Need help removing malware from system, please

Inactive
By Chozen912
Nov 9, 2011
Topic Status:
Not open for further replies.
  1. I've been having problems lately and noticed a few things wrong.

    1. IEXPLORER.EXE is running in the background under 'System'.
    2. Google redirects me to sites randomly
    3. When Firefox (my default browser) is not running, it will open and go to a random ad site or something
    4. Whenever I turn off my computer, and turn it back on, I get the blue screen error: "Page filed in non paged area." After a few reboots, this goes away until next time I turn off PC.


    I've tried Malware Bytes Anti-Malware software, but after a few seconds of starting my scan while in the 'enumerating registry' stage, the program closes and when I try to start it back up, it says, "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Always a reinstall fixes this issues but then it resumes soon afterwards. I also get this error message with many of my media player programs (winamp and itunes).


    I've tried AVG and Norton Antivirus and neither detects any viruses or malwares (but I didn't update them because I have very slow internet connection.


    Can someone please help me? I downloaded and ran Gmer. Hope this helps.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-11-09 13:24:18
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3802110A rev.3.AAE
    Running: vt3vm5hh.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\kwrdakob.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:116] F77F33E0
    Thread System [4:120] 875668C5

    ---- EOF - GMER 1.0.15 ----
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Please do NOT wrap any log in "code" brackets.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Chozen912

    Chozen912 Newcomer, in training Topic Starter

    I ran TDSSKiller and below is the log after I rebooted.


    23:36:53.0000 0560 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
    23:36:55.0000 0560 ============================================================
    23:36:55.0000 0560 Current date / time: 2011/11/09 23:36:55.0000
    23:36:55.0000 0560 SystemInfo:
    23:36:55.0000 0560
    23:36:55.0000 0560 OS Version: 5.1.2600 ServicePack: 3.0
    23:36:55.0000 0560 Product type: Workstation
    23:36:55.0000 0560 ComputerName: NEW-930A5A33911
    23:36:55.0000 0560 UserName: owner
    23:36:55.0000 0560 Windows directory: C:\WINDOWS
    23:36:55.0000 0560 System windows directory: C:\WINDOWS
    23:36:55.0000 0560 Processor architecture: Intel x86
    23:36:55.0000 0560 Number of processors: 1
    23:36:55.0000 0560 Page size: 0x1000
    23:36:55.0000 0560 Boot type: Normal boot
    23:36:55.0000 0560 ============================================================
    23:36:55.0734 0560 Initialize success
    23:36:57.0218 2868 ============================================================
    23:36:57.0218 2868 Scan started
    23:36:57.0218 2868 Mode: Manual;
    23:36:57.0218 2868 ============================================================
    23:36:58.0375 2868 Abiosdsk - ok
    23:36:58.0437 2868 abp480n5 - ok
    23:36:58.0531 2868 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    23:36:58.0531 2868 ac97intc - ok
    23:36:58.0656 2868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    23:36:58.0703 2868 ACPI - ok
    23:36:58.0781 2868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    23:36:58.0781 2868 ACPIEC - ok
    23:36:58.0843 2868 adpu160m - ok
    23:36:58.0937 2868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    23:36:58.0937 2868 aec - ok
    23:36:59.0046 2868 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    23:36:59.0046 2868 AFD - ok
    23:36:59.0203 2868 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    23:36:59.0203 2868 agp440 - ok
    23:36:59.0265 2868 Aha154x - ok
    23:36:59.0328 2868 aic78u2 - ok
    23:36:59.0375 2868 aic78xx - ok
    23:36:59.0484 2868 AliIde - ok
    23:36:59.0531 2868 amsint - ok
    23:36:59.0609 2868 asc - ok
    23:36:59.0656 2868 asc3350p - ok
    23:36:59.0703 2868 asc3550 - ok
    23:36:59.0859 2868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    23:36:59.0859 2868 AsyncMac - ok
    23:36:59.0968 2868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    23:36:59.0968 2868 atapi - ok
    23:37:00.0078 2868 Atdisk - ok
    23:37:00.0187 2868 ati2mtaa (075e091eebb450eedae9da74f5b46494) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
    23:37:00.0203 2868 ati2mtaa - ok
    23:37:00.0578 2868 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    23:37:01.0140 2868 ati2mtag - ok
    23:37:01.0281 2868 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys
    23:37:01.0296 2868 atimpab - ok
    23:37:01.0453 2868 atimtai (84a86a5d286afa48d4ee88ba869806dd) C:\WINDOWS\system32\DRIVERS\atimtai.sys
    23:37:01.0468 2868 atimtai - ok
    23:37:01.0609 2868 atirage (1a573123b2ff4ee70f96bbcc6a986d55) C:\WINDOWS\system32\DRIVERS\atiragem.sys
    23:37:01.0609 2868 atirage - ok
    23:37:01.0687 2868 atirage3 (79e888ccceafb49764b254c2537f1afb) C:\WINDOWS\system32\DRIVERS\atimpae.sys
    23:37:01.0703 2868 atirage3 - ok
    23:37:01.0843 2868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    23:37:01.0843 2868 Atmarpc - ok
    23:37:01.0953 2868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    23:37:01.0953 2868 audstub - ok
    23:37:02.0078 2868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    23:37:02.0078 2868 Beep - ok
    23:37:02.0187 2868 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
    23:37:02.0187 2868 BMLoad - ok
    23:37:02.0343 2868 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    23:37:02.0343 2868 BthEnum - ok
    23:37:02.0453 2868 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    23:37:02.0453 2868 BTHMODEM - ok
    23:37:02.0593 2868 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    23:37:02.0593 2868 BthPan - ok
    23:37:02.0703 2868 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    23:37:02.0718 2868 BTHPORT - ok
    23:37:02.0875 2868 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    23:37:02.0875 2868 BTHUSB - ok
    23:37:02.0953 2868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    23:37:02.0953 2868 cbidf2k - ok
    23:37:03.0062 2868 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    23:37:03.0078 2868 CCDECODE - ok
    23:37:03.0156 2868 cd20xrnt - ok
    23:37:03.0234 2868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    23:37:03.0234 2868 Cdaudio - ok
    23:37:03.0312 2868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    23:37:03.0328 2868 Cdfs - ok
    23:37:03.0421 2868 Cdrom (004c04e0896ed05867dcae11d5407b08) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    23:37:03.0421 2868 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 004c04e0896ed05867dcae11d5407b08, Fake md5: 1f4260cc5b42272d71f79e570a27a4fe
    23:37:03.0421 2868 Cdrom ( Rootkit.Win32.ZAccess.g ) - infected
    23:37:03.0421 2868 Cdrom - detected Rootkit.Win32.ZAccess.g (0)
    23:37:03.0500 2868 cerc6 - ok
    23:37:03.0546 2868 Changer - ok
    23:37:03.0656 2868 CmdIde - ok
    23:37:03.0750 2868 Cpqarray - ok
    23:37:03.0843 2868 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
    23:37:03.0843 2868 cpuz135 - ok
    23:37:03.0937 2868 dac2w2k - ok
    23:37:03.0984 2868 dac960nt - ok
    23:37:04.0078 2868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    23:37:04.0093 2868 Disk - ok
    23:37:04.0203 2868 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
    23:37:04.0203 2868 DM9102 - ok
    23:37:04.0343 2868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    23:37:04.0390 2868 dmboot - ok
    23:37:04.0531 2868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    23:37:04.0531 2868 dmio - ok
    23:37:04.0625 2868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    23:37:04.0625 2868 dmload - ok
    23:37:04.0734 2868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    23:37:04.0734 2868 DMusic - ok
    23:37:04.0812 2868 dpti2o - ok
    23:37:04.0906 2868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    23:37:04.0906 2868 drmkaud - ok
    23:37:05.0046 2868 easytether - ok
    23:37:05.0187 2868 ess (ab570fb40832bee65f4d90a7f02792bf) C:\WINDOWS\system32\drivers\ess.sys
    23:37:05.0203 2868 ess - ok
    23:37:05.0343 2868 f32e631b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\459484915:215063780.exe
    23:37:07.0046 2868 Suspicious file (Hidden): C:\WINDOWS\459484915:215063780.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    23:37:07.0046 2868 f32e631b ( Rootkit.Win32.PMax.gen ) - infected
    23:37:07.0046 2868 f32e631b - detected Rootkit.Win32.PMax.gen (0)
    23:37:07.0421 2868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    23:37:07.0453 2868 Fastfat - ok
    23:37:07.0750 2868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    23:37:07.0750 2868 Fdc - ok
    23:37:07.0984 2868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    23:37:07.0984 2868 Fips - ok
    23:37:08.0156 2868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    23:37:08.0171 2868 Flpydisk - ok
    23:37:08.0328 2868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    23:37:08.0328 2868 FltMgr - ok
    23:37:08.0453 2868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    23:37:08.0453 2868 Fs_Rec - ok
    23:37:08.0734 2868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    23:37:08.0765 2868 Ftdisk - ok
    23:37:09.0046 2868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    23:37:09.0062 2868 Gpc - ok
    23:37:09.0437 2868 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
    23:37:09.0718 2868 HCF_MSFT - ok
    23:37:10.0078 2868 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    23:37:10.0093 2868 hidusb - ok
    23:37:10.0328 2868 hpn - ok
    23:37:10.0656 2868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    23:37:10.0718 2868 HTTP - ok
    23:37:10.0937 2868 i2omgmt - ok
    23:37:11.0156 2868 i2omp - ok
    23:37:11.0484 2868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    23:37:11.0500 2868 i8042prt - ok
    23:37:11.0828 2868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    23:37:11.0843 2868 Imapi - ok
    23:37:12.0093 2868 ini910u - ok
    23:37:12.0437 2868 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    23:37:12.0453 2868 IntelIde - ok
    23:37:12.0718 2868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    23:37:12.0734 2868 Ip6Fw - ok
    23:37:13.0015 2868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    23:37:13.0015 2868 IpFilterDriver - ok
    23:37:13.0312 2868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    23:37:13.0312 2868 IpInIp - ok
    23:37:13.0656 2868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    23:37:13.0734 2868 IpNat - ok
    23:37:14.0031 2868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    23:37:14.0062 2868 IPSec - ok
    23:37:14.0312 2868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    23:37:14.0359 2868 IRENUM - ok
    23:37:14.0625 2868 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
    23:37:14.0687 2868 irsir - ok
    23:37:15.0000 2868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    23:37:15.0046 2868 isapnp - ok
    23:37:15.0390 2868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    23:37:15.0406 2868 Kbdclass - ok
    23:37:15.0687 2868 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    23:37:15.0687 2868 kbdhid - ok
    23:37:16.0015 2868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    23:37:16.0031 2868 kmixer - ok
    23:37:16.0390 2868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    23:37:16.0406 2868 KSecDD - ok
    23:37:16.0703 2868 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    23:37:16.0750 2868 L8042Kbd - ok
    23:37:17.0046 2868 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    23:37:17.0046 2868 L8042mou - ok
    23:37:17.0390 2868 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    23:37:17.0390 2868 LBeepKE - ok
    23:37:17.0656 2868 lbrtfdc - ok
    23:37:17.0937 2868 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    23:37:17.0937 2868 LHidFilt - ok
    23:37:18.0250 2868 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    23:37:18.0250 2868 LMouFilt - ok
    23:37:18.0515 2868 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    23:37:18.0546 2868 LMouKE - ok
    23:37:18.0765 2868 MBAMProtector - ok
    23:37:19.0078 2868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    23:37:19.0078 2868 mnmdd - ok
    23:37:19.0390 2868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    23:37:19.0390 2868 Modem - ok
    23:37:19.0687 2868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23:37:19.0703 2868 Mouclass - ok
    23:37:20.0000 2868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    23:37:20.0015 2868 mouhid - ok
    23:37:20.0296 2868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    23:37:20.0312 2868 MountMgr - ok
    23:37:20.0437 2868 mraid35x - ok
    23:37:20.0687 2868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    23:37:20.0703 2868 MRxDAV - ok
    23:37:20.0859 2868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    23:37:20.0953 2868 MRxSmb - ok
    23:37:21.0234 2868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    23:37:21.0234 2868 Msfs - ok
    23:37:21.0390 2868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    23:37:21.0390 2868 MSKSSRV - ok
    23:37:21.0609 2868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    23:37:21.0609 2868 MSPCLOCK - ok
    23:37:21.0781 2868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    23:37:21.0796 2868 MSPQM - ok
    23:37:22.0015 2868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    23:37:22.0031 2868 mssmbios - ok
    23:37:22.0312 2868 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    23:37:22.0328 2868 MSTEE - ok
    23:37:22.0562 2868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    23:37:22.0578 2868 Mup - ok
    23:37:22.0796 2868 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    23:37:22.0828 2868 NABTSFEC - ok
    23:37:23.0000 2868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    23:37:23.0031 2868 NDIS - ok
    23:37:23.0140 2868 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    23:37:23.0156 2868 NdisIP - ok
    23:37:23.0265 2868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    23:37:23.0281 2868 NdisTapi - ok
    23:37:23.0500 2868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    23:37:23.0500 2868 Ndisuio - ok
    23:37:23.0625 2868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    23:37:23.0640 2868 NdisWan - ok
    23:37:23.0843 2868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    23:37:23.0859 2868 NDProxy - ok
    23:37:24.0031 2868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    23:37:24.0046 2868 NetBIOS - ok
    23:37:24.0296 2868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    23:37:24.0312 2868 NetBT - ok
    23:37:24.0562 2868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    23:37:24.0562 2868 Npfs - ok
    23:37:24.0812 2868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    23:37:24.0843 2868 Ntfs - ok
    23:37:25.0031 2868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    23:37:25.0031 2868 Null - ok
    23:37:25.0468 2868 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    23:37:25.0687 2868 nv - ok
    23:37:25.0875 2868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    23:37:25.0875 2868 NwlnkFlt - ok
    23:37:25.0968 2868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    23:37:25.0984 2868 NwlnkFwd - ok
    23:37:26.0140 2868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    23:37:26.0140 2868 Parport - ok
    23:37:26.0328 2868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    23:37:26.0343 2868 PartMgr - ok
    23:37:26.0484 2868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    23:37:26.0500 2868 ParVdm - ok
    23:37:26.0593 2868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    23:37:26.0593 2868 PCI - ok
    23:37:26.0718 2868 PCIDump - ok
    23:37:26.0750 2868 PCIIde - ok
    23:37:26.0859 2868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    23:37:26.0968 2868 Pcmcia - ok
    23:37:27.0093 2868 PDCOMP - ok
    23:37:27.0140 2868 PDFRAME - ok
    23:37:27.0296 2868 PDRELI - ok
    23:37:27.0375 2868 PDRFRAME - ok
    23:37:27.0453 2868 perc2 - ok
    23:37:27.0531 2868 perc2hib - ok
    23:37:27.0671 2868 pneteth (28460e94ffdf40bb28efdb3d97e959e8) C:\WINDOWS\system32\DRIVERS\pneteth.sys
    23:37:27.0687 2868 pneteth - ok
    23:37:27.0843 2868 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
    23:37:27.0859 2868 pnetmdm - ok
    23:37:28.0046 2868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    23:37:28.0062 2868 PptpMiniport - ok
    23:37:28.0218 2868 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    23:37:28.0234 2868 Processor - ok
    23:37:28.0343 2868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    23:37:28.0359 2868 PSched - ok
    23:37:28.0546 2868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    23:37:28.0546 2868 Ptilink - ok
    23:37:28.0812 2868 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
    23:37:28.0828 2868 PTUMWBus - ok
    23:37:29.0109 2868 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys
    23:37:29.0109 2868 PTUMWCDF - ok
    23:37:29.0281 2868 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
    23:37:29.0296 2868 PTUMWFLT - ok
    23:37:29.0562 2868 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
    23:37:29.0562 2868 PTUMWMdm - ok
    23:37:29.0796 2868 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
    23:37:29.0796 2868 PTUMWNET - ok
    23:37:29.0937 2868 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
    23:37:29.0953 2868 PTUMWVsp - ok
    23:37:30.0171 2868 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    23:37:30.0234 2868 PxHelp20 - ok
    23:37:30.0484 2868 ql1080 - ok
    23:37:30.0640 2868 Ql10wnt - ok
    23:37:30.0750 2868 ql12160 - ok
    23:37:30.0812 2868 ql1240 - ok
    23:37:31.0000 2868 ql1280 - ok
    23:37:31.0125 2868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    23:37:31.0140 2868 RasAcd - ok
    23:37:31.0421 2868 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    23:37:31.0437 2868 Rasirda - ok
    23:37:31.0578 2868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    23:37:31.0578 2868 Rasl2tp - ok
    23:37:31.0734 2868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    23:37:31.0734 2868 RasPppoe - ok
    23:37:31.0953 2868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    23:37:31.0953 2868 Raspti - ok
    23:37:32.0140 2868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    23:37:32.0156 2868 Rdbss - ok
    23:37:32.0406 2868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    23:37:32.0406 2868 RDPCDD - ok
    23:37:32.0578 2868 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    23:37:32.0593 2868 rdpdr - ok
    23:37:32.0906 2868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    23:37:32.0921 2868 RDPWD - ok
    23:37:33.0171 2868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    23:37:33.0171 2868 redbook - ok
    23:37:33.0484 2868 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    23:37:33.0515 2868 RFCOMM - ok
    23:37:33.0765 2868 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    23:37:33.0781 2868 ROOTMODEM - ok
    23:37:34.0109 2868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    23:37:34.0109 2868 Secdrv - ok
    23:37:34.0390 2868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    23:37:34.0406 2868 serenum - ok
    23:37:34.0734 2868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    23:37:34.0750 2868 Serial - ok
    23:37:35.0250 2868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    23:37:35.0265 2868 Sfloppy - ok
    23:37:35.0484 2868 Simbad - ok
    23:37:35.0593 2868 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    23:37:35.0593 2868 SLIP - ok
    23:37:35.0781 2868 Sparrow - ok
    23:37:35.0875 2868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    23:37:35.0875 2868 splitter - ok
    23:37:36.0000 2868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    23:37:36.0015 2868 sr - ok
    23:37:36.0234 2868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    23:37:36.0281 2868 Srv - ok
    23:37:36.0421 2868 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    23:37:36.0437 2868 ssadbus - ok
    23:37:36.0531 2868 StarOpen - ok
    23:37:36.0625 2868 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    23:37:36.0625 2868 streamip - ok
    23:37:36.0734 2868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    23:37:36.0750 2868 swenum - ok
    23:37:36.0859 2868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    23:37:36.0875 2868 swmidi - ok
    23:37:36.0968 2868 symc810 - ok
    23:37:37.0031 2868 symc8xx - ok
    23:37:37.0093 2868 sym_hi - ok
    23:37:37.0156 2868 sym_u3 - ok
    23:37:37.0234 2868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    23:37:37.0234 2868 sysaudio - ok
    23:37:37.0390 2868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    23:37:37.0406 2868 Tcpip - ok
    23:37:37.0515 2868 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
    23:37:37.0515 2868 tcpipBM - ok
    23:37:37.0625 2868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    23:37:37.0625 2868 TDPIPE - ok
    23:37:37.0734 2868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    23:37:37.0734 2868 TDTCP - ok
    23:37:37.0843 2868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    23:37:37.0843 2868 TermDD - ok
    23:37:37.0968 2868 TosIde - ok
    23:37:38.0078 2868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    23:37:38.0078 2868 Udfs - ok
    23:37:38.0187 2868 ultra - ok
    23:37:38.0296 2868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    23:37:38.0312 2868 Update - ok
    23:37:38.0484 2868 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    23:37:38.0484 2868 usbaudio - ok
    23:37:38.0625 2868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    23:37:38.0625 2868 usbccgp - ok
    23:37:38.0734 2868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    23:37:38.0734 2868 usbehci - ok
    23:37:38.0859 2868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    23:37:38.0859 2868 usbhub - ok
    23:37:38.0953 2868 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    23:37:38.0953 2868 USBSTOR - ok
    23:37:39.0125 2868 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    23:37:39.0125 2868 usbuhci - ok
    23:37:39.0250 2868 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    23:37:39.0265 2868 usbvideo - ok
    23:37:39.0406 2868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    23:37:39.0421 2868 VgaSave - ok
    23:37:39.0500 2868 ViaIde - ok
    23:37:39.0578 2868 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
    23:37:39.0578 2868 VIAudio - ok
    23:37:39.0734 2868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    23:37:39.0734 2868 VolSnap - ok
    23:37:39.0890 2868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    23:37:39.0890 2868 Wanarp - ok
    23:37:40.0046 2868 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    23:37:40.0046 2868 Wdf01000 - ok
    23:37:40.0171 2868 WDICA - ok
    23:37:40.0250 2868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    23:37:40.0250 2868 wdmaud - ok
    23:37:40.0484 2868 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    23:37:40.0484 2868 WinUSB - ok
    23:37:40.0671 2868 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    23:37:40.0671 2868 WpdUsb - ok
    23:37:40.0906 2868 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    23:37:40.0906 2868 WSTCODEC - ok
    23:37:41.0031 2868 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    23:37:41.0031 2868 WudfPf - ok
    23:37:41.0375 2868 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    23:37:41.0421 2868 WudfRd - ok
    23:37:41.0609 2868 XDva385 - ok
    23:37:41.0781 2868 XDva386 - ok
    23:37:42.0078 2868 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    23:37:42.0437 2868 \Device\Harddisk0\DR0 - ok
    23:37:42.0468 2868 Boot (0x1200) (1aae0d125cc6042bf682da0ba5196dac) \Device\Harddisk0\DR0\Partition0
    23:37:42.0515 2868 \Device\Harddisk0\DR0\Partition0 - ok
    23:37:42.0531 2868 ============================================================
    23:37:42.0531 2868 Scan finished
    23:37:42.0531 2868 ============================================================
    23:37:42.0562 2876 Detected object count: 2
    23:37:42.0562 2876 Actual detected object count: 2
    23:38:02.0328 2876 Backup copy found, using it..
    23:38:02.0375 2876 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
    23:38:02.0375 2876 Cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
    23:38:02.0421 2876 HKLM\SYSTEM\ControlSet002\services\f32e631b - will be deleted on reboot
    23:38:02.0453 2876 HKLM\SYSTEM\ControlSet003\services\f32e631b - will be deleted on reboot
    23:38:02.0468 2876 HKLM\SYSTEM\ControlSet004\services\f32e631b - will be deleted on reboot
    23:38:02.0484 2876 C:\WINDOWS\459484915:215063780.exe - will be deleted on reboot
    23:38:02.0484 2876 f32e631b ( Rootkit.Win32.PMax.gen ) - User select action: Delete
    23:38:10.0828 2712 Deinitialize success
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very well.
    Please re-run the tool one more time.
  5. Chozen912

    Chozen912 Newcomer, in training Topic Starter

    Okay, ran the tool again








    14:47:38.0187 3212 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
    14:47:40.0187 3212 ============================================================
    14:47:40.0187 3212 Current date / time: 2011/11/10 14:47:40.0187
    14:47:40.0187 3212 SystemInfo:
    14:47:40.0187 3212
    14:47:40.0187 3212 OS Version: 5.1.2600 ServicePack: 3.0
    14:47:40.0187 3212 Product type: Workstation
    14:47:40.0187 3212 ComputerName: NEW-930A5A33911
    14:47:40.0187 3212 UserName: owner
    14:47:40.0187 3212 Windows directory: C:\WINDOWS
    14:47:40.0187 3212 System windows directory: C:\WINDOWS
    14:47:40.0187 3212 Processor architecture: Intel x86
    14:47:40.0187 3212 Number of processors: 1
    14:47:40.0187 3212 Page size: 0x1000
    14:47:40.0187 3212 Boot type: Normal boot
    14:47:40.0187 3212 ============================================================
    14:47:40.0906 3212 Initialize success
    14:47:43.0046 3356 ============================================================
    14:47:43.0046 3356 Scan started
    14:47:43.0046 3356 Mode: Manual;
    14:47:43.0046 3356 ============================================================
    14:47:44.0296 3356 Abiosdsk - ok
    14:47:44.0343 3356 abp480n5 - ok
    14:47:44.0453 3356 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    14:47:44.0453 3356 ac97intc - ok
    14:47:44.0578 3356 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    14:47:44.0609 3356 ACPI - ok
    14:47:44.0734 3356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    14:47:44.0734 3356 ACPIEC - ok
    14:47:44.0812 3356 adpu160m - ok
    14:47:44.0890 3356 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    14:47:44.0906 3356 aec - ok
    14:47:45.0062 3356 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    14:47:45.0062 3356 AFD - ok
    14:47:45.0140 3356 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    14:47:45.0156 3356 agp440 - ok
    14:47:45.0218 3356 Aha154x - ok
    14:47:45.0281 3356 aic78u2 - ok
    14:47:45.0328 3356 aic78xx - ok
    14:47:45.0421 3356 AliIde - ok
    14:47:45.0468 3356 amsint - ok
    14:47:45.0546 3356 asc - ok
    14:47:45.0593 3356 asc3350p - ok
    14:47:45.0640 3356 asc3550 - ok
    14:47:45.0828 3356 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14:47:45.0859 3356 AsyncMac - ok
    14:47:46.0093 3356 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    14:47:46.0109 3356 atapi - ok
    14:47:46.0187 3356 Atdisk - ok
    14:47:46.0312 3356 ati2mtaa (075e091eebb450eedae9da74f5b46494) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
    14:47:46.0359 3356 ati2mtaa - ok
    14:47:46.0765 3356 ati2mtag (c2b6f2161abd498d2b453050ffc81812) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    14:47:47.0000 3356 ati2mtag - ok
    14:47:47.0296 3356 atimpab (8d70c26425fde49ddce5bb2cf25b8df2) C:\WINDOWS\system32\DRIVERS\atimpab.sys
    14:47:47.0312 3356 atimpab - ok
    14:47:47.0421 3356 atimtai (84a86a5d286afa48d4ee88ba869806dd) C:\WINDOWS\system32\DRIVERS\atimtai.sys
    14:47:47.0437 3356 atimtai - ok
    14:47:47.0546 3356 atirage (1a573123b2ff4ee70f96bbcc6a986d55) C:\WINDOWS\system32\DRIVERS\atiragem.sys
    14:47:47.0546 3356 atirage - ok
    14:47:47.0671 3356 atirage3 (79e888ccceafb49764b254c2537f1afb) C:\WINDOWS\system32\DRIVERS\atimpae.sys
    14:47:47.0671 3356 atirage3 - ok
    14:47:47.0765 3356 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    14:47:47.0765 3356 Atmarpc - ok
    14:47:47.0890 3356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    14:47:47.0890 3356 audstub - ok
    14:47:47.0984 3356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    14:47:47.0984 3356 Beep - ok
    14:47:48.0109 3356 BMLoad (98f4630b5867d911ad6eae79874bf5e6) C:\WINDOWS\system32\drivers\BMLoad.sys
    14:47:48.0109 3356 BMLoad - ok
    14:47:48.0234 3356 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    14:47:48.0250 3356 BthEnum - ok
    14:47:48.0343 3356 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
    14:47:48.0359 3356 BTHMODEM - ok
    14:47:48.0468 3356 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    14:47:48.0468 3356 BthPan - ok
    14:47:48.0625 3356 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
    14:47:48.0640 3356 BTHPORT - ok
    14:47:48.0765 3356 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    14:47:48.0781 3356 BTHUSB - ok
    14:47:48.0890 3356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    14:47:48.0890 3356 cbidf2k - ok
    14:47:48.0984 3356 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    14:47:48.0984 3356 CCDECODE - ok
    14:47:49.0078 3356 cd20xrnt - ok
    14:47:49.0156 3356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    14:47:49.0156 3356 Cdaudio - ok
    14:47:49.0250 3356 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    14:47:49.0250 3356 Cdfs - ok
    14:47:49.0328 3356 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    14:47:49.0328 3356 Cdrom - ok
    14:47:49.0375 3356 cerc6 - ok
    14:47:49.0437 3356 Changer - ok
    14:47:49.0531 3356 CmdIde - ok
    14:47:49.0625 3356 Cpqarray - ok
    14:47:49.0718 3356 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
    14:47:49.0718 3356 cpuz135 - ok
    14:47:49.0812 3356 dac2w2k - ok
    14:47:49.0859 3356 dac960nt - ok
    14:47:49.0968 3356 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    14:47:49.0968 3356 Disk - ok
    14:47:50.0078 3356 DM9102 (51ef6ca3d57055fed6ab99021d562443) C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS
    14:47:50.0078 3356 DM9102 - ok
    14:47:50.0250 3356 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    14:47:50.0281 3356 dmboot - ok
    14:47:50.0437 3356 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    14:47:50.0437 3356 dmio - ok
    14:47:50.0515 3356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    14:47:50.0531 3356 dmload - ok
    14:47:50.0609 3356 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    14:47:50.0625 3356 DMusic - ok
    14:47:50.0718 3356 dpti2o - ok
    14:47:50.0796 3356 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    14:47:50.0812 3356 drmkaud - ok
    14:47:50.0890 3356 easytether - ok
    14:47:50.0953 3356 ess (ab570fb40832bee65f4d90a7f02792bf) C:\WINDOWS\system32\drivers\ess.sys
    14:47:50.0968 3356 ess - ok
    14:47:51.0078 3356 f32e631b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\459484915:215063780.exe
    14:47:51.0843 3356 Suspicious file (Hidden): C:\WINDOWS\459484915:215063780.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    14:47:51.0843 3356 f32e631b ( Rootkit.Win32.PMax.gen ) - infected
    14:47:51.0843 3356 f32e631b - detected Rootkit.Win32.PMax.gen (0)
    14:47:51.0937 3356 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    14:47:51.0937 3356 Fastfat - ok
    14:47:52.0062 3356 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    14:47:52.0062 3356 Fdc - ok
    14:47:52.0171 3356 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    14:47:52.0187 3356 Fips - ok
    14:47:52.0281 3356 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    14:47:52.0281 3356 Flpydisk - ok
    14:47:52.0406 3356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    14:47:52.0406 3356 FltMgr - ok
    14:47:52.0562 3356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    14:47:52.0562 3356 Fs_Rec - ok
    14:47:52.0671 3356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    14:47:52.0671 3356 Ftdisk - ok
    14:47:52.0765 3356 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    14:47:52.0765 3356 Gpc - ok
    14:47:52.0890 3356 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
    14:47:52.0937 3356 HCF_MSFT - ok
    14:47:53.0078 3356 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    14:47:53.0078 3356 hidusb - ok
    14:47:53.0171 3356 hpn - ok
    14:47:53.0250 3356 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    14:47:53.0265 3356 HTTP - ok
    14:47:53.0390 3356 i2omgmt - ok
    14:47:53.0468 3356 i2omp - ok
    14:47:53.0531 3356 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    14:47:53.0546 3356 i8042prt - ok
    14:47:53.0687 3356 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    14:47:53.0687 3356 Imapi - ok
    14:47:53.0796 3356 ini910u - ok
    14:47:53.0890 3356 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    14:47:53.0890 3356 IntelIde - ok
    14:47:53.0984 3356 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    14:47:54.0000 3356 Ip6Fw - ok
    14:47:54.0093 3356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    14:47:54.0109 3356 IpFilterDriver - ok
    14:47:54.0203 3356 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    14:47:54.0203 3356 IpInIp - ok
    14:47:54.0328 3356 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    14:47:54.0328 3356 IpNat - ok
    14:47:54.0437 3356 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    14:47:54.0437 3356 IPSec - ok
    14:47:54.0593 3356 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    14:47:54.0593 3356 IRENUM - ok
    14:47:54.0671 3356 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
    14:47:54.0671 3356 irsir - ok
    14:47:54.0796 3356 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    14:47:54.0796 3356 isapnp - ok
    14:47:54.0921 3356 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    14:47:54.0921 3356 Kbdclass - ok
    14:47:55.0015 3356 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    14:47:55.0015 3356 kbdhid - ok
    14:47:55.0125 3356 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    14:47:55.0125 3356 kmixer - ok
    14:47:55.0234 3356 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    14:47:55.0234 3356 KSecDD - ok
    14:47:55.0359 3356 L8042Kbd (0c6e346cde730cf1356dd69ad6e9bc42) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
    14:47:55.0359 3356 L8042Kbd - ok
    14:47:55.0453 3356 L8042mou (8a5993705add14352c9a279fa8338334) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    14:47:55.0453 3356 L8042mou - ok
    14:47:55.0593 3356 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
    14:47:55.0593 3356 LBeepKE - ok
    14:47:55.0671 3356 lbrtfdc - ok
    14:47:55.0796 3356 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
    14:47:55.0796 3356 LHidFilt - ok
    14:47:55.0921 3356 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
    14:47:55.0937 3356 LMouFilt - ok
    14:47:56.0046 3356 LMouKE (9837e55673818ecd8febb47f7f77521a) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    14:47:56.0046 3356 LMouKE - ok
    14:47:56.0203 3356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    14:47:56.0203 3356 mnmdd - ok
    14:47:56.0296 3356 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    14:47:56.0296 3356 Modem - ok
    14:47:56.0406 3356 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    14:47:56.0406 3356 Mouclass - ok
    14:47:56.0500 3356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    14:47:56.0500 3356 mouhid - ok
    14:47:56.0625 3356 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    14:47:56.0625 3356 MountMgr - ok
    14:47:56.0687 3356 mraid35x - ok
    14:47:56.0796 3356 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    14:47:56.0812 3356 MRxDAV - ok
    14:47:56.0937 3356 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    14:47:56.0953 3356 MRxSmb - ok
    14:47:57.0093 3356 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    14:47:57.0093 3356 Msfs - ok
    14:47:57.0218 3356 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    14:47:57.0218 3356 MSKSSRV - ok
    14:47:57.0328 3356 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    14:47:57.0328 3356 MSPCLOCK - ok
    14:47:57.0437 3356 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    14:47:57.0437 3356 MSPQM - ok
    14:47:57.0562 3356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    14:47:57.0578 3356 mssmbios - ok
    14:47:57.0640 3356 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    14:47:57.0640 3356 MSTEE - ok
    14:47:57.0750 3356 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    14:47:57.0765 3356 Mup - ok
    14:47:57.0875 3356 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    14:47:57.0875 3356 NABTSFEC - ok
    14:47:58.0031 3356 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    14:47:58.0046 3356 NDIS - ok
    14:47:58.0125 3356 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    14:47:58.0125 3356 NdisIP - ok
    14:47:58.0218 3356 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    14:47:58.0234 3356 NdisTapi - ok
    14:47:58.0343 3356 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    14:47:58.0343 3356 Ndisuio - ok
    14:47:58.0453 3356 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    14:47:58.0453 3356 NdisWan - ok
    14:47:58.0609 3356 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    14:47:58.0609 3356 NDProxy - ok
    14:47:58.0687 3356 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    14:47:58.0703 3356 NetBIOS - ok
    14:47:58.0828 3356 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    14:47:58.0828 3356 NetBT - ok
    14:47:59.0000 3356 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    14:47:59.0015 3356 Npfs - ok
    14:47:59.0140 3356 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    14:47:59.0171 3356 Ntfs - ok
    14:47:59.0296 3356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    14:47:59.0296 3356 Null - ok
    14:47:59.0640 3356 nv (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    14:47:59.0875 3356 nv - ok
    14:48:00.0031 3356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    14:48:00.0031 3356 NwlnkFlt - ok
    14:48:00.0156 3356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    14:48:00.0156 3356 NwlnkFwd - ok
    14:48:00.0312 3356 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    14:48:00.0312 3356 Parport - ok
    14:48:00.0437 3356 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    14:48:00.0453 3356 PartMgr - ok
    14:48:00.0546 3356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    14:48:00.0546 3356 ParVdm - ok
    14:48:00.0671 3356 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    14:48:00.0671 3356 PCI - ok
    14:48:00.0765 3356 PCIDump - ok
    14:48:00.0859 3356 PCIIde - ok
    14:48:00.0953 3356 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    14:48:00.0953 3356 Pcmcia - ok
    14:48:01.0000 3356 PDCOMP - ok
    14:48:01.0046 3356 PDFRAME - ok
    14:48:01.0093 3356 PDRELI - ok
    14:48:01.0156 3356 PDRFRAME - ok
    14:48:01.0203 3356 perc2 - ok
    14:48:01.0250 3356 perc2hib - ok
    14:48:01.0406 3356 pneteth (28460e94ffdf40bb28efdb3d97e959e8) C:\WINDOWS\system32\DRIVERS\pneteth.sys
    14:48:01.0406 3356 pneteth - ok
    14:48:01.0500 3356 pnetmdm (da19e3401f39c10df193be029c7e7bba) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
    14:48:01.0515 3356 pnetmdm - ok
    14:48:01.0609 3356 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    14:48:01.0625 3356 PptpMiniport - ok
    14:48:01.0734 3356 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    14:48:01.0734 3356 Processor - ok
    14:48:01.0843 3356 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    14:48:01.0859 3356 PSched - ok
    14:48:02.0000 3356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    14:48:02.0000 3356 Ptilink - ok
    14:48:02.0093 3356 PTUMWBus (9866479c5c894c3a064eeb6f68618822) C:\WINDOWS\system32\DRIVERS\PTUMWBus.sys
    14:48:02.0093 3356 PTUMWBus - ok
    14:48:02.0171 3356 PTUMWCDF (c51eac8fb88163304329279e82f1d89f) C:\WINDOWS\system32\DRIVERS\PTUMWCDF.sys
    14:48:02.0171 3356 PTUMWCDF - ok
    14:48:02.0296 3356 PTUMWFLT (4f840761bb4d674856f6c36f9b66624c) C:\WINDOWS\system32\DRIVERS\PTUMWFLT.sys
    14:48:02.0296 3356 PTUMWFLT - ok
    14:48:02.0406 3356 PTUMWMdm (411e332a6426c9b87f5f9b02bcdd15bf) C:\WINDOWS\system32\DRIVERS\PTUMWMdm.sys
    14:48:02.0421 3356 PTUMWMdm - ok
    14:48:02.0531 3356 PTUMWNET (bdc1f41f77415a432ca030f30f2ab898) C:\WINDOWS\system32\DRIVERS\PTUMWNET.sys
    14:48:02.0531 3356 PTUMWNET - ok
    14:48:02.0656 3356 PTUMWVsp (e4812824cdc46a90dde225c0fd284098) C:\WINDOWS\system32\DRIVERS\PTUMWVsp.sys
    14:48:02.0656 3356 PTUMWVsp - ok
    14:48:02.0812 3356 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    14:48:02.0828 3356 PxHelp20 - ok
    14:48:02.0875 3356 ql1080 - ok
    14:48:02.0937 3356 Ql10wnt - ok
    14:48:02.0984 3356 ql12160 - ok
    14:48:03.0031 3356 ql1240 - ok
    14:48:03.0078 3356 ql1280 - ok
    14:48:03.0156 3356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    14:48:03.0156 3356 RasAcd - ok
    14:48:03.0265 3356 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
    14:48:03.0265 3356 Rasirda - ok
    14:48:03.0375 3356 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    14:48:03.0375 3356 Rasl2tp - ok
    14:48:03.0500 3356 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    14:48:03.0500 3356 RasPppoe - ok
    14:48:03.0609 3356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    14:48:03.0625 3356 Raspti - ok
    14:48:03.0718 3356 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    14:48:03.0718 3356 Rdbss - ok
    14:48:03.0828 3356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    14:48:03.0828 3356 RDPCDD - ok
    14:48:03.0953 3356 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    14:48:03.0953 3356 rdpdr - ok
    14:48:04.0031 3356 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    14:48:04.0046 3356 RDPWD - ok
    14:48:04.0218 3356 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    14:48:04.0218 3356 redbook - ok
    14:48:04.0328 3356 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    14:48:04.0328 3356 RFCOMM - ok
    14:48:04.0437 3356 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    14:48:04.0437 3356 ROOTMODEM - ok
    14:48:04.0625 3356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    14:48:04.0625 3356 Secdrv - ok
    14:48:04.0781 3356 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    14:48:04.0781 3356 serenum - ok
    14:48:04.0921 3356 Serial (bae8d82da3e64d0c83e606b35c385f4d) C:\WINDOWS\system32\DRIVERS\serial.sys
    14:48:04.0921 3356 Serial ( Rootkit.Win32.ZAccess.e ) - infected
    14:48:04.0921 3356 Serial - detected Rootkit.Win32.ZAccess.e (0)
    14:48:05.0093 3356 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    14:48:05.0093 3356 Sfloppy - ok
    14:48:05.0203 3356 Simbad - ok
    14:48:05.0281 3356 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    14:48:05.0296 3356 SLIP - ok
    14:48:05.0406 3356 Sparrow - ok
    14:48:05.0484 3356 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    14:48:05.0484 3356 splitter - ok
    14:48:05.0625 3356 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    14:48:05.0625 3356 sr - ok
    14:48:05.0796 3356 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    14:48:05.0843 3356 Srv - ok
    14:48:05.0953 3356 ssadbus (48f44a1be434830b7c90fb730745f65a) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    14:48:05.0968 3356 ssadbus - ok
    14:48:06.0031 3356 StarOpen - ok
    14:48:06.0109 3356 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    14:48:06.0109 3356 streamip - ok
    14:48:06.0203 3356 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    14:48:06.0203 3356 swenum - ok
    14:48:06.0296 3356 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    14:48:06.0312 3356 swmidi - ok
    14:48:06.0406 3356 symc810 - ok
    14:48:06.0468 3356 symc8xx - ok
    14:48:06.0515 3356 sym_hi - ok
    14:48:06.0562 3356 sym_u3 - ok
    14:48:06.0656 3356 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    14:48:06.0656 3356 sysaudio - ok
    14:48:06.0812 3356 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    14:48:06.0828 3356 Tcpip - ok
    14:48:06.0953 3356 tcpipBM (4bed0c7fdf414d1bd26bf33ea673ca49) C:\WINDOWS\system32\drivers\tcpipBM.sys
    14:48:06.0968 3356 tcpipBM - ok
    14:48:07.0031 3356 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    14:48:07.0046 3356 TDPIPE - ok
    14:48:07.0125 3356 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    14:48:07.0125 3356 TDTCP - ok
    14:48:07.0234 3356 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    14:48:07.0234 3356 TermDD - ok
    14:48:07.0375 3356 TosIde - ok
    14:48:07.0484 3356 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    14:48:07.0484 3356 Udfs - ok
    14:48:07.0593 3356 ultra - ok
    14:48:07.0703 3356 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    14:48:07.0718 3356 Update - ok
    14:48:07.0875 3356 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    14:48:07.0875 3356 usbaudio - ok
    14:48:07.0984 3356 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    14:48:07.0984 3356 usbccgp - ok
    14:48:08.0109 3356 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    14:48:08.0109 3356 usbehci - ok
    14:48:08.0218 3356 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    14:48:08.0234 3356 usbhub - ok
    14:48:08.0343 3356 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    14:48:08.0343 3356 USBSTOR - ok
    14:48:08.0437 3356 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    14:48:08.0437 3356 usbuhci - ok
    14:48:08.0546 3356 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    14:48:08.0562 3356 usbvideo - ok
    14:48:08.0687 3356 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    14:48:08.0687 3356 VgaSave - ok
    14:48:08.0765 3356 ViaIde - ok
    14:48:08.0843 3356 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys
    14:48:08.0859 3356 VIAudio - ok
    14:48:09.0015 3356 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    14:48:09.0015 3356 VolSnap - ok
    14:48:09.0421 3356 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    14:48:09.0421 3356 Wanarp - ok
    14:48:09.0546 3356 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    14:48:09.0578 3356 Wdf01000 - ok
    14:48:09.0687 3356 WDICA - ok
    14:48:09.0796 3356 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    14:48:09.0812 3356 wdmaud - ok
    14:48:10.0046 3356 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    14:48:10.0046 3356 WinUSB - ok
    14:48:10.0218 3356 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    14:48:10.0234 3356 WpdUsb - ok
    14:48:10.0359 3356 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    14:48:10.0375 3356 WSTCODEC - ok
    14:48:10.0515 3356 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    14:48:10.0515 3356 WudfPf - ok
    14:48:10.0625 3356 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    14:48:10.0625 3356 WudfRd - ok
    14:48:10.0750 3356 XDva385 - ok
    14:48:10.0812 3356 XDva386 - ok
    14:48:11.0109 3356 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    14:48:11.0234 3356 \Device\Harddisk0\DR0 - ok
    14:48:11.0265 3356 Boot (0x1200) (1aae0d125cc6042bf682da0ba5196dac) \Device\Harddisk0\DR0\Partition0
    14:48:11.0265 3356 \Device\Harddisk0\DR0\Partition0 - ok
    14:48:11.0265 3356 ============================================================
    14:48:11.0265 3356 Scan finished
    14:48:11.0265 3356 ============================================================
    14:48:11.0328 3676 Detected object count: 2
    14:48:11.0328 3676 Actual detected object count: 2
    14:48:19.0593 3676 HKLM\SYSTEM\ControlSet003\services\f32e631b - will be deleted on reboot
    14:48:19.0593 3676 HKLM\SYSTEM\ControlSet004\services\f32e631b - will be deleted on reboot
    14:48:19.0609 3676 C:\WINDOWS\459484915:215063780.exe - will be deleted on reboot
    14:48:19.0609 3676 f32e631b ( Rootkit.Win32.PMax.gen ) - User select action: Delete
    14:48:19.0703 3676 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
    14:48:25.0796 3676 Backup copy found, using it..
    14:48:25.0828 3676 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
    14:48:25.0828 3676 Serial ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
    14:48:33.0703 2056 Deinitialize success
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.