Rootkit.Win32.Pmax.gen infection, shuts down all antivirus antimalware programs, can't get rid of it on my own.

[sabusik]

A few days ago a file C:\Windows\1328167361:1053218224.exe showed up in my task manager list of processes.

I can't get rid of it, nothing will kill it.

Google searches started being redirected.

Microsoft Security Essentials became disabled and nothing can bring it back to life, it gives some kind of an error.

Eset Online Scanner always finds some kind of Win32/Patched.HN trojan -- usually always attached to a different file.

I downloaded full version of Eset - it became disabled immediately.

I downloaded Malwarebytes - I couldn't run it... it started and was closed immediately.

Windows Defender flags the C:\Windows\1328167361:1053218224.exe file as Trojan:Win32/Sirefef.O but it fails to remove it.

All of these antispyware/antimalware/antivirus programs - once they get disabled - you can't even try running them again - they will give an error: "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

I tried to remove the antivirus programs (but I think even the removal process had problems as the virus attached itself into some of their files).

I downloaded TDSSKiller and it finds two infected files - one has the option to cure the other to delete. After reboot the files are there again - so TDSSKiller on its own can't seem to get rid of these files.

Here's the screenshot:

I ran the DDS. I'm attaching the log files.

Let me say right away that I do understand the risks, I have changed my passwords on a clean machine, I backed up my essentials and I DO WANT TO PROCEED with cleaning and removal.

DDS.txt

Attach.txt

[sabusik]

I am also attaching the TDSSKiller.exe log.

00:33:33.0158 1268 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01

00:33:33.0283 1268 ============================================================

00:33:33.0283 1268 Current date / time: 2011/11/01 00:33:33.0283

00:33:33.0283 1268 SystemInfo:

00:33:33.0283 1268

00:33:33.0283 1268 OS Version: 6.0.6002 ServicePack: 2.0

00:33:33.0283 1268 Product type: Workstation

00:33:33.0283 1268 ComputerName: IVA-PC

00:33:33.0283 1268 UserName: Iva

00:33:33.0283 1268 Windows directory: C:\Windows

00:33:33.0283 1268 System windows directory: C:\Windows

00:33:33.0283 1268 Processor architecture: Intel x86

00:33:33.0283 1268 Number of processors: 2

00:33:33.0283 1268 Page size: 0x1000

00:33:33.0283 1268 Boot type: Normal boot

00:33:33.0283 1268 ============================================================

00:33:33.0704 1268 Initialize success

00:33:35.0389 3668 ============================================================

00:33:35.0389 3668 Scan started

00:33:35.0389 3668 Mode: Manual;

00:33:35.0389 3668 ============================================================

00:33:36.0122 3668 53014332 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\53014332.sys

00:33:36.0122 3668 53014332 - ok

00:33:36.0325 3668 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

00:33:36.0325 3668 ACPI - ok

00:33:36.0434 3668 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

00:33:36.0450 3668 adp94xx - ok

00:33:36.0575 3668 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

00:33:36.0575 3668 adpahci - ok

00:33:36.0668 3668 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

00:33:36.0668 3668 adpu160m - ok

00:33:36.0778 3668 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

00:33:36.0778 3668 adpu320 - ok

00:33:36.0918 3668 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

00:33:36.0934 3668 AFD - ok

00:33:37.0074 3668 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

00:33:37.0074 3668 agp440 - ok

00:33:37.0152 3668 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

00:33:37.0152 3668 aic78xx - ok

00:33:37.0292 3668 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

00:33:37.0308 3668 aliide - ok

00:33:37.0339 3668 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

00:33:37.0339 3668 amdagp - ok

00:33:37.0402 3668 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

00:33:37.0402 3668 amdide - ok

00:33:37.0620 3668 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

00:33:37.0620 3668 AmdK7 - ok

00:33:37.0682 3668 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

00:33:37.0682 3668 AmdK8 - ok

00:33:37.0792 3668 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys

00:33:37.0807 3668 ApfiltrService - ok

00:33:37.0932 3668 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

00:33:37.0932 3668 arc - ok

00:33:37.0994 3668 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

00:33:37.0994 3668 arcsas - ok

00:33:38.0150 3668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

00:33:38.0150 3668 AsyncMac - ok

00:33:38.0197 3668 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

00:33:38.0197 3668 atapi - ok

00:33:38.0338 3668 BCM42RLY - ok

00:33:38.0416 3668 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys

00:33:38.0431 3668 BCM43XX - ok

00:33:38.0572 3668 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

00:33:38.0572 3668 Beep - ok

00:33:38.0681 3668 BlackBox - ok

00:33:38.0728 3668 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

00:33:38.0728 3668 blbdrive - ok

00:33:38.0790 3668 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

00:33:38.0790 3668 bowser - ok

00:33:38.0915 3668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

00:33:38.0915 3668 BrFiltLo - ok

00:33:38.0946 3668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

00:33:38.0962 3668 BrFiltUp - ok

00:33:39.0086 3668 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

00:33:39.0086 3668 Brserid - ok

00:33:39.0118 3668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

00:33:39.0118 3668 BrSerWdm - ok

00:33:39.0149 3668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

00:33:39.0149 3668 BrUsbMdm - ok

00:33:39.0196 3668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

00:33:39.0196 3668 BrUsbSer - ok

00:33:39.0336 3668 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

00:33:39.0336 3668 BTHMODEM - ok

00:33:39.0430 3668 c1392a4f (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\1328167361:1053218224.exe

00:33:39.0430 3668 Suspicious file (Hidden): C:\Windows\1328167361:1053218224.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

00:33:39.0430 3668 c1392a4f ( Rootkit.Win32.PMax.gen ) - infected

00:33:39.0430 3668 c1392a4f - detected Rootkit.Win32.PMax.gen (0)

00:33:39.0539 3668 catchme - ok

00:33:39.0710 3668 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

00:33:39.0710 3668 cdfs - ok

00:33:39.0773 3668 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

00:33:39.0773 3668 cdrom - ok

00:33:39.0882 3668 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

00:33:39.0882 3668 circlass - ok

00:33:39.0960 3668 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

00:33:39.0976 3668 CLFS - ok

00:33:40.0085 3668 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

00:33:40.0085 3668 CmBatt - ok

00:33:40.0132 3668 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

00:33:40.0132 3668 cmdide - ok

00:33:40.0147 3668 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

00:33:40.0147 3668 Compbatt - ok

00:33:40.0225 3668 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

00:33:40.0225 3668 crcdisk - ok

00:33:40.0256 3668 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

00:33:40.0256 3668 Crusoe - ok

00:33:40.0319 3668 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

00:33:40.0319 3668 DfsC - ok

00:33:40.0490 3668 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

00:33:40.0490 3668 disk - ok

00:33:40.0568 3668 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

00:33:40.0568 3668 Dot4 - ok

00:33:40.0646 3668 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

00:33:40.0646 3668 Dot4Print - ok

00:33:40.0709 3668 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

00:33:40.0724 3668 dot4usb - ok

00:33:40.0834 3668 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

00:33:40.0834 3668 drmkaud - ok

00:33:40.0880 3668 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

00:33:40.0880 3668 DXGKrnl - ok

00:33:41.0068 3668 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

00:33:41.0068 3668 e1express - ok

00:33:41.0146 3668 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

00:33:41.0177 3668 E1G60 - ok

00:33:41.0395 3668 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

00:33:41.0411 3668 Ecache - ok

00:33:41.0489 3668 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

00:33:41.0489 3668 elxstor - ok

00:33:41.0567 3668 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

00:33:41.0567 3668 ErrDev - ok

00:33:41.0676 3668 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

00:33:41.0676 3668 exfat - ok

00:33:41.0785 3668 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

00:33:41.0785 3668 fastfat - ok

00:33:41.0863 3668 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

00:33:41.0863 3668 fdc - ok

00:33:41.0988 3668 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

00:33:41.0988 3668 FileInfo - ok

00:33:42.0035 3668 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

00:33:42.0035 3668 Filetrace - ok

00:33:42.0097 3668 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

00:33:42.0097 3668 flpydisk - ok

00:33:42.0175 3668 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

00:33:42.0175 3668 FltMgr - ok

00:33:42.0238 3668 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

00:33:42.0238 3668 Fs_Rec - ok

00:33:42.0284 3668 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

00:33:42.0284 3668 gagp30kx - ok

00:33:42.0409 3668 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

00:33:42.0425 3668 HDAudBus - ok

00:33:42.0472 3668 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

00:33:42.0472 3668 HidBth - ok

00:33:42.0550 3668 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

00:33:42.0550 3668 HidIr - ok

00:33:42.0612 3668 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

00:33:42.0612 3668 HidUsb - ok

00:33:42.0674 3668 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

00:33:42.0674 3668 HpCISSs - ok

00:33:42.0784 3668 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys

00:33:42.0799 3668 HSF_DPV - ok

00:33:42.0908 3668 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys

00:33:42.0924 3668 HSXHWAZL - ok

00:33:42.0986 3668 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

00:33:43.0002 3668 HTTP - ok

00:33:43.0158 3668 Huawei (c1258adcbe6e51a3c06c234d2bdb81b5) C:\Windows\system32\DRIVERS\ewdcsc.sys

00:33:43.0158 3668 Huawei - ok

00:33:43.0236 3668 hwdatacard (0515065a3c7e8869dd01253e987c5bd1) C:\Windows\system32\DRIVERS\ewusbmdm.sys

00:33:43.0236 3668 hwdatacard - ok

00:33:43.0267 3668 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys

00:33:43.0267 3668 hwusbdev - ok

00:33:43.0361 3668 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

00:33:43.0361 3668 i2omp - ok

00:33:43.0408 3668 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

00:33:43.0408 3668 i8042prt - ok

00:33:43.0548 3668 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys

00:33:43.0548 3668 iaStor - ok

00:33:43.0579 3668 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

00:33:43.0579 3668 iaStorV - ok

00:33:43.0735 3668 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

00:33:43.0751 3668 igfx - ok

00:33:43.0844 3668 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

00:33:43.0844 3668 iirsp - ok

00:33:43.0922 3668 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys

00:33:43.0922 3668 IntcHdmiAddService - ok

00:33:44.0078 3668 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

00:33:44.0078 3668 intelide - ok

00:33:44.0125 3668 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

00:33:44.0125 3668 intelppm - ok

00:33:44.0250 3668 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

00:33:44.0250 3668 IpFilterDriver - ok

00:33:44.0266 3668 IpInIp - ok

00:33:44.0297 3668 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

00:33:44.0297 3668 IPMIDRV - ok

00:33:44.0328 3668 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

00:33:44.0328 3668 IPNAT - ok

00:33:44.0422 3668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

00:33:44.0422 3668 IRENUM - ok

00:33:44.0453 3668 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

00:33:44.0453 3668 isapnp - ok

00:33:44.0515 3668 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

00:33:44.0515 3668 iScsiPrt - ok

00:33:44.0609 3668 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

00:33:44.0609 3668 iteatapi - ok

00:33:44.0640 3668 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

00:33:44.0640 3668 iteraid - ok

00:33:44.0671 3668 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

00:33:44.0671 3668 kbdclass - ok

00:33:44.0765 3668 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

00:33:44.0765 3668 kbdhid - ok

00:33:44.0812 3668 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

00:33:44.0827 3668 KSecDD - ok

00:33:44.0983 3668 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\Windows\system32\DRIVERS\LHidFilt.Sys

00:33:44.0983 3668 LHidFilt - ok

00:33:45.0014 3668 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

00:33:45.0014 3668 lltdio - ok

00:33:45.0092 3668 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\Windows\system32\DRIVERS\LMouFilt.Sys

00:33:45.0092 3668 LMouFilt - ok

00:33:45.0186 3668 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

00:33:45.0186 3668 LSI_FC - ok

00:33:45.0202 3668 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

00:33:45.0202 3668 LSI_SAS - ok

00:33:45.0326 3668 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

00:33:45.0326 3668 LSI_SCSI - ok

00:33:45.0358 3668 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

00:33:45.0358 3668 luafv - ok

00:33:45.0498 3668 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\Windows\system32\drivers\mbamswissarmy.sys

00:33:45.0498 3668 MBAMSwissArmy - ok

00:33:45.0529 3668 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

00:33:45.0529 3668 mdmxsdk - ok

00:33:45.0654 3668 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

00:33:45.0654 3668 megasas - ok

00:33:45.0701 3668 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

00:33:45.0701 3668 MegaSR - ok

00:33:45.0841 3668 MLPTDR_Q (b39bf953a3a304a2d12751692ec355a0) C:\Windows\system32\MLPTDR_Q.SYS

00:33:45.0841 3668 MLPTDR_Q - ok

00:33:45.0888 3668 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

00:33:45.0888 3668 Modem - ok

00:33:45.0935 3668 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

00:33:45.0935 3668 monitor - ok

00:33:46.0028 3668 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

00:33:46.0028 3668 mouclass - ok

00:33:46.0106 3668 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

00:33:46.0106 3668 mouhid - ok

00:33:46.0153 3668 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

00:33:46.0153 3668 MountMgr - ok

00:33:46.0231 3668 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

00:33:46.0231 3668 mpio - ok

00:33:46.0262 3668 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

00:33:46.0262 3668 mpsdrv - ok

00:33:46.0309 3668 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

00:33:46.0309 3668 Mraid35x - ok

00:33:46.0372 3668 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

00:33:46.0372 3668 MRxDAV - ok

00:33:46.0481 3668 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

00:33:46.0481 3668 mrxsmb - ok

00:33:46.0543 3668 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

00:33:46.0543 3668 mrxsmb10 - ok

00:33:46.0574 3668 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

00:33:46.0574 3668 mrxsmb20 - ok

00:33:46.0652 3668 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

00:33:46.0652 3668 msahci - ok

00:33:46.0699 3668 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

00:33:46.0699 3668 msdsm - ok

00:33:46.0730 3668 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

00:33:46.0730 3668 Msfs - ok

00:33:46.0840 3668 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

00:33:46.0840 3668 msisadrv - ok

00:33:46.0918 3668 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

00:33:46.0918 3668 MSKSSRV - ok

00:33:46.0933 3668 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

00:33:46.0933 3668 MSPCLOCK - ok

00:33:47.0042 3668 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

00:33:47.0042 3668 MSPQM - ok

00:33:47.0089 3668 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

00:33:47.0089 3668 MsRPC - ok

00:33:47.0120 3668 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

00:33:47.0120 3668 mssmbios - ok

00:33:47.0230 3668 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

00:33:47.0245 3668 MSTEE - ok

00:33:47.0323 3668 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

00:33:47.0323 3668 Mup - ok

00:33:47.0417 3668 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

00:33:47.0417 3668 NativeWifiP - ok

00:33:47.0557 3668 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

00:33:47.0573 3668 NDIS - ok

00:33:47.0620 3668 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

00:33:47.0620 3668 NdisTapi - ok

00:33:47.0698 3668 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

00:33:47.0698 3668 Ndisuio - ok

00:33:47.0760 3668 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

00:33:47.0776 3668 NdisWan - ok

00:33:47.0822 3668 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

00:33:47.0822 3668 NDProxy - ok

00:33:47.0916 3668 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

00:33:47.0916 3668 NetBIOS - ok

00:33:47.0978 3668 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

00:33:47.0978 3668 netbt - ok

00:33:48.0041 3668 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

00:33:48.0041 3668 nfrd960 - ok

00:33:48.0212 3668 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

00:33:48.0212 3668 Npfs - ok

00:33:48.0259 3668 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

00:33:48.0259 3668 nsiproxy - ok

00:33:48.0384 3668 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

00:33:48.0400 3668 Ntfs - ok

00:33:48.0493 3668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

00:33:48.0493 3668 ntrigdigi - ok

00:33:48.0524 3668 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

00:33:48.0524 3668 Null - ok

00:33:48.0540 3668 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

00:33:48.0540 3668 nvraid - ok

00:33:48.0571 3668 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

00:33:48.0571 3668 nvstor - ok

00:33:48.0680 3668 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

00:33:48.0680 3668 nv_agp - ok

00:33:48.0696 3668 NwlnkFlt - ok

00:33:48.0696 3668 NwlnkFwd - ok

00:33:48.0836 3668 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys

00:33:48.0836 3668 OEM02Dev - ok

00:33:48.0868 3668 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys

00:33:48.0868 3668 OEM02Vfx - ok

00:33:48.0992 3668 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

00:33:48.0992 3668 ohci1394 - ok

00:33:49.0164 3668 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

00:33:49.0164 3668 Parport - ok

00:33:49.0226 3668 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

00:33:49.0226 3668 partmgr - ok

00:33:49.0258 3668 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

00:33:49.0258 3668 Parvdm - ok

00:33:49.0382 3668 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

00:33:49.0382 3668 pci - ok

00:33:49.0398 3668 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

00:33:49.0398 3668 pciide - ok

00:33:49.0429 3668 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

00:33:49.0429 3668 pcmcia - ok

00:33:49.0554 3668 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

00:33:49.0570 3668 PEAUTH - ok

00:33:49.0632 3668 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

00:33:49.0632 3668 PptpMiniport - ok

00:33:49.0726 3668 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

00:33:49.0726 3668 Processor - ok

00:33:49.0788 3668 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

00:33:49.0788 3668 PSched - ok

00:33:49.0928 3668 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

00:33:49.0944 3668 ql2300 - ok

00:33:50.0053 3668 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

00:33:50.0053 3668 ql40xx - ok

00:33:50.0084 3668 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

00:33:50.0084 3668 QWAVEdrv - ok

00:33:50.0365 3668 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

00:33:50.0443 3668 R300 - ok

00:33:50.0615 3668 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

00:33:50.0615 3668 RasAcd - ok

00:33:50.0662 3668 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

00:33:50.0662 3668 Rasl2tp - ok

00:33:50.0724 3668 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

00:33:50.0724 3668 RasPppoe - ok

00:33:50.0802 3668 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

00:33:50.0802 3668 RasSstp - ok

00:33:50.0896 3668 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

00:33:50.0896 3668 rdbss - ok

00:33:50.0958 3668 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

00:33:50.0958 3668 RDPCDD - ok

00:33:51.0036 3668 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

00:33:51.0036 3668 rdpdr - ok

00:33:51.0067 3668 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

00:33:51.0067 3668 RDPENCDD - ok

00:33:51.0176 3668 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

00:33:51.0176 3668 RDPWD - ok

00:33:51.0301 3668 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

00:33:51.0301 3668 rimmptsk - ok

00:33:51.0348 3668 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys

00:33:51.0364 3668 rimsptsk - ok

00:33:51.0504 3668 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys

00:33:51.0504 3668 rismxdp - ok

00:33:51.0660 3668 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys

00:33:51.0660 3668 ROOTMODEM - ok

00:33:51.0691 3668 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

00:33:51.0691 3668 rspndr - ok

00:33:51.0800 3668 s0017bus (594ff5620661d1386475406e78cb6f2f) C:\Windows\system32\DRIVERS\s0017bus.sys

00:33:51.0816 3668 s0017bus - ok

00:33:51.0863 3668 s0017mdfl (7258f550419d543bc5c8e80c578a5d54) C:\Windows\system32\DRIVERS\s0017mdfl.sys

00:33:51.0863 3668 s0017mdfl - ok

00:33:51.0972 3668 s0017mdm (1de4f6607feb17a15dbd4f1b139e6d2f) C:\Windows\system32\DRIVERS\s0017mdm.sys

00:33:51.0988 3668 s0017mdm - ok

00:33:52.0034 3668 s0017mgmt (9814e6bacc06d2526cd52981c7eeedf0) C:\Windows\system32\DRIVERS\s0017mgmt.sys

00:33:52.0066 3668 s0017mgmt - ok

00:33:52.0175 3668 s0017nd5 (2c62cd58225973f26682cd4f783ddede) C:\Windows\system32\DRIVERS\s0017nd5.sys

00:33:52.0175 3668 s0017nd5 - ok

00:33:52.0253 3668 s0017obex (f87c3422e84b2fb1b43e0a26247ad5a5) C:\Windows\system32\DRIVERS\s0017obex.sys

00:33:52.0253 3668 s0017obex - ok

00:33:52.0424 3668 s0017unic (df5e7360a0afa5956bf75da683d0679f) C:\Windows\system32\DRIVERS\s0017unic.sys

00:33:52.0424 3668 s0017unic - ok

00:33:52.0549 3668 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

00:33:52.0549 3668 sbp2port - ok

00:33:52.0612 3668 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

00:33:52.0612 3668 sdbus - ok

00:33:52.0627 3668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

00:33:52.0643 3668 secdrv - ok

00:33:52.0752 3668 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys

00:33:52.0752 3668 seehcri - ok

00:33:52.0799 3668 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

00:33:52.0799 3668 Serenum - ok

00:33:52.0830 3668 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

00:33:52.0830 3668 Serial - ok

00:33:52.0846 3668 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

00:33:52.0846 3668 sermouse - ok

00:33:52.0955 3668 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

00:33:52.0955 3668 sffdisk - ok

00:33:52.0986 3668 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

00:33:52.0986 3668 sffp_mmc - ok

00:33:53.0048 3668 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

00:33:53.0048 3668 sffp_sd - ok

00:33:53.0189 3668 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

00:33:53.0189 3668 sfloppy - ok

00:33:53.0236 3668 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

00:33:53.0236 3668 sisagp - ok

00:33:53.0251 3668 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

00:33:53.0251 3668 SiSRaid2 - ok

00:33:53.0360 3668 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

00:33:53.0376 3668 SiSRaid4 - ok

00:33:53.0423 3668 Smb (9bb8b6fc6c3b2992364f9a83a96b04c6) C:\Windows\system32\DRIVERS\smb.sys

00:33:53.0423 3668 Suspicious file (Forged): C:\Windows\system32\DRIVERS\smb.sys. Real md5: 9bb8b6fc6c3b2992364f9a83a96b04c6, Fake md5: 6bf5b3adacb423ea76ecde82ab0c2805

00:33:53.0423 3668 Smb ( Rootkit.Win32.ZAccess.e ) - infected

00:33:53.0423 3668 Smb - detected Rootkit.Win32.ZAccess.e (0)

00:33:53.0594 3668 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

00:33:53.0594 3668 spldr - ok

00:33:53.0735 3668 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

00:33:53.0735 3668 srv - ok

00:33:53.0797 3668 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

00:33:53.0797 3668 srv2 - ok

00:33:53.0891 3668 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

00:33:53.0906 3668 srvnet - ok

00:33:53.0969 3668 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys

00:33:53.0969 3668 STHDA - ok

00:33:54.0062 3668 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

00:33:54.0062 3668 swenum - ok

00:33:54.0125 3668 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

00:33:54.0125 3668 Symc8xx - ok

00:33:54.0250 3668 SymIM - ok

00:33:54.0296 3668 SymIMMP - ok

00:33:54.0889 3668 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

00:33:54.0889 3668 Sym_hi - ok

00:33:55.0076 3668 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

00:33:55.0076 3668 Sym_u3 - ok

00:33:55.0295 3668 tap0901 (66cbe7e7ef1b23c71f9402285878b284) C:\Windows\system32\DRIVERS\tap0901.sys

00:33:55.0295 3668 tap0901 - ok

00:33:55.0576 3668 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys

00:33:55.0591 3668 Tcpip - ok

00:33:55.0856 3668 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys

00:33:55.0872 3668 Tcpip6 - ok

00:33:56.0090 3668 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys

00:33:56.0090 3668 tcpipreg - ok

00:33:56.0246 3668 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

00:33:56.0246 3668 TDPIPE - ok

00:33:56.0309 3668 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

00:33:56.0309 3668 TDTCP - ok

00:33:56.0418 3668 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

00:33:56.0418 3668 tdx - ok

00:33:56.0527 3668 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

00:33:56.0527 3668 TermDD - ok

00:33:56.0730 3668 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys

00:33:56.0730 3668 tosporte - ok

00:33:56.0917 3668 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\Windows\system32\DRIVERS\tosrfbd.sys

00:33:56.0917 3668 tosrfbd - ok

00:33:56.0964 3668 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys

00:33:56.0964 3668 tosrfbnp - ok

00:33:57.0120 3668 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys

00:33:57.0120 3668 Tosrfcom - ok

00:33:57.0151 3668 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys

00:33:57.0151 3668 Tosrfhid - ok

00:33:57.0214 3668 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys

00:33:57.0214 3668 tosrfnds - ok

00:33:57.0432 3668 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys

00:33:57.0432 3668 TosRfSnd - ok

00:33:57.0650 3668 Tosrfusb (602818649c84eb774d6971da65f79cc8) C:\Windows\system32\DRIVERS\tosrfusb.sys

00:33:57.0666 3668 Tosrfusb - ok

00:33:57.0806 3668 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

00:33:57.0806 3668 tssecsrv - ok

00:33:57.0947 3668 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

00:33:57.0947 3668 tunmp - ok

00:33:58.0009 3668 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

00:33:58.0009 3668 tunnel - ok

00:33:58.0150 3668 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

00:33:58.0150 3668 uagp35 - ok

00:33:58.0228 3668 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

00:33:58.0228 3668 udfs - ok

00:33:58.0399 3668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

00:33:58.0399 3668 uliagpkx - ok

00:33:58.0586 3668 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

00:33:58.0586 3668 uliahci - ok

00:33:58.0649 3668 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

00:33:58.0649 3668 UlSata - ok

00:33:59.0132 3668 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

00:33:59.0132 3668 ulsata2 - ok

00:33:59.0429 3668 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

00:33:59.0429 3668 umbus - ok

00:33:59.0585 3668 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

00:33:59.0600 3668 usbccgp - ok

00:33:59.0959 3668 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

00:33:59.0959 3668 usbcir - ok

00:34:00.0131 3668 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

00:34:00.0131 3668 usbehci - ok

00:34:00.0178 3668 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

00:34:00.0193 3668 usbhub - ok

00:34:00.0334 3668 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

00:34:00.0334 3668 usbohci - ok

00:34:00.0443 3668 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

00:34:00.0443 3668 usbprint - ok

00:34:00.0521 3668 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

00:34:00.0521 3668 USBSTOR - ok

00:34:00.0583 3668 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

00:34:00.0583 3668 usbuhci - ok

00:34:00.0724 3668 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

00:34:00.0724 3668 vga - ok

00:34:00.0755 3668 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

00:34:00.0755 3668 VgaSave - ok

00:34:00.0786 3668 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

00:34:00.0786 3668 viaagp - ok

00:34:00.0833 3668 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

00:34:00.0833 3668 ViaC7 - ok

00:34:00.0880 3668 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

00:34:00.0880 3668 viaide - ok

00:34:00.0973 3668 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

00:34:00.0973 3668 volmgr - ok

00:34:01.0051 3668 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

00:34:01.0051 3668 volmgrx - ok

00:34:01.0207 3668 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

00:34:01.0207 3668 volsnap - ok

00:34:01.0270 3668 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

00:34:01.0270 3668 vsmraid - ok

00:34:01.0379 3668 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

00:34:01.0379 3668 WacomPen - ok

00:34:01.0410 3668 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

00:34:01.0410 3668 Wanarp - ok

00:34:01.0457 3668 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

00:34:01.0457 3668 Wanarpv6 - ok

00:34:01.0566 3668 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

00:34:01.0582 3668 Wd - ok

00:34:01.0628 3668 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

00:34:01.0644 3668 Wdf01000 - ok

00:34:01.0722 3668 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

00:34:01.0738 3668 winachsf - ok

00:34:01.0847 3668 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

00:34:01.0847 3668 WmiAcpi - ok

00:34:01.0940 3668 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

00:34:01.0940 3668 WpdUsb - ok

00:34:02.0034 3668 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

00:34:02.0034 3668 ws2ifsl - ok

00:34:02.0096 3668 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

00:34:02.0096 3668 WUDFRd - ok

00:34:02.0237 3668 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys

00:34:02.0237 3668 XAudio - ok

00:34:02.0268 3668 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys

00:34:02.0268 3668 yukonwlh - ok

00:34:02.0330 3668 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0

00:34:02.0346 3668 \Device\Harddisk0\DR0 - ok

00:34:02.0346 3668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

00:34:03.0095 3668 \Device\Harddisk1\DR1 - ok

00:34:03.0157 3668 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0

00:34:03.0157 3668 \Device\Harddisk0\DR0\Partition0 - ok

00:34:03.0157 3668 Boot (0x1200) (6eb823f88d298c188019456d43267234) \Device\Harddisk0\DR0\Partition1

00:34:03.0157 3668 \Device\Harddisk0\DR0\Partition1 - ok

00:34:03.0157 3668 Boot (0x1200) (e69a4a01f8d22cafabd0fd4590efa75c) \Device\Harddisk1\DR1\Partition0

00:34:03.0157 3668 \Device\Harddisk1\DR1\Partition0 - ok

00:34:03.0173 3668 ============================================================

00:34:03.0173 3668 Scan finished

00:34:03.0173 3668 ============================================================

00:34:03.0173 0796 Detected object count: 2

00:34:03.0173 0796 Actual detected object count: 2

00:34:13.0297 0796 HKLM\SYSTEM\ControlSet001\services\c1392a4f - will be deleted on reboot

00:34:13.0360 0796 HKLM\SYSTEM\ControlSet003\services\c1392a4f - will be deleted on reboot

00:34:13.0422 0796 C:\Windows\1328167361:1053218224.exe - will be deleted on reboot

00:34:13.0422 0796 c1392a4f ( Rootkit.Win32.PMax.gen ) - User select action: Delete

00:34:13.0547 0796 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\smb.sys) error 1813

00:34:13.0968 0796 Backup copy found, using it..

00:34:13.0984 0796 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot

00:34:13.0984 0796 Smb ( Rootkit.Win32.ZAccess.e ) - User select action: Cure

00:34:15.0310 1020 Deinitialize success

TDSSKiller.2.6.14.0_01.11.2011_00.33.33_log.txt

[sabusik]

And since I've seen that we should copy/paste the logs - I'm pasting fresh dds logs here as well.

This is dds.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Iva at 0:40:34 on 2011-11-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1882 [GMT 1:00]

.

AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\WLTRYSVC.EXE

C:\Windows\System32\bcmwltry.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\1328167361:1053218224.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\aestsrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\STacSV.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\wbem\wmiprvse.exe

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer provided by Dell

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080802

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\iva\appdata\roaming\micros~1\windows\startm~1\programs\startup\_UNINS~1.LNK -

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{89950BFD-7E7F-49FD-AC45-7EED9FA08DBA} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{8E2435C2-49A4-40D3-B961-7AA65A003AFE} : NameServer = 160.218.161.60 194.228.211.33

TCP: Interfaces\{E2CA9920-FF64-410D-9780-4B22CE7D39C2} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\iva\appdata\roaming\mozilla\firefox\profiles\hrlpzppt.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\users\iva\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\users\iva\appdata\roaming\move networks\plugins\npqmp071505000011.dll

FF - plugin: c:\users\iva\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\iva\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 53014332;53014332;c:\windows\system32\drivers\53014332.sys [2011-10-31 133208]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-8-2 73728]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-8-2 111616]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-8-15 27632]

S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]

S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-8-15 90112]

S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\drivers\ewdcsc.sys [2011-6-29 23424]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-6-29 101120]

S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-8-15 86824]

S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-8-15 15016]

S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-8-15 114600]

S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-8-15 108328]

S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-8-15 26024]

S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-8-15 104616]

S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-8-15 109736]

.

=============== Created Last 30 ================

.

2011-10-31 23:35:18 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b974a56a-e71d-4d2a-9daa-9f704b117454}\offreg.dll

2011-10-31 21:56:26 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

2011-10-31 21:56:26 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-31 21:52:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-31 21:51:59 -------- d-----w- c:\users\iva\appdata\roaming\Malwarebytes

2011-10-31 21:51:54 -------- d-----w- c:\programdata\Malwarebytes

2011-10-31 21:51:51 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-31 21:51:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-31 21:26:24 48016 --sha-w- c:\windows\system32\c_87811.nl_

2011-10-31 20:49:31 98816 ----a-w- c:\windows\sed.exe

2011-10-31 20:49:31 518144 ----a-w- c:\windows\SWREG.exe

2011-10-31 20:49:31 256000 ----a-w- c:\windows\PEV.exe

2011-10-31 20:49:31 208896 ----a-w- c:\windows\MBR.exe

2011-10-31 20:49:26 -------- d-s---w- C:\ComboFix

2011-10-31 20:22:02 -------- d-----w- c:\program files\ESET

2011-10-31 20:11:12 6668624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b974a56a-e71d-4d2a-9daa-9f704b117454}\mpengine.dll

2011-10-31 17:57:30 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2011-10-31 17:30:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-10-31 17:30:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-10-31 17:21:35 133208 ----a-w- c:\windows\system32\drivers\53014332.sys

2011-10-30 11:36:36 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-30 11:32:08 -------- d-sh--w- c:\users\iva\appdata\local\c1392a4f

2011-10-13 21:46:35 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-13 21:46:35 293376 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-13 21:46:35 217088 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-13 21:46:34 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-13 21:46:33 2043392 ----a-w- c:\windows\system32\win32k.sys

2011-10-13 21:46:26 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-13 21:46:26 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-10-13 21:46:26 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-10-13 21:46:26 238080 ----a-w- c:\windows\system32\oleacc.dll

.

==================== Find3M ====================

.

2011-10-31 23:35:03 66560 ----a-w- c:\windows\system32\drivers\smb.sys

2011-10-31 21:38:13 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-09-01 02:35:59 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-31 15:45:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-09 13:24:52 163424 ----a-w- c:\windows\system32\drivers\eamonm.sys

2011-08-04 08:20:38 103112 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys

2011-08-04 08:20:36 118104 ----a-w- c:\windows\system32\drivers\ehdrv.sys

.

============= FINISH: 0:41:23,73 ===============

And this is attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 2. 8. 2008 1:10:19

System Uptime: 1. 11. 2011 0:34:57 (0 hours ago)

.

Motherboard: Dell Inc. | | 0U990C

Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1000/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 221 GiB total, 104,44 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5,474 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

7-Zip 4.65

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.1.3

Advanced Audio FX Engine

Advanced Video FX Engine

Auslogics Disk Defrag

Bluetooth Stack for Windows by Toshiba

CDDRV_Installer

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Combined Community Codec Pack 2008-01-24

Compatibility Pack for the 2007 Office system

Conexant HDA D330 MDC V.92 Modem

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Dell Wireless WLAN Card

Digital Line Detect

EDocs

ESET Online Scanner v3

Google Chrome

Google Talk (remove only)

Google Talk Plugin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP USB Disk Storage Format Tool

Intel® Matrix Storage Manager

Java Auto Updater

Java 6 Update 29

Java 6 Update 5

KhalInstallWrapper

Laptop Integrated Webcam Driver (1.04.01.1011)

Lightscreen

Live! Cam Avatar Creator

Live! Cam Avatar v1.0

Logitech SetPoint

Malwarebytes' Anti-Malware version 1.51.2.1300

MediaDirect

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Modem Diagnostic Tool

Mozilla Firefox (3.6.23)

Music, Photos & Videos Launcher

Musicnotes Software Suite 1.5.3

NetWaiting

O2

OGA Notifier 2.0.0048.0

Picasa 3

Product Documentation Launcher

QuickSet

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553074)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2553073)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Skype™ 4.2

SMAC 2.7

Sony Ericsson PC Suite 6.007.00

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Outlook 2007 Junk Email Filter (KB2596560)

VLC media player 0.9.4

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

[sabusik]

Ok - 4 days and no reply - you guys might as well close this thread.

From what I gathered around the net - this is a nasty rootkit and there is never any guarantee that anyone will help to remove it 100%. It hides and infects any antimalware/antispyware/antivirus program you throw at it.

The only thing I could do was to backup the data to a safe location, make sure the backed up data was clean and didn't contain the virus/rootkit and then I formatted the hard drive and did a fresh windows install. It was much quicker than waiting around for help and then dealing with the issue for days and still not being 100% sure it's gone.

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[sabusik]

No thanks.

[screen317]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.