the first time didn't seem t did anything bu now all icons on the desktop are present, the start menu is working, but the keyboard and mouse pad are still working and I forgot to mention that the wireless connection is also not working.

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thanks Larry.

Trying to get this to work. The first time I ran it I accidentally clicked on the CF window and it hung up. But the next time the screen saver/sleep feature kicked in while CF was doing its thing and hung up the system again.

I turned all of those features off so hopefully it'll work this time. Will keep you updated.

Link to post
Share on other sites

Ok Larry, finally got CF to work. I had to uninstall the anti virus software, even thought I disabled it, in safe mode then ran CF. Everything worked after that.

Here's the log of CF and now I can connect to the internet via WiFi but still the keyboard and mouse pad are still not working.

ComboFix 12-04-27.02 - Compaq 04/30/2012 20:45:13.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.651 [GMT -4:00]

Running from: c:\documents and settings\Compaq\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\iUk2CWgWyGCt3i

c:\documents and settings\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\SMART_HDD.lnk

c:\documents and settings\Compaq\Desktop\SMART_HDD.lnk

c:\documents and settings\Compaq\Start Menu\Programs\SMART HDD\SMART HDD.lnk

c:\documents and settings\Compaq\Start Menu\Programs\SMART HDD\Uninstall SMART HDD.lnk

c:\program files\INSTALL.LOG

c:\windows\system32\dds_trash_log.cmd

c:\windows\system32\urttemp

c:\windows\system32\urttemp\fusion.dll

c:\windows\system32\urttemp\mscoree.dll

c:\windows\system32\urttemp\mscoree.dll.local

c:\windows\system32\urttemp\mscorsn.dll

c:\windows\system32\urttemp\mscorwks.dll

c:\windows\system32\urttemp\msvcr71.dll

c:\windows\system32\urttemp\regtlib.exe

.

c:\windows\system32\drivers\afd.sys was missing

Restored copy from - c:\windows\system32\dllcache\afd.sys

.

c:\windows\system32\drivers\netbt.sys was missing

Restored copy from - c:\windows\ServicePackFiles\i386\netbt.sys

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.

c:\windows\system32\drivers\i8042prt.sys was missing

Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_.i8042prt

.

.

((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))

.

.

2012-05-01 00:51 . 2008-04-13 19:18 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys

2012-05-01 00:51 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2012-05-01 00:51 . 2008-04-13 18:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2012-05-01 00:51 . 2008-04-13 18:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-05-01 00:51 . 2008-04-13 19:21 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys

2012-05-01 00:51 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2012-05-01 00:51 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys

2012-05-01 00:51 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2012-05-01 00:22 . 2012-05-01 00:23 -------- d-----w- c:\documents and settings\Administrator

2012-04-25 00:09 . 2012-04-13 13:18 399264 ----a-w- c:\windows\unhide.exe

2012-04-22 22:08 . 2012-04-22 22:08 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-22 22:06 . 2012-04-20 20:22 2072624 ----a-w- C:\tdsskiller.exe

2012-04-22 21:45 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2012-04-22 21:45 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2012-04-22 21:45 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2012-04-22 21:44 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-04-15 17:02 . 2012-04-15 17:02 244224 ----a-w- c:\documents and settings\All Users\Application Data\iUk2CWgWyGCt3i.exe

2012-04-15 07:37 . 2012-04-15 07:37 1409 ----a-w- c:\windows\QTFont.for

2012-04-13 22:10 . 2012-04-13 22:10 4126368 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-04-12 02:04 . 2012-04-13 22:10 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-10 00:20 . 2012-04-10 00:20 -------- d-----w- c:\documents and settings\Compaq\Application Data\Malwarebytes

2012-04-10 00:19 . 2012-04-10 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-04-10 00:19 . 2012-04-10 00:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-22 22:09 . 2004-08-04 13:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2012-04-13 22:10 . 2011-06-21 21:49 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-01 11:01 . 2004-08-04 13:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 13:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 13:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 13:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 13:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 13:00 385024 ----a-w- c:\windows\system32\html.iec

2012-02-03 09:22 . 2004-08-04 13:00 1860096 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Switch Off"="c:\program files\Switch Off\swoff.exe" [2006-12-15 19456]

"PMSpeed"="c:\program files\NewSoft\Presto! PageManager 8 for EP\PMSpeed.EXE" [2008-12-09 55120]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-15 729178]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-06-05 843776]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2008-05-24 26448]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NetAssistant.lnk

backup=c:\windows\pss\NetAssistant.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-09-28 01:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 03:11 49152 -c--a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

2004-10-22 20:13 393216 ----a-w- c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-09-01 20:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]

2006-05-15 15:41 1986560 ----a-w- c:\program files\Bell\Sympatico Security Advisor\SSA.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StandardInstall]

2006-05-15 15:41 1986560 ----a-w- c:\program files\Bell\Sympatico Security Advisor\SSA.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/6/2006 7:53 PM 231424]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 10:04 PM 253088]

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 22:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://msn.ca/

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyOverride = 127.0.0.1

TCP: DhcpNameServer = 192.168.1.1

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-dplaysvr - c:\documents and settings\Compaq\Application Data\dplaysvr.exe

HKLM-Run-Cpqset - c:\program files\HPQ\Default Settings\cpqset.exe

SafeBoot-42330315.sys

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-04-30 20:55

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?8?5?3??p???? ???B?????????????hLC? ??????

.

scanning hidden files ...

.

.

C:\sccfg.sys 86 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(660)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(2372)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe

c:\program files\HPQ\shared\hpqwmi.exe

.

**************************************************************************

.

Completion time: 2012-04-30 21:00:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-01 01:00

.

Pre-Run: 42,459,181,056 bytes free

Post-Run: 43,576,975,360 bytes free

.

- - End Of File - - 6D8CC06465E0CE5103B6155C01C10495

Link to post
Share on other sites

Actually had to go into device manager and unistall and reinstall the two. Now they are working.

Is there anything else I need to do to clean up the laptop of any lingering viruses/malware?

Link to post
Share on other sites

You'll need to install a Anti-Virus program after unistalling combofix.

If you don't have one now:

Only run one Anti-Virus at a time.

Use an AntiVirus Software - Choose only one - More than one will conflict. It is very important that your computer has anti-virus software running to protect against viruses. Update Antivirus prior to manual scans as necessary or as used. Please only choose one, having more than one can cause problems, such as crashes and your computer to slow down.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.