1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Problems with IP config and internet

Discussion in 'Virus & Other Malware Removal' started by skittlezpwn43, Nov 15, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    1. Please download The Avenger2 by Swandog46 to your Desktop.
    • Right-click on the Avenger.zip folder and select "Extract All..."
    • Follow the prompts and extract the Avenger folder to your desktop
    2. Copy all the text contained in the code box below to your clipboard by highlighting it and pressing (Ctrl+C):

    Code:
    Folders to delete:
    c:\windows\$NtUninstallKB11092$
    

    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, open the Avenger folder and start The Avenger program by clicking on its icon.
    • Right-click on the window under Input script here:, and select Paste.
    • You can also paste the text copied to the clipboard into this window by pressing (Ctrl+V).
    • Click on Execute
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of C:\avenger.txt into your reply
     
  2. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    Avenger Text File:
     
  3. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    Is it safe to start doing this from the "infected" computer now? I'm kinda tired of the whole switching the USB between computers. I'm just worried that if i DO connect, another Backdoor/Trojan virus will start downloading even more stuff onto my computer (if there is still one left.)
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    Yes, you can use the other machine now.

    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
    5. Now click the Run Scan button on the toolbar.
    6. Let it run unhindered until it finishes.
    7. When the scan is complete Notepad will open with the report file loaded in it.
    8. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  5. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    OTS.txt
     

    Attached Files:

    • OTS.Txt
      File size:
      181.6 KB
      Views:
      2
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
    Code:
    [Kill All Processes]
    [Unregister Dlls]
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 
    YN -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\"{03402f96-3dc7-4285-bc50-9e81fefafe43}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < FireFox SearchPlugins [User Folders] > -> 
    YY ->  mywebsearch.xml -> C:\Documents and Settings\Cameron Self\Application Data\Mozilla\FireFox\Profiles\s7knhbie.default\searchplugins\mywebsearch.xml
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {2EECD738-5844-4a99-B4B6-146BF802613B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    YN -> {b0cda128-b425-4eef-a174-61a11ac5dbf8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
    YN -> "{61539ecd-cc67-4437-a03c-9aaccbd14326}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    YN -> "{98889811-442D-49dd-99D7-DC866BE87DBC}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
    YN -> WebBrowser\\"{61539ECD-CC67-4437-A03C-9AACCBD14326}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
    < Cameron Self Startup Folder > -> C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup
    YN -> C:\Documents and Settings\Cameron Self\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk -> 
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> &Download All using 4shared Desktop -> [C:\Program Files\4shared Desktop\down_all.htm]
    YN -> Translate this web page with Babylon -> [res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm]
    YN -> Translate with Babylon -> [res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm]
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    YN -> {0b83c99c-1efa-4259-858f-bcb33e007a5b}:{61539ecd-cc67-4437-a03c-9aaccbd14326} [HKLM] -> Reg Error: Key error. [Button: AIM Toolbar]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\"{0b83c99c-1efa-4259-858f-bcb33e007a5b}" [HKLM] -> [AIM Toolbar]
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
    YN -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Reg Error: Key error.]
    YN -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab [Reg Error: Key error.]
    < File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\
    YN -> .exe [@ = exefile] -> Reg Error: Key error.
    [Registry - Additional Scans - Safe List]
    < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
    YN -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> 
    YN -> C:^Documents and Settings^Cameron Self^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk -> 
    < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
    YN -> UserFaultCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    [Files/Folders - Created Within 30 Days]
    NY ->  54 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
    NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  rzr-gt42.rar -> C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar
    NY ->  54 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  33 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp
    NY ->  3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    [Files - No Company Name]
    NY ->  283032330 -> C:\WINDOWS\283032330
    NY ->  rzr-gt42.rar -> C:\Documents and Settings\Cameron Self\Desktop\rzr-gt42.rar
    NY ->  47h7308i05434q7ml6uhge302 -> C:\Documents and Settings\Cameron Self\Local Settings\Application Data\47h7308i05434q7ml6uhge302
    NY ->  47h7308i05434q7ml6uhge302 -> C:\Documents and Settings\All Users\Application Data\47h7308i05434q7ml6uhge302
    [Empty Temp Folders]
    [EmptyFlash]
    [EmptyJava]
    [Start Explorer]
    [Reboot]
     
  7. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    OTS.txt:
    HijackThis log:
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    Please run the following on-line scanner. Note that you must use Internet Explorer to perform the scan.

    Note: If you're running a 64-bit system you have to choose the 32-bit option in IE. To do that, go to the Start Menu and right-click the Internet Explorer (32-bit) icon and then select 'Run as administrator' from the right-click menu.

    http://www.eset.com/online-scanner

    Accept the Terms of Use and then press the Start button

    Allow the ActiveX control to be installed.

    Put a check by Remove found threats and then run the scan.

    When the scan is finished, you will see the results in a window.

    A log.txt file is created here: C:\Program Files\EsetOnlineScanner\log.txt.

    Open the log file with Notepad and copy and paste the contents here please.
     
  9. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    Eset Scanner Log:
     
  10. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
  12. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    23:56:32.0578 2512 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
    23:56:32.0875 2512 ============================================================
    23:56:32.0875 2512 Current date / time: 2011/11/23 23:56:32.0875
    23:56:32.0875 2512 SystemInfo:
    23:56:32.0875 2512
    23:56:32.0875 2512 OS Version: 5.1.2600 ServicePack: 3.0
    23:56:32.0875 2512 Product type: Workstation
    23:56:32.0875 2512 ComputerName: MAIN
    23:56:32.0875 2512 UserName: Cameron Self
    23:56:32.0875 2512 Windows directory: C:\WINDOWS
    23:56:32.0875 2512 System windows directory: C:\WINDOWS
    23:56:32.0875 2512 Processor architecture: Intel x86
    23:56:32.0875 2512 Number of processors: 2
    23:56:32.0875 2512 Page size: 0x1000
    23:56:32.0875 2512 Boot type: Normal boot
    23:56:32.0875 2512 ============================================================
    23:56:33.0343 2512 Initialize success
    23:56:34.0312 0572 ============================================================
    23:56:34.0312 0572 Scan started
    23:56:34.0312 0572 Mode: Manual;
    23:56:34.0312 0572 ============================================================
    23:56:36.0343 0572 .imapi - ok
    23:56:36.0531 0572 A3AB (886a8a267b39bf510ddd1838fda9756e) C:\WINDOWS\system32\DRIVERS\A3AB.sys
    23:56:36.0546 0572 A3AB - ok
    23:56:36.0562 0572 Abiosdsk - ok
    23:56:36.0671 0572 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    23:56:36.0671 0572 abp480n5 - ok
    23:56:36.0734 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:56:36.0734 0572 ACPI - ok
    23:56:36.0796 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:56:36.0796 0572 ACPIEC - ok
    23:56:36.0890 0572 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    23:56:36.0890 0572 adpu160m - ok
    23:56:36.0968 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:56:36.0968 0572 aec - ok
    23:56:37.0031 0572 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    23:56:37.0031 0572 AegisP - ok
    23:56:37.0109 0572 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
    23:56:37.0109 0572 AFD - ok
    23:56:37.0281 0572 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:56:37.0281 0572 agp440 - ok
    23:56:37.0375 0572 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    23:56:37.0375 0572 agpCPQ - ok
    23:56:37.0437 0572 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    23:56:37.0437 0572 Aha154x - ok
    23:56:37.0562 0572 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    23:56:37.0578 0572 aic78u2 - ok
    23:56:37.0593 0572 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    23:56:37.0593 0572 aic78xx - ok
    23:56:37.0703 0572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    23:56:37.0703 0572 AliIde - ok
    23:56:37.0718 0572 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    23:56:37.0718 0572 alim1541 - ok
    23:56:37.0812 0572 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    23:56:37.0812 0572 amdagp - ok
    23:56:37.0859 0572 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    23:56:37.0859 0572 amsint - ok
    23:56:37.0937 0572 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
    23:56:37.0968 0572 ANIO - ok
    23:56:38.0109 0572 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    23:56:38.0125 0572 asc - ok
    23:56:38.0203 0572 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    23:56:38.0218 0572 asc3350p - ok
    23:56:38.0250 0572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    23:56:38.0250 0572 asc3550 - ok
    23:56:38.0421 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:56:38.0421 0572 AsyncMac - ok
    23:56:38.0515 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:56:38.0515 0572 atapi - ok
    23:56:38.0531 0572 Atdisk - ok
    23:56:38.0843 0572 ati2mtag (6d7e913b48488bb5c73ee7ad53b017d8) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:56:39.0109 0572 ati2mtag - ok
    23:56:39.0296 0572 AtiHdmiService (7e13f3f0f4c4c337a6949a18d1d23089) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    23:56:39.0296 0572 AtiHdmiService - ok
    23:56:39.0375 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:56:39.0375 0572 Atmarpc - ok
    23:56:39.0468 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:56:39.0468 0572 audstub - ok
    23:56:39.0640 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:56:39.0640 0572 Beep - ok
    23:56:39.0703 0572 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:56:39.0718 0572 Bridge - ok
    23:56:39.0734 0572 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
    23:56:39.0734 0572 BridgeMP - ok
    23:56:39.0765 0572 catchme - ok
    23:56:39.0828 0572 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    23:56:39.0828 0572 cbidf - ok
    23:56:39.0843 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:56:39.0843 0572 cbidf2k - ok
    23:56:39.0906 0572 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:56:39.0906 0572 CCDECODE - ok
    23:56:40.0000 0572 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    23:56:40.0000 0572 cd20xrnt - ok
    23:56:40.0046 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:56:40.0062 0572 Cdaudio - ok
    23:56:40.0109 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:56:40.0109 0572 Cdfs - ok
    23:56:40.0140 0572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:56:40.0140 0572 Cdrom - ok
    23:56:40.0140 0572 Changer - ok
    23:56:40.0203 0572 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    23:56:40.0203 0572 CmdIde - ok
    23:56:40.0234 0572 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    23:56:40.0234 0572 Cpqarray - ok
    23:56:40.0265 0572 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    23:56:40.0265 0572 dac2w2k - ok
    23:56:40.0281 0572 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    23:56:40.0281 0572 dac960nt - ok
    23:56:40.0328 0572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:56:40.0328 0572 Disk - ok
    23:56:40.0390 0572 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
    23:56:40.0390 0572 DLABOIOM - ok
    23:56:40.0390 0572 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
    23:56:40.0390 0572 DLACDBHM - ok
    23:56:40.0421 0572 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
    23:56:40.0421 0572 DLADResN - ok
    23:56:40.0437 0572 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
    23:56:40.0437 0572 DLAIFS_M - ok
    23:56:40.0468 0572 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
    23:56:40.0468 0572 DLAOPIOM - ok
    23:56:40.0484 0572 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
    23:56:40.0484 0572 DLAPoolM - ok
    23:56:40.0484 0572 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
    23:56:40.0484 0572 DLARTL_N - ok
    23:56:40.0515 0572 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
    23:56:40.0515 0572 DLAUDFAM - ok
    23:56:40.0531 0572 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
    23:56:40.0531 0572 DLAUDF_M - ok
    23:56:40.0609 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:56:40.0625 0572 dmboot - ok
    23:56:40.0687 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:56:40.0687 0572 dmio - ok
    23:56:40.0718 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:56:40.0718 0572 dmload - ok
    23:56:40.0765 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:56:40.0781 0572 DMusic - ok
    23:56:40.0812 0572 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    23:56:40.0812 0572 dpti2o - ok
    23:56:40.0859 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:56:40.0859 0572 drmkaud - ok
    23:56:40.0875 0572 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
    23:56:40.0875 0572 DRVMCDB - ok
    23:56:40.0906 0572 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
    23:56:40.0906 0572 DRVNDDM - ok
    23:56:40.0953 0572 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\WINDOWS\system32\Drivers\dsiarhwprog.sys
    23:56:40.0953 0572 dsiarhwprog - ok
    23:56:41.0062 0572 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys
    23:56:41.0062 0572 DSproct - ok
    23:56:41.0171 0572 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    23:56:41.0171 0572 E100B - ok
    23:56:41.0296 0572 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
    23:56:41.0296 0572 e1express - ok
    23:56:41.0406 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:56:41.0421 0572 Fastfat - ok
    23:56:41.0515 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:56:41.0515 0572 Fdc - ok
    23:56:41.0578 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:56:41.0578 0572 Fips - ok
    23:56:41.0640 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:56:41.0640 0572 Flpydisk - ok
    23:56:41.0703 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    23:56:41.0703 0572 FltMgr - ok
    23:56:41.0734 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:56:41.0734 0572 Fs_Rec - ok
    23:56:41.0765 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:56:41.0765 0572 Ftdisk - ok
    23:56:41.0812 0572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    23:56:41.0812 0572 GEARAspiWDM - ok
    23:56:41.0859 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:56:41.0859 0572 Gpc - ok
    23:56:41.0890 0572 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
    23:56:41.0968 0572 GTNDIS5 - ok
    23:56:42.0015 0572 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    23:56:42.0015 0572 HDAudBus - ok
    23:56:42.0062 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:56:42.0062 0572 HidUsb - ok
    23:56:42.0093 0572 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    23:56:42.0093 0572 hpn - ok
    23:56:42.0156 0572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:56:42.0156 0572 HTTP - ok
    23:56:42.0203 0572 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    23:56:42.0203 0572 i2omgmt - ok
    23:56:42.0234 0572 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    23:56:42.0234 0572 i2omp - ok
    23:56:42.0265 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:56:42.0265 0572 i8042prt - ok
    23:56:42.0296 0572 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys
    23:56:42.0312 0572 iaStor - ok
    23:56:42.0375 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:56:42.0375 0572 Imapi - ok
    23:56:42.0406 0572 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    23:56:42.0406 0572 ini910u - ok
    23:56:42.0437 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:56:42.0453 0572 IntelIde - ok
    23:56:42.0484 0572 intelppm (8bcdcdc99c2a7d37306c0b64a77a48f3) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    23:56:42.0484 0572 intelppm ( Rootkit.Win32.ZAccess.e ) - infected
    23:56:42.0484 0572 intelppm - detected Rootkit.Win32.ZAccess.e (0)
    23:56:42.0531 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    23:56:42.0531 0572 Ip6Fw - ok
    23:56:42.0578 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:56:42.0578 0572 IpFilterDriver - ok
    23:56:42.0625 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:56:42.0625 0572 IpInIp - ok
    23:56:42.0656 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:56:42.0671 0572 IpNat - ok
    23:56:42.0687 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:56:42.0703 0572 IPSec - ok
    23:56:42.0734 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:56:42.0734 0572 IRENUM - ok
    23:56:42.0750 0572 is3srv - ok
    23:56:42.0812 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:56:42.0812 0572 isapnp - ok
    23:56:42.0843 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:56:42.0843 0572 Kbdclass - ok
    23:56:42.0859 0572 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:56:42.0859 0572 kbdhid - ok
    23:56:42.0890 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:56:42.0906 0572 kmixer - ok
    23:56:42.0937 0572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:56:42.0953 0572 KSecDD - ok
    23:56:42.0984 0572 lbrtfdc - ok
    23:56:43.0062 0572 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
    23:56:43.0062 0572 ManyCam - ok
    23:56:43.0109 0572 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
    23:56:43.0109 0572 MBAMProtector - ok
    23:56:43.0171 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:56:43.0171 0572 mnmdd - ok
    23:56:43.0234 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:56:43.0234 0572 Modem - ok
    23:56:43.0250 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:56:43.0250 0572 Mouclass - ok
    23:56:43.0265 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:56:43.0281 0572 mouhid - ok
    23:56:43.0343 0572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:56:43.0343 0572 MountMgr - ok
    23:56:43.0421 0572 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    23:56:43.0421 0572 mraid35x - ok
    23:56:43.0437 0572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:56:43.0453 0572 MRxDAV - ok
    23:56:43.0515 0572 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:56:43.0531 0572 MRxSmb - ok
    23:56:43.0578 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:56:43.0578 0572 Msfs - ok
    23:56:43.0625 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:56:43.0625 0572 MSKSSRV - ok
    23:56:43.0656 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:56:43.0656 0572 MSPCLOCK - ok
    23:56:43.0687 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:56:43.0687 0572 MSPQM - ok
    23:56:43.0750 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:56:43.0750 0572 mssmbios - ok
    23:56:43.0812 0572 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:56:43.0812 0572 MSTEE - ok
    23:56:43.0875 0572 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:56:43.0875 0572 Mup - ok
    23:56:43.0937 0572 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:56:43.0937 0572 NABTSFEC - ok
    23:56:44.0000 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:56:44.0000 0572 NDIS - ok
    23:56:44.0062 0572 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:56:44.0062 0572 NdisIP - ok
    23:56:44.0125 0572 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:56:44.0125 0572 NdisTapi - ok
    23:56:44.0156 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:56:44.0156 0572 Ndisuio - ok
    23:56:44.0203 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:56:44.0218 0572 NdisWan - ok
    23:56:44.0250 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:56:44.0265 0572 NDProxy - ok
    23:56:44.0296 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:56:44.0296 0572 NetBIOS - ok
    23:56:44.0375 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:56:44.0390 0572 NetBT - ok
    23:56:44.0500 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:56:44.0515 0572 Npfs - ok
    23:56:44.0562 0572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:56:44.0562 0572 Ntfs - ok
    23:56:44.0609 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:56:44.0609 0572 Null - ok
    23:56:44.0671 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:56:44.0687 0572 NwlnkFlt - ok
    23:56:44.0703 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:56:44.0703 0572 NwlnkFwd - ok
    23:56:44.0750 0572 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    23:56:44.0750 0572 NwlnkIpx - ok
    23:56:44.0781 0572 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    23:56:44.0781 0572 NwlnkNb - ok
    23:56:44.0812 0572 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    23:56:44.0812 0572 NwlnkSpx - ok
    23:56:44.0843 0572 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
    23:56:44.0843 0572 NWRDR - ok
    23:56:44.0906 0572 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
    23:56:44.0906 0572 OMCI - ok
    23:56:44.0968 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:56:44.0984 0572 Parport - ok
    23:56:45.0015 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:56:45.0015 0572 PartMgr - ok
    23:56:45.0046 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:56:45.0046 0572 ParVdm - ok
    23:56:45.0078 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:56:45.0093 0572 PCI - ok
    23:56:45.0109 0572 PCIDump - ok
    23:56:45.0156 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    23:56:45.0156 0572 PCIIde - ok
    23:56:45.0187 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:56:45.0187 0572 Pcmcia - ok
    23:56:45.0203 0572 PDCOMP - ok
    23:56:45.0234 0572 PDFRAME - ok
    23:56:45.0250 0572 PDRELI - ok
    23:56:45.0281 0572 PDRFRAME - ok
    23:56:45.0390 0572 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    23:56:45.0390 0572 perc2 - ok
    23:56:45.0421 0572 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    23:56:45.0421 0572 perc2hib - ok
    23:56:45.0531 0572 PortTalk - ok
    23:56:45.0593 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:56:45.0609 0572 PptpMiniport - ok
    23:56:45.0640 0572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:56:45.0640 0572 PSched - ok
    23:56:45.0656 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:56:45.0671 0572 Ptilink - ok
    23:56:45.0703 0572 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:56:45.0718 0572 PxHelp20 - ok
    23:56:45.0750 0572 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    23:56:45.0765 0572 ql1080 - ok
    23:56:45.0796 0572 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    23:56:45.0796 0572 Ql10wnt - ok
    23:56:45.0828 0572 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    23:56:45.0828 0572 ql12160 - ok
    23:56:45.0843 0572 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    23:56:45.0843 0572 ql1240 - ok
    23:56:45.0875 0572 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    23:56:45.0875 0572 ql1280 - ok
    23:56:45.0921 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:56:45.0921 0572 RasAcd - ok
    23:56:45.0968 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:56:45.0968 0572 Rasl2tp - ok
    23:56:46.0000 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:56:46.0000 0572 RasPppoe - ok
    23:56:46.0015 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:56:46.0015 0572 Raspti - ok
    23:56:46.0046 0572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:56:46.0062 0572 Rdbss - ok
    23:56:46.0078 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:56:46.0078 0572 RDPCDD - ok
    23:56:46.0234 0572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:56:46.0250 0572 rdpdr - ok
    23:56:46.0343 0572 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:56:46.0343 0572 RDPWD - ok
    23:56:46.0406 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:56:46.0421 0572 redbook - ok
    23:56:46.0468 0572 rrtxho - ok
    23:56:46.0531 0572 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
    23:56:46.0546 0572 RsFx0103 - ok
    23:56:46.0609 0572 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
    23:56:46.0609 0572 RT61 - ok
    23:56:46.0671 0572 SaiH0461 (99d9370c1c09cf299681d62e35ea8fa4) C:\WINDOWS\system32\DRIVERS\SaiH0461.sys
    23:56:46.0687 0572 SaiH0461 - ok
    23:56:46.0750 0572 SaiMini (5a9658d202f28a2481d0a105a9a740a8) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
    23:56:46.0750 0572 SaiMini - ok
    23:56:46.0781 0572 SaiNtBus (9d4a4afe0a3b4fb2ddb5b30436bad8f8) C:\WINDOWS\system32\drivers\SaiBus.sys
    23:56:46.0781 0572 SaiNtBus - ok
    23:56:46.0843 0572 SASDIFSV - ok
    23:56:46.0859 0572 SASKUTIL - ok
    23:56:46.0937 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:56:46.0937 0572 Secdrv - ok
    23:56:47.0015 0572 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:56:47.0015 0572 serenum - ok
    23:56:47.0062 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:56:47.0062 0572 Serial - ok
    23:56:47.0187 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:56:47.0187 0572 Sfloppy - ok
    23:56:47.0265 0572 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\WINDOWS\system32\Drivers\SilvrLnk.sys
    23:56:47.0265 0572 SilverLink - ok
    23:56:47.0281 0572 Simbad - ok
    23:56:47.0375 0572 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    23:56:47.0375 0572 sisagp - ok
    23:56:47.0437 0572 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:56:47.0437 0572 SLIP - ok
    23:56:47.0484 0572 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    23:56:47.0484 0572 Sparrow - ok
    23:56:47.0546 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:56:47.0546 0572 splitter - ok
    23:56:47.0609 0572 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
    23:56:47.0609 0572 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
    23:56:47.0625 0572 sptd ( LockedFile.Multi.Generic ) - warning
    23:56:47.0625 0572 sptd - detected LockedFile.Multi.Generic (1)
    23:56:47.0671 0572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:56:47.0671 0572 sr - ok
    23:56:47.0750 0572 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:56:47.0765 0572 Srv - ok
    23:56:47.0828 0572 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
    23:56:47.0843 0572 StarOpen - ok
    23:56:47.0921 0572 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys
    23:56:47.0937 0572 STHDA - ok
    23:56:48.0000 0572 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    23:56:48.0000 0572 StillCam - ok
    23:56:48.0078 0572 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:56:48.0078 0572 streamip - ok
    23:56:48.0125 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:56:48.0125 0572 swenum - ok
    23:56:48.0187 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:56:48.0187 0572 swmidi - ok
    23:56:48.0250 0572 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    23:56:48.0265 0572 symc810 - ok
    23:56:48.0281 0572 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    23:56:48.0281 0572 symc8xx - ok
    23:56:48.0343 0572 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    23:56:48.0343 0572 sym_hi - ok
    23:56:48.0375 0572 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    23:56:48.0375 0572 sym_u3 - ok
    23:56:48.0453 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:56:48.0468 0572 sysaudio - ok
    23:56:48.0484 0572 szkg5 - ok
    23:56:48.0515 0572 szkgfs - ok
    23:56:48.0578 0572 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:56:48.0593 0572 Tcpip - ok
    23:56:48.0640 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:56:48.0656 0572 TDPIPE - ok
    23:56:48.0671 0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:56:48.0671 0572 TDTCP - ok
    23:56:48.0718 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:56:48.0718 0572 TermDD - ok
    23:56:48.0765 0572 TiglUsb - ok
    23:56:48.0843 0572 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    23:56:48.0843 0572 TosIde - ok
    23:56:48.0906 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:56:48.0921 0572 Udfs - ok
    23:56:48.0953 0572 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    23:56:48.0968 0572 ultra - ok
    23:56:49.0031 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:56:49.0046 0572 Update - ok
    23:56:49.0125 0572 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    23:56:49.0125 0572 USBAAPL - ok
    23:56:49.0187 0572 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    23:56:49.0187 0572 usbaudio - ok
    23:56:49.0250 0572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:56:49.0250 0572 usbccgp - ok
    23:56:49.0265 0572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:56:49.0265 0572 usbehci - ok
    23:56:49.0312 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:56:49.0312 0572 usbhub - ok
    23:56:49.0375 0572 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
    23:56:49.0375 0572 USBIO - ok
    23:56:49.0406 0572 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    23:56:49.0437 0572 usbprint - ok
    23:56:49.0531 0572 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    23:56:49.0546 0572 usbscan - ok
    23:56:49.0562 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:56:49.0562 0572 USBSTOR - ok
    23:56:49.0625 0572 USBTINSP (6112ecb865b57ebada4e06c167943ee6) C:\WINDOWS\system32\DRIVERS\tinspusb.sys
    23:56:49.0625 0572 USBTINSP - ok
    23:56:49.0656 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:56:49.0656 0572 usbuhci - ok
    23:56:49.0703 0572 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\WINDOWS\system32\DRIVERS\VClone.sys
    23:56:49.0703 0572 VClone - ok
    23:56:49.0718 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:56:49.0734 0572 VgaSave - ok
    23:56:49.0765 0572 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    23:56:49.0781 0572 viaagp - ok
    23:56:49.0828 0572 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    23:56:49.0828 0572 ViaIde - ok
    23:56:49.0875 0572 vncmirror (3b8f222b23917c041e4da29ccc57e7d0) C:\WINDOWS\system32\DRIVERS\vncmirror.sys
    23:56:49.0875 0572 vncmirror - ok
    23:56:49.0906 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:56:49.0906 0572 VolSnap - ok
    23:56:49.0984 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:56:49.0984 0572 Wanarp - ok
    23:56:50.0000 0572 WDICA - ok
    23:56:50.0046 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:56:50.0062 0572 wdmaud - ok
    23:56:50.0140 0572 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\WINDOWS\system32\WinFLdrv.sys
    23:56:50.0296 0572 Suspicious file (Hidden): C:\WINDOWS\system32\WinFLdrv.sys. md5: 7acc77e135a709ae0f7e1df428a2f908
    23:56:50.0296 0572 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
    23:56:50.0296 0572 WinFLdrv - detected HiddenFile.Multi.Generic (1)
    23:56:50.0484 0572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    23:56:50.0484 0572 WS2IFSL - ok
    23:56:50.0531 0572 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:56:50.0531 0572 WSTCODEC - ok
    23:56:50.0593 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:56:50.0625 0572 WudfPf - ok
    23:56:50.0671 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:56:50.0671 0572 WudfRd - ok
    23:56:50.0796 0572 MBR (0x1B8) (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
    23:56:50.0812 0572 \Device\Harddisk0\DR0 - ok
    23:56:50.0828 0572 Boot (0x1200) (5aa2a69000845fd10d92103aaaab2f5f) \Device\Harddisk0\DR0\Partition0
    23:56:50.0828 0572 \Device\Harddisk0\DR0\Partition0 - ok
    23:56:50.0828 0572 ============================================================
    23:56:50.0828 0572 Scan finished
    23:56:50.0828 0572 ============================================================
    23:56:50.0875 2752 Detected object count: 3
    23:56:50.0875 2752 Actual detected object count: 3
    23:57:07.0781 2752 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\intelppm.sys) error 1813
    23:57:10.0500 2752 Backup copy found, using it..
    23:57:10.0515 2752 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured on reboot
    23:57:12.0437 2752 intelppm ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
    23:57:12.0437 2752 sptd ( LockedFile.Multi.Generic ) - skipped by user
    23:57:12.0437 2752 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    23:57:12.0437 2752 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
    23:57:12.0437 2752 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
    23:57:26.0296 2952 Deinitialize success
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    Go to Start - Run - type in type diskmgmt.msc and click OK to open Disk Management.

    Drag the right side of the window all the way to the right so you can see all of the columns and then take a screenshot and post it here please.
     
  14. skittlezpwn43

    skittlezpwn43 Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    27
    Screenshot:
    [​IMG]
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,623
    Please post a new HijackThis log.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027042