Bossk34 Posted September 6, 2011 ID:473201 Share Posted September 6, 2011 Hey. I've started having problems with my comp. I tried scanning with malwarebytes and it would not work in normal mode, it would remove the program or something, When I would try to re run it it said it could not find the path. So i uninstalled, updated and ran a scan in safe mode. Found a bunch of items and I thought I was good. Start up normal mode, try re running malwarebytes and it gives me the same thing. Stops scanning after a few moments, shuts down, exits and gives me the same "cant find path" etc message again. So i did the same thing, re install update, run in safe mode, finds 2 files over and over.So I downloaded and installed Avira, ran a scan in safe mode, found some stuff, thought I removed it. Tried running in normal mode after, Won't work. The file I found was BOO/TDss.m.Help?? Link to post Share on other sites More sharing options...
Bossk34 Posted September 6, 2011 Author ID:473215 Share Posted September 6, 2011 To add some info, I did another avira scan in safe mode again after uninstalling etc.Found this BOO/TDss.B (before it was BOO/TDss.M I noticed) - The file name is $RA9FRRC.datFound this too. TR/Crypt.XPACK.Gen - file name is 373518902:3382795553.exe - in the C:/Windows directory. I opened task manager and the 373518902:3382795553.exe I cant end task.I'll paste the Avira scan file too.Avira AntiVir PersonalReport file date: September-05-11 22:30Scanning for 3334229 virus strains and unwanted programs.The program is running as an unrestricted full version.Online services are available:Licensee : Avira AntiVir Personal - Free AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows 7Windows version : (plain) [6.1.7600]Boot mode : Safe modeUsername : BriceComputer name : BRICE-PCVersion information:BUILD.DAT : 10.2.0.700 35934 Bytes 21/07/2011 17:12:00AVSCAN.EXE : 10.3.0.7 484008 Bytes 06/09/2011 02:27:05AVSCAN.DLL : 10.0.5.0 47464 Bytes 06/09/2011 02:27:05LUKE.DLL : 10.3.0.5 45416 Bytes 06/09/2011 02:27:05LUKERES.DLL : 10.0.0.1 12648 Bytes 11/02/2010 04:40:49AVSCPLR.DLL : 10.3.0.7 119656 Bytes 06/09/2011 02:27:06AVREG.DLL : 10.3.0.9 88833 Bytes 06/09/2011 02:27:06VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 14:05:36VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 11:53:55VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 11:53:56VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 16:36:57VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 16:18:22VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 02:27:04VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 02:27:04VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 02:27:04VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 02:27:04VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 02:27:04VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 02:27:04VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 02:27:04VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 02:27:04VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 02:27:04VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 02:27:04VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 02:27:04VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 02:27:04VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 02:27:04VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 02:27:04VBASE019.VDF : 7.11.14.48 133120 Bytes 31/08/2011 02:27:04VBASE020.VDF : 7.11.14.78 156160 Bytes 02/09/2011 02:27:04VBASE021.VDF : 7.11.14.79 2048 Bytes 02/09/2011 02:27:04VBASE022.VDF : 7.11.14.80 2048 Bytes 02/09/2011 02:27:04VBASE023.VDF : 7.11.14.81 2048 Bytes 02/09/2011 02:27:04VBASE024.VDF : 7.11.14.82 2048 Bytes 02/09/2011 02:27:04VBASE025.VDF : 7.11.14.83 2048 Bytes 02/09/2011 02:27:04VBASE026.VDF : 7.11.14.84 2048 Bytes 02/09/2011 02:27:04VBASE027.VDF : 7.11.14.85 2048 Bytes 02/09/2011 02:27:04VBASE028.VDF : 7.11.14.86 2048 Bytes 02/09/2011 02:27:04VBASE029.VDF : 7.11.14.87 2048 Bytes 02/09/2011 02:27:04VBASE030.VDF : 7.11.14.88 2048 Bytes 02/09/2011 02:27:04VBASE031.VDF : 7.11.14.103 80896 Bytes 05/09/2011 02:27:04Engineversion : 8.2.6.54 AEVDF.DLL : 8.1.2.1 106868 Bytes 21/04/2011 11:53:28AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 06/09/2011 02:27:05AESCN.DLL : 8.1.7.2 127349 Bytes 21/04/2011 11:53:27AESBX.DLL : 8.2.1.34 323957 Bytes 16/06/2011 04:54:00AERDL.DLL : 8.1.9.13 639349 Bytes 06/09/2011 02:27:05AEPACK.DLL : 8.2.10.10 684407 Bytes 06/09/2011 02:27:05AEOFFICE.DLL : 8.1.2.13 201083 Bytes 06/09/2011 02:27:05AEHEUR.DLL : 8.1.2.164 3654007 Bytes 06/09/2011 02:27:04AEHELP.DLL : 8.1.17.7 254327 Bytes 06/09/2011 02:27:04AEGEN.DLL : 8.1.5.9 401780 Bytes 06/09/2011 02:27:04AEEMU.DLL : 8.1.3.0 393589 Bytes 21/04/2011 11:53:14AECORE.DLL : 8.1.23.0 196983 Bytes 06/09/2011 02:27:04AEBB.DLL : 8.1.1.0 53618 Bytes 21/04/2011 11:53:14AVWINLL.DLL : 10.0.0.0 19304 Bytes 21/04/2011 11:53:36AVPREF.DLL : 10.0.3.2 44904 Bytes 06/09/2011 02:27:05AVREP.DLL : 10.0.0.10 174120 Bytes 06/09/2011 02:27:06AVARKT.DLL : 10.0.26.1 255336 Bytes 06/09/2011 02:27:05AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 06/09/2011 02:27:05SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 19:27:22AVSMTP.DLL : 10.0.0.17 63848 Bytes 21/04/2011 11:53:36NETNT.DLL : 10.0.0.0 11624 Bytes 21/04/2011 11:53:46RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 06/09/2011 02:27:04RCTEXT.DLL : 10.0.64.0 97640 Bytes 06/09/2011 02:27:04Configuration settings for the scan:Jobname.............................: Complete system scanConfiguration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avpLogging.............................: DefaultPrimary action......................: interactiveSecondary action....................: ignoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:, Process scan........................: onExtended process scan...............: onScan registry.......................: onSearch for rootkits.................: onIntegrity checking of system files..: offScan all files......................: All filesScan archives.......................: onRecursion depth.....................: 20Smart extensions....................: onMacro heuristic.....................: onFile heuristic......................: AdvancedStart of the scan: September-05-11 22:30Starting search for hidden objects.The driver could not be initialized.The scan of running processes will be startedScan process 'avscan.exe' - '67' Module(s) have been scannedScan process 'avcenter.exe' - '74' Module(s) have been scannedScan process 'ctfmon.exe' - '21' Module(s) have been scannedScan process 'Explorer.EXE' - '147' Module(s) have been scannedScan process 'svchost.exe' - '20' Module(s) have been scannedScan process 'svchost.exe' - '28' Module(s) have been scannedScan process 'svchost.exe' - '48' Module(s) have been scannedScan process 'svchost.exe' - '26' Module(s) have been scannedScan process 'svchost.exe' - '30' Module(s) have been scannedScan process 'svchost.exe' - '51' Module(s) have been scannedScan process 'lsm.exe' - '16' Module(s) have been scannedScan process 'lsass.exe' - '61' Module(s) have been scannedScan process 'winlogon.exe' - '23' Module(s) have been scannedScan process 'services.exe' - '31' Module(s) have been scannedScan process 'csrss.exe' - '16' Module(s) have been scannedScan process 'wininit.exe' - '21' Module(s) have been scannedScan process 'csrss.exe' - '16' Module(s) have been scannedScan process 'smss.exe' - '2' Module(s) have been scannedStarting master boot sector scan:Master boot sector HD1 [iNFO] No virus was found!Master boot sector HD2 [iNFO] No virus was found!Master boot sector HD3 [iNFO] No virus was found!Master boot sector HD4 [iNFO] No virus was found!Start scanning boot sectors:Master boot sector HD0 [DETECTION] Contains code of the BOO/TDss.M boot sector virus [NOTE] The boot sector was written!Boot sector 'C:\' [DETECTION] Contains code of the BOO/TDss.M boot sector virus [NOTE] The boot sector has not been repaired!Starting to scan executable files (registry).C:\Program Files\Avira\AntiVir Desktop\avguard.exe [WARNING] The file could not be opened!C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [WARNING] The file could not be opened!C:\Windows\system32\Wat\WatAdminSvc.exe [WARNING] The file could not be opened!The registry was scanned ( '498' files ).Starting the file scan:Begin scan in 'C:\'C:\$Recycle.Bin\S-1-5-21-1215871253-2448568710-1958106673-1001\$RA9FRRC.dat [DETECTION] Contains code of the BOO/TDss.B boot sector virusC:\Program Files\Avira\AntiVir Desktop\avguard.exe [WARNING] The file could not be opened!C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [WARNING] The file could not be opened!C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [WARNING] The file could not be opened!C:\Windows\3735182902:3382795553.exe [DETECTION] Is the TR/Crypt.XPACK.Gen TrojanC:\Windows\System32\Wat\npWatWeb.dll [WARNING] The file could not be opened!C:\Windows\System32\Wat\WatAdminSvc.exe [WARNING] The file could not be opened!C:\Windows\System32\Wat\WatUX.exe [WARNING] The file could not be opened!C:\Windows\System32\Wat\WatWeb.dll [WARNING] The file could not be opened!Beginning disinfection:C:\Windows\3735182902:3382795553.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4bd32f03.qua'.C:\$Recycle.Bin\S-1-5-21-1215871253-2448568710-1958106673-1001\$RA9FRRC.dat [DETECTION] Contains code of the BOO/TDss.B boot sector virus [NOTE] The file was moved to the quarantine directory under the name '537a00bf.qua'.End of the scan: September-05-11 22:56Used time: 23:12 Minute(s)The scan has been done completely. 19937 Scanned directories 219914 Files were scanned 4 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 1 files were deleted 0 Viruses and unwanted programs were repaired 2 Files were moved to quarantine 0 Files were renamed 10 Files cannot be scanned 219902 Files not concerned 1437 Archives were scanned 10 Warnings 4 Notes Link to post Share on other sites More sharing options...
Bossk34 Posted September 6, 2011 Author ID:473219 Share Posted September 6, 2011 Another update. I got a friend over trying to help me out with this. We tried to find the recycle bin, no dice. So we opened control panel after following instructions on the Microsoft website in order to try and see hidden files. The option to view hidden files is gone, not even available. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 7, 2011 Staff ID:473754 Share Posted September 7, 2011 Hi and welcome to Malwarebytes.Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Next, download DDS by sUBs and save it to your Desktop.Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.-screen317 Link to post Share on other sites More sharing options...
Bossk34 Posted September 8, 2011 Author ID:473894 Share Posted September 8, 2011 Hey, thanks for the reply. So there is where I am at. Yesterday I went scanning on other sites how to get rid of that dam virus. I came across TDSSkiller. So I ran it but to no avail much. But, once i ran it, then ran malewarebytes and avira in safe mode, it was able to get rid of the virus, only problem was that I couldn't use the internet after lol. So I went to the furthest system restore point back I could, unfortunately I couldn't get far back enough for the virus to be gone, but I can use the internet now. So here are the reports. Thanks a lot for your help.2011/09/07 22:51:21.0215 2168 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:562011/09/07 22:51:23.0243 2168 ================================================================================2011/09/07 22:51:23.0243 2168 SystemInfo:2011/09/07 22:51:23.0243 2168 2011/09/07 22:51:23.0243 2168 OS Version: 6.1.7600 ServicePack: 0.02011/09/07 22:51:23.0243 2168 Product type: Workstation2011/09/07 22:51:23.0243 2168 ComputerName: BRICE-PC2011/09/07 22:51:23.0243 2168 UserName: Brice2011/09/07 22:51:23.0243 2168 Windows directory: C:\Windows2011/09/07 22:51:23.0243 2168 System windows directory: C:\Windows2011/09/07 22:51:23.0243 2168 Processor architecture: Intel x862011/09/07 22:51:23.0243 2168 Number of processors: 22011/09/07 22:51:23.0243 2168 Page size: 0x10002011/09/07 22:51:23.0243 2168 Boot type: Normal boot2011/09/07 22:51:23.0243 2168 ================================================================================2011/09/07 22:51:25.0161 2168 Initialize success2011/09/07 22:51:26.0893 2240 ================================================================================2011/09/07 22:51:26.0893 2240 Scan started2011/09/07 22:51:26.0893 2240 Mode: Manual; 2011/09/07 22:51:26.0893 2240 ================================================================================2011/09/07 22:51:27.0985 2240 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys2011/09/07 22:51:28.0047 2240 365ea2de (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3735182902:3382795553.exe2011/09/07 22:51:28.0047 2240 Suspicious file (Hidden): C:\Windows\3735182902:3382795553.exe. md5: 8f2bb1827cac01aee6a16e30a12601992011/09/07 22:51:28.0047 2240 365ea2de - detected HiddenFile.Multi.Generic (1)2011/09/07 22:51:28.0079 2240 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys2011/09/07 22:51:28.0110 2240 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys2011/09/07 22:51:28.0141 2240 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys2011/09/07 22:51:28.0172 2240 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys2011/09/07 22:51:28.0203 2240 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys2011/09/07 22:51:28.0266 2240 AFD (dbbcd12483bd1ff0befee4135ce35626) C:\Windows\system32\drivers\afd.sys2011/09/07 22:51:28.0266 2240 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: dbbcd12483bd1ff0befee4135ce35626, Fake md5: 0db7a48388d54d154ebec120461a0fcd2011/09/07 22:51:28.0266 2240 AFD - detected Rootkit.Win32.ZAccess.e (0)2011/09/07 22:51:28.0297 2240 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys2011/09/07 22:51:28.0359 2240 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys2011/09/07 22:51:28.0391 2240 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys2011/09/07 22:51:28.0422 2240 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys2011/09/07 22:51:28.0453 2240 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys2011/09/07 22:51:28.0469 2240 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys2011/09/07 22:51:28.0500 2240 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys2011/09/07 22:51:28.0531 2240 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys2011/09/07 22:51:28.0547 2240 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys2011/09/07 22:51:28.0578 2240 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys2011/09/07 22:51:28.0593 2240 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys2011/09/07 22:51:28.0671 2240 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys2011/09/07 22:51:28.0703 2240 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys2011/09/07 22:51:28.0734 2240 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys2011/09/07 22:51:28.0781 2240 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys2011/09/07 22:51:28.0874 2240 atikmdag (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\DRIVERS\atikmdag.sys2011/09/07 22:51:28.0983 2240 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys2011/09/07 22:51:28.0999 2240 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys2011/09/07 22:51:29.0061 2240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys2011/09/07 22:51:29.0108 2240 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys2011/09/07 22:51:29.0171 2240 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys2011/09/07 22:51:29.0217 2240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys2011/09/07 22:51:29.0233 2240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys2011/09/07 22:51:29.0264 2240 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys2011/09/07 22:51:29.0311 2240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys2011/09/07 22:51:29.0327 2240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys2011/09/07 22:51:29.0342 2240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys2011/09/07 22:51:29.0373 2240 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys2011/09/07 22:51:29.0405 2240 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys2011/09/07 22:51:29.0483 2240 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys2011/09/07 22:51:29.0529 2240 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys2011/09/07 22:51:29.0545 2240 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys2011/09/07 22:51:29.0607 2240 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys2011/09/07 22:51:29.0623 2240 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys2011/09/07 22:51:29.0654 2240 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys2011/09/07 22:51:29.0685 2240 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys2011/09/07 22:51:29.0732 2240 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys2011/09/07 22:51:29.0763 2240 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys2011/09/07 22:51:29.0810 2240 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys2011/09/07 22:51:29.0873 2240 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys2011/09/07 22:51:29.0904 2240 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys2011/09/07 22:51:29.0935 2240 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys2011/09/07 22:51:29.0997 2240 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys2011/09/07 22:51:30.0044 2240 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys2011/09/07 22:51:30.0091 2240 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys2011/09/07 22:51:30.0169 2240 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys2011/09/07 22:51:30.0278 2240 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys2011/09/07 22:51:30.0309 2240 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys2011/09/07 22:51:30.0356 2240 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys2011/09/07 22:51:30.0372 2240 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys2011/09/07 22:51:30.0419 2240 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys2011/09/07 22:51:30.0450 2240 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys2011/09/07 22:51:30.0465 2240 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys2011/09/07 22:51:30.0497 2240 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys2011/09/07 22:51:30.0512 2240 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys2011/09/07 22:51:30.0543 2240 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys2011/09/07 22:51:30.0590 2240 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys2011/09/07 22:51:30.0637 2240 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys2011/09/07 22:51:30.0684 2240 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys2011/09/07 22:51:30.0699 2240 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys2011/09/07 22:51:30.0762 2240 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys2011/09/07 22:51:30.0824 2240 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys2011/09/07 22:51:30.0855 2240 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys2011/09/07 22:51:30.0871 2240 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys2011/09/07 22:51:30.0902 2240 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys2011/09/07 22:51:30.0933 2240 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys2011/09/07 22:51:30.0965 2240 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys2011/09/07 22:51:31.0011 2240 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys2011/09/07 22:51:31.0058 2240 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys2011/09/07 22:51:31.0089 2240 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys2011/09/07 22:51:31.0121 2240 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys2011/09/07 22:51:31.0183 2240 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys2011/09/07 22:51:31.0214 2240 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys2011/09/07 22:51:31.0245 2240 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys2011/09/07 22:51:31.0292 2240 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys2011/09/07 22:51:31.0308 2240 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys2011/09/07 22:51:31.0339 2240 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys2011/09/07 22:51:31.0370 2240 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys2011/09/07 22:51:31.0401 2240 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys2011/09/07 22:51:31.0417 2240 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys2011/09/07 22:51:31.0433 2240 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys2011/09/07 22:51:31.0479 2240 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys2011/09/07 22:51:31.0495 2240 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys2011/09/07 22:51:31.0542 2240 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys2011/09/07 22:51:31.0589 2240 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys2011/09/07 22:51:31.0698 2240 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys2011/09/07 22:51:31.0745 2240 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys2011/09/07 22:51:31.0791 2240 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys2011/09/07 22:51:31.0854 2240 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys2011/09/07 22:51:31.0869 2240 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys2011/09/07 22:51:31.0885 2240 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys2011/09/07 22:51:31.0916 2240 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys2011/09/07 22:51:31.0963 2240 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys2011/09/07 22:51:32.0010 2240 MBAMSwissArmy (dfcd77be118dbe22fef9fefa926b607f) C:\Windows\system32\drivers\mbamswissarmy.sys2011/09/07 22:51:32.0010 2240 Suspicious file (Forged): C:\Windows\system32\drivers\mbamswissarmy.sys. Real md5: dfcd77be118dbe22fef9fefa926b607f, Fake md5: 33ebe9135a74efb6589b2c6ced72085e2011/09/07 22:51:32.0010 2240 MBAMSwissArmy - detected ForgedFile.Multi.Generic (1)2011/09/07 22:51:32.0072 2240 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys2011/09/07 22:51:32.0119 2240 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys2011/09/07 22:51:32.0150 2240 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys2011/09/07 22:51:32.0181 2240 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys2011/09/07 22:51:32.0213 2240 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys2011/09/07 22:51:32.0244 2240 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys2011/09/07 22:51:32.0259 2240 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys2011/09/07 22:51:32.0291 2240 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys2011/09/07 22:51:32.0306 2240 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys2011/09/07 22:51:32.0337 2240 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys2011/09/07 22:51:32.0384 2240 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys2011/09/07 22:51:32.0447 2240 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys2011/09/07 22:51:32.0478 2240 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys2011/09/07 22:51:32.0509 2240 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys2011/09/07 22:51:32.0525 2240 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys2011/09/07 22:51:32.0587 2240 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys2011/09/07 22:51:32.0603 2240 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys2011/09/07 22:51:32.0634 2240 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys2011/09/07 22:51:32.0665 2240 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys2011/09/07 22:51:32.0696 2240 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys2011/09/07 22:51:32.0712 2240 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys2011/09/07 22:51:32.0743 2240 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys2011/09/07 22:51:32.0774 2240 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys2011/09/07 22:51:32.0790 2240 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys2011/09/07 22:51:32.0821 2240 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys2011/09/07 22:51:32.0852 2240 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys2011/09/07 22:51:32.0883 2240 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys2011/09/07 22:51:32.0915 2240 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys2011/09/07 22:51:32.0961 2240 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys2011/09/07 22:51:32.0993 2240 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys2011/09/07 22:51:33.0008 2240 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys2011/09/07 22:51:33.0039 2240 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys2011/09/07 22:51:33.0055 2240 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys2011/09/07 22:51:33.0086 2240 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys2011/09/07 22:51:33.0102 2240 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys2011/09/07 22:51:33.0164 2240 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys2011/09/07 22:51:33.0195 2240 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys2011/09/07 22:51:33.0227 2240 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys2011/09/07 22:51:33.0289 2240 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys2011/09/07 22:51:33.0336 2240 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys2011/09/07 22:51:33.0383 2240 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys2011/09/07 22:51:33.0414 2240 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys2011/09/07 22:51:33.0445 2240 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys2011/09/07 22:51:33.0476 2240 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys2011/09/07 22:51:33.0539 2240 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys2011/09/07 22:51:33.0570 2240 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys2011/09/07 22:51:33.0585 2240 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys2011/09/07 22:51:33.0679 2240 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys2011/09/07 22:51:33.0710 2240 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys2011/09/07 22:51:33.0726 2240 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys2011/09/07 22:51:33.0757 2240 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys2011/09/07 22:51:33.0788 2240 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys2011/09/07 22:51:33.0882 2240 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys2011/09/07 22:51:33.0913 2240 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys2011/09/07 22:51:33.0960 2240 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys2011/09/07 22:51:34.0007 2240 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys2011/09/07 22:51:34.0069 2240 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys2011/09/07 22:51:34.0100 2240 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys2011/09/07 22:51:34.0116 2240 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys2011/09/07 22:51:34.0163 2240 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys2011/09/07 22:51:34.0194 2240 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys2011/09/07 22:51:34.0225 2240 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys2011/09/07 22:51:34.0241 2240 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys2011/09/07 22:51:34.0272 2240 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys2011/09/07 22:51:34.0287 2240 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys2011/09/07 22:51:34.0319 2240 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys2011/09/07 22:51:34.0350 2240 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys2011/09/07 22:51:34.0381 2240 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys2011/09/07 22:51:34.0412 2240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys2011/09/07 22:51:34.0428 2240 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys2011/09/07 22:51:34.0475 2240 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys2011/09/07 22:51:34.0537 2240 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys2011/09/07 22:51:34.0599 2240 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys2011/09/07 22:51:34.0631 2240 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys2011/09/07 22:51:34.0662 2240 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys2011/09/07 22:51:34.0724 2240 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2011/09/07 22:51:34.0771 2240 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys2011/09/07 22:51:34.0787 2240 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys2011/09/07 22:51:34.0818 2240 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys2011/09/07 22:51:34.0865 2240 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys2011/09/07 22:51:34.0880 2240 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys2011/09/07 22:51:34.0911 2240 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys2011/09/07 22:51:34.0927 2240 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys2011/09/07 22:51:34.0974 2240 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys2011/09/07 22:51:34.0989 2240 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys2011/09/07 22:51:35.0021 2240 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys2011/09/07 22:51:35.0052 2240 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys2011/09/07 22:51:35.0099 2240 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys2011/09/07 22:51:35.0177 2240 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys2011/09/07 22:51:35.0192 2240 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys2011/09/07 22:51:35.0239 2240 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys2011/09/07 22:51:35.0286 2240 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys2011/09/07 22:51:35.0333 2240 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys2011/09/07 22:51:35.0364 2240 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys2011/09/07 22:51:35.0395 2240 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys2011/09/07 22:51:35.0489 2240 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys2011/09/07 22:51:35.0551 2240 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys2011/09/07 22:51:35.0582 2240 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys2011/09/07 22:51:35.0613 2240 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys2011/09/07 22:51:35.0645 2240 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys2011/09/07 22:51:35.0676 2240 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys2011/09/07 22:51:35.0691 2240 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys2011/09/07 22:51:35.0754 2240 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys2011/09/07 22:51:35.0769 2240 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys2011/09/07 22:51:35.0801 2240 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys2011/09/07 22:51:35.0832 2240 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys2011/09/07 22:51:35.0879 2240 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys2011/09/07 22:51:35.0910 2240 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys2011/09/07 22:51:35.0925 2240 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys2011/09/07 22:51:35.0972 2240 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys2011/09/07 22:51:36.0003 2240 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys2011/09/07 22:51:36.0019 2240 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys2011/09/07 22:51:36.0066 2240 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys2011/09/07 22:51:36.0113 2240 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys2011/09/07 22:51:36.0144 2240 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys2011/09/07 22:51:36.0175 2240 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys2011/09/07 22:51:36.0222 2240 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS2011/09/07 22:51:36.0253 2240 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys2011/09/07 22:51:36.0300 2240 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys2011/09/07 22:51:36.0331 2240 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys2011/09/07 22:51:36.0362 2240 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys2011/09/07 22:51:36.0378 2240 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys2011/09/07 22:51:36.0409 2240 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys2011/09/07 22:51:36.0440 2240 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys2011/09/07 22:51:36.0456 2240 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys2011/09/07 22:51:36.0487 2240 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys2011/09/07 22:51:36.0518 2240 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys2011/09/07 22:51:36.0549 2240 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys2011/09/07 22:51:36.0565 2240 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys2011/09/07 22:51:36.0596 2240 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys2011/09/07 22:51:36.0627 2240 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys2011/09/07 22:51:36.0674 2240 VSTHWBS2 (682fcf7d2eb5158cd30408e976562408) C:\Windows\system32\DRIVERS\VSTBS23.SYS2011/09/07 22:51:36.0721 2240 VST_DPV (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS2011/09/07 22:51:36.0752 2240 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys2011/09/07 22:51:36.0815 2240 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys2011/09/07 22:51:36.0846 2240 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2011/09/07 22:51:36.0861 2240 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys2011/09/07 22:51:36.0939 2240 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys2011/09/07 22:51:36.0971 2240 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys2011/09/07 22:51:37.0049 2240 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys2011/09/07 22:51:37.0064 2240 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys2011/09/07 22:51:37.0111 2240 winachsf (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS2011/09/07 22:51:37.0205 2240 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys2011/09/07 22:51:37.0251 2240 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys2011/09/07 22:51:37.0314 2240 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys2011/09/07 22:51:37.0361 2240 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys2011/09/07 22:51:37.0376 2240 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys2011/09/07 22:51:37.0439 2240 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR02011/09/07 22:51:37.0454 2240 Boot (0x1200) (462f3349a70a6d0f88b5142b2bb12e16) \Device\Harddisk0\DR0\Partition02011/09/07 22:51:37.0485 2240 Boot (0x1200) (d169dba72b5367527e6ab38a9f17cafe) \Device\Harddisk0\DR0\Partition12011/09/07 22:51:37.0485 2240 ================================================================================2011/09/07 22:51:37.0485 2240 Scan finished2011/09/07 22:51:37.0485 2240 ================================================================================2011/09/07 22:51:37.0501 2184 Detected object count: 32011/09/07 22:51:37.0501 2184 Actual detected object count: 32011/09/07 22:51:51.0229 2184 HiddenFile.Multi.Generic(365ea2de) - User select action: Skip 2011/09/07 22:51:51.0338 2184 AFD (dbbcd12483bd1ff0befee4135ce35626) C:\Windows\system32\drivers\afd.sys2011/09/07 22:51:51.0338 2184 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: dbbcd12483bd1ff0befee4135ce35626, Fake md5: 0db7a48388d54d154ebec120461a0fcd2011/09/07 22:51:53.0382 2184 Backup copy not found, trying to cure infected file..2011/09/07 22:51:53.0382 2184 C:\Windows\system32\drivers\afd.sys - Cure failed (FFFFFFFF)2011/09/07 22:51:53.0382 2184 C:\Windows\system32\drivers\afd.sys - processing error2011/09/07 22:51:53.0382 2184 Rootkit.Win32.ZAccess.e(AFD) - User select action: Cure 2011/09/07 22:51:53.0382 2184 ForgedFile.Multi.Generic(MBAMSwissArmy) - User select action: Skip .DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22Run by Brice at 22:56:09 on 2011-09-07Microsoft Windows 7 Ultimate 6.1.7600.0.1252.2.1033.18.2046.1239 [GMT -4:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\3735182902:3382795553.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\WUDFHost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k swprvC:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Users\Brice\Desktop\TDSS\TDSSKiller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\vssvc.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\AUDIODG.EXEC:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2966884uInternet Settings,ProxyServer = http=127.0.0.1:55071uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dlluURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dllmURLSearchHooks: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: PhotoJoy Bar Toolbar: {cf45c54f-801c-41b5-ac77-57f2bf418edc} - c:\program files\photojoy_bar\prxtbPhot.dlluRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [<NO NAME>] dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exedRun: [1414025238] c:\windows\system32\config\systemprofile\appdata\local\nru.exeuPolicies-explorer: HideSCAHealth = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableLUA = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)dPolicies-explorer: HideSCAHealth = 1 (0x1)IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htmIE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htmIE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.5.4.11.dll/206IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLLLSP: mswsock.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1 64.59.176.13 64.59.176.15TCP: Interfaces\{F846AD76-5347-41E3-9B85-177B993334A0} : DhcpNameServer = 192.168.1.1 64.59.176.13 64.59.176.15Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\brice\appdata\roaming\mozilla\firefox\profiles\3p2tw528.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.chopra.com/dailyinspirationFF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=FF - prefs.js: network.proxy.type - 0FF - component: c:\users\brice\appdata\roaming\mozilla\firefox\profiles\3p2tw528.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension3.dllFF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\program files\nos\bin\np_gp.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}FF - Ext: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - %profile%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}.============= SERVICES / DRIVERS ===============.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-3-2 64512]R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 136176]S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-8-31 94880]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\bitcomet\tools\bitcometservice.exe -service --> c:\program files\bitcomet\tools\BitCometService.exe -service [?]S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-21 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-29 136176]S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-2 2152152]S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-2 15232]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-7 41272]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2011-1-20 1343400]S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040].=============== Created Last 30 ================.2011-09-08 02:50:44 -------- d-----w- c:\users\brice\appdata\local\{6595C4DE-F2E5-4946-AA25-D54A9CDA1AE3}2011-09-08 02:49:18 -------- d-----w- c:\users\brice\appdata\local\{597F9324-F6CF-4A59-BE3A-A9EA459B38F2}2011-09-08 02:43:28 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-09-08 02:43:28 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-09-08 02:37:37 -------- d-----w- c:\users\brice\appdata\local\{8C217A8B-C187-4678-88ED-96A80D4150C8}2011-09-08 02:02:38 -------- d-----w- c:\users\brice\appdata\local\{A77B7599-9B37-4D85-BB38-99D73CB56E2D}2011-09-08 01:54:14 -------- d-----w- c:\users\brice\appdata\local\{53C4087B-BDDA-4F9A-A8C5-DDDD8EC8116D}2011-09-07 21:00:35 -------- d-----w- c:\users\brice\appdata\local\{BDC9DB1D-DE41-4D64-8BFF-33B1733EF6EF}2011-09-07 20:48:37 -------- d-----w- c:\users\brice\appdata\local\{2E23AAF0-407E-4046-8903-1B556006DB4E}2011-09-07 15:26:19 -------- d-----w- c:\users\brice\appdata\local\{0413861D-2A7F-44F6-BBCD-1BA6D7755BA7}2011-09-07 05:57:19 -------- d-----w- c:\users\brice\appdata\local\{4A3E2F8E-4DA9-453F-A2CD-F44565861FAC}2011-09-07 05:49:53 -------- d-----w- C:\dell2011-09-07 05:34:23 -------- d-----w- c:\users\brice\appdata\local\{617EBD88-765F-4E2B-B9A2-A2F6F76D4942}2011-09-07 05:32:08 -------- d-----w- c:\users\brice\appdata\local\{BD5E8F85-974E-4A63-8154-C555B514E28C}2011-09-07 05:27:29 -------- d-----w- c:\users\brice\appdata\local\{1602616D-5DCD-4A8E-AFAA-64245CA178B7}2011-09-07 05:22:58 -------- d-----w- c:\users\brice\appdata\local\{EFA6D1DE-7D38-4BCA-8367-DF4233D2A897}2011-09-07 03:42:32 -------- d-----w- c:\users\brice\appdata\roaming\DeviceDoctorSoftware2011-09-06 22:49:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2011-09-06 21:42:58 -------- d-----w- c:\programdata\REPORTS2011-09-06 21:42:58 -------- d-----w- c:\programdata\LOGFILES2011-09-06 21:42:58 -------- d-----w- c:\programdata\INFECTED2011-09-06 17:07:53 -------- d-----w- c:\users\brice\appdata\local\{410C1A93-0E69-4AF5-A371-4FA49A4FEEE0}2011-09-06 17:07:21 -------- d-----w- c:\users\brice\appdata\local\{56CE209B-2118-48B9-B9A2-CA1624F4A730}2011-09-06 04:28:50 -------- d-----w- c:\users\brice\appdata\roaming\uTorrent2011-09-06 04:28:50 -------- d-----w- c:\users\brice\appdata\local\uTorrent2011-09-06 02:04:37 -------- d-----w- c:\users\brice\appdata\local\{44885678-9BC6-4BDD-AC1B-0125252681FB}2011-09-06 02:04:26 -------- d-----w- c:\users\brice\appdata\local\{F1460941-69E1-4657-BE52-B411CEEF76A1}2011-09-05 14:04:08 -------- d-----w- c:\users\brice\appdata\local\{517B5860-6020-4B4A-AF15-121A869EFB7A}2011-09-05 14:04:05 -------- d-----w- c:\users\brice\appdata\local\{D172B543-CA4E-49EB-B4D3-437A8CC145D5}2011-09-05 01:54:00 -------- d-----w- c:\users\brice\Malwarebytes' Anti-Malware2011-09-04 23:45:22 -------- d-----w- c:\users\brice\appdata\local\{4D4ABB7F-930D-4F58-9934-706E9E8F486B}2011-09-04 23:44:56 -------- d-----w- c:\users\brice\appdata\local\{21265DF9-C214-4EAB-8DB8-65C7A7C544B3}2011-09-04 23:42:07 -------- d-----w- c:\program files\CCleaner2011-09-04 23:40:45 -------- d-----w- c:\users\brice\appdata\roaming\RegClean2011-09-04 23:40:41 -------- d-----w- c:\program files\RegClean2011-09-04 11:44:22 -------- d-----w- c:\users\brice\appdata\local\{F476C582-A0AB-4ADF-924D-FAE5A3F43D62}2011-09-04 11:43:59 -------- d-----w- c:\users\brice\appdata\local\{7B1A7C23-C746-4E17-B4BB-5F8203E4217E}2011-09-04 06:12:35 -------- d-----w- c:\users\brice\appdata\local\{4D0E0B20-98BD-471F-BEDC-0A91FA1162DA}2011-09-03 16:04:04 -------- d-----w- c:\users\brice\appdata\local\{C709C4DE-04E1-45FC-980A-1A102AB4AF38}2011-09-03 16:03:57 -------- d-----w- c:\users\brice\appdata\local\{70593294-4D64-4B5A-90FB-1D265311329B}2011-09-03 16:02:13 0 ----a-w- c:\users\brice\appdata\local\Bjahitokesik.bin2011-09-03 16:02:06 -------- d-----w- c:\users\brice\appdata\local\{0180AD48-B35E-4A28-B625-80CA2C306C47}2011-09-02 17:07:43 4194304 ----a-w- c:\windows\system32\xadqgnnk.dll2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\wbgb.exe2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\vmst.exe2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\rgoc.exe2011-09-02 15:19:01 0 ----a-w- c:\windows\system32\lknr.exe2011-09-02 15:19:01 0 ----a-w- c:\programdata\ytuu.exe2011-09-02 15:19:01 0 ----a-w- c:\programdata\pyfi.exe2011-09-02 15:19:01 0 ----a-w- c:\programdata\ooqr.exe2011-09-02 15:19:01 0 ----a-w- c:\programdata\noaf.exe2011-09-02 14:43:18 -------- d-----w- c:\users\brice\appdata\local\{2B163D51-BB0C-4F49-AA82-0DD7573B03FD}2011-09-02 14:43:16 -------- d-----w- c:\users\brice\appdata\local\{7E745D95-2917-46E5-A6F9-39EFC9B35D3A}2011-09-01 19:04:33 -------- d-----w- c:\programdata\fD09801HjFmG098012011-09-01 18:41:57 -------- d-----w- c:\users\brice\appdata\local\{94628BB4-7223-4BC0-81CE-C672C6C0D530}2011-09-01 18:41:25 -------- d-----w- c:\users\brice\appdata\local\{65D347C9-AD94-4861-8032-5B39F86509AD}2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\uqbi.exe2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\qpyx.exe2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\oeng.exe2011-09-01 16:43:20 0 ----a-w- c:\users\brice\appdata\local\ikri.exe2011-09-01 16:43:20 0 ----a-w- c:\programdata\vgiw.exe2011-09-01 16:43:20 0 ----a-w- c:\programdata\psda.exe2011-09-01 16:43:20 0 ----a-w- c:\programdata\inrp.exe2011-09-01 16:43:20 0 ----a-w- c:\programdata\futf.exe2011-09-01 06:41:04 -------- d-----w- c:\users\brice\appdata\local\{CE7BDAD9-794D-41F9-B010-9C0402AF6253}2011-09-01 06:41:01 -------- d-----w- c:\users\brice\appdata\local\{71150AAB-92A0-4C88-936A-863104D2D22D}2011-08-31 20:44:14 177664 ----a-w- c:\windows\system32\unrar.dll2011-08-31 20:44:14 -------- d-----w- c:\program files\Unrar Extract and Recover 4.22011-08-31 20:36:51 -------- d-----w- c:\program files\Conduit2011-08-31 20:36:50 -------- d-----w- c:\users\brice\appdata\local\Conduit2011-08-31 20:36:50 -------- d-----w- c:\program files\PhotoJoy_Bar2011-08-31 20:36:27 -------- d-----w- c:\program files\Intelore2011-08-31 15:09:31 -------- d-----w- c:\users\brice\appdata\local\{861FCEA7-6CFC-453D-859F-71438DF57946}2011-08-31 15:08:22 -------- d-----w- c:\users\brice\appdata\local\{1497C669-DFB3-41EE-8986-89EBD9CDBD48}2011-08-31 03:05:11 -------- d-----w- c:\users\brice\appdata\local\{81B696AA-CD4B-4712-9F5B-C41BF4103B0D}2011-08-31 03:04:07 -------- d-----w- c:\users\brice\appdata\local\{8D088E08-71AC-4BB9-ADE6-DFC6D02D4A39}2011-08-30 15:03:34 -------- d-----w- c:\users\brice\appdata\local\{E9B15090-5F26-47A2-8DD5-E4CFC709A5B4}2011-08-30 15:03:11 -------- d-----w- c:\users\brice\appdata\local\{14ED39FC-92BE-43ED-A10E-1230B8CBE951}2011-08-30 03:02:25 -------- d-----w- c:\users\brice\appdata\local\{1E4734C2-5EDD-437B-B47C-103D2DE3D879}2011-08-30 03:00:55 -------- d-----w- c:\users\brice\appdata\local\{A5D11A39-A96B-4C69-97FC-C6AF3E6AEFC2}2011-08-29 14:09:49 -------- d-----w- c:\users\brice\appdata\local\{DB8238B9-8BB8-42E7-B332-4E3F4299D226}2011-08-29 14:08:59 -------- d-----w- c:\users\brice\appdata\local\{7F36145A-336E-49DD-9A69-B25AACA0B85B}2011-08-28 18:40:34 -------- d-----w- c:\users\brice\appdata\local\{C6C05ED5-48A1-4649-B416-ED18CDB6938C}2011-08-28 18:39:29 -------- d-----w- c:\users\brice\appdata\local\{2C027371-43EF-4B0F-9980-B89861B819EC}2011-08-27 18:52:47 -------- d-----w- c:\users\brice\appdata\local\{69EF345D-70A8-4D3D-995C-1A21239058AB}2011-08-27 18:52:39 -------- d-----w- c:\users\brice\appdata\local\{1D7D0182-9735-4AB1-8390-2639D2C8CE9D}2011-08-27 05:59:31 -------- d-----w- c:\users\brice\appdata\local\{39423B4A-614C-4C10-ABD3-EAC4074C07BE}2011-08-26 16:25:43 -------- d-----w- c:\users\brice\appdata\local\{44002B0C-2675-4EBD-8EEA-B35CC3D155F1}2011-08-26 16:25:29 -------- d-----w- c:\users\brice\appdata\local\{17349B5A-8D36-462D-A223-E9268B5946B3}2011-08-26 04:25:12 -------- d-----w- c:\users\brice\appdata\local\{03D9075E-B198-45F7-987F-6493967B3EA2}2011-08-26 04:24:43 -------- d-----w- c:\users\brice\appdata\local\{E71E428E-EC40-44BF-8ADA-0DC17C5F650C}2011-08-25 16:24:09 -------- d-----w- c:\users\brice\appdata\local\{4FDF6F82-AFCC-4009-99D5-E9CDF5A2F703}2011-08-25 16:23:49 -------- d-----w- c:\users\brice\appdata\local\{D6F15894-69FC-4FC9-954A-8A7F834B2186}2011-08-25 04:23:09 -------- d-----w- c:\users\brice\appdata\local\{521F5482-B167-491F-98E7-C4CB4F50A8A7}2011-08-24 15:57:07 -------- d-----w- c:\users\brice\appdata\local\{F401310B-72CB-4AAA-9030-E6E9E74D9458}2011-08-24 15:56:53 -------- d-----w- c:\users\brice\appdata\local\{758EF851-75A8-488D-8A91-6400FF0C7A9C}2011-08-24 03:47:12 -------- d-----w- c:\users\brice\appdata\local\{527AB5BE-438B-4914-B98D-35B56857C9D6}2011-08-24 03:46:39 -------- d-----w- c:\users\brice\appdata\local\{9AFF5E57-B7F5-4580-B488-84FD8376C003}2011-08-23 20:45:36 2048 ----a-w- c:\windows\system32\tzres.dll2011-08-23 14:32:26 -------- d-----w- c:\users\brice\appdata\local\{F190564F-9D0F-471B-B75D-6B23F190DAEF}2011-08-23 04:08:57 -------- d-----w- c:\users\brice\appdata\local\{1D6ACDE3-F414-4843-B795-6CA50F3C2411}2011-08-22 12:25:04 -------- d-----w- c:\users\brice\appdata\local\{2F186D31-6A2E-4F4A-93FB-6105EE72814C}2011-08-22 12:25:02 -------- d-----w- c:\users\brice\appdata\local\{B1C1ACFB-5709-4F7D-A9DC-0F912D2129DC}2011-08-21 16:18:50 -------- d-----w- c:\users\brice\appdata\local\{F91B2707-76BF-43D7-BDA2-EA9030B74AD9}2011-08-21 16:18:03 -------- d-----w- c:\users\brice\appdata\local\{FE3F8C81-E7E1-47C7-BF1A-B8904DB88476}2011-08-20 23:27:51 -------- d-----w- c:\users\brice\appdata\local\{760AF597-323B-4791-AB34-41CA9C29B4BA}2011-08-20 23:27:01 -------- d-----w- c:\users\brice\appdata\local\{7C3D76F8-1878-4C53-A459-AD9B3549A047}2011-08-20 06:43:25 -------- d-----w- c:\users\brice\appdata\local\{591F8B0D-A972-4CF5-BCB2-DAA4D49E3BFE}2011-08-20 06:43:20 -------- d-----w- c:\users\brice\appdata\local\{AEB55C06-8B36-4B2C-9F0A-525E3E88EE5C}2011-08-20 00:13:48 -------- d-----w- c:\program files\YouTube Downloader Toolbar2011-08-20 00:13:48 -------- d-----w- c:\program files\common files\Spigot2011-08-20 00:13:48 -------- d-----w- c:\program files\Application Updater2011-08-19 11:47:38 -------- d-----w- c:\users\brice\appdata\local\{22EE0E08-46E9-460A-83C8-54F8514372CE}2011-08-19 11:47:36 -------- d-----w- c:\users\brice\appdata\local\{5B940978-9C34-48B7-8393-DD012A46255B}2011-08-18 05:30:56 -------- d-----w- c:\users\brice\appdata\local\{6DB30432-3205-4085-B7AD-95B87FFEC0DE}2011-08-18 05:30:24 -------- d-----w- c:\users\brice\appdata\local\{D94CD60B-CA71-4828-A173-96893B8D07CA}2011-08-17 17:30:08 -------- d-----w- c:\users\brice\appdata\local\{4E26B0C9-FFFB-41F3-B18A-63332DB2EBF6}2011-08-17 17:29:05 -------- d-----w- c:\users\brice\appdata\local\{6ABB1549-D453-40E1-8944-30E8BCAAF4FA}2011-08-17 03:42:31 -------- d-----w- c:\users\brice\appdata\local\{79983774-AC2F-4AB8-8113-5077E980777F}2011-08-17 03:41:44 -------- d-----w- c:\users\brice\appdata\local\{9383F3E6-860F-44CE-BC9B-D5E1DD64C293}2011-08-16 11:17:32 -------- d-----w- c:\users\brice\appdata\local\{CCF6A5FD-2503-4F04-9401-C2A49C69C9B1}2011-08-16 11:17:30 -------- d-----w- c:\users\brice\appdata\local\{DF3F786B-4165-418C-ADF4-79ECEC96DE9A}2011-08-15 09:45:47 -------- d-----w- c:\users\brice\appdata\local\{F7474C52-5E6B-478B-A5A3-A93CF0ACE063}2011-08-15 09:45:45 -------- d-----w- c:\users\brice\appdata\local\{0E11C191-1034-4A38-B7E8-ED08A3D37CA7}2011-08-13 15:36:36 -------- d-----w- c:\users\brice\appdata\local\{161E1ECA-E1CC-48AE-8954-F2388DFA32E7}2011-08-13 15:36:19 -------- d-----w- c:\users\brice\appdata\local\{B060D322-C8DF-45E4-99E3-5F6ABE741EDF}2011-08-13 02:02:59 -------- d-----w- c:\users\brice\appdata\local\{C010BFD7-30D5-4E09-808B-84B24BBFC3A3}2011-08-12 12:00:09 -------- d-----w- c:\users\brice\appdata\local\{FC785FF6-A081-4CD8-BC3E-2A89086FB848}2011-08-12 12:00:07 -------- d-----w- c:\users\brice\appdata\local\{5C64E399-7573-4270-8743-EA68E9B94081}2011-08-11 15:24:22 -------- d-----w- c:\users\brice\appdata\local\{ABF60853-75B4-42D8-BCAF-5FB0449F8816}2011-08-11 15:24:07 -------- d-----w- c:\users\brice\appdata\local\{63D7C192-4712-487C-B720-A8E2CFBEC113}2011-08-10 15:57:10 -------- d-----w- c:\users\brice\appdata\local\{169D0DBE-6643-4845-911D-B1014F70CDB8}2011-08-10 15:56:44 -------- d-----w- c:\users\brice\appdata\local\{E67A8B39-5BBA-4C8D-9D1D-6209E890002D}2011-08-09 16:06:52 -------- d-----w- c:\users\brice\appdata\local\{17C6CD76-AFDF-49F2-BC49-D9DF3F6A32B3}2011-08-09 16:05:48 -------- d-----w- c:\users\brice\appdata\local\{F2903689-4FCA-4BC9-B2EB-149BC7F49F0F}2011-08-09 03:42:45 -------- d-----w- c:\users\brice\appdata\local\{EDD268DC-72D2-4507-B5AD-E8D7E0A1862F}2011-08-09 03:42:14 -------- d-----w- c:\users\brice\appdata\local\{644F7788-BCF1-44C0-9849-055FFDA81D83}.==================== Find3M ====================.2011-08-17 17:32:18 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys2011-06-29 07:19:32 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-06-23 04:38:05 3957120 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-06-23 04:38:04 3902336 ----a-w- c:\windows\system32\ntoskrnl.exe2011-06-21 05:39:53 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys2011-06-21 05:36:36 981504 ----a-w- c:\windows\system32\wininet.dll2011-06-21 05:35:05 44544 ----a-w- c:\windows\system32\licmgr10.dll2011-06-21 04:26:02 386048 ----a-w- c:\windows\system32\html.iec2011-06-15 09:04:46 86016 ----a-w- c:\windows\system32\odbccu32.dll2011-06-15 09:04:46 81920 ----a-w- c:\windows\system32\odbccr32.dll2011-06-15 09:04:46 319488 ----a-w- c:\windows\system32\odbcjt32.dll2011-06-15 09:04:46 163840 ----a-w- c:\windows\system32\odbctrac.dll2011-06-15 09:04:46 122880 ----a-w- c:\windows\system32\odbccp32.dll2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys.============= FINISH: 22:56:37.83 =============== Link to post Share on other sites More sharing options...
Bossk34 Posted September 8, 2011 Author ID:473895 Share Posted September 8, 2011 Oh as well, the TDSSkiller didn't prompt me to reboot, if that means anything. It found 3 items, but one it said skip. Link to post Share on other sites More sharing options...
Bossk34 Posted September 8, 2011 Author ID:473926 Share Posted September 8, 2011 Hey sorry for posting so much, but the virus running when I look in task manager is 3735182902:3382795553.exe and is SYSTEM under user name. Link to post Share on other sites More sharing options...
Bossk34 Posted September 8, 2011 Author ID:474089 Share Posted September 8, 2011 Hey sorry for posting so much, but the virus running when I look in task manager is 3735182902:3382795553.exe and is SYSTEM under user name.I keep posting stuff, but im gonna put as much info as I can in order to hopefully help you get a scope of whats going on so we can get rid of this virus.On top of that when I turned my computer on this morning i left to go eat breakfast and I came back and it said it had installed updates. I take it the virus is re installing itself? Link to post Share on other sites More sharing options...
Staff screen317 Posted September 12, 2011 Staff ID:475434 Share Posted September 12, 2011 Hi,My apologies for the delay.Please delete your copy of TDSSKiller, grab a fresh copy, run it, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted October 10, 2011 Staff ID:483898 Share Posted October 10, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485535 Share Posted October 14, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts