Jump to content

My Infections Or: How My Hands are Tied


Recommended Posts

I apologize immediately for not posting a log with this initial message. However, the infection I've gotten has prevented me from opening TDSSKiller, HijackThis, MBAM, and a sorted list of other programs I have on my computer. I have followed many of the self-help guides as I've seen where they've applied to me, but I'm having no luck whatsoever. Combofix began to run then quit on me as well. Rkill isn't saying it's detecting anything. le sigh. All looks bleak.

The information I do have is that there is a terrible process running under the name 1311200319:3232487601.exe which may be the culprit as well as a rootkit issue.

Is there anything I could do to gather more information for you all? I've tried renaming files, opening with several of the other methods from this site; no positive results.

I appreciate the time and effort you guys all put forth for my questions and the many others who find there way here.

Link to post
Share on other sites

I was eventually able to gather more information.

These items popped up from AVG:

"c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected"

"c:\Program Files\AVG\AVG10\avgwdsvc.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\CTsvcCDA.EXE";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\Java\jre6\bin\jqs.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\nvsvc32.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgnsx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgchsvx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgrsx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgcsrvx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected"

THESE were found by TDSSkiller, but don't seem to be resolved after reboot:

Malicious Objects

Rootkit.Win32.ZAccess.c

Service name: IPSec

Service Type: Kernal driver (0x1)

Service Start: System (0x1)

File: C:\WINDOWS\system32\DRIVERS\ipsec.sys

MD5: 518d980950174fead090b4d1a62f2e17

Hidden File

Service Name: 3f54274e

Service Type: Kernal driver (0x1)

Service Start: Demand (0x3)

File: C:\WINDOWS\1311200310:3232487601.exe

I couldn't get my DDS.txt to zip, but here are the results.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Run by Jonathan Ross at 11:55:04 on 2011-08-23

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.357 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\1311200319:3232487601.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k DComLaunch

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\SYSTEM32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com

mSearch Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uCustomizeSearch = about:blank

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized

mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot

StartupFolder: c:\documents and settings\jonathan ross\start menu\programs\startup\V CAST Music Monitor.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hp psc 1000 series.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hpoddt01.exe.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Works Calendar Reminders.lnk.disabled

mPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143679815796

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jonathan ross\application data\mozilla\firefox\profiles\tsj4tx7v.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\jonathan ross\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-11-20 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-11-20 5248]

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]

R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-8-22 10872]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2006-11-20 8576]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-11-25 57376]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-8 41272]

S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-11-25 547744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe [2009-11-25 352338]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-8-21 52432]

.

=============== Created Last 30 ================

.

2011-08-23 15:43:42 -------- d-----w- c:\program files\Trojan Remover

2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\jonathan ross\application data\Simply Super Software

2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software

2011-08-23 15:36:08 94768 ----a-w- c:\windows\system32\drivers\46029272.sys

2011-08-23 05:39:49 43408 --sha-w- c:\windows\system32\c_66981.nl_

2011-08-22 14:45:05 -------- d-----w- c:\documents and settings\jonathan ross\DoctorWeb

2011-08-22 14:39:37 43408 --sha-w- c:\windows\system32\c_66981.nl_.mwt

2011-08-22 14:26:35 632064 ----a-w- c:\windows\system32\msvcr80.dll

2011-08-22 14:26:34 554240 ----a-w- c:\windows\system32\msvcp80.dll

2011-08-22 14:26:32 34048 ----a-w- c:\windows\system32\eEmpty.exe

2011-08-22 14:26:14 146432 ----a-w- c:\windows\REGEDIT.COM

2011-08-22 14:26:14 146432 ----a-w- c:\windows\R.COM

2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\TASKMGR.COM

2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\T.COM

2011-08-22 14:26:12 -------- d-----w- c:\program files\common files\MicroWorld

2011-08-22 14:26:00 -------- d-----w- c:\documents and settings\all users\application data\MicroWorld

2011-08-22 14:25:23 -------- d-----w- c:\program files\CleanUp!

2011-08-22 14:22:18 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys

2011-08-22 14:22:13 -------- d-----w- c:\documents and settings\all users\application data\Grisoft

2011-08-21 10:54:04 52432 ----a-w- c:\windows\system32\drivers\klmd.sys

.

==================== Find3M ====================

.

2011-08-23 15:13:18 64896 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 11:56:50.25 ===============

Thanks for any help (once again).

Link to post
Share on other sites

I was able to retrieve a HijackThis Log. Sorry for constantly posting.

2011/08/23 11:15:33.0546 2436 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/23 11:15:33.0890 2436 ================================================================================

2011/08/23 11:15:33.0890 2436 SystemInfo:

2011/08/23 11:15:33.0890 2436

2011/08/23 11:15:33.0890 2436 OS Version: 5.1.2600 ServicePack: 2.0

2011/08/23 11:15:33.0890 2436 Product type: Workstation

2011/08/23 11:15:33.0890 2436 ComputerName: HAL9000

2011/08/23 11:15:33.0890 2436 UserName: Jonathan Ross

2011/08/23 11:15:33.0890 2436 Windows directory: C:\WINDOWS

2011/08/23 11:15:33.0890 2436 System windows directory: C:\WINDOWS

2011/08/23 11:15:33.0890 2436 Processor architecture: Intel x86

2011/08/23 11:15:33.0890 2436 Number of processors: 1

2011/08/23 11:15:33.0890 2436 Page size: 0x1000

2011/08/23 11:15:33.0890 2436 Boot type: Normal boot

2011/08/23 11:15:33.0890 2436 ================================================================================

2011/08/23 11:15:36.0328 2436 Initialize success

2011/08/23 11:20:54.0390 0808 ================================================================================

2011/08/23 11:20:54.0390 0808 Scan started

2011/08/23 11:20:54.0390 0808 Mode: Manual;

2011/08/23 11:20:54.0390 0808 ================================================================================

2011/08/23 11:20:56.0187 0808 3f54274e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1311200319:3232487601.exe

2011/08/23 11:20:58.0296 0808 Suspicious file (Hidden): C:\WINDOWS\1311200319:3232487601.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/08/23 11:20:58.0312 0808 3f54274e - detected HiddenFile.Multi.Generic (1)

2011/08/23 11:20:58.0500 0808 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/08/23 11:20:58.0781 0808 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys

2011/08/23 11:20:59.0156 0808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/08/23 11:20:59.0500 0808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/23 11:20:59.0656 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/23 11:20:59.0796 0808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/08/23 11:21:00.0000 0808 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/08/23 11:21:00.0218 0808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/08/23 11:21:00.0453 0808 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/08/23 11:21:00.0578 0808 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/08/23 11:21:00.0718 0808 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/08/23 11:21:00.0953 0808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/08/23 11:21:01.0140 0808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/08/23 11:21:01.0375 0808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/08/23 11:21:01.0562 0808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/08/23 11:21:01.0781 0808 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/08/23 11:21:02.0015 0808 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/08/23 11:21:02.0296 0808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/08/23 11:21:02.0484 0808 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS

2011/08/23 11:21:02.0718 0808 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/23 11:21:02.0921 0808 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys

2011/08/23 11:21:03.0109 0808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/08/23 11:21:03.0359 0808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/08/23 11:21:03.0578 0808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/08/23 11:21:03.0734 0808 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/08/23 11:21:03.0953 0808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/23 11:21:04.0156 0808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/23 11:21:04.0531 0808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/23 11:21:04.0718 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/23 11:21:04.0890 0808 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/08/23 11:21:05.0046 0808 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

2011/08/23 11:21:05.0218 0808 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

2011/08/23 11:21:05.0500 0808 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/08/23 11:21:05.0937 0808 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/08/23 11:21:06.0390 0808 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/08/23 11:21:06.0796 0808 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/08/23 11:21:07.0156 0808 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/08/23 11:21:07.0515 0808 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/08/23 11:21:07.0812 0808 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/08/23 11:21:08.0140 0808 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/08/23 11:21:08.0468 0808 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

2011/08/23 11:21:08.0859 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/23 11:21:10.0500 0808 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/08/23 11:21:10.0703 0808 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/08/23 11:21:11.0640 0808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/08/23 11:21:12.0359 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/23 11:21:12.0734 0808 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/08/23 11:21:13.0109 0808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/08/23 11:21:13.0562 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/23 11:21:13.0921 0808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/23 11:21:14.0375 0808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/23 11:21:15.0218 0808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/08/23 11:21:16.0093 0808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/08/23 11:21:16.0953 0808 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

2011/08/23 11:21:17.0953 0808 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

2011/08/23 11:21:18.0921 0808 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

2011/08/23 11:21:19.0625 0808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/08/23 11:21:20.0234 0808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/08/23 11:21:20.0937 0808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/23 11:21:21.0937 0808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/23 11:21:23.0296 0808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/23 11:21:24.0031 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/23 11:21:24.0781 0808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/23 11:21:25.0406 0808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/08/23 11:21:25.0796 0808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/23 11:21:26.0281 0808 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/08/23 11:21:28.0093 0808 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/08/23 11:21:29.0390 0808 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/08/23 11:21:30.0140 0808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/23 11:21:31.0609 0808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/23 11:21:32.0156 0808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/23 11:21:32.0671 0808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/08/23 11:21:33.0640 0808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/23 11:21:34.0718 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/23 11:21:35.0812 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/23 11:21:37.0281 0808 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/08/23 11:21:38.0750 0808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/23 11:21:39.0531 0808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/08/23 11:21:40.0328 0808 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/08/23 11:21:40.0875 0808 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/08/23 11:21:41.0375 0808 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/08/23 11:21:41.0750 0808 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/08/23 11:21:42.0531 0808 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/08/23 11:21:43.0328 0808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/23 11:21:43.0671 0808 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/08/23 11:21:44.0031 0808 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/08/23 11:21:44.0234 0808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/23 11:21:44.0531 0808 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/08/23 11:21:44.0875 0808 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/08/23 11:21:45.0296 0808 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/08/23 11:21:45.0562 0808 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/08/23 11:21:45.0828 0808 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/08/23 11:21:46.0156 0808 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/08/23 11:21:46.0546 0808 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/08/23 11:21:46.0828 0808 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/08/23 11:21:47.0171 0808 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/08/23 11:21:47.0515 0808 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/08/23 11:21:47.0781 0808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/23 11:21:48.0078 0808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/08/23 11:21:48.0437 0808 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/08/23 11:21:48.0656 0808 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/23 11:21:49.0078 0808 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/23 11:21:49.0656 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/23 11:21:50.0437 0808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/23 11:21:51.0078 0808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/23 11:21:51.0859 0808 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/23 11:21:52.0203 0808 IPSec - detected Rootkit.Win32.ZAccess.c (0)

2011/08/23 11:21:52.0828 0808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/23 11:21:53.0328 0808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/23 11:21:53.0937 0808 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys

2011/08/23 11:21:55.0015 0808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/23 11:21:55.0750 0808 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

2011/08/23 11:21:56.0031 0808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/23 11:21:56.0453 0808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/23 11:21:57.0187 0808 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/08/23 11:21:57.0437 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/23 11:21:57.0625 0808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/23 11:21:58.0046 0808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/08/23 11:21:58.0203 0808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/23 11:21:58.0390 0808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/23 11:21:58.0609 0808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/08/23 11:21:58.0781 0808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/23 11:21:59.0078 0808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/23 11:21:59.0546 0808 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/08/23 11:21:59.0921 0808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/23 11:22:00.0156 0808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/23 11:22:00.0390 0808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/23 11:22:00.0625 0808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/23 11:22:00.0843 0808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/23 11:22:01.0109 0808 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/08/23 11:22:01.0343 0808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/23 11:22:01.0625 0808 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/08/23 11:22:01.0859 0808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/23 11:22:02.0093 0808 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/08/23 11:22:02.0281 0808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/23 11:22:02.0453 0808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/23 11:22:02.0625 0808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/23 11:22:02.0796 0808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/23 11:22:02.0984 0808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/23 11:22:03.0171 0808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/23 11:22:03.0390 0808 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/23 11:22:03.0609 0808 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\system32\drivers\NMSCFG.SYS

2011/08/23 11:22:03.0796 0808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/23 11:22:04.0156 0808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/23 11:22:04.0562 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/23 11:22:05.0062 0808 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/08/23 11:22:05.0468 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/23 11:22:05.0687 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/23 11:22:05.0937 0808 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/23 11:22:06.0125 0808 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/08/23 11:22:06.0328 0808 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

2011/08/23 11:22:06.0515 0808 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys

2011/08/23 11:22:06.0765 0808 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/08/23 11:22:06.0937 0808 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/08/23 11:22:07.0140 0808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/23 11:22:07.0343 0808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/23 11:22:07.0500 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/23 11:22:07.0656 0808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/23 11:22:07.0906 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/23 11:22:08.0031 0808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/23 11:22:08.0484 0808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/08/23 11:22:08.0671 0808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/08/23 11:22:08.0859 0808 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys

2011/08/23 11:22:09.0062 0808 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys

2011/08/23 11:22:09.0296 0808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/23 11:22:09.0421 0808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/08/23 11:22:09.0640 0808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/23 11:22:09.0828 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/23 11:22:09.0937 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/23 11:22:10.0125 0808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/08/23 11:22:10.0312 0808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/08/23 11:22:10.0531 0808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/08/23 11:22:10.0671 0808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/08/23 11:22:10.0781 0808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/08/23 11:22:10.0968 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/23 11:22:11.0156 0808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/23 11:22:11.0625 0808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/23 11:22:11.0921 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/23 11:22:12.0109 0808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/23 11:22:12.0375 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/23 11:22:12.0609 0808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/23 11:22:12.0812 0808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/23 11:22:12.0937 0808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/23 11:22:13.0156 0808 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/08/23 11:22:13.0390 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/23 11:22:13.0656 0808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/23 11:22:13.0875 0808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/23 11:22:14.0250 0808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/23 11:22:14.0531 0808 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/08/23 11:22:14.0703 0808 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/08/23 11:22:14.0859 0808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/08/23 11:22:14.0968 0808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/23 11:22:15.0093 0808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\System32\DRIVERS\sr.sys

2011/08/23 11:22:15.0328 0808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/23 11:22:15.0578 0808 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/08/23 11:22:15.0703 0808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/23 11:22:15.0843 0808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/23 11:22:16.0000 0808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/08/23 11:22:16.0156 0808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/08/23 11:22:16.0265 0808 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/08/23 11:22:16.0406 0808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/08/23 11:22:16.0500 0808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/08/23 11:22:16.0656 0808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/23 11:22:16.0812 0808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/23 11:22:17.0015 0808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/23 11:22:17.0140 0808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/23 11:22:17.0359 0808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/23 11:22:17.0562 0808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/08/23 11:22:17.0796 0808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/23 11:22:17.0984 0808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/08/23 11:22:18.0203 0808 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/23 11:22:18.0484 0808 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/08/23 11:22:18.0687 0808 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/08/23 11:22:18.0875 0808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/23 11:22:19.0062 0808 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/08/23 11:22:19.0281 0808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/23 11:22:19.0468 0808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/23 11:22:19.0671 0808 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/08/23 11:22:19.0796 0808 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/23 11:22:20.0000 0808 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/23 11:22:20.0187 0808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/23 11:22:20.0625 0808 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/23 11:22:20.0953 0808 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/08/23 11:22:21.0156 0808 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\SYSTEM32\VCdRom.sys

2011/08/23 11:22:21.0453 0808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/08/23 11:22:21.0640 0808 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/08/23 11:22:21.0812 0808 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/08/23 11:22:21.0968 0808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/23 11:22:22.0203 0808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/23 11:22:22.0484 0808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/23 11:22:22.0687 0808 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/08/23 11:22:23.0000 0808 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/08/23 11:22:23.0203 0808 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/08/23 11:22:23.0453 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/23 11:22:23.0671 0808 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

2011/08/23 11:22:23.0812 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/23 11:22:24.0000 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/08/23 11:22:24.0031 0808 Boot (0x1200) (c031c7b8284f1438ac09411f1026e3a3) \Device\Harddisk0\DR0\Partition0

2011/08/23 11:22:24.0062 0808 Boot (0x1200) (9795f53f0f4970233708ae6c5c847c0a) \Device\Harddisk1\DR1\Partition0

2011/08/23 11:22:24.0078 0808 ================================================================================

2011/08/23 11:22:24.0078 0808 Scan finished

2011/08/23 11:22:24.0078 0808 ================================================================================

2011/08/23 11:22:24.0109 2340 Detected object count: 2

2011/08/23 11:22:24.0109 2340 Actual detected object count: 2

2011/08/23 11:36:02.0640 2340 HiddenFile.Multi.Generic(3f54274e) - User select action: Skip

2011/08/23 11:36:02.0781 2340 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/23 11:36:02.0828 2340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813

2011/08/23 11:36:07.0937 2340 Backup copy found, using it..

2011/08/23 11:36:07.0968 2340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot

2011/08/23 11:36:07.0968 2340 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Don't alter your logs at all. Just copy and paste.

Link to post
Share on other sites

Thank you greatly for your time and support. This issue has been severely frustrating.

I was not able to get MBAM to update or run. I keep getting the "cannot access specific device, file, or path." I have re-downloaded and tried to change the name of the file to execute with no luck.

ComboFix did run but it did not seem to remove all aspects of the virus.

I can't remove AVG 2011 either or disable RT Protection. I tried to from Add/remove programs and used perfect uninstaller. Neither worked.

Again, thank you so much.

CF82911.txt

dds82911.txt

Link to post
Share on other sites

Thank you again for your help.

I ran the remover tool which initially I don't think worked. The icon was still present. And ComboFix still alerted me with the warning of RT Scanners. However, I ran combo fix and immediately after ran the removal tool. It seem to have worked and after running combofix again. I noticed some positive changes.

Let me know what you think of the log.

Also, sorry for posting multiple times. You know how people get when they're freaked out. You're the best.

ComboFix83011.txt

Link to post
Share on other sites

  • Staff

Hi,

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for uTorrent and anything else you may have installed.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.