Inactive Virus has control of safe mode

maggymae

Posts: 8   +0
I need Help...obviously, I know.
this virus, I have not seen a name, loads at start-up in normal mode with a virus scanning gui and a bunch of write error dialog boxes. I can close the boxes but not the gui with a tab named system restore. I have no task manager no run tab no ctrl-alt-del also no files viseable and nothing in the start-up folder.
safe mode will start but I have no task manager or any control or programs.
cannot start any programs in either mode.
 
Let's see if we can get one up on this:

What the malware is:
This infection is classified as a rogue anti-spyware program because it uses false security alerts and fake scan results to try and trick you into thinking that your computer is infected so that you will then purchase it. It scans then goes on to display a variety of fake security alerts and warnings that are designed to make you think your computer has a serious security problem.
======================================
Please print instructions. It is important that you proceed in the order given:

If you cannot see some programs files, icons, etc, you can run the following. Please note: this does not remove the malware itself, so it's important to continue:

Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
======================================
Please do the following to help you run other programs:

Boot into Safe Mode
  • Restart your computer and start pressing the F8 key on your keyboard.
  • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.

This infection may change your Windows settings to use a proxy server that will not allow you to browse any pages on the Internet with Internet Explorer or update security software, we will first need need to fix this: Launch Internet Explorer
  • Access Internet Options through Tools> Connections tab
  • Click on the Lan Settings at the bottom
  • Proxy Server section> uncheck the box labeled 'Use a proxy server for your LAN.
  • Then click on OK> and OK again to close Internet Options.
===============================
This malware frequently comes with the TDSS rootkit, so do the following:
  • Download the file TDSSKiller.zip and save to the desktop.
    (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
  • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
  • Double click on TDSSKiller.exe. to run the scan
  • When the scan is over, the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
  • Select the action Quarantine to quarantine detected objects.
    The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Please leave the log.
  • After clicking Next, the utility applies selected actions and outputs the result.
  • A reboot is required after disinfection.
====================================
If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
====================================
To end the processes that belong to the malware:
Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one. (Vista and Win7 users need to right click Rkill and choose Run as Administrator)

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot until instructed. as it will start the malware again
==================================
Hopefully you will be able to now follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Exception from preliminary scans: Please run Malwarebytes in a Full Scan mode instead of Quick Scan. Make sure the the Perform Full Scan option is selected and then click on the Scan button.
When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
========================================
You can also skip GMER: Logs to leave:
TDSSKiller
RKill
Malwarebytes
2 logs from DDS

Note: it is important that you do not delete any files from your Temp folder or use any temp file cleaners. This is because when this infection is installed it will delete shortcuts found in various locations and store backups of them in the %Temp%\smtmp folder.
====================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
cannot complete

thanks for the assist...
followed your instructions in safe mode and things progressed as stated... attempted the 5 step and that machine will not connect to internet.I can transfer files to the machine via flash but am leary about bringing the drive to unaffected machine to post results. upon restating to normal mode the virus is still very much there.
suggestions?
 
The flash drive can be disinfected and immunized:

  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
 
requested reports

First off Thanks for your time...i can't say it enough...
TDSSKILLER safe mode:
12:01:46.0515 0184 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:01:46.0546 0184 ============================================================
12:01:46.0546 0184 Current date / time: 2011/11/01 12:01:46.0546
12:01:46.0546 0184 SystemInfo:
12:01:46.0546 0184
12:01:46.0546 0184 OS Version: 5.1.2600 ServicePack: 3.0
12:01:46.0546 0184 Product type: Workstation
12:01:46.0546 0184 ComputerName: IT
12:01:46.0546 0184 UserName: puter
12:01:46.0546 0184 Windows directory: C:\WINDOWS
12:01:46.0546 0184 System windows directory: C:\WINDOWS
12:01:46.0546 0184 Processor architecture: Intel x86
12:01:46.0546 0184 Number of processors: 2
12:01:46.0546 0184 Page size: 0x1000
12:01:46.0546 0184 Boot type: Safe boot with network
12:01:46.0546 0184 ============================================================
12:01:49.0562 0184 Initialize success
12:02:14.0328 0232 ============================================================
12:02:14.0328 0232 Scan started
12:02:14.0328 0232 Mode: Manual;
12:02:14.0328 0232 ============================================================
12:02:16.0296 0232 39d06729 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\694669369:3325008086.exe
12:02:17.0500 0232 Suspicious file (Hidden): C:\WINDOWS\694669369:3325008086.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
12:02:17.0500 0232 39d06729 ( Rootkit.Win32.PMax.gen ) - infected
12:02:17.0500 0232 39d06729 - detected Rootkit.Win32.PMax.gen (0)
12:02:17.0593 0232 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:02:17.0593 0232 Aavmker4 - ok
12:02:17.0625 0232 Abiosdsk - ok
12:02:17.0656 0232 abp480n5 - ok
12:02:17.0734 0232 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:02:17.0734 0232 ACPI - ok
12:02:17.0796 0232 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:02:17.0796 0232 ACPIEC - ok
12:02:17.0843 0232 adpu160m - ok
12:02:17.0906 0232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:02:17.0906 0232 aec - ok
12:02:17.0984 0232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:02:17.0984 0232 AFD - ok
12:02:18.0015 0232 Aha154x - ok
12:02:18.0062 0232 aic78u2 - ok
12:02:18.0125 0232 aic78xx - ok
12:02:18.0203 0232 AliIde - ok
12:02:18.0234 0232 amsint - ok
12:02:18.0296 0232 asc - ok
12:02:18.0328 0232 asc3350p - ok
12:02:18.0375 0232 asc3550 - ok
12:02:18.0437 0232 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:02:18.0437 0232 aswFsBlk - ok
12:02:18.0515 0232 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
12:02:18.0531 0232 aswMon2 - ok
12:02:18.0578 0232 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
12:02:18.0578 0232 aswRdr - ok
12:02:18.0687 0232 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
12:02:18.0703 0232 aswSnx - ok
12:02:18.0796 0232 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
12:02:18.0812 0232 aswSP - ok
12:02:18.0906 0232 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
12:02:18.0906 0232 aswTdi - ok
12:02:18.0937 0232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:02:18.0953 0232 AsyncMac - ok
12:02:19.0015 0232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:02:19.0015 0232 atapi - ok
12:02:19.0046 0232 Atdisk - ok
12:02:19.0125 0232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:02:19.0125 0232 Atmarpc - ok
12:02:19.0203 0232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:02:19.0203 0232 audstub - ok
12:02:19.0328 0232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:02:19.0328 0232 Beep - ok
12:02:19.0421 0232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:02:19.0421 0232 cbidf2k - ok
12:02:19.0468 0232 cd20xrnt - ok
12:02:19.0515 0232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:02:19.0515 0232 Cdaudio - ok
12:02:19.0578 0232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:02:19.0578 0232 Cdfs - ok
12:02:19.0656 0232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:02:19.0671 0232 Cdrom - ok
12:02:19.0687 0232 Changer - ok
12:02:19.0750 0232 CmdIde - ok
12:02:19.0828 0232 Cpqarray - ok
12:02:19.0875 0232 dac2w2k - ok
12:02:19.0906 0232 dac960nt - ok
12:02:20.0031 0232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:02:20.0031 0232 Disk - ok
12:02:20.0109 0232 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:02:20.0140 0232 dmboot - ok
12:02:20.0203 0232 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:02:20.0203 0232 dmio - ok
12:02:20.0250 0232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:02:20.0250 0232 dmload - ok
12:02:20.0343 0232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:02:20.0343 0232 DMusic - ok
12:02:20.0421 0232 dpti2o - ok
12:02:20.0484 0232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:02:20.0484 0232 drmkaud - ok
12:02:20.0546 0232 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
12:02:20.0546 0232 E1000 - ok
12:02:20.0625 0232 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:02:20.0625 0232 E100B - ok
12:02:20.0750 0232 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
12:02:20.0750 0232 es1371 - ok
12:02:20.0843 0232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:02:20.0859 0232 Fastfat - ok
12:02:20.0953 0232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:02:20.0953 0232 Fdc - ok
12:02:21.0000 0232 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:02:21.0000 0232 Fips - ok
12:02:21.0046 0232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:02:21.0046 0232 Flpydisk - ok
12:02:21.0140 0232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:02:21.0140 0232 FltMgr - ok
12:02:21.0203 0232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:02:21.0203 0232 Fs_Rec - ok
12:02:21.0265 0232 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:02:21.0265 0232 Ftdisk - ok
12:02:21.0312 0232 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:02:21.0312 0232 gameenum - ok
12:02:21.0375 0232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:02:21.0375 0232 Gpc - ok
12:02:21.0437 0232 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:02:21.0437 0232 hidusb - ok
12:02:21.0484 0232 hpn - ok
12:02:21.0593 0232 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:02:21.0593 0232 HPZid412 - ok
12:02:21.0687 0232 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:02:21.0687 0232 HPZipr12 - ok
12:02:21.0750 0232 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:02:21.0750 0232 HPZius12 - ok
12:02:21.0812 0232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:02:21.0828 0232 HTTP - ok
12:02:21.0875 0232 i2omgmt - ok
12:02:21.0906 0232 i2omp - ok
12:02:21.0984 0232 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:02:21.0984 0232 i8042prt - ok
12:02:22.0078 0232 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:02:22.0125 0232 ialm - ok
12:02:22.0203 0232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:02:22.0203 0232 Imapi - ok
12:02:22.0250 0232 ini910u - ok
12:02:22.0328 0232 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:02:22.0328 0232 IntelIde - ok
12:02:22.0390 0232 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:02:22.0390 0232 intelppm - ok
12:02:22.0453 0232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:02:22.0468 0232 Ip6Fw - ok
12:02:22.0531 0232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:02:22.0531 0232 IpFilterDriver - ok
12:02:22.0609 0232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:02:22.0609 0232 IpInIp - ok
12:02:22.0656 0232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:02:22.0656 0232 IpNat - ok
12:02:22.0687 0232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:02:22.0687 0232 IPSec - ok
12:02:22.0750 0232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:02:22.0750 0232 IRENUM - ok
12:02:22.0828 0232 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:02:22.0828 0232 isapnp - ok
12:02:22.0937 0232 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:02:22.0937 0232 Kbdclass - ok
12:02:22.0968 0232 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:02:22.0984 0232 kbdhid - ok
12:02:23.0046 0232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:02:23.0046 0232 kmixer - ok
12:02:23.0093 0232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:02:23.0109 0232 KSecDD - ok
12:02:23.0171 0232 lbrtfdc - ok
12:02:23.0296 0232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:02:23.0296 0232 mnmdd - ok
12:02:23.0375 0232 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:02:23.0375 0232 Modem - ok
12:02:23.0437 0232 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:02:23.0437 0232 Mouclass - ok
12:02:23.0500 0232 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:02:23.0500 0232 mouhid - ok
12:02:23.0578 0232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:02:23.0578 0232 MountMgr - ok
12:02:23.0609 0232 mraid35x - ok
12:02:23.0671 0232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:02:23.0671 0232 MRxDAV - ok
12:02:23.0750 0232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:02:23.0765 0232 MRxSmb - ok
12:02:23.0859 0232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:02:23.0859 0232 Msfs - ok
12:02:23.0921 0232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:02:23.0921 0232 MSKSSRV - ok
12:02:23.0984 0232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:02:23.0984 0232 MSPCLOCK - ok
12:02:24.0046 0232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:02:24.0046 0232 MSPQM - ok
12:02:24.0109 0232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:02:24.0109 0232 mssmbios - ok
12:02:24.0171 0232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:02:24.0187 0232 Mup - ok
12:02:24.0281 0232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:02:24.0281 0232 NDIS - ok
12:02:24.0343 0232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:02:24.0343 0232 NdisTapi - ok
12:02:24.0390 0232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:02:24.0390 0232 Ndisuio - ok
12:02:24.0437 0232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:02:24.0437 0232 NdisWan - ok
12:02:24.0484 0232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:02:24.0484 0232 NDProxy - ok
12:02:24.0546 0232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:02:24.0562 0232 NetBIOS - ok
12:02:24.0609 0232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:02:24.0609 0232 NetBT - ok
12:02:24.0765 0232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:02:24.0765 0232 Npfs - ok
12:02:24.0828 0232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:02:24.0843 0232 Ntfs - ok
12:02:24.0953 0232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:02:24.0953 0232 Null - ok
12:02:25.0000 0232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:02:25.0000 0232 NwlnkFlt - ok
12:02:25.0078 0232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:02:25.0078 0232 NwlnkFwd - ok
12:02:25.0125 0232 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:02:25.0140 0232 Parport - ok
12:02:25.0171 0232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:02:25.0171 0232 PartMgr - ok
12:02:25.0218 0232 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:02:25.0218 0232 ParVdm - ok
12:02:25.0281 0232 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:02:25.0281 0232 PCI - ok
12:02:25.0312 0232 PCIDump - ok
12:02:25.0390 0232 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:02:25.0390 0232 PCIIde - ok
12:02:25.0437 0232 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:02:25.0453 0232 Pcmcia - ok
12:02:25.0484 0232 PDCOMP - ok
12:02:25.0515 0232 PDFRAME - ok
12:02:25.0546 0232 PDRELI - ok
12:02:25.0578 0232 PDRFRAME - ok
12:02:25.0609 0232 perc2 - ok
12:02:25.0640 0232 perc2hib - ok
12:02:25.0843 0232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:02:25.0843 0232 PptpMiniport - ok
12:02:25.0875 0232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:02:25.0875 0232 PSched - ok
12:02:25.0937 0232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:02:25.0937 0232 Ptilink - ok
12:02:25.0968 0232 ql1080 - ok
12:02:26.0015 0232 Ql10wnt - ok
12:02:26.0062 0232 ql12160 - ok
12:02:26.0109 0232 ql1240 - ok
12:02:26.0140 0232 ql1280 - ok
12:02:26.0187 0232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:02:26.0187 0232 RasAcd - ok
12:02:26.0281 0232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:02:26.0281 0232 Rasl2tp - ok
12:02:26.0343 0232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:02:26.0343 0232 RasPppoe - ok
12:02:26.0390 0232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:02:26.0390 0232 Raspti - ok
12:02:26.0453 0232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:02:26.0453 0232 Rdbss - ok
12:02:26.0484 0232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:02:26.0500 0232 RDPCDD - ok
12:02:26.0593 0232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:02:26.0593 0232 rdpdr - ok
12:02:26.0687 0232 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:02:26.0687 0232 RDPWD - ok
12:02:26.0781 0232 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:02:26.0781 0232 redbook - ok
12:02:26.0984 0232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:02:26.0984 0232 Secdrv - ok
12:02:27.0046 0232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:02:27.0062 0232 serenum - ok
12:02:27.0125 0232 Serial (baafc0acaded86f69189b435945b2331) C:\WINDOWS\system32\DRIVERS\serial.sys
12:02:27.0125 0232 Serial ( Rootkit.Win32.ZAccess.g ) - infected
12:02:27.0125 0232 Serial - detected Rootkit.Win32.ZAccess.g (0)
12:02:27.0156 0232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:02:27.0156 0232 Sfloppy - ok
12:02:27.0218 0232 Simbad - ok
12:02:27.0250 0232 Sparrow - ok
12:02:27.0312 0232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:02:27.0312 0232 splitter - ok
12:02:27.0390 0232 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:02:27.0390 0232 sr - ok
12:02:27.0468 0232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:02:27.0500 0232 Srv - ok
12:02:27.0593 0232 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:02:27.0593 0232 StillCam - ok
12:02:27.0656 0232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:02:27.0671 0232 swenum - ok
12:02:27.0703 0232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:02:27.0703 0232 swmidi - ok
12:02:27.0765 0232 symc810 - ok
12:02:27.0796 0232 symc8xx - ok
12:02:27.0828 0232 sym_hi - ok
12:02:27.0859 0232 sym_u3 - ok
12:02:27.0921 0232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:02:27.0921 0232 sysaudio - ok
12:02:28.0015 0232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:02:28.0031 0232 Tcpip - ok
12:02:28.0093 0232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:02:28.0093 0232 TDPIPE - ok
12:02:28.0125 0232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:02:28.0125 0232 TDTCP - ok
12:02:28.0203 0232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:02:28.0203 0232 TermDD - ok
12:02:28.0281 0232 TosIde - ok
12:02:28.0390 0232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:02:28.0390 0232 Udfs - ok
12:02:28.0421 0232 ultra - ok
12:02:28.0515 0232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:02:28.0531 0232 Update - ok
12:02:28.0625 0232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:02:28.0625 0232 usbccgp - ok
12:02:28.0671 0232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:02:28.0671 0232 usbehci - ok
12:02:28.0750 0232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:02:28.0750 0232 usbhub - ok
12:02:28.0796 0232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:02:28.0796 0232 usbprint - ok
12:02:28.0906 0232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:02:28.0906 0232 usbscan - ok
12:02:28.0953 0232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:02:28.0953 0232 USBSTOR - ok
12:02:29.0062 0232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:02:29.0062 0232 usbuhci - ok
12:02:29.0140 0232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:02:29.0156 0232 VgaSave - ok
12:02:29.0203 0232 ViaIde - ok
12:02:29.0281 0232 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:02:29.0281 0232 VolSnap - ok
12:02:29.0390 0232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:02:29.0390 0232 Wanarp - ok
12:02:29.0437 0232 WDICA - ok
12:02:29.0531 0232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:02:29.0531 0232 wdmaud - ok
12:02:29.0843 0232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:02:29.0843 0232 WudfPf - ok
12:02:29.0937 0232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:02:29.0937 0232 WudfRd - ok
12:02:30.0062 0232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:02:30.0171 0232 \Device\Harddisk0\DR0 - ok
12:02:30.0187 0232 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
12:02:30.0203 0232 \Device\Harddisk1\DR2 - ok
12:02:30.0218 0232 Boot (0x1200) (1ad889fc65128c0b17c14f8b8cecf95c) \Device\Harddisk0\DR0\Partition0
12:02:30.0218 0232 \Device\Harddisk0\DR0\Partition0 - ok
12:02:30.0250 0232 Boot (0x1200) (1ff9d8543d47a1f94d3d5a98bf61942f) \Device\Harddisk1\DR2\Partition0
12:02:30.0250 0232 \Device\Harddisk1\DR2\Partition0 - ok
12:02:30.0250 0232 ============================================================
12:02:30.0250 0232 Scan finished
12:02:30.0250 0232 ============================================================
12:02:30.0296 0224 Detected object count: 2
12:02:30.0296 0224 Actual detected object count: 2
12:04:24.0140 0224 C:\WINDOWS\694669369:3325008086.exe - copied to quarantine
12:04:24.0140 0224 39d06729 ( Rootkit.Win32.PMax.gen ) - User select action: Quarantine
12:04:24.0281 0224 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
12:04:24.0281 0224 Serial ( Rootkit.Win32.ZAccess.g ) - User select action: Quarantine
12:06:09.0515 0180 Deinitialize success

------------------------------------------------------------------------------------------------------

TDSSKILLER normal mode:
12:08:19.0640 1724 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
12:08:21.0640 1724 ============================================================
12:08:21.0640 1724 Current date / time: 2011/11/01 12:08:21.0640
12:08:21.0640 1724 SystemInfo:
12:08:21.0640 1724
12:08:21.0640 1724 OS Version: 5.1.2600 ServicePack: 3.0
12:08:21.0640 1724 Product type: Workstation
12:08:21.0640 1724 ComputerName: IT
12:08:21.0640 1724 UserName: puter
12:08:21.0640 1724 Windows directory: C:\WINDOWS
12:08:21.0640 1724 System windows directory: C:\WINDOWS
12:08:21.0640 1724 Processor architecture: Intel x86
12:08:21.0640 1724 Number of processors: 2
12:08:21.0640 1724 Page size: 0x1000
12:08:21.0640 1724 Boot type: Safe boot with network
12:08:21.0640 1724 ============================================================
12:08:24.0843 1724 Initialize success
12:08:29.0421 1756 ============================================================
12:08:29.0421 1756 Scan started
12:08:29.0421 1756 Mode: Manual;
12:08:29.0421 1756 ============================================================
12:08:31.0828 1756 39d06729 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\694669369:3325008086.exe
12:08:33.0125 1756 Suspicious file (Hidden): C:\WINDOWS\694669369:3325008086.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
12:08:33.0125 1756 39d06729 ( Rootkit.Win32.PMax.gen ) - infected
12:08:33.0125 1756 39d06729 - detected Rootkit.Win32.PMax.gen (0)
12:08:33.0203 1756 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:08:33.0203 1756 Aavmker4 - ok
12:08:33.0218 1756 Abiosdsk - ok
12:08:33.0265 1756 abp480n5 - ok
12:08:33.0328 1756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:08:33.0343 1756 ACPI - ok
12:08:33.0390 1756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:08:33.0390 1756 ACPIEC - ok
12:08:33.0437 1756 adpu160m - ok
12:08:33.0500 1756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:08:33.0515 1756 aec - ok
12:08:33.0578 1756 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:08:33.0578 1756 AFD - ok
12:08:33.0609 1756 Aha154x - ok
12:08:33.0640 1756 aic78u2 - ok
12:08:33.0687 1756 aic78xx - ok
12:08:33.0765 1756 AliIde - ok
12:08:33.0796 1756 amsint - ok
12:08:33.0843 1756 asc - ok
12:08:33.0875 1756 asc3350p - ok
12:08:33.0921 1756 asc3550 - ok
12:08:33.0984 1756 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
12:08:33.0984 1756 aswFsBlk - ok
12:08:34.0046 1756 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
12:08:34.0046 1756 aswMon2 - ok
12:08:34.0109 1756 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
12:08:34.0109 1756 aswRdr - ok
12:08:34.0218 1756 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
12:08:34.0234 1756 aswSnx - ok
12:08:34.0328 1756 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
12:08:34.0343 1756 aswSP - ok
12:08:34.0421 1756 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
12:08:34.0421 1756 aswTdi - ok
12:08:34.0500 1756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:08:34.0500 1756 AsyncMac - ok
12:08:34.0546 1756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:08:34.0546 1756 atapi - ok
12:08:34.0609 1756 Atdisk - ok
12:08:34.0703 1756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:08:34.0703 1756 Atmarpc - ok
12:08:34.0796 1756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:08:34.0796 1756 audstub - ok
12:08:34.0906 1756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:08:34.0906 1756 Beep - ok
12:08:35.0000 1756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:08:35.0000 1756 cbidf2k - ok
12:08:35.0046 1756 cd20xrnt - ok
12:08:35.0093 1756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:08:35.0093 1756 Cdaudio - ok
12:08:35.0156 1756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:08:35.0156 1756 Cdfs - ok
12:08:35.0218 1756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:08:35.0218 1756 Cdrom - ok
12:08:35.0250 1756 Changer - ok
12:08:35.0312 1756 CmdIde - ok
12:08:35.0390 1756 Cpqarray - ok
12:08:35.0453 1756 dac2w2k - ok
12:08:35.0484 1756 dac960nt - ok
12:08:35.0593 1756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:08:35.0593 1756 Disk - ok
12:08:35.0687 1756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:08:35.0718 1756 dmboot - ok
12:08:35.0796 1756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:08:35.0796 1756 dmio - ok
12:08:35.0875 1756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:08:35.0875 1756 dmload - ok
12:08:35.0953 1756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:08:35.0953 1756 DMusic - ok
12:08:36.0031 1756 dpti2o - ok
12:08:36.0078 1756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:08:36.0093 1756 drmkaud - ok
12:08:36.0156 1756 E1000 (d94437e7ee086677b266099f695cdea1) C:\WINDOWS\system32\DRIVERS\e1000325.sys
12:08:36.0156 1756 E1000 - ok
12:08:36.0218 1756 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:08:36.0234 1756 E100B - ok
12:08:36.0343 1756 es1371 (24e564f710d887ecc75cfe59882ecc5d) C:\WINDOWS\system32\drivers\es1371mp.sys
12:08:36.0343 1756 es1371 - ok
12:08:36.0453 1756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:08:36.0453 1756 Fastfat - ok
12:08:36.0546 1756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:08:36.0546 1756 Fdc - ok
12:08:36.0593 1756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:08:36.0593 1756 Fips - ok
12:08:36.0640 1756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:08:36.0640 1756 Flpydisk - ok
12:08:36.0718 1756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:08:36.0718 1756 FltMgr - ok
12:08:36.0812 1756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:08:36.0812 1756 Fs_Rec - ok
12:08:36.0843 1756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:08:36.0859 1756 Ftdisk - ok
12:08:36.0937 1756 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
12:08:36.0953 1756 gameenum - ok
12:08:37.0015 1756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:08:37.0015 1756 Gpc - ok
12:08:37.0078 1756 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:08:37.0078 1756 hidusb - ok
12:08:37.0125 1756 hpn - ok
12:08:37.0234 1756 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:08:37.0234 1756 HPZid412 - ok
12:08:37.0312 1756 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:08:37.0312 1756 HPZipr12 - ok
12:08:37.0390 1756 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:08:37.0390 1756 HPZius12 - ok
12:08:37.0453 1756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:08:37.0468 1756 HTTP - ok
12:08:37.0531 1756 i2omgmt - ok
12:08:37.0562 1756 i2omp - ok
12:08:37.0625 1756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:08:37.0625 1756 i8042prt - ok
12:08:37.0734 1756 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
12:08:37.0796 1756 ialm - ok
12:08:37.0890 1756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:08:37.0890 1756 Imapi - ok
12:08:37.0984 1756 ini910u - ok
12:08:38.0062 1756 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:08:38.0062 1756 IntelIde - ok
12:08:38.0109 1756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:08:38.0109 1756 intelppm - ok
12:08:38.0171 1756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:08:38.0187 1756 Ip6Fw - ok
12:08:38.0250 1756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:08:38.0250 1756 IpFilterDriver - ok
12:08:38.0328 1756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:08:38.0328 1756 IpInIp - ok
12:08:38.0375 1756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:08:38.0390 1756 IpNat - ok
12:08:38.0453 1756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:08:38.0453 1756 IPSec - ok
12:08:38.0500 1756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:08:38.0515 1756 IRENUM - ok
12:08:38.0562 1756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:08:38.0562 1756 isapnp - ok
12:08:38.0656 1756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:08:38.0656 1756 Kbdclass - ok
12:08:38.0687 1756 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:08:38.0687 1756 kbdhid - ok
12:08:38.0781 1756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:08:38.0781 1756 kmixer - ok
12:08:38.0859 1756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:08:38.0859 1756 KSecDD - ok
12:08:38.0937 1756 lbrtfdc - ok
12:08:39.0046 1756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:08:39.0062 1756 mnmdd - ok
12:08:39.0140 1756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:08:39.0140 1756 Modem - ok
12:08:39.0187 1756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:08:39.0187 1756 Mouclass - ok
12:08:39.0250 1756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:08:39.0265 1756 mouhid - ok
12:08:39.0343 1756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:08:39.0343 1756 MountMgr - ok
12:08:39.0375 1756 mraid35x - ok
12:08:39.0437 1756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:08:39.0437 1756 MRxDAV - ok
12:08:39.0546 1756 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:08:39.0593 1756 MRxSmb - ok
12:08:39.0671 1756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:08:39.0687 1756 Msfs - ok
12:08:39.0765 1756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:08:39.0765 1756 MSKSSRV - ok
12:08:39.0828 1756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:08:39.0828 1756 MSPCLOCK - ok
12:08:39.0890 1756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:08:39.0890 1756 MSPQM - ok
12:08:39.0953 1756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:08:39.0953 1756 mssmbios - ok
12:08:40.0015 1756 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:08:40.0031 1756 Mup - ok
12:08:40.0125 1756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:08:40.0125 1756 NDIS - ok
12:08:40.0203 1756 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:08:40.0203 1756 NdisTapi - ok
12:08:40.0250 1756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:08:40.0250 1756 Ndisuio - ok
12:08:40.0312 1756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:08:40.0312 1756 NdisWan - ok
12:08:40.0359 1756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:08:40.0375 1756 NDProxy - ok
12:08:40.0453 1756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:08:40.0453 1756 NetBIOS - ok
12:08:40.0484 1756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:08:40.0500 1756 NetBT - ok
12:08:40.0609 1756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:08:40.0625 1756 Npfs - ok
12:08:40.0703 1756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:08:40.0718 1756 Ntfs - ok
12:08:40.0812 1756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:08:40.0812 1756 Null - ok
12:08:40.0859 1756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:08:40.0859 1756 NwlnkFlt - ok
12:08:40.0921 1756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:08:40.0921 1756 NwlnkFwd - ok
12:08:40.0984 1756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:08:40.0984 1756 Parport - ok
12:08:41.0046 1756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:08:41.0046 1756 PartMgr - ok
12:08:41.0093 1756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:08:41.0093 1756 ParVdm - ok
12:08:41.0156 1756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:08:41.0156 1756 PCI - ok
12:08:41.0187 1756 PCIDump - ok
12:08:41.0250 1756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
12:08:41.0250 1756 PCIIde - ok
12:08:41.0296 1756 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:08:41.0312 1756 Pcmcia - ok
12:08:41.0328 1756 PDCOMP - ok
12:08:41.0359 1756 PDFRAME - ok
12:08:41.0406 1756 PDRELI - ok
12:08:41.0437 1756 PDRFRAME - ok
12:08:41.0468 1756 perc2 - ok
12:08:41.0515 1756 perc2hib - ok
12:08:41.0687 1756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:08:41.0687 1756 PptpMiniport - ok
12:08:41.0796 1756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:08:41.0796 1756 PSched - ok
12:08:41.0828 1756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:08:41.0828 1756 Ptilink - ok
12:08:41.0859 1756 ql1080 - ok
12:08:41.0906 1756 Ql10wnt - ok
12:08:41.0937 1756 ql12160 - ok
12:08:41.0968 1756 ql1240 - ok
12:08:42.0000 1756 ql1280 - ok
12:08:42.0046 1756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:08:42.0046 1756 RasAcd - ok
12:08:42.0125 1756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:08:42.0125 1756 Rasl2tp - ok
12:08:42.0187 1756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:08:42.0187 1756 RasPppoe - ok
12:08:42.0265 1756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:08:42.0265 1756 Raspti - ok
12:08:42.0312 1756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:08:42.0312 1756 Rdbss - ok
12:08:42.0343 1756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:08:42.0359 1756 RDPCDD - ok
12:08:42.0453 1756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:08:42.0453 1756 rdpdr - ok
12:08:42.0546 1756 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:08:42.0546 1756 RDPWD - ok
12:08:42.0625 1756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:08:42.0625 1756 redbook - ok
12:08:42.0828 1756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:08:42.0828 1756 Secdrv - ok
12:08:42.0890 1756 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:08:42.0890 1756 serenum - ok
12:08:42.0953 1756 Serial (baafc0acaded86f69189b435945b2331) C:\WINDOWS\system32\DRIVERS\serial.sys
12:08:42.0953 1756 Serial ( Rootkit.Win32.ZAccess.g ) - infected
12:08:42.0953 1756 Serial - detected Rootkit.Win32.ZAccess.g (0)
12:08:42.0984 1756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:08:42.0984 1756 Sfloppy - ok
12:08:43.0046 1756 Simbad - ok
12:08:43.0078 1756 Sparrow - ok
12:08:43.0140 1756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:08:43.0140 1756 splitter - ok
12:08:43.0203 1756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:08:43.0218 1756 sr - ok
12:08:43.0296 1756 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:08:43.0312 1756 Srv - ok
12:08:43.0390 1756 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
12:08:43.0390 1756 StillCam - ok
12:08:43.0468 1756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:08:43.0468 1756 swenum - ok
12:08:43.0546 1756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:08:43.0546 1756 swmidi - ok
12:08:43.0593 1756 symc810 - ok
12:08:43.0625 1756 symc8xx - ok
12:08:43.0671 1756 sym_hi - ok
12:08:43.0703 1756 sym_u3 - ok
12:08:43.0781 1756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:08:43.0781 1756 sysaudio - ok
12:08:43.0875 1756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:08:43.0890 1756 Tcpip - ok
12:08:43.0968 1756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:08:43.0968 1756 TDPIPE - ok
12:08:44.0000 1756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:08:44.0000 1756 TDTCP - ok
12:08:44.0062 1756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:08:44.0062 1756 TermDD - ok
12:08:44.0125 1756 TosIde - ok
12:08:44.0203 1756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:08:44.0203 1756 Udfs - ok
12:08:44.0250 1756 ultra - ok
12:08:44.0312 1756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:08:44.0343 1756 Update - ok
12:08:44.0437 1756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:08:44.0437 1756 usbccgp - ok
12:08:44.0531 1756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:08:44.0531 1756 usbehci - ok
12:08:44.0593 1756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:08:44.0609 1756 usbhub - ok
12:08:44.0687 1756 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:08:44.0687 1756 usbprint - ok
12:08:44.0781 1756 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:08:44.0781 1756 usbscan - ok
12:08:44.0828 1756 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:08:44.0843 1756 USBSTOR - ok
12:08:44.0921 1756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:08:44.0921 1756 usbuhci - ok
12:08:44.0984 1756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:08:45.0000 1756 VgaSave - ok
12:08:45.0031 1756 ViaIde - ok
12:08:45.0093 1756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:08:45.0093 1756 VolSnap - ok
12:08:45.0171 1756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:08:45.0171 1756 Wanarp - ok
12:08:45.0218 1756 WDICA - ok
12:08:45.0296 1756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:08:45.0296 1756 wdmaud - ok
12:08:45.0562 1756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:08:45.0562 1756 WudfPf - ok
12:08:45.0609 1756 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:08:45.0609 1756 WudfRd - ok
12:08:45.0734 1756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:08:45.0859 1756 \Device\Harddisk0\DR0 - ok
12:08:45.0875 1756 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
12:08:45.0890 1756 \Device\Harddisk1\DR2 - ok
12:08:45.0906 1756 Boot (0x1200) (1ad889fc65128c0b17c14f8b8cecf95c) \Device\Harddisk0\DR0\Partition0
12:08:45.0906 1756 \Device\Harddisk0\DR0\Partition0 - ok
12:08:45.0921 1756 Boot (0x1200) (1ff9d8543d47a1f94d3d5a98bf61942f) \Device\Harddisk1\DR2\Partition0
12:08:45.0937 1756 \Device\Harddisk1\DR2\Partition0 - ok
12:08:45.0937 1756 ============================================================
12:08:45.0937 1756 Scan finished
12:08:45.0937 1756 ============================================================
12:08:45.0984 1748 Detected object count: 2
12:08:45.0984 1748 Actual detected object count: 2
12:09:07.0578 1748 C:\WINDOWS\694669369:3325008086.exe - copied to quarantine
12:09:07.0578 1748 39d06729 ( Rootkit.Win32.PMax.gen ) - User select action: Quarantine
12:09:07.0750 1748 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
12:09:07.0750 1748 Serial ( Rootkit.Win32.ZAccess.g ) - User select action: Quarantine
12:09:21.0109 1720 Deinitialize success
--------------------------------------------------------------------------------------------------------
 
reports 2

RKILL safemode:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 11/01/2011 at 12:10:56.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:



Rkill completed on 11/01/2011 at 12:11:00.
--------------------------------------------------------------------------------------------------------

MaLWAREBYTES:
Database version: 4286

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/1/2011 1:06:45 PM
mbam-log-2011-11-01 (13-06-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 153557
Time elapsed: 32 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------------------------
DDS
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by puter at 15:37:43 on 2011-11-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.207 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Documents and Settings\All Users\Application Data\WKocfFMPaI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users\Application Data\6DSS92c31Apgjk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uWinlogon: Shell=c:\documents and settings\puter\local settings\application data\39d06729\X
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [WKocfFMPaI.exe] c:\documents and settings\all users\application data\WKocfFMPaI.exe
StartupFolder: c:\docume~1\puter\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
uPolicies-explorer: NoDesktop = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278461680109
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-20 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-6 320856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-6 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-6 44768]
.
=============== Created Last 30 ================
.
2011-11-01 18:23:15 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-11-01 17:04:24 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-26 00:39:32 326544 ----a-w- c:\documents and settings\all users\application data\6DSS92c31Apgjk.exe
2011-10-25 23:59:29 -------- d-sh--w- c:\documents and settings\puter\local settings\application data\39d06729
2011-10-25 01:23:55 410000 ----a-w- c:\documents and settings\all users\application data\WKocfFMPaI.exe
.
==================== Find3M ====================
.
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 15:38:43.32 ===============


DDS ATTACH:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/5/2010 7:05:27 PM
System Uptime: 11/1/2011 1:19:26 PM (2 hours ago)
.
Motherboard: Dell Computer Corp. | | 0K5786
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 28.966 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP293: 9/14/2011 6:41:38 PM - System Checkpoint
RP294: 9/15/2011 7:06:23 PM - System Checkpoint
RP295: 9/15/2011 9:00:17 PM - Software Distribution Service 3.0
RP296: 9/17/2011 12:36:21 PM - System Checkpoint
RP297: 9/18/2011 1:27:20 PM - System Checkpoint
RP298: 9/21/2011 4:05:39 PM - System Checkpoint
RP299: 9/22/2011 4:38:28 PM - System Checkpoint
RP300: 9/25/2011 6:29:04 AM - System Checkpoint
RP301: 9/26/2011 3:20:00 PM - System Checkpoint
RP302: 9/27/2011 7:45:44 PM - System Checkpoint
RP303: 9/28/2011 8:15:58 PM - System Checkpoint
RP304: 9/28/2011 9:00:19 PM - Software Distribution Service 3.0
RP305: 9/30/2011 9:23:39 PM - System Checkpoint
RP306: 10/6/2011 9:33:22 PM - System Checkpoint
RP307: 10/10/2011 7:51:39 PM - System Checkpoint
RP308: 10/12/2011 2:01:49 PM - System Checkpoint
RP309: 10/12/2011 2:24:54 PM - Software Distribution Service 3.0
RP310: 10/15/2011 8:15:05 PM - System Checkpoint
RP311: 10/16/2011 8:30:51 PM - System Checkpoint
RP312: 10/18/2011 7:49:33 AM - System Checkpoint
RP313: 10/20/2011 7:11:54 AM - System Checkpoint
RP314: 10/24/2011 6:44:06 PM - System Checkpoint
RP315: 11/1/2011 2:37:28 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
avast! Free Antivirus
BufferChm
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F2200_ProductContext
DJ_AIO_03_F2200_Software
DJ_AIO_03_F2200_Software_Min
eSupportQFolder
F2200
F2200_Help
GPBaseService
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Product Detection
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
PSSWCORE
Scan
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/31/2011 7:19:18 PM, error: System Error [1003] - Error code 10000050, parameter1 91f1c3a0, parameter2 00000000, parameter3 804e13e2, parameter4 00000000.
10/31/2011 6:39:29 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/31/2011 6:38:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips intelppm
10/31/2011 6:38:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/31/2011 6:34:59 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 816d6cf0, parameter3 816d6d18, parameter4 0a050001.
10/26/2011 3:14:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/26/2011 3:14:08 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
10/26/2011 3:13:38 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
10/26/2011 3:12:17 PM, error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
10/26/2011 3:08:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
10/26/2011 3:08:04 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/25/2011 7:03:06 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'serial.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
10/25/2011 7:00:30 PM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
.
==== End Of File ===========================

At some point spybot ran a scheduled run while the system was unattended it did clean temp folders...
 
Please disable any other scanning progrqm you have. It is not good to have them running while I'm trying to locate and remove files:
-------------------------------------'
=============== Created Last 30 ================
2011-11-01 18:23:15 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-10-26 00:39:32 326544 ----a-w- c:\documents and settings\all users\application data\6DSS92c31Apgjk.exe>> FakeHDD Rogue 'System Restore'
2011-10-25 23:59:29 -------- d-sh--w- c:\documents and settings\puter\local settings\application data\39d06729>> ????
2011-10-25 01:23:55 410000 ----a-w- c:\documents and settings\all users\application data\WKocfFMPaI.exe>>>WKOCFFMPAI.EXE is Fake System Tools
mRun: [WKocfFMPaI.exe] c:\documents and settings\all users\application data\WKocfFMPaI.exe
==========================================
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

There will be malware in the Java cache:
To clear the Java Plug-in cache:

  • [1]. Click Start > Control Panel.
    [2]. Double-click the Java icon in the control panel.
    java.png
    The Java Control Panel appears.
    plugin_cache1.jpg

    [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
    plugin_cache2.jpg

    [4] Click Delete Files.The Delete Temporary Files dialog box appears.
    plugin_cache3.jpg

    [5]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [6]. Click Apply> OK on Temporary Files Settings window.
Images courtesy java.com
============================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================================
Your system is not secure. You have several different active infections.
 
combofix

ComboFix 11-11-04.02 - puter 11/04/2011 10:41:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.305 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\6DSS92c31Apgjk.exe
c:\documents and settings\puter\Local Settings\Application Data\39d06729
c:\documents and settings\puter\Local Settings\Application Data\39d06729\@
c:\documents and settings\puter\Local Settings\Application Data\39d06729\U\80000000.@
c:\documents and settings\puter\Local Settings\Application Data\39d06729\U\800000cb.@
c:\documents and settings\puter\Local Settings\Application Data\39d06729\X
c:\documents and settings\puter\Local Settings\Temporary Internet Files\pse_350_enu.exe
c:\documents and settings\puter\Start Menu\Programs\System Restore
c:\documents and settings\puter\Start Menu\Programs\System Restore\System Restore.lnk
c:\documents and settings\puter\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\$NtUninstallKB41222$
c:\windows\$NtUninstallKB41222$\2545033193
c:\windows\$NtUninstallKB41222$\969959209\@
c:\windows\$NtUninstallKB41222$\969959209\L\pomayvxc
c:\windows\$NtUninstallKB41222$\969959209\loader.tlb
c:\windows\$NtUninstallKB41222$\969959209\U\@00000001
c:\windows\$NtUninstallKB41222$\969959209\U\@000000c0
c:\windows\$NtUninstallKB41222$\969959209\U\@000000cb
c:\windows\$NtUninstallKB41222$\969959209\U\@000000cf
c:\windows\$NtUninstallKB41222$\969959209\U\@80000000
c:\windows\$NtUninstallKB41222$\969959209\U\@800000c0
c:\windows\$NtUninstallKB41222$\969959209\U\@800000cb
c:\windows\$NtUninstallKB41222$\969959209\U\@800000cf
c:\windows\system32\
c:\windows\system32\c_66324.nls
.
Infected copy of c:\windows\system32\drivers\fips.sys was found and disinfected
Restored copy from - The cat found it :)
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\program files\Java\jre6\bin\
.
Infected copy of c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe was found and disinfected
Restored copy from - c:\program files\Yahoo!\SoftwareUpdate\
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_39d06729
.
.
((((((((((((((((((((((((( Files Created from 2011-10-04 to 2011-11-04 )))))))))))))))))))))))))))))))
.
.
2011-11-04 15:19 . 2011-11-04 15:19 -------- d-----w- c:\program files\Common Files\Java
2011-11-04 15:19 . 2011-11-04 15:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 23:08 . 2011-11-03 23:08 48016 --sha-w- c:\windows\system32\c_66324.nl_
2011-11-01 17:04 . 2011-11-03 23:18 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-26 00:24 . 2011-10-26 00:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-04 15:19 . 2010-07-18 18:56 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-03 23:08 . 2006-02-28 12:00 64512 ----a-w- c:\windows\system32\drivers\serial.sys
2011-09-26 16:41 . 2009-10-08 19:57 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2006-02-28 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2006-02-28 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-28 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-02-28 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\puter\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbUpdate.exe"=
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: DhcpNameServer = 68.115.71.53 68.113.206.10 66.189.0.100 192.168.1.1 68.115.71.53 68.113.206.10 66.189.0.100
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-WKocfFMPaI.exe - c:\documents and settings\All Users\Application Data\WKocfFMPaI.exe
SafeBoot-00824831.sys
SafeBoot-62623561.sys
SafeBoot-67725724.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-04 10:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3948)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2011-11-04 10:55:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-04 15:55
.
Pre-Run: 34,038,575,104 bytes free
Post-Run: 34,343,305,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 41A19FFA6C3C75E4735E9E12FF38812C
 
Okay, so there has been some progress: Which of the following has been resolved?

1. I have no task manager
2. no run tab
3. no ctrl-alt-del
4. no files visible
5. nothing in the start-up folder.
6. safe mode will start but I have no task manager or
7. any control or programs.
8. cannot start any programs in either mode.

Are there any different problems?
===========================================
It appears that you may be running okay in Normal Mode, If correct, please run following:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

Be sure to update the Java.
 
eset complete

Complete nothing found...all other concerns seem satisfied. except that attempting to install new spybot the software cannot complete...it cannot delete teatimer.exe from the otherwise now empty spybot folder. I tried both normal and safemode. Teatimer is a part of spy bot...I have NEVER had any trouble deleting/reinstalling spybot before.

Anything for this?

Thank You very much for all that you do....
 
You're welcome- glad to help. So all of the 8 problems have been resolved?

I'm not sure what you're trying to do with Spybot S&D? Why did you uninstall it? You won't be able to remove TeaTimer without the program. It sounds like you have removed it several times.
---------------------------------
Try disabling teatimer using one of the path below:
If you ever need to disable the Real Time TeaTimer to run a scan, you don't have to uninstall the program:
  • Right click the TeaTimer icon in the system Tray
    MHoTT005.gif
  • Then click Exit Spybot-S&D Resident
    Later:
  • (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe
----------------------------
Attempt the Spybot S&D install again. If it still won't work:

Download the Windows Installer Cleanup Utility

Find the teatimer file and delete it . Then reinstall Spybot S&D


If this won't work, I'll write some script to remove it through Combofix.

Let me know.
 
cleanup utility fail

all problems solved, it seems.

cleanup util has no tea timer or spybot for that matter. tea timer is not running anywhere I can find it.

I will await a script.
Thanks


Also, suddenly, when starting machine it seems to start but dos not load video or mouse drivers poss. more. must restart and every thing is okay again
 
You're almost there- still a bit of malware:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code:
File::
c:\documents and settings\all users\application data\WKocfFMPaI.exe
c:\documents and settings\all users\application data\6DSS92c31Apgjk.exe
Folder::
C:\TDSSKiller_Quarantine
c:\documents and settings\puter\local settings\application data\39d06729
DDS::
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [WKocfFMPaI.exe] c:\documents and settings\all users\application data\WKocfFMPaI.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=
Reboot::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Note: I included Spybot S&D/TeaTimer entries in above. when we have finished, you can reinstall it if wanted.
====================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=========================================
SASLogo48x48.gif

SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
=======================================
Logs in next reply please.
 
Back