Inactive Could "System Check" removal attempt have ruined my PC?

[bichons9]

bottkit remover output

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
372 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[bichons9]

Thanks

OKAY...i see that you are trying to help others much more comp literate..much appreciated and.will do!!!

 

[bichons9]

Is this it???

16:53:13.0825 6104 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
16:53:14.0481 6104 ============================================================
16:53:14.0481 6104 Current date / time: 2012/01/20 16:53:14.0481
16:53:14.0481 6104 SystemInfo:
16:53:14.0481 6104
16:53:14.0481 6104 OS Version: 6.0.6002 ServicePack: 2.0
16:53:14.0481 6104 Product type: Workstation
16:53:14.0481 6104 ComputerName: FRAN-PC
16:53:14.0481 6104 UserName: fran
16:53:14.0481 6104 Windows directory: C:\Windows
16:53:14.0481 6104 System windows directory: C:\Windows
16:53:14.0481 6104 Processor architecture: Intel x86
16:53:14.0481 6104 Number of processors: 2
16:53:14.0481 6104 Page size: 0x1000
16:53:14.0481 6104 Boot type: Normal boot
16:53:14.0481 6104 ============================================================
16:53:15.0276 6104 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:53:15.0588 6104 Initialize success
16:53:24.0760 3440 ============================================================
16:53:24.0760 3440 Scan started
16:53:24.0760 3440 Mode: Manual;
16:53:24.0760 3440 ============================================================
16:53:27.0943 3440 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
16:53:27.0958 3440 ACPI - ok
16:53:28.0021 3440 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
16:53:28.0021 3440 adp94xx - ok
16:53:28.0036 3440 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
16:53:28.0052 3440 adpahci - ok
16:53:28.0099 3440 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
16:53:28.0099 3440 adpu160m - ok
16:53:28.0145 3440 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
16:53:28.0145 3440 adpu320 - ok
16:53:28.0223 3440 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
16:53:28.0223 3440 AFD - ok
16:53:28.0442 3440 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys
16:53:28.0457 3440 AFS - ok
16:53:28.0566 3440 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
16:53:28.0582 3440 agp440 - ok
16:53:28.0660 3440 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
16:53:28.0660 3440 aic78xx - ok
16:53:28.0691 3440 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
16:53:28.0691 3440 aliide - ok
16:53:28.0722 3440 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
16:53:28.0722 3440 amdagp - ok
16:53:28.0785 3440 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
16:53:28.0785 3440 amdide - ok
16:53:28.0832 3440 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
16:53:28.0832 3440 AmdK7 - ok
16:53:28.0878 3440 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
16:53:28.0878 3440 AmdK8 - ok
16:53:28.0925 3440 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
16:53:28.0925 3440 arc - ok
16:53:28.0972 3440 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
16:53:28.0972 3440 arcsas - ok
16:53:29.0019 3440 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:29.0019 3440 AsyncMac - ok
16:53:29.0050 3440 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
16:53:29.0050 3440 atapi - ok
16:53:29.0097 3440 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\Windows\system32\drivers\ATMhelpr.sys
16:53:29.0097 3440 ATMhelpr - ok
16:53:29.0190 3440 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
16:53:29.0190 3440 Beep - ok
16:53:29.0222 3440 blbdrive - ok
16:53:29.0268 3440 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
16:53:29.0268 3440 bowser - ok
16:53:29.0331 3440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
16:53:29.0331 3440 BrFiltLo - ok
16:53:29.0393 3440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
16:53:29.0393 3440 BrFiltUp - ok
16:53:29.0440 3440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
16:53:29.0440 3440 Brserid - ok
16:53:29.0471 3440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
16:53:29.0471 3440 BrSerWdm - ok
16:53:29.0502 3440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
16:53:29.0502 3440 BrUsbMdm - ok
16:53:29.0518 3440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
16:53:29.0518 3440 BrUsbSer - ok
16:53:29.0580 3440 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
16:53:29.0580 3440 BTHMODEM - ok
16:53:29.0627 3440 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:29.0627 3440 cdfs - ok
16:53:29.0658 3440 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
16:53:29.0658 3440 cdrom - ok
16:53:29.0690 3440 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
16:53:29.0705 3440 circlass - ok
16:53:29.0752 3440 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
16:53:29.0752 3440 CLFS - ok
16:53:29.0814 3440 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
16:53:29.0814 3440 cmdide - ok
16:53:29.0939 3440 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
16:53:29.0939 3440 Compbatt - ok
16:53:29.0955 3440 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
16:53:29.0955 3440 crcdisk - ok
16:53:30.0002 3440 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
16:53:30.0002 3440 Crusoe - ok
16:53:30.0080 3440 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
16:53:30.0080 3440 disk - ok
16:53:30.0142 3440 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
16:53:30.0142 3440 Dot4 - ok
16:53:30.0220 3440 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:53:30.0220 3440 Dot4Print - ok
16:53:30.0298 3440 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
16:53:30.0298 3440 dot4usb - ok
16:53:30.0329 3440 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
16:53:30.0329 3440 drmkaud - ok
16:53:30.0392 3440 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:30.0392 3440 DXGKrnl - ok
16:53:30.0485 3440 E100B (d00eeae1cacd77a1a8396bbc19140bba) C:\Windows\system32\DRIVERS\e100b325.sys
16:53:30.0485 3440 E100B - ok
16:53:30.0516 3440 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
16:53:30.0516 3440 E1G60 - ok
16:53:30.0594 3440 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
16:53:30.0610 3440 Ecache - ok
16:53:30.0719 3440 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
16:53:30.0719 3440 elxstor - ok
16:53:30.0797 3440 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
16:53:30.0797 3440 exfat - ok
16:53:30.0844 3440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
16:53:30.0844 3440 fastfat - ok
16:53:30.0891 3440 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
16:53:30.0891 3440 fdc - ok
16:53:30.0953 3440 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
16:53:30.0953 3440 FileInfo - ok
16:53:30.0984 3440 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
16:53:30.0984 3440 Filetrace - ok
16:53:31.0031 3440 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:31.0031 3440 flpydisk - ok
16:53:31.0078 3440 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
16:53:31.0078 3440 FltMgr - ok
16:53:31.0172 3440 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
16:53:31.0172 3440 fssfltr - ok
16:53:31.0187 3440 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:31.0187 3440 Fs_Rec - ok
16:53:31.0218 3440 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
16:53:31.0218 3440 gagp30kx - ok
16:53:31.0281 3440 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:53:31.0281 3440 GEARAspiWDM - ok
16:53:31.0405 3440 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
16:53:31.0405 3440 HdAudAddService - ok
16:53:31.0468 3440 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:53:31.0483 3440 HDAudBus - ok
16:53:31.0499 3440 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
16:53:31.0515 3440 HidBth - ok
16:53:31.0561 3440 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
16:53:31.0561 3440 HidIr - ok
16:53:31.0593 3440 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
16:53:31.0593 3440 HidUsb - ok
16:53:31.0624 3440 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
16:53:31.0624 3440 HpCISSs - ok
16:53:31.0717 3440 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
16:53:31.0733 3440 HSF_DP - ok
16:53:31.0795 3440 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
16:53:31.0795 3440 HSXHWBS2 - ok
16:53:31.0873 3440 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
16:53:31.0873 3440 HTTP - ok
16:53:31.0920 3440 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
16:53:31.0920 3440 i2omp - ok
16:53:31.0951 3440 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
16:53:31.0951 3440 i8042prt - ok
16:53:32.0045 3440 iaStor (25c3d5f66a74a7bddeca56085f040d2e) C:\Windows\system32\drivers\iastor.sys
16:53:32.0045 3440 iaStor - ok
16:53:32.0123 3440 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
16:53:32.0123 3440 iaStorV - ok
16:53:32.0248 3440 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
16:53:32.0263 3440 igfx - ok
16:53:32.0310 3440 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
16:53:32.0310 3440 iirsp - ok
16:53:32.0466 3440 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
16:53:32.0482 3440 IntcAzAudAddService - ok
16:53:32.0575 3440 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
16:53:32.0575 3440 intelide - ok
16:53:32.0591 3440 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:32.0591 3440 intelppm - ok
16:53:32.0669 3440 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:32.0685 3440 IpFilterDriver - ok
16:53:32.0685 3440 IpInIp - ok
16:53:32.0731 3440 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
16:53:32.0731 3440 IPMIDRV - ok
16:53:32.0809 3440 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
16:53:32.0809 3440 IPNAT - ok
16:53:32.0856 3440 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
16:53:32.0856 3440 IRENUM - ok
16:53:32.0887 3440 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
16:53:32.0887 3440 isapnp - ok
16:53:32.0934 3440 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
16:53:32.0934 3440 iScsiPrt - ok
16:53:32.0981 3440 ISODrive - ok
16:53:33.0059 3440 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
16:53:33.0059 3440 iteatapi - ok
16:53:33.0106 3440 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
16:53:33.0106 3440 iteraid - ok
16:53:33.0153 3440 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
16:53:33.0153 3440 kbdclass - ok
16:53:33.0184 3440 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
16:53:33.0184 3440 kbdhid - ok
16:53:33.0262 3440 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
16:53:33.0262 3440 KSecDD - ok
16:53:33.0355 3440 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:33.0355 3440 lltdio - ok
16:53:33.0433 3440 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
16:53:33.0433 3440 LSI_FC - ok
16:53:33.0496 3440 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
16:53:33.0496 3440 LSI_SAS - ok
16:53:33.0527 3440 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
16:53:33.0543 3440 LSI_SCSI - ok
16:53:33.0589 3440 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
16:53:33.0589 3440 luafv - ok
16:53:33.0652 3440 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
16:53:33.0652 3440 MBAMProtector - ok
16:53:33.0683 3440 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
16:53:33.0683 3440 mcdbus - ok
16:53:33.0730 3440 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
16:53:33.0730 3440 mdmxsdk - ok
16:53:33.0792 3440 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
16:53:33.0792 3440 megasas - ok
16:53:33.0839 3440 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
16:53:33.0839 3440 Modem - ok
16:53:33.0886 3440 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
16:53:33.0901 3440 monitor - ok
16:53:33.0948 3440 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
16:53:33.0964 3440 mouclass - ok
16:53:33.0979 3440 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
16:53:33.0995 3440 mouhid - ok
16:53:34.0042 3440 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
16:53:34.0042 3440 MountMgr - ok
16:53:34.0089 3440 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
16:53:34.0089 3440 MpFilter - ok
16:53:34.0167 3440 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
16:53:34.0167 3440 mpio - ok
16:53:34.0291 3440 MpKsl3289c350 - ok
16:53:34.0307 3440 MpKsl3b7d2e3d - ok
16:53:34.0338 3440 MpKsl455c0f06 - ok
16:53:34.0369 3440 MpKsl58b9e061 - ok
16:53:34.0385 3440 MpKslb4924f84 - ok
16:53:34.0385 3440 MpKsld6768097 - ok
16:53:34.0432 3440 MpKslf63ff257 - ok
16:53:34.0463 3440 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:53:34.0463 3440 MpNWMon - ok
16:53:34.0525 3440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
16:53:34.0525 3440 mpsdrv - ok
16:53:34.0572 3440 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
16:53:34.0572 3440 Mraid35x - ok
16:53:34.0619 3440 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
16:53:34.0619 3440 MRxDAV - ok
16:53:34.0712 3440 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:34.0712 3440 mrxsmb - ok
16:53:34.0790 3440 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:34.0790 3440 mrxsmb10 - ok
16:53:34.0822 3440 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:34.0822 3440 mrxsmb20 - ok
16:53:34.0868 3440 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
16:53:34.0868 3440 msahci - ok
16:53:34.0946 3440 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
16:53:34.0946 3440 msdsm - ok
16:53:35.0040 3440 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
16:53:35.0040 3440 Msfs - ok
16:53:35.0087 3440 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
16:53:35.0087 3440 msisadrv - ok
16:53:35.0124 3440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:35.0126 3440 MSKSSRV - ok
16:53:35.0159 3440 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:35.0160 3440 MSPCLOCK - ok
16:53:35.0225 3440 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
16:53:35.0226 3440 MSPQM - ok
16:53:35.0293 3440 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
16:53:35.0295 3440 MsRPC - ok
16:53:35.0388 3440 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
16:53:35.0389 3440 mssmbios - ok
16:53:35.0413 3440 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
16:53:35.0414 3440 MSTEE - ok
16:53:35.0441 3440 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
16:53:35.0442 3440 Mup - ok
16:53:35.0567 3440 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:35.0568 3440 NativeWifiP - ok
16:53:35.0623 3440 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
16:53:35.0631 3440 NDIS - ok
16:53:35.0675 3440 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:35.0675 3440 NdisTapi - ok
16:53:35.0747 3440 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:35.0747 3440 Ndisuio - ok
16:53:35.0802 3440 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:35.0803 3440 NdisWan - ok
16:53:35.0862 3440 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
16:53:35.0862 3440 NDProxy - ok
16:53:35.0909 3440 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
16:53:35.0910 3440 NetBIOS - ok
16:53:35.0952 3440 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
16:53:35.0953 3440 netbt - ok
16:53:36.0050 3440 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
16:53:36.0051 3440 nfrd960 - ok
16:53:36.0130 3440 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:53:36.0131 3440 NisDrv - ok
16:53:36.0261 3440 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
16:53:36.0262 3440 Npfs - ok
16:53:36.0332 3440 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
16:53:36.0335 3440 nsiproxy - ok
16:53:36.0408 3440 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
16:53:36.0416 3440 Ntfs - ok
16:53:36.0494 3440 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
16:53:36.0495 3440 ntrigdigi - ok
16:53:36.0580 3440 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
16:53:36.0581 3440 Null - ok
16:53:36.0614 3440 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
16:53:36.0615 3440 nvraid - ok
16:53:36.0651 3440 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
16:53:36.0652 3440 nvstor - ok
16:53:36.0677 3440 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
16:53:36.0678 3440 nv_agp - ok
16:53:36.0689 3440 NwlnkFlt - ok
16:53:36.0704 3440 NwlnkFwd - ok
16:53:36.0783 3440 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
16:53:36.0784 3440 ohci1394 - ok
16:53:36.0832 3440 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
16:53:36.0833 3440 Parport - ok
16:53:36.0870 3440 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
16:53:36.0871 3440 partmgr - ok
16:53:36.0906 3440 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
16:53:36.0906 3440 Parvdm - ok
16:53:37.0042 3440 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
16:53:37.0044 3440 pci - ok
16:53:37.0110 3440 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
16:53:37.0111 3440 pciide - ok
16:53:37.0166 3440 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
16:53:37.0169 3440 pcmcia - ok
16:53:37.0225 3440 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
16:53:37.0231 3440 PEAUTH - ok
16:53:37.0323 3440 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:37.0325 3440 PptpMiniport - ok
16:53:37.0355 3440 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
16:53:37.0356 3440 Processor - ok
16:53:37.0393 3440 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
16:53:37.0394 3440 Ps2 - ok
16:53:37.0468 3440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
16:53:37.0469 3440 PSched - ok
16:53:37.0535 3440 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
16:53:37.0536 3440 PxHelp20 - ok
16:53:37.0606 3440 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
16:53:37.0613 3440 ql2300 - ok
16:53:37.0650 3440 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
16:53:37.0651 3440 ql40xx - ok
16:53:37.0719 3440 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
16:53:37.0720 3440 QWAVEdrv - ok
16:53:37.0761 3440 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:37.0762 3440 RasAcd - ok
16:53:37.0838 3440 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:37.0841 3440 Rasl2tp - ok
16:53:37.0918 3440 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:37.0919 3440 RasPppoe - ok
16:53:37.0956 3440 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:37.0958 3440 RasSstp - ok
16:53:37.0999 3440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:38.0002 3440 rdbss - ok
16:53:38.0031 3440 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:38.0031 3440 RDPCDD - ok
16:53:38.0104 3440 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
16:53:38.0106 3440 rdpdr - ok
16:53:38.0138 3440 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
16:53:38.0139 3440 RDPENCDD - ok
16:53:38.0189 3440 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
16:53:38.0192 3440 RDPWD - ok
16:53:38.0305 3440 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:38.0306 3440 rspndr - ok
16:53:38.0342 3440 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
16:53:38.0343 3440 sbp2port - ok
16:53:38.0400 3440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:53:38.0402 3440 secdrv - ok
16:53:38.0479 3440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
16:53:38.0479 3440 Serenum - ok
16:53:38.0520 3440 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
16:53:38.0521 3440 Serial - ok
16:53:38.0572 3440 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
16:53:38.0572 3440 sermouse - ok
16:53:38.0652 3440 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
16:53:38.0653 3440 sffdisk - ok
16:53:38.0689 3440 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:38.0689 3440 sffp_mmc - ok
16:53:38.0728 3440 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
16:53:38.0729 3440 sffp_sd - ok
16:53:38.0749 3440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
16:53:38.0750 3440 sfloppy - ok
16:53:38.0870 3440 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
16:53:38.0871 3440 sisagp - ok
16:53:38.0910 3440 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
16:53:38.0911 3440 SiSRaid2 - ok
16:53:38.0939 3440 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
16:53:38.0940 3440 SiSRaid4 - ok
16:53:38.0974 3440 Smb (582dd675968a175b739c7a100522a4b5) C:\Windows\system32\DRIVERS\smb.sys
16:53:38.0975 3440 Smb ( Virus.Win32.ZAccess.k ) - infected
16:53:38.0975 3440 Smb - detected Virus.Win32.ZAccess.k (0)
16:53:39.0059 3440 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
16:53:39.0060 3440 spldr - ok
16:53:39.0111 3440 sptd (0c1dad75274cb6e31f053ce3e08bf9c3) C:\Windows\system32\Drivers\sptd.sys
16:53:39.0112 3440 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 0c1dad75274cb6e31f053ce3e08bf9c3
16:53:39.0114 3440 sptd ( LockedFile.Multi.Generic ) - warning
16:53:39.0114 3440 sptd - detected LockedFile.Multi.Generic (1)
16:53:39.0183 3440 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
16:53:39.0185 3440 srv - ok
16:53:39.0250 3440 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
16:53:39.0252 3440 srv2 - ok
16:53:39.0323 3440 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:39.0324 3440 srvnet - ok
16:53:39.0435 3440 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
16:53:39.0436 3440 swenum - ok
16:53:39.0469 3440 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
16:53:39.0470 3440 Symc8xx - ok
16:53:39.0500 3440 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
16:53:39.0501 3440 Sym_hi - ok
16:53:39.0525 3440 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
16:53:39.0526 3440 Sym_u3 - ok
16:53:39.0627 3440 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
16:53:39.0634 3440 Tcpip - ok
16:53:39.0657 3440 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:39.0663 3440 Tcpip6 - ok
16:53:39.0699 3440 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
16:53:39.0699 3440 tcpipreg - ok
16:53:39.0774 3440 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
16:53:39.0775 3440 TDPIPE - ok
16:53:39.0809 3440 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
16:53:39.0810 3440 TDTCP - ok
16:53:39.0861 3440 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
16:53:39.0863 3440 tdx - ok
16:53:39.0895 3440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
16:53:39.0895 3440 TermDD - ok
16:53:39.0954 3440 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:39.0955 3440 tssecsrv - ok
16:53:39.0997 3440 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
16:53:39.0998 3440 tunmp - ok
16:53:40.0052 3440 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:40.0053 3440 tunnel - ok
16:53:40.0105 3440 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
16:53:40.0106 3440 uagp35 - ok
16:53:40.0200 3440 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
16:53:40.0201 3440 udfs - ok
16:53:40.0253 3440 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
16:53:40.0254 3440 uliagpkx - ok
16:53:40.0336 3440 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
16:53:40.0340 3440 uliahci - ok
16:53:40.0457 3440 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
16:53:40.0458 3440 UlSata - ok
16:53:40.0494 3440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
16:53:40.0496 3440 ulsata2 - ok
16:53:40.0523 3440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
16:53:40.0524 3440 umbus - ok
16:53:40.0629 3440 USBAAPL (df38374e12e73c25b37b6f8a9b8622ef) C:\Windows\system32\Drivers\usbaapl.sys
16:53:40.0630 3440 USBAAPL - ok
16:53:40.0712 3440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:40.0715 3440 usbccgp - ok
16:53:40.0784 3440 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
16:53:40.0785 3440 usbcir - ok
16:53:40.0831 3440 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:40.0831 3440 usbehci - ok
16:53:40.0864 3440 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:40.0867 3440 usbhub - ok
16:53:40.0894 3440 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
16:53:40.0895 3440 usbohci - ok
16:53:40.0933 3440 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:40.0934 3440 usbprint - ok
16:53:40.0999 3440 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
16:53:40.0999 3440 usbscan - ok
16:53:41.0063 3440 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:53:41.0064 3440 USBSTOR - ok
16:53:41.0101 3440 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
16:53:41.0102 3440 usbuhci - ok
16:53:41.0177 3440 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:41.0178 3440 vga - ok
16:53:41.0228 3440 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
16:53:41.0229 3440 VgaSave - ok
16:53:41.0259 3440 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
16:53:41.0260 3440 viaagp - ok
16:53:41.0290 3440 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
16:53:41.0290 3440 ViaC7 - ok
16:53:41.0330 3440 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
16:53:41.0330 3440 viaide - ok
16:53:41.0419 3440 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
16:53:41.0419 3440 volmgr - ok
16:53:41.0705 3440 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
16:53:41.0707 3440 volmgrx - ok
16:53:41.0749 3440 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
16:53:41.0750 3440 volsnap - ok
16:53:41.0789 3440 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
16:53:41.0791 3440 vsmraid - ok
16:53:41.0874 3440 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
16:53:41.0876 3440 WacomPen - ok
16:53:41.0931 3440 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:41.0932 3440 Wanarp - ok
16:53:41.0937 3440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:41.0938 3440 Wanarpv6 - ok
16:53:42.0056 3440 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
16:53:42.0057 3440 wanatw - ok
16:53:42.0096 3440 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
16:53:42.0097 3440 Wd - ok
16:53:42.0165 3440 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
16:53:42.0169 3440 Wdf01000 - ok
16:53:42.0294 3440 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
16:53:42.0298 3440 winachsf - ok
16:53:42.0463 3440 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
16:53:42.0464 3440 WmiAcpi - ok
16:53:42.0518 3440 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
16:53:42.0518 3440 WpdUsb - ok
16:53:42.0564 3440 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
16:53:42.0565 3440 ws2ifsl - ok
16:53:42.0606 3440 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:42.0608 3440 WUDFRd - ok
16:53:42.0635 3440 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
16:53:42.0636 3440 XAudio - ok
16:53:42.0693 3440 MBR (0x1B8) (c19775569110fa5bfbf1291a6b9e4d2d) \Device\Harddisk0\DR0
16:53:42.0722 3440 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
16:53:42.0722 3440 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
16:53:42.0726 3440 Boot (0x1200) (f012e47827bda9d90bc32794ce9adcb3) \Device\Harddisk0\DR0\Partition0
16:53:42.0727 3440 \Device\Harddisk0\DR0\Partition0 - ok
16:53:42.0741 3440 Boot (0x1200) (48b711a6409fec119bb4125968cf4c8b) \Device\Harddisk0\DR0\Partition1
16:53:42.0742 3440 \Device\Harddisk0\DR0\Partition1 - ok
16:53:42.0742 3440 ============================================================
16:53:42.0742 3440 Scan finished
16:53:42.0742 3440 ============================================================
16:53:42.0758 0288 Detected object count: 3
16:53:42.0758 0288 Actual detected object count: 3
16:54:23.0763 0288 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\smb.sys) error 1813
16:54:28.0520 0288 Backup copy found, using it..
16:54:28.0552 0288 C:\Windows\system32\DRIVERS\smb.sys - will be cured on reboot
16:54:33.0637 0288 Smb ( Virus.Win32.ZAccess.k ) - User select action: Cure
16:54:33.0637 0288 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:54:33.0637 0288 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:54:33.0684 0288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
16:54:33.0684 0288 \Device\Harddisk0\DR0 - ok
16:54:33.0715 0288 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
16:54:48.0612 3844 Deinitialize success

 

[Broni]

Good.

Post new aswMBR log.

 

[bichons9]

MBR scan

Quick scan MBR is still running after 30 minutes. i can't help but notice on the info the app data I went in and changed in order for "sytem check" not to take over completely. remember i told you that one suggested that I go in to hidden files and folders looking for exe. with lots of numbers in front? change the numbers to anything. i changed two exe entries to 123exe and 345exe..I have not done it again since you told me not to change anything. i just wanted to bring that to your attention as "infected" but does prevent my pc from being taken over with thousands of those "system check" warnings. I don't know how long this scan is suppose to run.

 

[bichons9]

I am running MBR again

not sure if this finished. It never said so....

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-21 17:23:16
-----------------------------
17:23:16.031 OS Version: Windows 6.0.6002 Service Pack 2
17:23:16.031 Number of processors: 2 586 0xF02
17:23:16.031 ComputerName: FRAN-PC UserName: fran
17:23:44.201 Initialize success
17:23:44.263 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
17:23:47.742 AVAST engine defs: 12012001
17:24:29.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:24:29.154 Disk 0 Vendor: Hitachi_ V5CO Size: 381554MB BusType: 3
17:24:29.170 Disk 0 MBR read successfully
17:24:29.170 Disk 0 MBR scan
17:24:29.186 Disk 0 unknown MBR code
17:24:29.186 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 373683 MB offset 63
17:24:29.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 7867 MB offset 765304470
17:24:29.217 Disk 0 scanning sectors +781417665
17:24:29.295 Disk 0 scanning C:\Windows\system32\drivers
17:24:37.936 Service scanning
17:24:38.654 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:24:39.231 Modules scanning
17:24:44.284 Disk 0 trace - called modules:
17:24:44.300 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spsm.sys hal.dll >>UNKNOWN [0x856d7944]<<
17:24:44.300 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8622d178]
17:24:44.300 3 CLASSPNP.SYS[8a9ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85768030]
17:24:45.751 AVAST engine scan C:\Windows
17:24:50.539 AVAST engine scan C:\Windows\system32
17:27:25.147 AVAST engine scan C:\Windows\system32\drivers
17:27:36.268 AVAST engine scan C:\Users\fran
17:37:13.069 File: C:\Users\fran\AppData\Local\Temp\87EPgtDlSWkVpf.exe.tmp **INFECTED** Win32:FakeSysdef-A [Trj]
17:39:06.891 File: C:\Users\fran\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\393d13ac-2a08195f **INFECTED** Win32:FakeSysdef-A [Trj]
17:52:32.564 AVAST engine scan C:\ProgramData
17:52:32.720 File: C:\ProgramData\123.exe **INFECTED** Win32:FakeSysdef-A [Trj]
18:20:29.985 Disk 0 MBR has been saved successfully to "C:\Users\fran\Desktop\MBR.dat"
18:20:29.985 The log file has been saved successfully to "C:\Users\fran\Desktop\aswMBR.txt 1.txt"

 

[Broni]

Well done

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[bichons9]

Combofix

Combofix asked me to empty recycle bin and i did. it read that micr. Sec essentials was active but it is not but who knows? This System Check virus is confusing the computer. The security essentials service has been stopped for days.Why? i don't know. I can't access Firewall status...pc unable to find it.And so, Combofix is scanning for infected files now....Thanks

 

[bichons9]

Combofix

"Scanning for infected files... this typically doesn't take more than 10 minutes. however, scan times for badly infected machines may easily double"... That's all it still says.

 

[Broni]

**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

 

[bichons9]

ok

clock is still running at 6pm CST..thanks and so is Combo fix i guess. If it stops, i'll let you know.

 

[bichons9]

ok

Clock is running fine. nothing has changed on blue screen since scan began. is that normal?

 

[Broni]

Restart manually into safe mode and try from there.

 

[bichons9]

Okay

WILL DO...Based on your expertise and realizing the "sklils" (or lack thereof) of people you are trying to help, is it sometimes obvious that it is going to be a losing battle? Have you gathered any information that leads you to any conclusions? or optimism? I'm on my lap top. If you don't think you can help ME, I'll understand. I surely hope everybody realizes the TIME you are giving to all of us. I am going to donate again and I encourage everyone to do the same to keep guys like this "WANTING" to help us!!!!

 

[bichons9]

safemode

I uninstalled windows security essentials even though service has been stopped for awhile with no firewall access. I'm running combofix in safemode. it told me that I am denied administrator but then continues. So, I ran as administrator but says same thing and continues as before: asks if i want to empty recycle bin. This time i said NO. before i have said (I think it's a trick by S,C.)..Then it tries to find a restore point.. I am running in safe mode and will continue. I had that fake Microsoft 2012 security virus and malwarebytes removed it and that was that. This seems alot more serious. When I first got the desksktop, (few years ago), HP told me to return to factory settings due to some media player problem. can I do that now? Or does a virus change the situation? I saw how you are helping people that "know what they are talking about" . They know what info to give you before you even ask....and it is soooo complicated.It makes me worry... Is there hope for me? PS. the strange thing is that my pc boots up faster than ever..Is that because there's nothing in it anymore???

 

[Broni]

asks if i want to empty recycle bin

You should have said "Yes".

Is Combofix progressing in Safe Mode?

 

[bichons9]

It has been in safe mode all night. i said yes a number of times. it was just the last two times I ran it that I said no. Still no change.

 

[bichons9]

Oh, No it is not progressing in safe mode.

 

[Broni]

Restart normally.
Post new Bootkit Remover log.

 

[bichons9]

Okay. Boot kit Remover Log.. I could not connect to the internet after rebooting and emptying the recycle bin just now.. maybe a fluke. When completed, I'll hopefully be able to post it. Thanks

 

[bichons9]

I did bootkit but can't get notepad to take the ctrl +V. I am going to restart the pc and try again..and hope for the best. To get to notepad, i have to go into computer and search and then double click notepad.exe. that is how this virus is doing everything. the accessory folder is empty. You have to go looking for your app or program.

 

[bichons9]

If there is another way to get you that info, let me know. Notepad is there but it will no longer accept the ctrl+v..Thanks.

 

[bichons9]

Notepad works with malewarebytes:
Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
fran :: FRAN-PC [administrator]

Protection: Enabled

1/23/2012 4:04:54 PM
mbam-log-2012-01-23 (16-04-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222895
Time elapsed: 7 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Broni]

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.