Solved

Windows Vista Ultimate

Posted on 2011-09-28
24
1,029 Views
Last Modified: 2012-08-13
I am having many issues with a windows vista ultimate machine.  This is not my machine so I have no idea what happened to it.  I have administrative rights on the machine (or so I think).  I thought it had a virus, but I cannot run any virus programs on it.   I downloaded Malwarebytes but I cannot access it.  Get this message "Windows cannot access the specified path, or file.  You may not have the appropriate permissions to access the item."  When I try to get to Mozilla Firefox -   Firefox has stopped working;   A problem caused the program to stop working corectly.  Windows will close the program and notify you if a solution is available.  Google Chrome - same message as firefox.  Any ideas?  I do not think the Administrator account is enabled.  When  I look at it in Users - it has the down arrow.  When I try to run the command to enable it, the message that the password does not meet the required .....

Help!
0
Comment
Question by:manch03
  • 15
  • 8
24 Comments
 

Author Comment

by:manch03
ID: 36759086
Another issue I noticed - it is not updating - every time I reboot, there is the same update that keeps trying to load.
0
 
LVL 4

Expert Comment

by:sAiyAnstAr
ID: 36764813
Hi there,

When was the last time this PC worked the way it was supposed to? Sounds like you could have some Malware on the PC as I have PC's that I have needed to fix that pretty much do exactly what you are saying. When I installed Malwarebytes it wouldn't let me run the program. My AV was disabled and the internet wouldn't work.

So I booted into Safe Mode and ran Malwarebytes which found the culprits and removed them. Give that a try first and if it still doesn't work try a System Restore to the last Good Settings.
0
 

Author Comment

by:manch03
ID: 36765203
Unfortunately, system restore was turned off.  The malwarebytes will not work in safe mode either.  I tried that.  Same message.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36813877
Sounds like you are infected.

Step 1)  Kill the rogue process(es) which are stopping you from running Mbam.  Download Rogue Killer and run all 5 options in sequence:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922-Rogue-Killer-What-a-great-name.html

If Rogue Killer will not run, download Rkill:

http://www.bleepingcomputer.com/forums/topic308364.html

Save all seven file extensions to your pc and try to run each in turn.

Once Rogue Killer or Rkill has completed, download a fresh copy of Mbam. Use the "save as" function to rename the installer (xyz.exe) before you download it.  Install it, update it, run a quick scan and post the log here for review.

If you still cannot run Mbam, try running an online scan with Eset:

 http://go.eset.com/us/online-scanner/run

Once again, please post the scan log.
0
 

Author Comment

by:manch03
ID: 36814124
Will not run either - It keeps generating messages  iexplore.exe has stopped working, nircmd has stopped working.  Both options begin to run and they get killed.  I just killed all the startup and services and got rkill to work (I think)  The screen says terminating known malware processes  Please be patient.  Stay tuned....
0
 

Author Comment

by:manch03
ID: 36814178
Rkill did run and generated a log, but... Did not have much of a log file - it ran for a while and then began generating the errors again...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/29/2011 at  7:23:03.
Operating System: Windows Vista (TM) Ultimate


Processes terminated by Rkill or while it was running:

C:\Users\tmaly\Desktop\rkill.exe


Rkill completed on 09/29/2011 at  7:27:41.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36814343
OK. The idea is to run Rkill and then immediately (without rebooting) to run Mbam.  Make sure it is updated and then post the Mbam scan log.

Rkill just does the job of killing rogue processes so that your other .exe's can run.  It's log will not tell us any more than that.  It is the Mbam log we need to see.

You could also scan with TDSSKiller:

http://support.kaspersky.com/faq/?qid=208280684

Once again, please post the log.
0
 

Author Comment

by:manch03
ID: 36814479
Ok - I did do a tdsskiller - I select Cure on the screen, then reboot - I do have a log from that (actually several logs from tdsskiller).  I reboot and still cannot run mbam.  It gets killed right away.  I will post that log.
0
 

Author Comment

by:manch03
ID: 36814599
20:56:09.0115 2284      TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
20:56:11.0127 2284      ============================================================
20:56:11.0127 2284      Current date / time: 2011/09/27 20:56:11.0127
20:56:11.0127 2284      SystemInfo:
20:56:11.0127 2284      
20:56:11.0127 2284      OS Version: 6.0.6002 ServicePack: 2.0
20:56:11.0127 2284      Product type: Workstation
20:56:11.0127 2284      ComputerName: PRODUCTION-PC
20:56:11.0127 2284      UserName: tmaly
20:56:11.0127 2284      Windows directory: C:\Windows
20:56:11.0127 2284      System windows directory: C:\Windows
20:56:11.0127 2284      Processor architecture: Intel x86
20:56:11.0127 2284      Number of processors: 2
20:56:11.0127 2284      Page size: 0x1000
20:56:11.0127 2284      Boot type: Safe boot with network
20:56:11.0127 2284      ============================================================
20:56:11.0611 2284      Initialize success
20:56:14.0731 2976      ============================================================
20:56:14.0731 2976      Scan started
20:56:14.0731 2976      Mode: Manual;
20:56:14.0731 2976      ============================================================
20:56:15.0324 2976      65a4c221        (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\566404197:2589670878.exe
20:56:15.0324 2976      Suspicious file (Hidden): C:\Windows\566404197:2589670878.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
20:56:15.0324 2976      65a4c221 ( HiddenFile.Multi.Generic ) - warning
20:56:15.0324 2976      65a4c221 - detected HiddenFile.Multi.Generic (1)
20:56:15.0464 2976      ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:56:15.0464 2976      ACPI - ok
20:56:15.0589 2976      adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:56:15.0604 2976      adp94xx - ok
20:56:15.0714 2976      adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:56:15.0714 2976      adpahci - ok
20:56:15.0807 2976      adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:56:15.0807 2976      adpu160m - ok
20:56:15.0901 2976      adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:56:15.0916 2976      adpu320 - ok
20:56:16.0041 2976      AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:56:16.0057 2976      AFD - ok
20:56:16.0150 2976      agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:56:16.0150 2976      agp440 - ok
20:56:16.0260 2976      aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:56:16.0260 2976      aic78xx - ok
20:56:16.0369 2976      aksfridge       (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
20:56:16.0369 2976      aksfridge - ok
20:56:16.0478 2976      aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:56:16.0478 2976      aliide - ok
20:56:16.0587 2976      amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:56:16.0603 2976      amdagp - ok
20:56:16.0650 2976      amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:56:16.0650 2976      amdide - ok
20:56:16.0759 2976      AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:56:16.0759 2976      AmdK7 - ok
20:56:16.0852 2976      AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:56:16.0852 2976      AmdK8 - ok
20:56:16.0946 2976      ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:56:16.0962 2976      ApfiltrService - ok
20:56:17.0071 2976      arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:56:17.0071 2976      arc - ok
20:56:17.0164 2976      arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:56:17.0180 2976      arcsas - ok
20:56:17.0289 2976      AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:17.0289 2976      AsyncMac - ok
20:56:17.0398 2976      atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:56:17.0398 2976      atapi - ok
20:56:17.0492 2976      b57nd60x        (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:56:17.0508 2976      b57nd60x - ok
20:56:17.0601 2976      BCM42RLY - ok
20:56:17.0664 2976      BCM43XX         (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:56:17.0664 2976      BCM43XX - ok
20:56:17.0757 2976      Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:56:17.0773 2976      Beep - ok
20:56:17.0882 2976      blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:56:17.0882 2976      blbdrive - ok
20:56:17.0991 2976      bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:56:17.0991 2976      bowser - ok
20:56:18.0085 2976      BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:56:18.0085 2976      BrFiltLo - ok
20:56:18.0194 2976      BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:56:18.0194 2976      BrFiltUp - ok
20:56:18.0288 2976      Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:56:18.0303 2976      Brserid - ok
20:56:18.0397 2976      BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:56:18.0397 2976      BrSerWdm - ok
20:56:18.0506 2976      BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:56:18.0506 2976      BrUsbMdm - ok
20:56:18.0631 2976      BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:56:18.0631 2976      BrUsbSer - ok
20:56:18.0724 2976      BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:56:18.0724 2976      BTHMODEM - ok
20:56:18.0802 2976      cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:56:18.0802 2976      cdfs - ok
20:56:18.0849 2976      cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:56:18.0849 2976      cdrom - ok
20:56:18.0958 2976      chckr2xx        (bb2ffe05b87264cd70dc3858eb28210f) C:\Windows\system32\Drivers\chckr2xx.sys
20:56:18.0974 2976      chckr2xx - ok
20:56:19.0068 2976      circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:56:19.0068 2976      circlass - ok
20:56:19.0161 2976      CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:56:19.0161 2976      CLFS - ok
20:56:19.0255 2976      CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:19.0255 2976      CmBatt - ok
20:56:19.0302 2976      cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:56:19.0302 2976      cmdide - ok
20:56:19.0458 2976      Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:56:19.0458 2976      Compbatt - ok
20:56:19.0520 2976      crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:56:19.0536 2976      crcdisk - ok
20:56:19.0551 2976      Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:56:19.0551 2976      Crusoe - ok
20:56:19.0676 2976      CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
20:56:19.0692 2976      CSC - ok
20:56:19.0770 2976      DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:56:19.0770 2976      DfsC - ok
20:56:19.0894 2976      disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:56:19.0894 2976      disk - ok
20:56:19.0972 2976      Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:56:19.0988 2976      Dot4 - ok
20:56:20.0066 2976      Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:56:20.0066 2976      Dot4Print - ok
20:56:20.0113 2976      dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:56:20.0113 2976      dot4usb - ok
20:56:20.0206 2976      drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:56:20.0206 2976      drmkaud - ok
20:56:20.0269 2976      DS1410D - ok
20:56:20.0316 2976      DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:56:20.0347 2976      DXGKrnl - ok
20:56:20.0440 2976      E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:56:20.0456 2976      E1G60 - ok
20:56:20.0518 2976      Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:56:20.0518 2976      Ecache - ok
20:56:20.0643 2976      elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:56:20.0643 2976      elxstor - ok
20:56:20.0721 2976      EraserUtilDrv11113 - ok
20:56:20.0799 2976      ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:56:20.0799 2976      ErrDev - ok
20:56:20.0924 2976      exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:56:20.0924 2976      exfat - ok
20:56:20.0986 2976      fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:56:20.0986 2976      fastfat - ok
20:56:21.0064 2976      fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:56:21.0064 2976      fdc - ok
20:56:21.0096 2976      FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:56:21.0096 2976      FileInfo - ok
20:56:21.0127 2976      Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:56:21.0127 2976      Filetrace - ok
20:56:21.0158 2976      flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:56:21.0158 2976      flpydisk - ok
20:56:21.0205 2976      FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:56:21.0205 2976      FltMgr - ok
20:56:21.0283 2976      Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:56:21.0283 2976      Fs_Rec - ok
20:56:21.0330 2976      fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
20:56:21.0330 2976      fvevol - ok
20:56:21.0408 2976      gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:56:21.0423 2976      gagp30kx - ok
20:56:21.0486 2976      hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
20:56:21.0501 2976      hardlock - ok
20:56:21.0642 2976      Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
20:56:21.0642 2976      Haspnt - ok
20:56:21.0704 2976      HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:56:21.0720 2976      HDAudBus - ok
20:56:21.0813 2976      HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:56:21.0813 2976      HidBth - ok
20:56:21.0844 2976      HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:56:21.0844 2976      HidIr - ok
20:56:21.0954 2976      HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:56:21.0954 2976      HidUsb - ok
20:56:21.0985 2976      HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:56:21.0985 2976      HpCISSs - ok
20:56:22.0047 2976      HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:56:22.0078 2976      HSF_DPV - ok
20:56:22.0110 2976      HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:56:22.0125 2976      HSXHWAZL - ok
20:56:22.0172 2976      HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:56:22.0172 2976      HTTP - ok
20:56:22.0219 2976      i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:56:22.0219 2976      i2omp - ok
20:56:22.0250 2976      i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:56:22.0266 2976      i8042prt - ok
20:56:22.0328 2976      iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
20:56:22.0328 2976      iaStor - ok
20:56:22.0375 2976      iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:56:22.0390 2976      iaStorV - ok
20:56:22.0500 2976      igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:56:22.0546 2976      igfx - ok
20:56:22.0671 2976      iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:56:22.0671 2976      iirsp - ok
20:56:22.0734 2976      intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:56:22.0734 2976      intelide - ok
20:56:22.0765 2976      intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:56:22.0765 2976      intelppm - ok
20:56:22.0796 2976      IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:22.0796 2976      IpFilterDriver - ok
20:56:22.0812 2976      IpInIp - ok
20:56:22.0843 2976      IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:56:22.0843 2976      IPMIDRV - ok
20:56:22.0890 2976      IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:56:22.0905 2976      IPNAT - ok
20:56:22.0921 2976      IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:56:22.0921 2976      IRENUM - ok
20:56:22.0952 2976      isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:56:22.0952 2976      isapnp - ok
20:56:22.0999 2976      iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:56:22.0999 2976      iScsiPrt - ok
20:56:23.0030 2976      iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:56:23.0030 2976      iteatapi - ok
20:56:23.0077 2976      iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:56:23.0077 2976      iteraid - ok
20:56:23.0108 2976      kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:56:23.0108 2976      kbdclass - ok
20:56:23.0139 2976      kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:56:23.0139 2976      kbdhid - ok
20:56:23.0186 2976      KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
20:56:23.0202 2976      KMWDFILTER - ok
20:56:23.0248 2976      KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:56:23.0264 2976      KSecDD - ok
20:56:23.0311 2976      lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:56:23.0326 2976      lltdio - ok
20:56:23.0373 2976      LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:56:23.0389 2976      LSI_FC - ok
20:56:23.0436 2976      LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:56:23.0436 2976      LSI_SAS - ok
20:56:23.0482 2976      LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:56:23.0482 2976      LSI_SCSI - ok
20:56:23.0514 2976      luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:56:23.0514 2976      luafv - ok
20:56:23.0560 2976      mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:56:23.0576 2976      mdmxsdk - ok
20:56:23.0607 2976      megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:56:23.0607 2976      megasas - ok
20:56:23.0654 2976      MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:56:23.0670 2976      MegaSR - ok
20:56:23.0701 2976      Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:56:23.0701 2976      Modem - ok
20:56:23.0716 2976      monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:56:23.0716 2976      monitor - ok
20:56:23.0748 2976      mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:56:23.0748 2976      mouclass - ok
20:56:23.0794 2976      mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:56:23.0794 2976      mouhid - ok
20:56:23.0826 2976      MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:56:23.0826 2976      MountMgr - ok
20:56:23.0872 2976      mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:56:23.0872 2976      mpio - ok
20:56:23.0919 2976      mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:56:23.0919 2976      mpsdrv - ok
20:56:23.0950 2976      Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:56:23.0950 2976      Mraid35x - ok
20:56:23.0997 2976      MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:56:23.0997 2976      MRxDAV - ok
20:56:24.0028 2976      mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:24.0044 2976      mrxsmb - ok
20:56:24.0106 2976      mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:24.0106 2976      mrxsmb10 - ok
20:56:24.0153 2976      mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:24.0153 2976      mrxsmb20 - ok
20:56:24.0184 2976      msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:56:24.0184 2976      msahci - ok
20:56:24.0231 2976      msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:56:24.0231 2976      msdsm - ok
20:56:24.0294 2976      Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:56:24.0294 2976      Msfs - ok
20:56:24.0325 2976      msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:56:24.0325 2976      msisadrv - ok
20:56:24.0372 2976      MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:56:24.0372 2976      MSKSSRV - ok
20:56:24.0403 2976      MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:24.0403 2976      MSPCLOCK - ok
20:56:24.0465 2976      MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:56:24.0465 2976      MSPQM - ok
20:56:24.0512 2976      MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:56:24.0528 2976      MsRPC - ok
20:56:24.0574 2976      mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:56:24.0574 2976      mssmbios - ok
20:56:24.0590 2976      MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:56:24.0590 2976      MSTEE - ok
20:56:24.0637 2976      Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:56:24.0637 2976      Mup - ok
20:56:24.0715 2976      NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:56:24.0715 2976      NativeWifiP - ok
20:56:24.0762 2976      NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:56:24.0777 2976      NDIS - ok
20:56:24.0840 2976      NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:24.0840 2976      NdisTapi - ok
20:56:24.0871 2976      Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:24.0871 2976      Ndisuio - ok
20:56:24.0902 2976      NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:24.0902 2976      NdisWan - ok
20:56:24.0964 2976      NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:56:24.0964 2976      NDProxy - ok
20:56:24.0996 2976      NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:56:24.0996 2976      NetBIOS - ok
20:56:25.0074 2976      netbt           (9005cfbfc6796431e251079787e977ec) C:\Windows\system32\DRIVERS\netbt.sys
20:56:25.0074 2976      Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt.sys. Real md5: 9005cfbfc6796431e251079787e977ec, Fake md5: ecd64230a59cbd93c85f1cd1cab9f3f6
20:56:25.0074 2976      netbt ( Rootkit.Win32.ZAccess.h ) - infected
20:56:25.0074 2976      netbt - detected Rootkit.Win32.ZAccess.h (0)
20:56:25.0136 2976      nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:56:25.0136 2976      nfrd960 - ok
20:56:25.0183 2976      Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:56:25.0183 2976      Npfs - ok
20:56:25.0198 2976      nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:56:25.0198 2976      nsiproxy - ok
20:56:25.0276 2976      Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:56:25.0308 2976      Ntfs - ok
20:56:25.0354 2976      ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:56:25.0354 2976      ntrigdigi - ok
20:56:25.0370 2976      Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:56:25.0370 2976      Null - ok
20:56:25.0401 2976      nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:56:25.0401 2976      nvraid - ok
20:56:25.0432 2976      nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:56:25.0432 2976      nvstor - ok
20:56:25.0464 2976      nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:56:25.0464 2976      nv_agp - ok
20:56:25.0479 2976      NwlnkFlt - ok
20:56:25.0495 2976      NwlnkFwd - ok
20:56:25.0542 2976      OEM02Dev        (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
20:56:25.0542 2976      OEM02Dev - ok
20:56:25.0557 2976      OEM02Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
20:56:25.0557 2976      OEM02Vfx - ok
20:56:25.0588 2976      ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:56:25.0588 2976      ohci1394 - ok
20:56:25.0635 2976      Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:56:25.0635 2976      Parport - ok
20:56:25.0651 2976      partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:56:25.0666 2976      partmgr - ok
20:56:25.0698 2976      Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:56:25.0698 2976      Parvdm - ok
20:56:25.0760 2976      pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:56:25.0760 2976      pci - ok
20:56:25.0776 2976      pcidnt - ok
20:56:25.0791 2976      pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:56:25.0791 2976      pciide - ok
20:56:25.0822 2976      pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:56:25.0822 2976      pcmcia - ok
20:56:25.0869 2976      PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:56:25.0885 2976      PEAUTH - ok
20:56:25.0963 2976      PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:56:25.0963 2976      PptpMiniport - ok
20:56:25.0963 2976      PRAGMAppioeqwvlw - ok
20:56:25.0994 2976      Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:56:25.0994 2976      Processor - ok
20:56:26.0041 2976      PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:56:26.0041 2976      PSched - ok
20:56:26.0088 2976      PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
20:56:26.0088 2976      PxHelp20 - ok
20:56:26.0134 2976      ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:56:26.0166 2976      ql2300 - ok
20:56:26.0197 2976      ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:56:26.0197 2976      ql40xx - ok
20:56:26.0228 2976      QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:56:26.0228 2976      QWAVEdrv - ok
20:56:26.0275 2976      RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:56:26.0275 2976      RasAcd - ok
20:56:26.0306 2976      Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:26.0306 2976      Rasl2tp - ok
20:56:26.0353 2976      RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:26.0353 2976      RasPppoe - ok
20:56:26.0368 2976      RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:56:26.0384 2976      RasSstp - ok
20:56:26.0431 2976      rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:56:26.0431 2976      rdbss - ok
20:56:26.0462 2976      RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:26.0462 2976      RDPCDD - ok
20:56:26.0524 2976      rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
20:56:26.0524 2976      rdpdr - ok
20:56:26.0540 2976      RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:56:26.0540 2976      RDPENCDD - ok
20:56:26.0587 2976      RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:56:26.0602 2976      RDPWD - ok
20:56:26.0649 2976      rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:56:26.0665 2976      rimmptsk - ok
20:56:26.0712 2976      rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:56:26.0712 2976      rimsptsk - ok
20:56:26.0743 2976      rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:56:26.0743 2976      rismxdp - ok
20:56:26.0805 2976      RsiKtControl    (2af65117091a47732f0997330e3daae6) C:\Windows\system32\RSIKT.SYS
20:56:26.0852 2976      RsiKtControl - ok
20:56:26.0883 2976      rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:56:26.0883 2976      rspndr - ok
20:56:26.0930 2976      RSSERIAL        (b089419975668e2a701178032d652a24) C:\Windows\SYSTEM32\RSSERIAL.SYS
20:56:26.0930 2976      RSSERIAL - ok
20:56:26.0977 2976      sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:56:26.0977 2976      sbp2port - ok
20:56:27.0024 2976      sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:56:27.0024 2976      sdbus - ok
20:56:27.0055 2976      secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:56:27.0055 2976      secdrv - ok
20:56:27.0117 2976      Ser2rs          (5fe7be588762e3f89e2ee764c2e50c91) C:\Windows\system32\DRIVERS\ser2rs.sys
20:56:27.0133 2976      Ser2rs - ok
20:56:27.0148 2976      Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
20:56:27.0148 2976      Serenum - ok
20:56:27.0195 2976      Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:56:27.0195 2976      Serial - ok
20:56:27.0211 2976      sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:56:27.0211 2976      sermouse - ok
20:56:27.0273 2976      sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:56:27.0273 2976      sffdisk - ok
20:56:27.0289 2976      sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:56:27.0289 2976      sffp_mmc - ok
20:56:27.0320 2976      sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:56:27.0320 2976      sffp_sd - ok
20:56:27.0382 2976      sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:27.0382 2976      sfloppy - ok
20:56:27.0398 2976      sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:56:27.0414 2976      sisagp - ok
20:56:27.0429 2976      SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:56:27.0429 2976      SiSRaid2 - ok
20:56:27.0460 2976      SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:56:27.0460 2976      SiSRaid4 - ok
20:56:27.0507 2976      Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:56:27.0507 2976      Smb - ok
20:56:27.0570 2976      spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:56:27.0570 2976      spldr - ok
20:56:27.0632 2976      srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:56:27.0632 2976      srv - ok
20:56:27.0694 2976      srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:56:27.0710 2976      srv2 - ok
20:56:27.0757 2976      srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:56:27.0757 2976      srvnet - ok
20:56:27.0804 2976      STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:56:27.0819 2976      STHDA - ok
20:56:27.0850 2976      StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:56:27.0850 2976      StillCam - ok
20:56:27.0882 2976      swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:56:27.0882 2976      swenum - ok
20:56:27.0928 2976      Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:56:27.0928 2976      Symc8xx - ok
20:56:27.0975 2976      Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:56:27.0975 2976      Sym_hi - ok
20:56:28.0006 2976      Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:56:28.0022 2976      Sym_u3 - ok
20:56:28.0131 2976      Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
20:56:28.0162 2976      Tcpip - ok
20:56:28.0209 2976      Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
20:56:28.0209 2976      Tcpip6 - ok
20:56:28.0256 2976      tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:56:28.0256 2976      tcpipreg - ok
20:56:28.0303 2976      TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:56:28.0318 2976      TDPIPE - ok
20:56:28.0350 2976      TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:56:28.0350 2976      TDTCP - ok
20:56:28.0396 2976      tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:56:28.0396 2976      tdx - ok
20:56:28.0459 2976      TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:56:28.0459 2976      TermDD - ok
20:56:28.0506 2976      tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:28.0521 2976      tssecsrv - ok
20:56:28.0568 2976      tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:56:28.0568 2976      tunmp - ok
20:56:28.0615 2976      tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:56:28.0615 2976      tunnel - ok
20:56:28.0646 2976      uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:56:28.0646 2976      uagp35 - ok
20:56:28.0693 2976      udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:56:28.0708 2976      udfs - ok
20:56:28.0755 2976      uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:56:28.0755 2976      uliagpkx - ok
20:56:28.0818 2976      uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:56:28.0833 2976      uliahci - ok
20:56:28.0911 2976      UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:56:28.0911 2976      UlSata - ok
20:56:28.0942 2976      ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:56:28.0942 2976      ulsata2 - ok
20:56:28.0974 2976      umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:56:28.0974 2976      umbus - ok
20:56:29.0067 2976      usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:29.0083 2976      usbccgp - ok
20:56:29.0145 2976      usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:56:29.0145 2976      usbcir - ok
20:56:29.0176 2976      usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:56:29.0176 2976      usbehci - ok
20:56:29.0239 2976      usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:56:29.0239 2976      usbhub - ok
20:56:29.0270 2976      usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:56:29.0270 2976      usbohci - ok
20:56:29.0301 2976      usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:56:29.0301 2976      usbprint - ok
20:56:29.0348 2976      usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:56:29.0348 2976      usbscan - ok
20:56:29.0410 2976      USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:29.0410 2976      USBSTOR - ok
20:56:29.0457 2976      usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:56:29.0457 2976      usbuhci - ok
20:56:29.0504 2976      vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:29.0504 2976      vga - ok
20:56:29.0520 2976      VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:56:29.0520 2976      VgaSave - ok
20:56:29.0551 2976      viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:56:29.0551 2976      viaagp - ok
20:56:29.0582 2976      ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:56:29.0582 2976      ViaC7 - ok
20:56:29.0598 2976      viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:56:29.0598 2976      viaide - ok
20:56:29.0613 2976      VirtualBackplane - ok
20:56:29.0629 2976      volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:56:29.0629 2976      volmgr - ok
20:56:29.0691 2976      volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:56:29.0691 2976      volmgrx - ok
20:56:29.0722 2976      volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:56:29.0722 2976      volsnap - ok
20:56:29.0754 2976      vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:56:29.0754 2976      vsmraid - ok
20:56:29.0800 2976      WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:56:29.0800 2976      WacomPen - ok
20:56:29.0832 2976      Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:56:29.0832 2976      Wanarp - ok
20:56:29.0832 2976      Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:56:29.0832 2976      Wanarpv6 - ok
20:56:29.0894 2976      Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:56:29.0894 2976      Wd - ok
20:56:29.0956 2976      Wdf01000        (a1bd4ad37b361199dc326cccc9c179de) C:\Windows\system32\drivers\Wdf01000.sys
20:56:29.0956 2976      Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: a1bd4ad37b361199dc326cccc9c179de, Fake md5: b6f0a7ad6d4bd325fbcd8bac96cd8d96
20:56:29.0956 2976      Wdf01000 ( Virus.Win32.Rloader.a ) - infected
20:56:29.0956 2976      Wdf01000 - detected Virus.Win32.Rloader.a (0)
20:56:30.0050 2976      winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:56:30.0066 2976      winachsf - ok
20:56:30.0128 2976      WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:56:30.0128 2976      WmiAcpi - ok
20:56:30.0190 2976      ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:56:30.0190 2976      ws2ifsl - ok
20:56:30.0237 2976      WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:30.0253 2976      WUDFRd - ok
20:56:30.0284 2976      XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:56:30.0284 2976      XAudio - ok
20:56:30.0331 2976      MBR (0x1B8)     (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
20:56:30.0331 2976      \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
20:56:30.0331 2976      \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
20:56:30.0331 2976      MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
20:56:30.0346 2976      \Device\Harddisk1\DR1 - ok
20:56:30.0362 2976      Boot (0x1200)   (5721dce526d16bf99208ecced739ab0d) \Device\Harddisk0\DR0\Partition0
20:56:30.0362 2976      \Device\Harddisk0\DR0\Partition0 - ok
20:56:30.0378 2976      Boot (0x1200)   (d5d0b8337444d9f6f31f30f96cd6238e) \Device\Harddisk0\DR0\Partition1
20:56:30.0378 2976      \Device\Harddisk0\DR0\Partition1 - ok
20:56:30.0378 2976      Boot (0x1200)   (bfd1d08dcbcf32d21a9414de28864f79) \Device\Harddisk1\DR1\Partition0
20:56:30.0378 2976      \Device\Harddisk1\DR1\Partition0 - ok
20:56:30.0393 2976      ============================================================
20:56:30.0393 2976      Scan finished
20:56:30.0393 2976      ============================================================
20:56:30.0424 1288      Detected object count: 4
20:56:30.0424 1288      Actual detected object count: 4
20:58:53.0757 1288      65a4c221 ( HiddenFile.Multi.Generic ) - skipped by user
20:58:53.0757 1288      65a4c221 ( HiddenFile.Multi.Generic ) - User select action: Skip
20:58:54.0100 1288      Backup copy found, using it..
20:58:54.0132 1288      C:\Windows\system32\DRIVERS\netbt.sys - will be cured on reboot
20:58:54.0132 1288      netbt ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
20:59:02.0883 1288      Backup copy not found, trying to cure infected file..
20:59:02.0899 1288      Cure success, using it..
20:59:02.0899 1288      C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
20:59:02.0899 1288      Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
20:59:02.0961 1288      \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
20:59:02.0961 1288      \Device\Harddisk0\DR0 - ok
20:59:02.0961 1288      \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
20:59:11.0775 3920      Deinitialize success

22:32:56.0408 1116      TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
22:32:56.0417 1116      ============================================================
22:32:56.0417 1116      Current date / time: 2011/09/28 22:32:56.0417
22:32:56.0417 1116      SystemInfo:
22:32:56.0417 1116      
22:32:56.0417 1116      OS Version: 6.0.6002 ServicePack: 2.0
22:32:56.0417 1116      Product type: Workstation
22:32:56.0417 1116      ComputerName: PRODUCTION-PC
22:32:56.0418 1116      UserName: tmaly
22:32:56.0418 1116      Windows directory: C:\Windows
22:32:56.0418 1116      System windows directory: C:\Windows
22:32:56.0418 1116      Processor architecture: Intel x86
22:32:56.0418 1116      Number of processors: 2
22:32:56.0418 1116      Page size: 0x1000
22:32:56.0418 1116      Boot type: Safe boot
22:32:56.0418 1116      ============================================================
22:32:58.0461 1116      Initialize success
22:33:00.0391 1604      ============================================================
22:33:00.0391 1604      Scan started
22:33:00.0391 1604      Mode: Manual;
22:33:00.0391 1604      ============================================================
22:33:01.0421 1604      65a4c221        (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\566404197:2589670878.exe
22:33:01.0421 1604      Suspicious file (Hidden): C:\Windows\566404197:2589670878.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
22:33:01.0422 1604      65a4c221 ( HiddenFile.Multi.Generic ) - warning
22:33:01.0422 1604      65a4c221 - detected HiddenFile.Multi.Generic (1)
22:33:01.0769 1604      ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:33:01.0774 1604      ACPI - ok
22:33:01.0954 1604      adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:33:01.0963 1604      adp94xx - ok
22:33:02.0280 1604      adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:33:02.0286 1604      adpahci - ok
22:33:02.0395 1604      adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:33:02.0398 1604      adpu160m - ok
22:33:02.0638 1604      adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:33:02.0642 1604      adpu320 - ok
22:33:02.0943 1604      AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:33:02.0948 1604      AFD - ok
22:33:03.0025 1604      agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:33:03.0026 1604      agp440 - ok
22:33:03.0125 1604      aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:33:03.0127 1604      aic78xx - ok
22:33:03.0328 1604      aksfridge       (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
22:33:03.0389 1604      aksfridge - ok
22:33:03.0592 1604      aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:33:03.0593 1604      aliide - ok
22:33:03.0813 1604      amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:33:03.0814 1604      amdagp - ok
22:33:03.0874 1604      amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:33:03.0875 1604      amdide - ok
22:33:04.0016 1604      AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:33:04.0017 1604      AmdK7 - ok
22:33:04.0110 1604      AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:33:04.0136 1604      AmdK8 - ok
22:33:04.0305 1604      ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:33:04.0308 1604      ApfiltrService - ok
22:33:04.0488 1604      arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:33:04.0515 1604      arc - ok
22:33:05.0024 1604      arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:33:05.0026 1604      arcsas - ok
22:33:05.0138 1604      AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:33:05.0139 1604      AsyncMac - ok
22:33:05.0226 1604      atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:33:05.0227 1604      atapi - ok
22:33:05.0330 1604      b57nd60x        (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:33:05.0334 1604      b57nd60x - ok
22:33:05.0361 1604      BCM42RLY - ok
22:33:05.0499 1604      BCM43XX         (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
22:33:05.0533 1604      BCM43XX - ok
22:33:05.0874 1604      Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:33:05.0875 1604      Beep - ok
22:33:06.0064 1604      blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:33:06.0076 1604      blbdrive - ok
22:33:06.0176 1604      bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:33:06.0411 1604      bowser - ok
22:33:06.0519 1604      BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:33:06.0521 1604      BrFiltLo - ok
22:33:06.0622 1604      BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:33:06.0623 1604      BrFiltUp - ok
22:33:06.0815 1604      Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:33:06.0817 1604      Brserid - ok
22:33:06.0931 1604      BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:33:06.0933 1604      BrSerWdm - ok
22:33:07.0034 1604      BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:33:07.0035 1604      BrUsbMdm - ok
22:33:07.0134 1604      BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:33:07.0135 1604      BrUsbSer - ok
22:33:07.0377 1604      BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:33:07.0378 1604      BTHMODEM - ok
22:33:07.0450 1604      cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:33:07.0452 1604      cdfs - ok
22:33:07.0563 1604      cdrom           (1b4e9826df5c96335d0ca465eda33eda) C:\Windows\system32\DRIVERS\cdrom.sys
22:33:07.0564 1604      Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom.sys. Real md5: 1b4e9826df5c96335d0ca465eda33eda, Fake md5: 6b4bffb9becd728097024276430db314
22:33:07.0564 1604      cdrom ( Rootkit.Win32.ZAccess.e ) - infected
22:33:07.0564 1604      cdrom - detected Rootkit.Win32.ZAccess.e (0)
22:33:07.0675 1604      chckr2xx        (bb2ffe05b87264cd70dc3858eb28210f) C:\Windows\system32\Drivers\chckr2xx.sys
22:33:07.0677 1604      chckr2xx - ok
22:33:07.0794 1604      circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:33:07.0816 1604      circlass - ok
22:33:07.0938 1604      CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:33:07.0943 1604      CLFS - ok
22:33:08.0156 1604      CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:33:08.0157 1604      CmBatt - ok
22:33:08.0250 1604      cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:33:08.0251 1604      cmdide - ok
22:33:08.0645 1604      Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:33:08.0676 1604      Compbatt - ok
22:33:09.0015 1604      crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:33:09.0017 1604      crcdisk - ok
22:33:09.0123 1604      Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:33:09.0125 1604      Crusoe - ok
22:33:09.0337 1604      CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
22:33:09.0343 1604      CSC - ok
22:33:09.0534 1604      DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:33:09.0535 1604      DfsC - ok
22:33:09.0726 1604      disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:33:09.0726 1604      disk - ok
22:33:09.0945 1604      Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
22:33:09.0948 1604      Dot4 - ok
22:33:10.0041 1604      Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:33:10.0042 1604      Dot4Print - ok
22:33:10.0132 1604      dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
22:33:10.0134 1604      dot4usb - ok
22:33:10.0228 1604      drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:33:10.0270 1604      drmkaud - ok
22:33:10.0421 1604      DS1410D - ok
22:33:10.0486 1604      DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:33:10.0508 1604      DXGKrnl - ok
22:33:10.0691 1604      E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:33:10.0694 1604      E1G60 - ok
22:33:11.0045 1604      Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:33:11.0049 1604      Ecache - ok
22:33:11.0239 1604      elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:33:11.0246 1604      elxstor - ok
22:33:11.0382 1604      EraserUtilDrv11113 - ok
22:33:11.0477 1604      ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:33:11.0478 1604      ErrDev - ok
22:33:11.0664 1604      exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:33:11.0668 1604      exfat - ok
22:33:11.0829 1604      fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:33:11.0832 1604      fastfat - ok
22:33:12.0005 1604      fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:33:12.0006 1604      fdc - ok
22:33:12.0089 1604      FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:33:12.0091 1604      FileInfo - ok
22:33:12.0205 1604      Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:33:12.0206 1604      Filetrace - ok
22:33:12.0262 1604      flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:33:12.0263 1604      flpydisk - ok
22:33:12.0401 1604      FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:33:12.0405 1604      FltMgr - ok
22:33:12.0522 1604      Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:33:12.0523 1604      Fs_Rec - ok
22:33:12.0619 1604      fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
22:33:12.0622 1604      fvevol - ok
22:33:12.0906 1604      gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:33:12.0908 1604      gagp30kx - ok
22:33:13.0145 1604      hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
22:33:13.0166 1604      hardlock - ok
22:33:13.0312 1604      Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
22:33:13.0314 1604      Haspnt - ok
22:33:13.0496 1604      HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:33:13.0506 1604      HDAudBus - ok
22:33:13.0636 1604      HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:33:13.0637 1604      HidBth - ok
22:33:13.0717 1604      HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:33:13.0719 1604      HidIr - ok
22:33:13.0816 1604      HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:33:13.0817 1604      HidUsb - ok
22:33:13.0989 1604      HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:33:13.0991 1604      HpCISSs - ok
22:33:14.0140 1604      HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:33:14.0175 1604      HSF_DPV - ok
22:33:14.0309 1604      HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:33:14.0313 1604      HSXHWAZL - ok
22:33:14.0526 1604      HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:33:14.0672 1604      HTTP - ok
22:33:14.0755 1604      i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:33:14.0756 1604      i2omp - ok
22:33:14.0872 1604      i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:33:14.0873 1604      i8042prt - ok
22:33:15.0003 1604      iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
22:33:15.0005 1604      iaStor - ok
22:33:15.0262 1604      iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:33:15.0267 1604      iaStorV - ok
22:33:15.0505 1604      igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:33:15.0613 1604      igfx - ok
22:33:15.0738 1604      iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:33:15.0740 1604      iirsp - ok
22:33:15.0970 1604      intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:33:15.0971 1604      intelide - ok
22:33:16.0064 1604      intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:33:16.0065 1604      intelppm - ok
22:33:16.0318 1604      IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:33:16.0320 1604      IpFilterDriver - ok
22:33:16.0396 1604      IpInIp - ok
22:33:16.0453 1604      IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:33:16.0454 1604      IPMIDRV - ok
22:33:16.0546 1604      IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:33:16.0548 1604      IPNAT - ok
22:33:16.0675 1604      IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:33:16.0676 1604      IRENUM - ok
22:33:16.0774 1604      isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:33:16.0776 1604      isapnp - ok
22:33:16.0879 1604      iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:33:16.0881 1604      iScsiPrt - ok
22:33:16.0969 1604      iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:33:16.0970 1604      iteatapi - ok
22:33:17.0063 1604      iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:33:17.0064 1604      iteraid - ok
22:33:17.0264 1604      kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:33:17.0264 1604      kbdclass - ok
22:33:17.0374 1604      kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
22:33:17.0375 1604      kbdhid - ok
22:33:17.0677 1604      KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
22:33:17.0679 1604      KMWDFILTER - ok
22:33:17.0938 1604      KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:33:17.0946 1604      KSecDD - ok
22:33:18.0069 1604      lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:33:18.0071 1604      lltdio - ok
22:33:18.0210 1604      LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:33:18.0238 1604      LSI_FC - ok
22:33:18.0402 1604      LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:33:18.0404 1604      LSI_SAS - ok
22:33:18.0505 1604      LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:33:18.0507 1604      LSI_SCSI - ok
22:33:18.0601 1604      luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:33:18.0604 1604      luafv - ok
22:33:19.0172 1604      MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:33:19.0187 1604      MBAMProtector - ok
22:33:19.0586 1604      mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:33:19.0588 1604      mdmxsdk - ok
22:33:19.0858 1604      megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:33:19.0860 1604      megasas - ok
22:33:19.0957 1604      MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:33:19.0964 1604      MegaSR - ok
22:33:20.0123 1604      Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:33:20.0124 1604      Modem - ok
22:33:20.0211 1604      monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:33:20.0250 1604      monitor - ok
22:33:20.0517 1604      mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:33:20.0518 1604      mouclass - ok
22:33:20.0625 1604      mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:33:20.0627 1604      mouhid - ok
22:33:20.0919 1604      MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:33:20.0921 1604      MountMgr - ok
22:33:21.0038 1604      mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:33:21.0041 1604      mpio - ok
22:33:21.0134 1604      mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:33:21.0136 1604      mpsdrv - ok
22:33:21.0355 1604      Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:33:21.0356 1604      Mraid35x - ok
22:33:21.0511 1604      MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:33:21.0514 1604      MRxDAV - ok
22:33:21.0634 1604      mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:33:21.0637 1604      mrxsmb - ok
22:33:21.0859 1604      mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:33:21.0864 1604      mrxsmb10 - ok
22:33:22.0014 1604      mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:33:22.0016 1604      mrxsmb20 - ok
22:33:22.0130 1604      msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
22:33:22.0132 1604      msahci - ok
22:33:22.0224 1604      msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:33:22.0227 1604      msdsm - ok
22:33:22.0421 1604      Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:33:22.0422 1604      Msfs - ok
22:33:22.0595 1604      msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:33:22.0596 1604      msisadrv - ok
22:33:22.0856 1604      MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:33:22.0857 1604      MSKSSRV - ok
22:33:23.0139 1604      MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:33:23.0163 1604      MSPCLOCK - ok
22:33:23.0376 1604      MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:33:23.0378 1604      MSPQM - ok
22:33:23.0476 1604      MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:33:23.0479 1604      MsRPC - ok
22:33:23.0745 1604      mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:33:23.0745 1604      mssmbios - ok
22:33:23.0877 1604      MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:33:23.0878 1604      MSTEE - ok
22:33:23.0966 1604      Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:33:23.0968 1604      Mup - ok
22:33:24.0210 1604      NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:33:24.0213 1604      NativeWifiP - ok
22:33:24.0320 1604      NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:33:24.0329 1604      NDIS - ok
22:33:24.0636 1604      NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:33:24.0637 1604      NdisTapi - ok
22:33:24.0768 1604      Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:33:24.0769 1604      Ndisuio - ok
22:33:25.0010 1604      NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:33:25.0013 1604      NdisWan - ok
22:33:25.0106 1604      NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:33:25.0108 1604      NDProxy - ok
22:33:25.0204 1604      NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:33:25.0205 1604      NetBIOS - ok
22:33:25.0304 1604      netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:33:25.0308 1604      netbt - ok
22:33:25.0540 1604      nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:33:25.0542 1604      nfrd960 - ok
22:33:25.0683 1604      Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:33:25.0684 1604      Npfs - ok
22:33:25.0885 1604      nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:33:25.0887 1604      nsiproxy - ok
22:33:26.0176 1604      Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:33:26.0264 1604      Ntfs - ok
22:33:26.0381 1604      ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:33:26.0382 1604      ntrigdigi - ok
22:33:26.0533 1604      Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:33:26.0534 1604      Null - ok
22:33:26.0622 1604      nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:33:26.0624 1604      nvraid - ok
22:33:26.0723 1604      nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:33:26.0724 1604      nvstor - ok
22:33:27.0111 1604      nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:33:27.0114 1604      nv_agp - ok
22:33:27.0188 1604      NwlnkFlt - ok
22:33:27.0266 1604      NwlnkFwd - ok
22:33:27.0369 1604      OEM02Dev        (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
22:33:27.0373 1604      OEM02Dev - ok
22:33:27.0467 1604      OEM02Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
22:33:27.0469 1604      OEM02Vfx - ok
22:33:27.0557 1604      ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:33:27.0558 1604      ohci1394 - ok
22:33:27.0731 1604      Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:33:27.0733 1604      Parport - ok
22:33:27.0815 1604      partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:33:27.0817 1604      partmgr - ok
22:33:27.0911 1604      Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:33:27.0913 1604      Parvdm - ok
22:33:28.0346 1604      pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:33:28.0349 1604      pci - ok
22:33:28.0446 1604      pcidnt - ok
22:33:28.0548 1604      pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
22:33:28.0549 1604      pciide - ok
22:33:28.0650 1604      pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:33:28.0654 1604      pcmcia - ok
22:33:28.0764 1604      PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:33:28.0785 1604      PEAUTH - ok
22:33:28.0942 1604      PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:33:28.0944 1604      PptpMiniport - ok
22:33:28.0985 1604      PRAGMAppioeqwvlw - ok
22:33:29.0055 1604      Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:33:29.0057 1604      Processor - ok
22:33:29.0187 1604      PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:33:29.0189 1604      PSched - ok
22:33:29.0392 1604      PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
22:33:29.0393 1604      PxHelp20 - ok
22:33:29.0501 1604      ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:33:29.0536 1604      ql2300 - ok
22:33:29.0683 1604      ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:33:29.0686 1604      ql40xx - ok
22:33:29.0776 1604      QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:33:29.0777 1604      QWAVEdrv - ok
22:33:29.0867 1604      RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:33:29.0868 1604      RasAcd - ok
22:33:29.0954 1604      Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:33:29.0956 1604      Rasl2tp - ok
22:33:30.0068 1604      RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:33:30.0070 1604      RasPppoe - ok
22:33:30.0156 1604      RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:33:30.0158 1604      RasSstp - ok
22:33:30.0366 1604      rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:33:30.0371 1604      rdbss - ok
22:33:30.0652 1604      RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:33:30.0654 1604      RDPCDD - ok
22:33:31.0017 1604      rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
22:33:31.0021 1604      rdpdr - ok
22:33:31.0120 1604      RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:33:31.0122 1604      RDPENCDD - ok
22:33:31.0234 1604      RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:33:31.0238 1604      RDPWD - ok
22:33:31.0343 1604      rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:33:31.0345 1604      rimmptsk - ok
22:33:31.0712 1604      rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:33:31.0713 1604      rimsptsk - ok
22:33:31.0845 1604      rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:33:31.0847 1604      rismxdp - ok
22:33:32.0154 1604      RsiKtControl    (2af65117091a47732f0997330e3daae6) C:\Windows\system32\RSIKT.SYS
22:33:32.0157 1604      RsiKtControl - ok
22:33:32.0295 1604      rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:33:32.0297 1604      rspndr - ok
22:33:32.0389 1604      RSSERIAL        (b089419975668e2a701178032d652a24) C:\Windows\SYSTEM32\RSSERIAL.SYS
22:33:32.0394 1604      RSSERIAL - ok
22:33:33.0134 1604      SASDIFSV        (d96686fca1f9f6b06f7490553cbda6de) C:\Users\tmaly\AppData\Local\Temp\superas\SASDIFSV.SYS
22:33:33.0135 1604      SASDIFSV - ok
22:33:33.0488 1604      SASENUM         (7f1085895e499907f68df7731924122b) C:\Users\tmaly\AppData\Local\Temp\superas\SASENUM.SYS
22:33:33.0488 1604      SASENUM - ok
22:33:33.0776 1604      SASKUTIL        (2e0e10b8b547a39cdcc1b105239a43a4) C:\Users\tmaly\AppData\Local\Temp\superas\SASKUTIL.sys
22:33:33.0776 1604      SASKUTIL - ok
22:33:33.0944 1604      sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:33:33.0947 1604      sbp2port - ok
22:33:34.0093 1604      sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:33:34.0096 1604      sdbus - ok
22:33:34.0260 1604      secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:33:34.0285 1604      secdrv - ok
22:33:34.0581 1604      Ser2rs          (5fe7be588762e3f89e2ee764c2e50c91) C:\Windows\system32\DRIVERS\ser2rs.sys
22:33:34.0592 1604      Ser2rs - ok
22:33:34.0768 1604      Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
22:33:34.0769 1604      Serenum - ok
22:33:34.0868 1604      Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:33:34.0871 1604      Serial - ok
22:33:34.0970 1604      sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:33:34.0972 1604      sermouse - ok
22:33:35.0232 1604      sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:33:35.0234 1604      sffdisk - ok
22:33:35.0318 1604      sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:33:35.0319 1604      sffp_mmc - ok
22:33:35.0405 1604      sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:33:35.0407 1604      sffp_sd - ok
22:33:35.0503 1604      sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
22:33:35.0504 1604      sfloppy - ok
22:33:35.0675 1604      sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:33:35.0677 1604      sisagp - ok
22:33:35.0769 1604      SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:33:35.0771 1604      SiSRaid2 - ok
22:33:35.0945 1604      SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:33:35.0947 1604      SiSRaid4 - ok
22:33:36.0205 1604      Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:33:36.0207 1604      Smb - ok
22:33:36.0473 1604      spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:33:36.0475 1604      spldr - ok
22:33:36.0600 1604      srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:33:36.0606 1604      srv - ok
22:33:36.0716 1604      srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:33:36.0720 1604      srv2 - ok
22:33:36.0832 1604      srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:33:36.0835 1604      srvnet - ok
22:33:37.0136 1604      STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
22:33:37.0142 1604      STHDA - ok
22:33:37.0239 1604      StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
22:33:37.0240 1604      StillCam - ok
22:33:37.0365 1604      swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:33:37.0365 1604      swenum - ok
22:33:37.0475 1604      Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:33:37.0477 1604      Symc8xx - ok
22:33:37.0740 1604      Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:33:37.0741 1604      Sym_hi - ok
22:33:37.0940 1604      Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:33:37.0942 1604      Sym_u3 - ok
22:33:38.0304 1604      Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
22:33:38.0349 1604      Tcpip - ok
22:33:38.0605 1604      Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
22:33:38.0611 1604      Tcpip6 - ok
22:33:38.0955 1604      tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:33:38.0956 1604      tcpipreg - ok
22:33:39.0228 1604      TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:33:39.0229 1604      TDPIPE - ok
22:33:39.0365 1604      TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:33:39.0366 1604      TDTCP - ok
22:33:39.0475 1604      tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:33:39.0477 1604      tdx - ok
22:33:39.0726 1604      TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:33:39.0727 1604      TermDD - ok
22:33:39.0853 1604      tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:33:39.0855 1604      tssecsrv - ok
22:33:39.0988 1604      tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:33:39.0989 1604      tunmp - ok
22:33:40.0091 1604      tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:33:40.0093 1604      tunnel - ok
22:33:40.0183 1604      uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:33:40.0185 1604      uagp35 - ok
22:33:40.0273 1604      udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:33:40.0278 1604      udfs - ok
22:33:40.0494 1604      uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:33:40.0496 1604      uliagpkx - ok
22:33:40.0608 1604      uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:33:40.0613 1604      uliahci - ok
22:33:40.0711 1604      UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:33:40.0714 1604      UlSata - ok
22:33:40.0815 1604      ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:33:40.0818 1604      ulsata2 - ok
22:33:40.0907 1604      umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:33:40.0908 1604      umbus - ok
22:33:41.0227 1604      usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:33:41.0229 1604      usbccgp - ok
22:33:41.0324 1604      usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:33:41.0327 1604      usbcir - ok
22:33:41.0491 1604      usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:33:41.0492 1604      usbehci - ok
22:33:41.0637 1604      usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:33:41.0640 1604      usbhub - ok
22:33:41.0890 1604      usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:33:41.0892 1604      usbohci - ok
22:33:42.0069 1604      usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:33:42.0081 1604      usbprint - ok
22:33:42.0263 1604      usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:33:42.0265 1604      usbscan - ok
22:33:42.0596 1604      USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:33:42.0597 1604      USBSTOR - ok
22:33:42.0693 1604      usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:33:42.0695 1604      usbuhci - ok
22:33:42.0918 1604      vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:33:42.0919 1604      vga - ok
22:33:43.0011 1604      VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:33:43.0013 1604      VgaSave - ok
22:33:43.0099 1604      viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:33:43.0101 1604      viaagp - ok
22:33:43.0204 1604      ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:33:43.0206 1604      ViaC7 - ok
22:33:43.0303 1604      viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:33:43.0304 1604      viaide - ok
22:33:43.0466 1604      VirtualBackplane - ok
22:33:43.0563 1604      volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:33:43.0565 1604      volmgr - ok
22:33:43.0845 1604      volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:33:43.0864 1604      volmgrx - ok
22:33:44.0017 1604      volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:33:44.0019 1604      volsnap - ok
22:33:44.0156 1604      vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:33:44.0212 1604      vsmraid - ok
22:33:44.0390 1604      WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:33:44.0391 1604      WacomPen - ok
22:33:44.0495 1604      Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:44.0497 1604      Wanarp - ok
22:33:44.0502 1604      Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:33:44.0503 1604      Wanarpv6 - ok
22:33:44.0739 1604      Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:33:44.0741 1604      Wd - ok
22:33:45.0005 1604      Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:33:45.0015 1604      Wdf01000 - ok
22:33:45.0247 1604      winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:33:45.0270 1604      winachsf - ok
22:33:45.0413 1604      WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:33:45.0414 1604      WmiAcpi - ok
22:33:45.0618 1604      ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:33:45.0619 1604      ws2ifsl - ok
22:33:45.0756 1604      WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:33:45.0759 1604      WUDFRd - ok
22:33:46.0003 1604      XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:33:46.0004 1604      XAudio - ok
22:33:46.0049 1604      MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:33:46.0070 1604      \Device\Harddisk0\DR0 - ok
22:33:46.0082 1604      MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR2
22:33:46.0087 1604      \Device\Harddisk1\DR2 - ok
22:33:46.0111 1604      Boot (0x1200)   (5721dce526d16bf99208ecced739ab0d) \Device\Harddisk0\DR0\Partition0
22:33:46.0112 1604      \Device\Harddisk0\DR0\Partition0 - ok
22:33:46.0115 1604      Boot (0x1200)   (d5d0b8337444d9f6f31f30f96cd6238e) \Device\Harddisk0\DR0\Partition1
22:33:46.0116 1604      \Device\Harddisk0\DR0\Partition1 - ok
22:33:46.0122 1604      Boot (0x1200)   (54d70e2492bde3ba4c357d046e9869a7) \Device\Harddisk1\DR2\Partition0
22:33:46.0123 1604      \Device\Harddisk1\DR2\Partition0 - ok
22:33:46.0125 1604      ============================================================
22:33:46.0125 1604      Scan finished
22:33:46.0125 1604      ============================================================
22:33:46.0147 1720      Detected object count: 2
22:33:46.0147 1720      Actual detected object count: 2
22:34:06.0956 1720      C:\Windows\566404197:2589670878.exe - copied to quarantine
22:34:06.0956 1720      65a4c221 ( HiddenFile.Multi.Generic ) - User select action: Quarantine
22:34:07.0622 1720      Backup copy found, using it..
22:34:07.0688 1720      C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
22:34:07.0688 1720      cdrom ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
22:38:33.0360 1824      Deinitialize success

3rd one:
06:42:40.0954 4672      TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
06:42:40.0970 4672      ============================================================
06:42:40.0970 4672      Current date / time: 2011/09/29 06:42:40.0970
06:42:40.0970 4672      SystemInfo:
06:42:40.0970 4672      
06:42:40.0970 4672      OS Version: 6.0.6002 ServicePack: 2.0
06:42:40.0970 4672      Product type: Workstation
06:42:40.0970 4672      ComputerName: PRODUCTION-PC
06:42:40.0970 4672      UserName: tmaly
06:42:40.0970 4672      Windows directory: C:\Windows
06:42:40.0970 4672      System windows directory: C:\Windows
06:42:40.0970 4672      Processor architecture: Intel x86
06:42:40.0970 4672      Number of processors: 2
06:42:40.0970 4672      Page size: 0x1000
06:42:40.0970 4672      Boot type: Normal boot
06:42:40.0970 4672      ============================================================
06:42:41.0532 4672      Initialize success
06:42:43.0419 6412      ============================================================
06:42:43.0419 6412      Scan started
06:42:43.0419 6412      Mode: Manual;
06:42:43.0419 6412      ============================================================
06:42:43.0872 6412      65a4c221        (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\566404197:2589670878.exe
06:42:43.0872 6412      Suspicious file (Hidden): C:\Windows\566404197:2589670878.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
06:42:43.0872 6412      65a4c221 ( HiddenFile.Multi.Generic ) - warning
06:42:43.0872 6412      65a4c221 - detected HiddenFile.Multi.Generic (1)
06:42:44.0012 6412      ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
06:42:44.0012 6412      ACPI - ok
06:42:44.0121 6412      adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
06:42:44.0137 6412      adp94xx - ok
06:42:44.0230 6412      adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
06:42:44.0246 6412      adpahci - ok
06:42:44.0340 6412      adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
06:42:44.0340 6412      adpu160m - ok
06:42:44.0433 6412      adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
06:42:44.0433 6412      adpu320 - ok
06:42:44.0558 6412      AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
06:42:44.0558 6412      AFD - ok
06:42:44.0652 6412      agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
06:42:44.0652 6412      agp440 - ok
06:42:44.0730 6412      aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
06:42:44.0730 6412      aic78xx - ok
06:42:44.0792 6412      aksfridge       (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
06:42:44.0808 6412      aksfridge - ok
06:42:44.0886 6412      aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
06:42:44.0886 6412      aliide - ok
06:42:44.0932 6412      amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
06:42:44.0932 6412      amdagp - ok
06:42:45.0042 6412      amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
06:42:45.0042 6412      amdide - ok
06:42:45.0135 6412      AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
06:42:45.0135 6412      AmdK7 - ok
06:42:45.0213 6412      AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
06:42:45.0213 6412      AmdK8 - ok
06:42:45.0322 6412      ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
06:42:45.0322 6412      ApfiltrService - ok
06:42:45.0416 6412      arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
06:42:45.0416 6412      arc - ok
06:42:45.0525 6412      arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
06:42:45.0525 6412      arcsas - ok
06:42:45.0634 6412      AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
06:42:45.0634 6412      AsyncMac - ok
06:42:45.0728 6412      atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
06:42:45.0744 6412      atapi - ok
06:42:45.0868 6412      b57nd60x        (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
06:42:45.0868 6412      b57nd60x - ok
06:42:45.0900 6412      BCM42RLY - ok
06:42:45.0962 6412      BCM43XX         (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
06:42:45.0993 6412      BCM43XX - ok
06:42:46.0087 6412      Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
06:42:46.0102 6412      Beep - ok
06:42:46.0180 6412      blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
06:42:46.0180 6412      blbdrive - ok
06:42:46.0227 6412      bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
06:42:46.0227 6412      bowser - ok
06:42:46.0321 6412      BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
06:42:46.0321 6412      BrFiltLo - ok
06:42:46.0399 6412      BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
06:42:46.0399 6412      BrFiltUp - ok
06:42:46.0446 6412      Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
06:42:46.0446 6412      Brserid - ok
06:42:46.0539 6412      BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
06:42:46.0539 6412      BrSerWdm - ok
06:42:46.0602 6412      BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
06:42:46.0617 6412      BrUsbMdm - ok
06:42:46.0680 6412      BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
06:42:46.0680 6412      BrUsbSer - ok
06:42:46.0758 6412      BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
06:42:46.0758 6412      BTHMODEM - ok
06:42:46.0820 6412      cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
06:42:46.0820 6412      cdfs - ok
06:42:46.0929 6412      cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
06:42:46.0929 6412      cdrom - ok
06:42:46.0992 6412      chckr2xx        (bb2ffe05b87264cd70dc3858eb28210f) C:\Windows\system32\Drivers\chckr2xx.sys
06:42:46.0992 6412      chckr2xx - ok
06:42:47.0085 6412      circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
06:42:47.0085 6412      circlass - ok
06:42:47.0194 6412      CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
06:42:47.0194 6412      CLFS - ok
06:42:47.0257 6412      CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
06:42:47.0257 6412      CmBatt - ok
06:42:47.0350 6412      cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
06:42:47.0350 6412      cmdide - ok
06:42:47.0491 6412      Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
06:42:47.0491 6412      Compbatt - ok
06:42:47.0522 6412      crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
06:42:47.0522 6412      crcdisk - ok
06:42:47.0616 6412      Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
06:42:47.0616 6412      Crusoe - ok
06:42:47.0678 6412      CSC             (e540f1fad70c14aac895c6b50d8fb1c2) C:\Windows\system32\drivers\csc.sys
06:42:47.0678 6412      Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: e540f1fad70c14aac895c6b50d8fb1c2, Fake md5: 9bdb2e89be8d0ef37b1f25c3d3fc192c
06:42:47.0678 6412      CSC ( Rootkit.Win32.ZAccess.e ) - infected
06:42:47.0678 6412      CSC - detected Rootkit.Win32.ZAccess.e (0)
06:42:47.0772 6412      DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
06:42:47.0772 6412      DfsC - ok
06:42:47.0896 6412      disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
06:42:47.0896 6412      disk - ok
06:42:47.0974 6412      Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
06:42:47.0974 6412      Dot4 - ok
06:42:48.0021 6412      Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
06:42:48.0021 6412      Dot4Print - ok
06:42:48.0099 6412      dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
06:42:48.0099 6412      dot4usb - ok
06:42:48.0162 6412      drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
06:42:48.0162 6412      drmkaud - ok
06:42:48.0224 6412      DS1410D - ok
06:42:48.0271 6412      DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
06:42:48.0286 6412      DXGKrnl - ok
06:42:48.0380 6412      E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
06:42:48.0380 6412      E1G60 - ok
06:42:48.0458 6412      Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
06:42:48.0458 6412      Ecache - ok
06:42:48.0583 6412      elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
06:42:48.0583 6412      elxstor - ok
06:42:48.0645 6412      EraserUtilDrv11113 - ok
06:42:48.0739 6412      ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
06:42:48.0739 6412      ErrDev - ok
06:42:48.0817 6412      exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
06:42:48.0817 6412      exfat - ok
06:42:48.0895 6412      fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
06:42:48.0895 6412      fastfat - ok
06:42:48.0988 6412      fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
06:42:48.0988 6412      fdc - ok
06:42:49.0020 6412      FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
06:42:49.0020 6412      FileInfo - ok
06:42:49.0051 6412      Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
06:42:49.0051 6412      Filetrace - ok
06:42:49.0066 6412      flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
06:42:49.0066 6412      flpydisk - ok
06:42:49.0160 6412      FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
06:42:49.0160 6412      FltMgr - ok
06:42:49.0254 6412      Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
06:42:49.0254 6412      Fs_Rec - ok
06:42:49.0316 6412      fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
06:42:49.0316 6412      fvevol - ok
06:42:49.0394 6412      gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
06:42:49.0394 6412      gagp30kx - ok
06:42:49.0472 6412      hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
06:42:49.0503 6412      hardlock - ok
06:42:49.0597 6412      Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
06:42:49.0612 6412      Haspnt - ok
06:42:49.0675 6412      HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
06:42:49.0690 6412      HDAudBus - ok
06:42:49.0737 6412      HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
06:42:49.0737 6412      HidBth - ok
06:42:49.0768 6412      HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
06:42:49.0768 6412      HidIr - ok
06:42:49.0862 6412      HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
06:42:49.0862 6412      HidUsb - ok
06:42:49.0909 6412      HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
06:42:49.0909 6412      HpCISSs - ok
06:42:49.0971 6412      HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
06:42:50.0018 6412      HSF_DPV - ok
06:42:50.0096 6412      HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
06:42:50.0096 6412      HSXHWAZL - ok
06:42:50.0158 6412      HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
06:42:50.0158 6412      HTTP - ok
06:42:50.0252 6412      i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
06:42:50.0252 6412      i2omp - ok
06:42:50.0268 6412      i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
06:42:50.0283 6412      i8042prt - ok
06:42:50.0377 6412      iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
06:42:50.0377 6412      iaStor - ok
06:42:50.0408 6412      iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
06:42:50.0408 6412      iaStorV - ok
06:42:50.0502 6412      igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
06:42:50.0548 6412      igfx - ok
06:42:50.0642 6412      iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
06:42:50.0642 6412      iirsp - ok
06:42:50.0689 6412      intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
06:42:50.0689 6412      intelide - ok
06:42:50.0720 6412      intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
06:42:50.0720 6412      intelppm - ok
06:42:50.0798 6412      IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:42:50.0798 6412      IpFilterDriver - ok
06:42:50.0814 6412      IpInIp - ok
06:42:50.0845 6412      IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
06:42:50.0845 6412      IPMIDRV - ok
06:42:50.0876 6412      IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
06:42:50.0876 6412      IPNAT - ok
06:42:50.0954 6412      IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
06:42:50.0954 6412      IRENUM - ok
06:42:50.0970 6412      isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
06:42:50.0970 6412      Suspicious file (Forged): C:\Windows\system32\drivers\isapnp.sys. Real md5: 6c70698a3e5c4376c6ab5c7c17fb0614, Fake md5: 80067c75e71a107c6fcdc63f1ac7e0b8
06:42:50.0970 6412      isapnp ( ForgedFile.Multi.Generic ) - warning
06:42:50.0970 6412      isapnp - detected ForgedFile.Multi.Generic (1)
06:42:51.0048 6412      iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
06:42:51.0048 6412      iScsiPrt - ok
06:42:51.0110 6412      iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
06:42:51.0110 6412      iteatapi - ok
06:42:51.0172 6412      iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
06:42:51.0172 6412      iteraid - ok
06:42:51.0204 6412      kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
06:42:51.0204 6412      kbdclass - ok
06:42:51.0235 6412      kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
06:42:51.0235 6412      kbdhid - ok
06:42:51.0282 6412      KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
06:42:51.0282 6412      KMWDFILTER - ok
06:42:51.0375 6412      KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
06:42:51.0391 6412      KSecDD - ok
06:42:51.0438 6412      lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
06:42:51.0438 6412      lltdio - ok
06:42:51.0484 6412      LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
06:42:51.0484 6412      LSI_FC - ok
06:42:51.0516 6412      LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
06:42:51.0516 6412      LSI_SAS - ok
06:42:51.0594 6412      LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
06:42:51.0594 6412      LSI_SCSI - ok
06:42:51.0609 6412      luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
06:42:51.0609 6412      luafv - ok
06:42:51.0765 6412      MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
06:42:51.0765 6412      MBAMProtector - ok
06:42:51.0812 6412      mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
06:42:51.0812 6412      mdmxsdk - ok
06:42:51.0843 6412      megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
06:42:51.0843 6412      megasas - ok
06:42:51.0890 6412      MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
06:42:51.0890 6412      MegaSR - ok
06:42:51.0999 6412      Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
06:42:51.0999 6412      Modem - ok
06:42:52.0015 6412      monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
06:42:52.0015 6412      monitor - ok
06:42:52.0030 6412      mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
06:42:52.0046 6412      mouclass - ok
06:42:52.0077 6412      mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
06:42:52.0077 6412      mouhid - ok
06:42:52.0093 6412      MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
06:42:52.0093 6412      MountMgr - ok
06:42:52.0124 6412      mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
06:42:52.0124 6412      mpio - ok
06:42:52.0171 6412      mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
06:42:52.0171 6412      mpsdrv - ok
06:42:52.0202 6412      Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
06:42:52.0202 6412      Mraid35x - ok
06:42:52.0280 6412      MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
06:42:52.0296 6412      MRxDAV - ok
06:42:52.0342 6412      mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:42:52.0342 6412      mrxsmb - ok
06:42:52.0405 6412      mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:42:52.0420 6412      mrxsmb10 - ok
06:42:52.0436 6412      mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:42:52.0436 6412      mrxsmb20 - ok
06:42:52.0498 6412      msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
06:42:52.0498 6412      msahci - ok
06:42:52.0530 6412      msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
06:42:52.0530 6412      msdsm - ok
06:42:52.0608 6412      Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
06:42:52.0608 6412      Msfs - ok
06:42:52.0623 6412      msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
06:42:52.0623 6412      msisadrv - ok
06:42:52.0670 6412      MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
06:42:52.0670 6412      MSKSSRV - ok
06:42:52.0686 6412      MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
06:42:52.0686 6412      MSPCLOCK - ok
06:42:52.0717 6412      MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
06:42:52.0717 6412      MSPQM - ok
06:42:52.0748 6412      MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
06:42:52.0748 6412      MsRPC - ok
06:42:52.0779 6412      mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
06:42:52.0779 6412      mssmbios - ok
06:42:52.0795 6412      MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
06:42:52.0795 6412      MSTEE - ok
06:42:52.0826 6412      Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
06:42:52.0826 6412      Mup - ok
06:42:52.0888 6412      NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
06:42:52.0888 6412      NativeWifiP - ok
06:42:52.0951 6412      NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
06:42:52.0951 6412      NDIS - ok
06:42:52.0998 6412      NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
06:42:52.0998 6412      NdisTapi - ok
06:42:53.0029 6412      Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
06:42:53.0029 6412      Ndisuio - ok
06:42:53.0076 6412      NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
06:42:53.0076 6412      NdisWan - ok
06:42:53.0107 6412      NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
06:42:53.0107 6412      NDProxy - ok
06:42:53.0122 6412      NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
06:42:53.0138 6412      NetBIOS - ok
06:42:53.0185 6412      netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
06:42:53.0185 6412      netbt - ok
06:42:53.0247 6412      nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
06:42:53.0247 6412      nfrd960 - ok
06:42:53.0294 6412      Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
06:42:53.0294 6412      Npfs - ok
06:42:53.0310 6412      nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
06:42:53.0310 6412      nsiproxy - ok
06:42:53.0403 6412      Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
06:42:53.0419 6412      Ntfs - ok
06:42:53.0466 6412      ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
06:42:53.0466 6412      ntrigdigi - ok
06:42:53.0481 6412      Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
06:42:53.0481 6412      Null - ok
06:42:53.0528 6412      nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
06:42:53.0544 6412      nvraid - ok
06:42:53.0575 6412      nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
06:42:53.0575 6412      nvstor - ok
06:42:53.0637 6412      nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
06:42:53.0637 6412      nv_agp - ok
06:42:53.0653 6412      NwlnkFlt - ok
06:42:53.0668 6412      NwlnkFwd - ok
06:42:53.0731 6412      OEM02Dev        (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
06:42:53.0731 6412      OEM02Dev - ok
06:42:53.0778 6412      OEM02Vfx        (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
06:42:53.0778 6412      OEM02Vfx - ok
06:42:53.0809 6412      ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
06:42:53.0809 6412      ohci1394 - ok
06:42:53.0871 6412      Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
06:42:53.0887 6412      Parport - ok
06:42:53.0902 6412      partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
06:42:53.0902 6412      partmgr - ok
06:42:53.0949 6412      Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
06:42:53.0965 6412      Parvdm - ok
06:42:54.0012 6412      pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
06:42:54.0012 6412      pci - ok
06:42:54.0027 6412      pcidnt - ok
06:42:54.0074 6412      pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
06:42:54.0074 6412      pciide - ok
06:42:54.0121 6412      pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
06:42:54.0136 6412      pcmcia - ok
06:42:54.0214 6412      PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
06:42:54.0230 6412      PEAUTH - ok
06:42:54.0292 6412      PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
06:42:54.0308 6412      PptpMiniport - ok
06:42:54.0324 6412      PRAGMAppioeqwvlw - ok
06:42:54.0370 6412      Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
06:42:54.0370 6412      Processor - ok
06:42:54.0433 6412      PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
06:42:54.0433 6412      PSched - ok
06:42:54.0480 6412      PxHelp20        (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
06:42:54.0480 6412      PxHelp20 - ok
06:42:54.0558 6412      ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
06:42:54.0589 6412      ql2300 - ok
06:42:54.0636 6412      ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
06:42:54.0636 6412      ql40xx - ok
06:42:54.0682 6412      QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
06:42:54.0682 6412      QWAVEdrv - ok
06:42:54.0698 6412      RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
06:42:54.0698 6412      RasAcd - ok
06:42:54.0760 6412      Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:42:54.0760 6412      Rasl2tp - ok
06:42:54.0807 6412      RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
06:42:54.0807 6412      RasPppoe - ok
06:42:54.0854 6412      RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
06:42:54.0854 6412      RasSstp - ok
06:42:54.0932 6412      rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
06:42:54.0932 6412      rdbss - ok
06:42:55.0010 6412      RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:42:55.0010 6412      RDPCDD - ok
06:42:55.0057 6412      rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
06:42:55.0072 6412      rdpdr - ok
06:42:55.0088 6412      RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
06:42:55.0088 6412      RDPENCDD - ok
06:42:55.0150 6412      RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
06:42:55.0166 6412      RDPWD - ok
06:42:55.0244 6412      rimmptsk        (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
06:42:55.0244 6412      rimmptsk - ok
06:42:55.0275 6412      rimsptsk        (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
06:42:55.0275 6412      rimsptsk - ok
06:42:55.0338 6412      rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
06:42:55.0338 6412      rismxdp - ok
06:42:55.0416 6412      RsiKtControl    (2af65117091a47732f0997330e3daae6) C:\Windows\system32\RSIKT.SYS
06:42:55.0416 6412      RsiKtControl - ok
06:42:55.0462 6412      rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
06:42:55.0478 6412      rspndr - ok
06:42:55.0540 6412      RSSERIAL        (b089419975668e2a701178032d652a24) C:\Windows\SYSTEM32\RSSERIAL.SYS
06:42:55.0556 6412      RSSERIAL - ok
06:42:55.0759 6412      SASDIFSV        (d96686fca1f9f6b06f7490553cbda6de) C:\Users\tmaly\AppData\Local\Temp\superas\SASDIFSV.SYS
06:42:55.0759 6412      SASDIFSV - ok
06:42:55.0774 6412      SASENUM         (7f1085895e499907f68df7731924122b) C:\Users\tmaly\AppData\Local\Temp\superas\SASENUM.SYS
06:42:55.0774 6412      SASENUM - ok
06:42:55.0790 6412      SASKUTIL        (2e0e10b8b547a39cdcc1b105239a43a4) C:\Users\tmaly\AppData\Local\Temp\superas\SASKUTIL.sys
06:42:55.0790 6412      SASKUTIL - ok
06:42:55.0868 6412      sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
06:42:55.0884 6412      sbp2port - ok
06:42:56.0008 6412      sdbus           (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
06:42:56.0008 6412      sdbus - ok
06:42:56.0040 6412      secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
06:42:56.0040 6412      secdrv - ok
06:42:56.0102 6412      Ser2rs          (5fe7be588762e3f89e2ee764c2e50c91) C:\Windows\system32\DRIVERS\ser2rs.sys
06:42:56.0118 6412      Ser2rs - ok
06:42:56.0180 6412      Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
06:42:56.0180 6412      Serenum - ok
06:42:56.0196 6412      Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
06:42:56.0196 6412      Serial - ok
06:42:56.0227 6412      sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
06:42:56.0227 6412      sermouse - ok
06:42:56.0274 6412      sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
06:42:56.0274 6412      sffdisk - ok
06:42:56.0305 6412      sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
06:42:56.0305 6412      sffp_mmc - ok
06:42:56.0320 6412      sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
06:42:56.0320 6412      sffp_sd - ok
06:42:56.0367 6412      sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
06:42:56.0367 6412      sfloppy - ok
06:42:56.0398 6412      sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
06:42:56.0398 6412      sisagp - ok
06:42:56.0414 6412      SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
06:42:56.0414 6412      SiSRaid2 - ok
06:42:56.0445 6412      SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
06:42:56.0445 6412      SiSRaid4 - ok
06:42:56.0508 6412      Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
06:42:56.0508 6412      Smb - ok
06:42:56.0539 6412      spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
06:42:56.0539 6412      spldr - ok
06:42:56.0601 6412      srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
06:42:56.0617 6412      srv - ok
06:42:56.0664 6412      srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
06:42:56.0664 6412      srv2 - ok
06:42:56.0695 6412      srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
06:42:56.0695 6412      srvnet - ok
06:42:56.0757 6412      STHDA           (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
06:42:56.0773 6412      STHDA - ok
06:42:56.0804 6412      StillCam        (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
06:42:56.0804 6412      StillCam - ok
06:42:56.0851 6412      swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
06:42:56.0851 6412      swenum - ok
06:42:56.0882 6412      Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
06:42:56.0882 6412      Symc8xx - ok
06:42:56.0898 6412      Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
06:42:56.0898 6412      Sym_hi - ok
06:42:56.0929 6412      Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
06:42:56.0929 6412      Sym_u3 - ok
06:42:57.0022 6412      Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
06:42:57.0054 6412      Tcpip - ok
06:42:57.0100 6412      Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
06:42:57.0100 6412      Tcpip6 - ok
06:42:57.0147 6412      tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
06:42:57.0147 6412      tcpipreg - ok
06:42:57.0194 6412      TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
06:42:57.0194 6412      TDPIPE - ok
06:42:57.0241 6412      TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
06:42:57.0241 6412      TDTCP - ok
06:42:57.0272 6412      tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
06:42:57.0272 6412      tdx - ok
06:42:57.0334 6412      TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
06:42:57.0334 6412      TermDD - ok
06:42:57.0381 6412      tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:42:57.0381 6412      tssecsrv - ok
06:42:57.0412 6412      tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
06:42:57.0412 6412      tunmp - ok
06:42:57.0459 6412      tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
06:42:57.0459 6412      tunnel - ok
06:42:57.0490 6412      uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
06:42:57.0490 6412      uagp35 - ok
06:42:57.0537 6412      udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
06:42:57.0537 6412      udfs - ok
06:42:57.0568 6412      uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
06:42:57.0568 6412      uliagpkx - ok
06:42:57.0615 6412      uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
06:42:57.0615 6412      uliahci - ok
06:42:57.0631 6412      UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
06:42:57.0631 6412      UlSata - ok
06:42:57.0662 6412      ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
06:42:57.0662 6412      ulsata2 - ok
06:42:57.0678 6412      umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
06:42:57.0693 6412      umbus - ok
06:42:57.0756 6412      usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
06:42:57.0756 6412      usbccgp - ok
06:42:57.0787 6412      usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
06:42:57.0787 6412      usbcir - ok
06:42:57.0802 6412      usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
06:42:57.0802 6412      usbehci - ok
06:42:57.0818 6412      usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
06:42:57.0834 6412      usbhub - ok
06:42:57.0849 6412      usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
06:42:57.0865 6412      usbohci - ok
06:42:57.0896 6412      usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
06:42:57.0896 6412      usbprint - ok
06:42:57.0943 6412      usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
06:42:57.0943 6412      usbscan - ok
06:42:57.0958 6412      USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:42:57.0958 6412      USBSTOR - ok
06:42:57.0974 6412      usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
06:42:57.0990 6412      usbuhci - ok
06:42:58.0021 6412      vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
06:42:58.0021 6412      vga - ok
06:42:58.0036 6412      VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
06:42:58.0036 6412      VgaSave - ok
06:42:58.0099 6412      viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
06:42:58.0099 6412      viaagp - ok
06:42:58.0130 6412      ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
06:42:58.0130 6412      ViaC7 - ok
06:42:58.0146 6412      viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
06:42:58.0146 6412      viaide - ok
06:42:58.0161 6412      VirtualBackplane - ok
06:42:58.0177 6412      volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
06:42:58.0177 6412      volmgr - ok
06:42:58.0224 6412      volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
06:42:58.0224 6412      volmgrx - ok
06:42:58.0255 6412      volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
06:42:58.0255 6412      volsnap - ok
06:42:58.0286 6412      vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
06:42:58.0286 6412      vsmraid - ok
06:42:58.0317 6412      WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
06:42:58.0317 6412      WacomPen - ok
06:42:58.0348 6412      Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:42:58.0348 6412      Wanarp - ok
06:42:58.0364 6412      Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
06:42:58.0364 6412      Wanarpv6 - ok
06:42:58.0395 6412      Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
06:42:58.0411 6412      Wd - ok
06:42:58.0442 6412      Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
06:42:58.0458 6412      Wdf01000 - ok
06:42:58.0536 6412      winachsf        (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
06:42:58.0551 6412      winachsf - ok
06:42:58.0614 6412      WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
06:42:58.0614 6412      WmiAcpi - ok
06:42:58.0645 6412      ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
06:42:58.0645 6412      ws2ifsl - ok
06:42:58.0692 6412      WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:42:58.0692 6412      WUDFRd - ok
06:42:58.0707 6412      XAudio          (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
06:42:58.0707 6412      XAudio - ok
06:42:58.0738 6412      MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
06:42:58.0770 6412      \Device\Harddisk0\DR0 - ok
06:42:58.0770 6412      MBR (0x1B8)     (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1
06:42:58.0785 6412      \Device\Harddisk1\DR1 - ok
06:42:58.0801 6412      Boot (0x1200)   (5721dce526d16bf99208ecced739ab0d) \Device\Harddisk0\DR0\Partition0
06:42:58.0801 6412      \Device\Harddisk0\DR0\Partition0 - ok
06:42:58.0801 6412      Boot (0x1200)   (d5d0b8337444d9f6f31f30f96cd6238e) \Device\Harddisk0\DR0\Partition1
06:42:58.0801 6412      \Device\Harddisk0\DR0\Partition1 - ok
06:42:58.0801 6412      Boot (0x1200)   (5988c409dc57ff847364a9921be826eb) \Device\Harddisk1\DR1\Partition0
06:42:58.0816 6412      \Device\Harddisk1\DR1\Partition0 - ok
06:42:58.0816 6412      ============================================================
06:42:58.0816 6412      Scan finished
06:42:58.0816 6412      ============================================================
06:42:58.0832 1096      Detected object count: 3
06:42:58.0832 1096      Actual detected object count: 3
06:43:19.0736 1096      HKLM\SYSTEM\ControlSet001\services\65a4c221 - will be deleted on reboot
06:43:19.0752 1096      HKLM\SYSTEM\ControlSet002\services\65a4c221 - will be deleted on reboot
06:43:19.0783 1096      HKLM\SYSTEM\ControlSet003\services\65a4c221 - will be deleted on reboot
06:43:19.0814 1096      C:\Windows\566404197:2589670878.exe - will be deleted on reboot
06:43:19.0814 1096      65a4c221 ( HiddenFile.Multi.Generic ) - User select action: Delete
06:43:20.0048 1096      Backup copy found, using it..
06:43:20.0064 1096      C:\Windows\system32\drivers\csc.sys - will be cured on reboot
06:43:20.0064 1096      CSC ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
06:43:20.0095 1096      HKLM\SYSTEM\ControlSet001\services\isapnp - will be deleted on reboot
06:43:20.0095 1096      HKLM\SYSTEM\ControlSet002\services\isapnp - will be deleted on reboot
06:43:20.0110 1096      HKLM\SYSTEM\ControlSet003\services\isapnp - will be deleted on reboot
06:43:20.0110 1096      C:\Windows\system32\drivers\isapnp.sys - will be deleted on reboot
06:43:20.0110 1096      isapnp ( ForgedFile.Multi.Generic ) - User select action: Delete
06:43:21.0842 7532      Deinitialize success


4th one:
08:38:36.0389 2044      TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
08:38:36.0514 2044      ============================================================
08:38:36.0514 2044      Current date / time: 2011/09/29 08:38:36.0514
08:38:36.0514 2044      SystemInfo:
08:38:36.0514 2044      
08:38:36.0514 2044      OS Version: 6.0.6002 ServicePack: 2.0
08:38:36.0514 2044      Product type: Workstation
08:38:36.0514 2044      ComputerName: PRODUCTION-PC
08:38:36.0514 2044      UserName: tmaly
08:38:36.0514 2044      Windows directory: C:\Windows
08:38:36.0514 2044      System windows directory: C:\Windows
08:38:36.0514 2044      Processor architecture: Intel x86
08:38:36.0514 2044      Number of processors: 2
08:38:36.0514 2044      Page size: 0x1000
08:38:36.0514 2044      Boot type: Normal boot
08:38:36.0514 2044      ============================================================
08:38:37.0075 2044      Initialize success
08:38:39.0493 0844      ============================================================
08:38:39.0493 0844      Scan started
08:38:39.0493 0844      Mode: Manual;
08:38:39.0493 0844      ============================================================
08:38:39.0696 0844      65a4c221        (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\566404197:2589670878.exe
08:38:39.0696 0844      Suspicious file (Hidden): C:\Windows\566404197:2589670878.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
08:38:39.0696 0844      65a4c221 ( HiddenFile.Multi.Generic ) - warning
08:38:39.0696 0844      65a4c221 - detected HiddenFile.Multi.Generic (1)
08:38:39.0837 0844      ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
08:38:39.0852 0844      ACPI - ok
08:38:39.0915 0844      adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
08:38:39.0930 0844      adp94xx - ok
08:38:39.0961 0844      adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
08:38:39.0977 0844      adpahci - ok
08:38:40.0008 0844      adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
08:38:40.0008 0844      adpu160m - ok
08:38:40.0039 0844      adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
08:38:40.0039 0844      adpu320 - ok
08:38:40.0102 0844      AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
08:38:40.0102 0844      AFD - ok
08:38:40.0164 0844      agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
08:38:40.0164 0844      agp440 - ok
08:38:40.0195 0844      aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
08:38:40.0195 0844      aic78xx - ok
08:38:40.0258 0844      aksfridge       (730e9d3bb324fb1899005aea63c6782d) C:\Windows\system32\drivers\aksfridge.sys
08:38:40.0258 0844      aksfridge - ok
08:38:40.0289 0844      aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
08:38:40.0305 0844      aliide - ok
08:38:40.0320 0844      amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
08:38:40.0336 0844      amdagp - ok
08:38:40.0351 0844      amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
08:38:40.0351 0844      amdide - ok
08:38:40.0398 0844      AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
08:38:40.0398 0844      AmdK7 - ok
08:38:40.0429 0844      AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
08:38:40.0429 0844      AmdK8 - ok
08:38:40.0476 0844      ApfiltrService  (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
08:38:40.0476 0844      ApfiltrService - ok
08:38:40.0523 0844      arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
08:38:40.0523 0844      arc - ok
08:38:40.0554 0844      arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
08:38:40.0570 0844      arcsas - ok
08:38:40.0617 0844      AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
08:38:40.0617 0844      AsyncMac - ok
08:38:40.0663 0844      atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
08:38:40.0663 0844      atapi - ok
08:38:40.0710 0844      b57nd60x        (32795e299c3aba589a5e04c83d531cdf) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:38:40.0710 0844      b57nd60x - ok
08:38:40.0741 0844      BCM42RLY - ok
08:38:40.0788 0844      BCM43XX         (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
08:38:40.0819 0844      BCM43XX - ok
08:38:40.0866 0844      Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
08:38:40.0866 0844      Beep - ok
08:38:40.0913 0844      blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
08:38:40.0960 0844      blbdrive - ok
08:38:41.0007 0844      bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
08:38:41.0007 0844      bowser - ok
08:38:41.0053 0844      BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
08:38:41.0053 0844      BrFiltLo - ok
08:38:41.0100 0844      BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
08:38:41.0100 0844      BrFiltUp - ok
08:38:41.0147 0844      Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
08:38:41.0147 0844      Brserid - ok
08:38:41.0209 0844      BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
08:38:41.0209 0844      BrSerWdm - ok
08:38:41.0241 0844      BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
08:38:41.0241 0844      BrUsbMdm - ok
08:38:41.0287 0844      BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
08:38:41.0287 0844      BrUsbSer - ok
08:38:41.0350 0844      BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
08:38:41.0350 0844      BTHMODEM - ok
08:38:41.0412 0844      cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
08:38:41.0412 0844      cdfs - ok
08:38:41.0475 0844      cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
08:38:41.0475 0844      cdrom - ok
08:38:41.0537 0844      chckr2xx        (bb2ffe05b87264cd70dc3858eb28210f) C:\Windows\system32\Drivers\chckr2xx.sys
08:38:41.0537 0844      chckr2xx - ok
08:38:41.0584 0844      circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
08:38:41.0584 0844      circlass - ok
08:38:41.0631 0844      CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
08:38:41.0631 0844      CLFS - ok
08:38:41.0724 0844      CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
08:38:41.0724 0844      CmBatt - ok
08:38:41.0787 0844      cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
08:38:41.0787 0844      cmdide - ok
08:38:41.0865 0844      Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
08:38:41.0865 0844      Compbatt - ok
08:38:41.0896 0844      crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
08:38:41.0896 0844      crcdisk - ok
08:38:41.0927 0844      Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
08:38:41.0927 0844      Crusoe - ok
08:38:42.0005 0844      CSC             (e540f1fad70c14aac895c6b50d8fb1c2) C:\Windows\system32\drivers\csc.sys
08:38:42.0005 0844      Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: e540f1fad70c14aac895c6b50d8fb1c2, Fake md5: 9bdb2e89be8d0ef37b1f25c3d3fc192c
08:38:42.0005 0844      CSC ( Rootkit.Win32.ZAccess.e ) - infected
08:38:42.0005 0844      CSC - detected Rootkit.Win32.ZAccess.e (0)
08:38:42.0067 0844      DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
08:38:42.0067 0844      DfsC - ok
08:38:42.0114 0844      disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
08:38:42.0114 0844      disk - ok
08:38:42.0192 0844      Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
08:38:42.0192 0844      Dot4 - ok
08:38:42.0223 0844      Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:38:42.0223 0844      Dot4Print - ok
08:38:42.0301 0844      dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
08:38:42.0301 0844      dot4usb - ok
08:38:42.0364 0844      drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
08:38:42.0379 0844      drmkaud - ok
08:38:42.0395 0844      DS1410D - ok
08:38:42.0457 0844      DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
08:38:42.0457 0844      DXGKrnl - ok
08:38:42.0520 0844      E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
08:38:42.0520 0844      E1G60 - ok
08:38:42.0598 0844      Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
08:38:42.0598 0844      Ecache - ok
08:38:42.0645 0844      elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
08:38:42.0660 0844      elxstor - ok
08:38:42.0723 0844      EraserUtilDrv11113 - ok
08:38:42.0738 0844      ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
08:38:42.0754 0844      ErrDev - ok
08:38:42.0832 0844      exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
08:38:42.0832 0844      exfat - ok
08:38:42.0863 0844      fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
08:38:42.0863 0844      fastfat - ok
08:38:42.0894 0844      fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
08:38:42.0910 0844      fdc - ok
08:38:42.0941 0844      FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
08:38:42.0941 0844      FileInfo - ok
08:38:42.0988 0844      Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
08:38:42.0988 0844      Filetrace - ok
08:38:43.0019 0844      flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
08:38:43.0019 0844      flpydisk - ok
08:38:43.0081 0844      FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
08:38:43.0081 0844      FltMgr - ok
08:38:43.0113 0844      Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
08:38:43.0113 0844      Fs_Rec - ok
08:38:43.0144 0844      fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
08:38:43.0144 0844      fvevol - ok
08:38:43.0175 0844      gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
08:38:43.0175 0844      gagp30kx - ok
08:38:43.0253 0844      hardlock        (d95554949082fd29a04d351b58396718) C:\Windows\system32\drivers\hardlock.sys
08:38:43.0284 0844      hardlock - ok
08:38:43.0347 0844      Haspnt          (2dd25f060dc9f79b5cdf33d90ed93669) C:\Windows\system32\drivers\Haspnt.sys
08:38:43.0347 0844      Haspnt - ok
08:38:43.0393 0844      HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:38:43.0409 0844      HDAudBus - ok
08:38:43.0456 0844      HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
08:38:43.0456 0844      HidBth - ok
08:38:43.0487 0844      HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
08:38:43.0487 0844      HidIr - ok
08:38:43.0518 0844      HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
08:38:43.0518 0844      HidUsb - ok
08:38:43.0549 0844      HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
08:38:43.0549 0844      HpCISSs - ok
08:38:43.0627 0844      HSF_DPV         (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
08:38:43.0659 0844      HSF_DPV - ok
08:38:43.0690 0844      HSXHWAZL        (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
08:38:43.0690 0844      HSXHWAZL - ok
08:38:43.0737 0844      HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
08:38:43.0752 0844      HTTP - ok
08:38:43.0799 0844      i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
08:38:43.0799 0844      i2omp - ok
08:38:43.0815 0844      i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
08:38:43.0830 0844      i8042prt - ok
08:38:43.0861 0844      iaStor          (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\drivers\iastor.sys
08:38:43.0861 0844      iaStor - ok
08:38:43.0893 0844      iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
08:38:43.0908 0844      iaStorV - ok
08:38:44.0033 0844      igfx            (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
08:38:44.0080 0844      igfx - ok
08:38:44.0095 0844      iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
08:38:44.0095 0844      iirsp - ok
08:38:44.0127 0844      intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
08:38:44.0127 0844      intelide - ok
08:38:44.0158 0844      intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
08:38:44.0158 0844      intelppm - ok
08:38:44.0189 0844      IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:38:44.0189 0844      IpFilterDriver - ok
08:38:44.0205 0844      IpInIp - ok
08:38:44.0236 0844      IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
08:38:44.0236 0844      IPMIDRV - ok
08:38:44.0267 0844      IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
08:38:44.0267 0844      IPNAT - ok


0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 500 total points
ID: 36815284
So, it looks like you ran TDSSKiller 4 seperate times:

Scan 1) - In safe mode; found TDSS rootkit; ZA rootkit; and Virus.Win32.Rloader.a;

Scan 2) - In safe mode; found HiddenFile.Multi.Generic ; and ZA rootkit;

Scan 3) - In normal mode; found the same;

Scan 4) - in normal mode; found the same (although the conclusion of the scan log is missing);

Is this correct?

If so, it is strange that TDSSKiller could not remove this infection - it is supposed to remove  Rootkit.Win32.ZAccess.c,e,f;  :

 http://www.kaspersky.com/virus-removal-tools

Next step would be to run Combofix. Download here:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Combofix should be run in normal mode. Please read the instructions and don't forget to disable your av software before running it.

Please post the scan log from Combofix here for review.
0
 

Author Comment

by:manch03
ID: 36816187
Yes this is correct - it appeared to be acting normal, but then all of a sudden - the pop ups and not able to open any .exe files...  It seems like it comes right back after running tdsskiler.  I will try combo fix
0
 

Author Comment

by:manch03
ID: 36818599
Combofix took a really long time, hoping this fixes the issue.  Fingers crossed.  Creating the Log Report now.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:manch03
ID: 36818644
Here is the log:

ComboFix 11-09-26.02 - tmaly 09/29/2011  17:47:51.1.2 - x86
MicrosoftÆ Windows Vistaô Ultimate   6.0.6002.2.1252.1.1033.18.3061.2402 [GMT -4:00]
Running from: F:\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\ApplicationHistory
c:\users\admin\AppData\Local\ApplicationHistory\FTDConfigurationUtility.exe.735b795b.ini
c:\users\craburn\AppData\Local\ApplicationHistory
c:\users\craburn\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\users\craburn\AppData\Local\ApplicationHistory\379a2c37.360bd6cb.ini.inuse
c:\users\craburn\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\users\DIrving\AppData\Local\ApplicationHistory
c:\users\DIrving\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\users\DIrving\AppData\Local\ApplicationHistory\379a2c37.360bd6cb.ini.inuse
c:\users\DIrving\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\users\jlanger\AppData\Local\clsr.exe
c:\users\jlanger\AppData\Local\gatw.exe
c:\users\jlanger\AppData\Local\gjse.exe
c:\users\jlanger\AppData\Local\lnem.exe
c:\users\ksanborn\AppData\Local\ApplicationHistory
c:\users\ksanborn\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\users\ksanborn\AppData\Local\ApplicationHistory\379a2c37.360bd6cb.ini.inuse
c:\users\ksanborn\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\users\ksanborn\AppData\Local\ApplicationHistory\UpdateActionsInSchema.exe.418abcb5.ini
c:\users\maint\AppData\Local\ApplicationHistory
c:\users\maint\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\379a2c37.360bd6cb.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\ACLConfig.exe.7d3fcfe0.ini
c:\users\maint\AppData\Local\ApplicationHistory\AllenBradleyConfigUpdate.exe.a6ce2f9c.ini
c:\users\maint\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\users\maint\AppData\Local\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\users\maint\AppData\Local\ApplicationHistory\FTDConfigurationUtility.exe.735b795b.ini
c:\users\maint\AppData\Local\ApplicationHistory\In-Sight Connection Manager.exe.c8e893ae.ini
c:\users\maint\AppData\Local\ApplicationHistory\In-Sight Explorer.exe.1417a522.ini
c:\users\maint\AppData\Local\ApplicationHistory\In-Sight Explorer.exe.1417a522.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\NukeProcess.exe.f9db56c1.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\OpcInSight.exe.8a7cc344.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\users\maint\AppData\Local\ApplicationHistory\SilentFTDCW.exe.fc497f64.ini
c:\users\maint\AppData\Local\ApplicationHistory\WFCU.EXE.3c2a69cb.ini
c:\users\production\AppData\Local\ApplicationHistory
c:\users\production\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\users\production\AppData\Local\ApplicationHistory\379a2c37.360bd6cb.ini.inuse
c:\users\production\AppData\Local\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\users\production\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\users\production\AppData\Local\ApplicationHistory\UpdateActionsInSchema.exe.78070b37.ini
c:\users\production\AppData\Local\ApplicationHistory\UpdateActionsInSchema.exe.93453278.ini
c:\users\tmaly\AppData\Local\ApplicationHistory
c:\users\tmaly\AppData\Local\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\users\tmaly\AppData\Local\volmgr.dll
c:\users\tmaly\AppData\Local\volmgr.exe
c:\users\wlamb\AppData\Local\ApplicationHistory
c:\users\wlamb\AppData\Local\ApplicationHistory\dsca.exe.cf6b816f.ini
c:\users\wlamb\AppData\Local\ApplicationHistory\FTDConfigurationUtility.exe.735b795b.ini
c:\users\wlamb\AppData\Local\ApplicationHistory\SilentFTDCW.exe.fc497f64.ini
c:\users\wlamb\AppData\Local\ApplicationHistory\WFCU.EXE.3c2a69cb.ini
c:\windows\$NtUninstallKB22650$\1705296417\@
c:\windows\$NtUninstallKB22650$\1705296417\click.tlb
c:\windows\$NtUninstallKB22650$\1705296417\L\xhbniwhk
c:\windows\$NtUninstallKB22650$\1705296417\loader.tlb
c:\windows\$NtUninstallKB22650$\1705296417\U\@00000001
c:\windows\$NtUninstallKB22650$\1705296417\U\@000000c0
c:\windows\$NtUninstallKB22650$\1705296417\U\@000000cb
c:\windows\$NtUninstallKB22650$\1705296417\U\@000000cf
c:\windows\$NtUninstallKB22650$\1705296417\U\@80000000
c:\windows\$NtUninstallKB22650$\1705296417\U\@800000c0
c:\windows\$NtUninstallKB22650$\1705296417\U\@800000cb
c:\windows\$NtUninstallKB22650$\1705296417\U\@800000cf
c:\windows\$NtUninstallKB22650$\2761701281
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\PRAGMAppioeqwvlw
c:\windows\PRAGMAppioeqwvlw\PRAGMAc.dll
c:\windows\system32\
c:\windows\system32\9450.dll
c:\windows\system32\BCMWpsrv.dll
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\AppData\Local\ApplicationHistory
c:\windows\system32\config\systemprofile\AppData\Local\ApplicationHistory\22fe862e.360bd6cb.ini.inuse
c:\windows\system32\config\systemprofile\AppData\Local\ApplicationHistory\RS5000.Exe.360bd6cb.ini.inuse
c:\windows\system32\drivers\
c:\windows\system32\UNWISE.EXE
c:\windows\$NtUninstallKB22650$ . . . . Failed to delete
.
c:\windows\system32\drivers\csc.sys . . . is infected!! . . . Failed to find a valid replacement.
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe . . . is infected!!
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Rockwell\RnaDirServer.exe . . . is infected!!
c:\program files\Common Files\Rockwell\RnaDirServer.exe . . . was deleted!! You should re-install the program it pertains to
.
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe . . . is infected!!
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe . . . was deleted!! You should re-install the program it pertains to
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PRAGMAPPIOEQWVLW
-------\Service_65a4c221
-------\Service_PRAGMAppioeqwvlw
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-28 to 2011-09-29  )))))))))))))))))))))))))))))))
.
.
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\ksanborn\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\jlanger\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\Default\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\craburn\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:37      --------      d-----w-      c:\users\tmaly\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\maint\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\ksanborn.PRODUCTION-PC\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\DIrving\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\wlamb\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\production\AppData\Local\temp
2011-09-29 22:03 . 2011-09-29 22:03      --------      d-----w-      c:\users\admin\AppData\Local\temp
2011-09-29 10:46 . 2011-09-29 13:06      41272      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 02:35 . 2011-09-29 02:35      --------      d-----w-      c:\users\tmaly\AppData\Roaming\Malwarebytes
2011-09-29 02:34 . 2011-09-29 11:30      --------      d-----w-      C:\TDSSKiller_Quarantine
2011-09-29 02:30 . 2011-09-29 02:30      --------      d-----w-      c:\programdata\Spybot - Search & Destroy
2011-09-29 02:28 . 2011-09-29 02:28      --------      d-----w-      c:\users\tmaly\AppData\Roaming\SUPERAntiSpyware.com
2011-09-29 02:28 . 2011-09-29 02:28      --------      d-----w-      c:\programdata\SUPERAntiSpyware.com
2011-09-29 00:28 . 2011-09-29 00:28      --------      d-----w-      c:\users\tmaly\AppData\Roaming\TeamViewer
2011-09-28 23:55 . 2011-09-28 23:55      --------      d-----w-      c:\users\tmaly\AppData\Roaming\IrfanView
2011-09-28 19:20 . 2011-09-28 19:20      --------      d-----w-      c:\programdata\Malwarebytes
2011-09-28 19:19 . 2011-09-28 19:27      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2011-09-28 19:19 . 2011-08-31 21:00      22216      ----a-w-      c:\windows\system32\drivers\mbam.sys
2011-09-28 10:51 . 2011-09-28 10:52      --------      d-----w-      c:\users\craburn.PRODUCTION-PC
2011-09-28 10:37 . 2011-09-28 10:37      --------      d-----w-      c:\users\tmaly\AppData\Local\Mozilla
2011-09-28 10:36 . 2011-09-29 10:44      48016      --sha-w-      c:\windows\system32\c_90606.nl_
2011-09-27 10:33 . 2011-09-27 10:33      --------      d-----w-      c:\users\craburn\AppData\Roaming\TeamViewer
2011-09-15 18:23 . 2011-08-10 12:14      2409784      ----a-w-      c:\program files\Windows Mail\OESpamFilter.dat
2011-09-07 17:43 . 2011-09-07 17:58      --------      d-----w-      c:\users\jlanger\AppData\Local\Windows Live
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Local\Windows Live Writer
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\Windows Live Writer
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\EDrawings
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\DassaultSystemes
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Local\DassaultSystemes
2011-09-07 13:55 . 2011-09-07 13:55      --------      d-----w-      c:\users\jlanger\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 10:44 . 2009-06-11 15:36      351744      ----a-w-      c:\windows\system32\drivers\csc.sys
2011-09-29 02:38 . 2009-06-11 15:35      67072      ----a-w-      c:\windows\system32\drivers\cdrom.sys
2011-09-28 00:59 . 2009-06-11 15:35      185856      ----a-w-      c:\windows\system32\drivers\netbt.sys
2011-09-28 00:59 . 2008-01-21 02:21      503864      ----a-w-      c:\windows\system32\drivers\Wdf01000.sys
2011-08-06 08:38 . 2011-08-06 08:38      749832      ----a-w-      c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\xkla.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\jnyr.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\jlfk.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\fekr.exe
2011-07-22 02:54 . 2011-08-17 19:37      1797632      ----a-w-      c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-17 19:37      1126912      ----a-w-      c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-17 19:37      2382848      ----a-w-      c:\windows\system32\mshtml.tlb
2011-07-13 03:39 . 2011-08-02 15:28      6881616      ----a-w-      c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4E3898-DC3C-4054-B54A-8B99C1E19145}\mpengine.dll
2011-07-11 13:25 . 2011-08-24 06:39      2048      ----a-w-      c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 02:57      214016      ----a-w-      c:\windows\system32\drivers\mrxsmb10.sys
2011-09-23 04:28 . 2011-09-28 02:12      134104      ----a-w-      c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\maint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-30 19:19      10536      ----a-w-      c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T4MNavigator]
\\srverp\TRANS4M Client\T4MNavigator.exe BACK [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07      932288      ----a-r-      c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47      35760      ----a-w-      c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27      159744      ----a-w-      c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-05-19 06:26      3444736      ----a-w-      c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43      118784      ----a-w-      c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-08 00:12      136176      ----atw-      c:\users\tmaly\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44      31072      ----a-w-      c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11      166424      ----a-w-      c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52      49152      ----a-w-      c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-08-31 12:59      36864      ----a-w-      c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11      141848      ----a-w-      c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58      36864      ----a-w-      c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58      184320      ----a-w-      c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11      133656      ----a-w-      c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28      1233920      ----a-w-      c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-01-02 04:37      405504      ----a-w-      c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-01-10 15:13      53248      ----a-w-      c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21      1008184      ----a-w-      c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28      2153472      ----a-w-      c:\windows\System32\oobefldr.dll
.
R1 SASDIFSV;SASDIFSV;c:\users\tmaly\AppData\Local\Temp\superas\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\tmaly\AppData\Local\Temp\superas\SASKUTIL.sys [x]
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys [x]
R2 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\Cognex\In-Sight\In-Sight OPC Server 4.3.1\OpcInSightService.exe [x]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R3 chckr2xx;Checker 200 Series Driver;c:\windows\system32\Drivers\chckr2xx.sys [2007-11-15 15744]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 pcidnt;A-B 1784-PCIDS;c:\windows\System32\Drivers\pcidnt.sys [x]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
R3 SASENUM;SASENUM;c:\users\tmaly\AppData\Local\Temp\superas\SASENUM.SYS [x]
R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs.sys [2007-06-25 76288]
R3 TrueSight;TrueSight;c:\users\tmaly\Desktop\TrueSight.sys [2011-09-29 111104]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R4 CHStudioOpcServer;CH Studio OPC Server;c:\program files\CH Studio\CHStudioOpcServer.exe [2007-12-03 271648]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [2009-06-11 222496]
R4 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2010-05-18 1122568]
R4 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2009-08-13 91424]
R4 MatrikonOPC Server for Allen Bradley PLCs;MatrikonOPC Server for Allen Bradley PLCs;c:\program files\Matrikon\OPC\Allen Bradley PLCs\OPC_AB_PLC.exe [2009-10-30 3186688]
R4 MatrikonOPC Server for Simulation and Testing;MatrikonOPC Server for Simulation and Testing;c:\program files\Matrikon\OPC\Simulation\OPCSim.exe [2009-07-20 1761280]
R4 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [2009-06-11 222496]
R4 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [2009-06-11 222496]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - SYMTDI
*Deregistered* - CO_Mon
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12      REG_MULTI_SZ         Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt      REG_MULTI_SZ         hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation      REG_MULTI_SZ         FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23      38400      ----a-w-      c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50      30720      ----a-w-      c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-391302439-412161306-3538591480-1112Core.job
- c:\users\tmaly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 00:12]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{03A71A08-7C9E-4F52-839E-58ED9A710417}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{06FEA8C2-2749-44DD-AAC0-B234322237A3}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{939FE3D6-EF07-49C3-8D37-52B1A4F32454}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{9EC5F9E4-A452-4E8E-84E6-A4ADB944864E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-29 c:\windows\Tasks\User_Feed_Synchronization-{A07C0AB7-1BB6-4BD6-B89A-DC1B1F55A88E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 152.160.1.1 152.160.1.3
FF - ProfilePath - c:\users\tmaly\AppData\Roaming\Mozilla\Firefox\Profiles\kcp47aff.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ubcd4win.com/forum/
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-volmgr - c:\users\tmaly\AppData\Local\volmgr.exe
SafeBoot-63801302.sys
SafeBoot-64320528.sys
SafeBoot-79073382.sys
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Esayo - c:\users\ksanborn\AppData\Local\uxibaxitivume.dll
MSConfigStartUp-SUPERAntiSpyware - c:\users\tmaly\AppData\Local\Temp\superas\SUPERAntiSpyware.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
.
.
.
**************************************************************************
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-29  18:43:24 - machine was rebooted
ComboFix-quarantined-files.txt  2011-09-29 22:43
.
Pre-Run: 181,270,888,448 bytes free
Post-Run: 186,246,660,096 bytes free
.
- - End Of File - - E5A382ADAA03BE9EEA212E13CCDA9D8E
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36890423
Combofix has deleted a large amount of infection.

Combofix should be run from your desktop.  You appear to be running it from a usb flash drive. To quote the Bleeping Computer tutorial:

"...Click on the Save button, and when it asks you where to save it, make sure you save it directly to your Windows Desktop. An image showing this is below..."

Please could you download a fresh copy of Combofix " directly to your Windows Desktop". Right click - "run as administrator" - then post the new scan log.  Thanks.

0
 

Author Comment

by:manch03
ID: 36891104
I will do that
0
 

Author Comment

by:manch03
ID: 36891105
I will do that
0
 

Author Comment

by:manch03
ID: 36891325
Here is the log from the dekstop.

ComboFix 11-09-26.02 - tmaly 09/30/2011   8:04.2.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3061.2278 [GMT -4:00]
Running from: c:\users\tmaly\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . . . is infected!!
f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe . . . was deleted!! You should re-install the program it pertains to
.
.
(((((((((((((((((((((((((   Files Created from 2011-08-28 to 2011-09-30  )))))))))))))))))))))))))))))))
.
.
2011-09-29 22:03 . 2011-09-30 12:15      --------      d-----w-      c:\users\tmaly\AppData\Local\temp
2011-09-29 10:46 . 2011-09-29 13:06      41272      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-29 02:35 . 2011-09-29 02:35      --------      d-----w-      c:\users\tmaly\AppData\Roaming\Malwarebytes
2011-09-29 02:34 . 2011-09-29 11:30      --------      d-----w-      C:\TDSSKiller_Quarantine
2011-09-29 02:30 . 2011-09-29 02:30      --------      d-----w-      c:\programdata\Spybot - Search & Destroy
2011-09-29 02:28 . 2011-09-29 02:28      --------      d-----w-      c:\users\tmaly\AppData\Roaming\SUPERAntiSpyware.com
2011-09-29 02:28 . 2011-09-29 02:28      --------      d-----w-      c:\programdata\SUPERAntiSpyware.com
2011-09-29 00:28 . 2011-09-29 00:28      --------      d-----w-      c:\users\tmaly\AppData\Roaming\TeamViewer
2011-09-28 23:55 . 2011-09-28 23:55      --------      d-----w-      c:\users\tmaly\AppData\Roaming\IrfanView
2011-09-28 19:20 . 2011-09-28 19:20      --------      d-----w-      c:\programdata\Malwarebytes
2011-09-28 19:19 . 2011-09-28 19:27      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2011-09-28 19:19 . 2011-08-31 21:00      22216      ----a-w-      c:\windows\system32\drivers\mbam.sys
2011-09-28 10:51 . 2011-09-28 10:52      --------      d-----w-      c:\users\craburn.PRODUCTION-PC
2011-09-28 10:37 . 2011-09-28 10:37      --------      d-----w-      c:\users\tmaly\AppData\Local\Mozilla
2011-09-28 10:36 . 2011-09-29 10:44      48016      --sha-w-      c:\windows\system32\c_90606.nl_
2011-09-27 10:33 . 2011-09-27 10:33      --------      d-----w-      c:\users\craburn\AppData\Roaming\TeamViewer
2011-09-15 18:23 . 2011-08-10 12:14      2409784      ----a-w-      c:\program files\Windows Mail\OESpamFilter.dat
2011-09-07 17:43 . 2011-09-07 17:58      --------      d-----w-      c:\users\jlanger\AppData\Local\Windows Live
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Local\Windows Live Writer
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\Windows Live Writer
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\EDrawings
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Roaming\DassaultSystemes
2011-09-07 17:42 . 2011-09-07 17:42      --------      d-----w-      c:\users\jlanger\AppData\Local\DassaultSystemes
2011-09-07 13:55 . 2011-09-07 13:55      --------      d-----w-      c:\users\jlanger\AppData\Local\Microsoft Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-29 10:44 . 2009-06-11 15:36      351744      ----a-w-      c:\windows\system32\drivers\csc.sys
2011-09-29 02:38 . 2009-06-11 15:35      67072      ----a-w-      c:\windows\system32\drivers\cdrom.sys
2011-09-28 00:59 . 2009-06-11 15:35      185856      ----a-w-      c:\windows\system32\drivers\netbt.sys
2011-09-28 00:59 . 2008-01-21 02:21      503864      ----a-w-      c:\windows\system32\drivers\Wdf01000.sys
2011-08-06 08:38 . 2011-08-06 08:38      749832      ----a-w-      c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\xkla.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\jnyr.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\jlfk.exe
2011-08-03 17:21 . 2011-08-03 17:21      0      ----a-w-      c:\programdata\fekr.exe
2011-07-22 02:54 . 2011-08-17 19:37      1797632      ----a-w-      c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-17 19:37      1126912      ----a-w-      c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-17 19:37      2382848      ----a-w-      c:\windows\system32\mshtml.tlb
2011-07-13 03:39 . 2011-08-02 15:28      6881616      ----a-w-      c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E4E3898-DC3C-4054-B54A-8B99C1E19145}\mpengine.dll
2011-07-11 13:25 . 2011-08-24 06:39      2048      ----a-w-      c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-11 02:57      214016      ----a-w-      c:\windows\system32\drivers\mrxsmb10.sys
2011-09-23 04:28 . 2011-09-28 02:12      134104      ----a-w-      c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\maint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-06-30 19:19      10536      ----a-w-      c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T4MNavigator]
\\srverp\TRANS4M Client\T4MNavigator.exe BACK [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07      932288      ----a-r-      c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47      35760      ----a-w-      c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-09-24 09:27      159744      ----a-w-      c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2008-05-19 06:26      3444736      ----a-w-      c:\windows\System32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 21:43      118784      ----a-w-      c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-09-08 00:12      136176      ----atw-      c:\users\tmaly\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44      31072      ----a-w-      c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-04-22 06:11      166424      ----a-w-      c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 02:52      49152      ----a-w-      c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-08-31 12:59      36864      ----a-w-      c:\program files\HP\HP UT\bin\hppusg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-04-22 06:11      141848      ----a-w-      c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58      36864      ----a-w-      c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 15:58      184320      ----a-w-      c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-04-22 06:11      133656      ----a-w-      c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28      1233920      ----a-w-      c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2008-01-02 04:37      405504      ----a-w-      c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]
2008-01-10 15:13      53248      ----a-w-      c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:21      1008184      ----a-w-      c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28      2153472      ----a-w-      c:\windows\System32\oobefldr.dll
.
R1 SASDIFSV;SASDIFSV;c:\users\tmaly\AppData\Local\Temp\superas\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\tmaly\AppData\Local\Temp\superas\SASKUTIL.sys [x]
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys [x]
R2 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\Cognex\In-Sight\In-Sight OPC Server 4.3.1\OpcInSightService.exe [x]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
R3 chckr2xx;Checker 200 Series Driver;c:\windows\system32\Drivers\chckr2xx.sys [2007-11-15 15744]
R3 EraserUtilDrv11113;EraserUtilDrv11113;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 pcidnt;A-B 1784-PCIDS;c:\windows\System32\Drivers\pcidnt.sys [x]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
R3 SASENUM;SASENUM;c:\users\tmaly\AppData\Local\Temp\superas\SASENUM.SYS [x]
R3 Ser2rs;Radioshack USB to Serial Driver;c:\windows\system32\DRIVERS\ser2rs.sys [2007-06-25 76288]
R3 TrueSight;TrueSight;c:\users\tmaly\Desktop\TrueSight.sys [2011-09-29 111104]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
R4 CHStudioOpcServer;CH Studio OPC Server;c:\program files\CH Studio\CHStudioOpcServer.exe [2007-12-03 271648]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [2009-06-11 222496]
R4 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2010-05-18 1122568]
R4 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2009-08-13 91424]
R4 MatrikonOPC Server for Allen Bradley PLCs;MatrikonOPC Server for Allen Bradley PLCs;c:\program files\Matrikon\OPC\Allen Bradley PLCs\OPC_AB_PLC.exe [2009-10-30 3186688]
R4 MatrikonOPC Server for Simulation and Testing;MatrikonOPC Server for Simulation and Testing;c:\program files\Matrikon\OPC\Simulation\OPCSim.exe [2009-07-20 1761280]
R4 MBAMService;MBAMService;f:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [2009-06-11 222496]
R4 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [2009-06-11 222496]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-21 179712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SYMTDI
*Deregistered* - CO_Mon
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12      REG_MULTI_SZ         Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt      REG_MULTI_SZ         hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation      REG_MULTI_SZ         FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23      38400      ----a-w-      c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50      30720      ----a-w-      c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-391302439-412161306-3538591480-1112Core.job
- c:\users\tmaly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-28 00:12]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{03A71A08-7C9E-4F52-839E-58ED9A710417}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{06FEA8C2-2749-44DD-AAC0-B234322237A3}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{939FE3D6-EF07-49C3-8D37-52B1A4F32454}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{9EC5F9E4-A452-4E8E-84E6-A4ADB944864E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
2011-09-30 c:\windows\Tasks\User_Feed_Synchronization-{A07C0AB7-1BB6-4BD6-B89A-DC1B1F55A88E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-21 17:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 152.160.1.1 152.160.1.3
FF - ProfilePath - c:\users\tmaly\AppData\Roaming\Mozilla\Firefox\Profiles\kcp47aff.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ubcd4win.com/forum/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-30 08:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-30  08:17:57
ComboFix-quarantined-files.txt  2011-09-30 12:17
ComboFix2.txt  2011-09-29 22:43
.
Pre-Run: 186,443,911,168 bytes free
Post-Run: 185,795,137,536 bytes free
.
- - End Of File - - 7D12A949F6471730F0637E343A4A08D1
0
 
LVL 23

Accepted Solution

by:
phototropic earned 500 total points
ID: 36895748
Please copy the following text into Notepad:

Folder::
c:\windows\$NtUninstallKB22650$

File::
c:\programdata\xkla.exe
c:\programdata\jnyr.exe
c:\programdata\jlfk.exe
c:\programdata\fekr.exe



Save this Notepad file as CFScript.txt to your Desktop.  Then drag and drop the CFScript.txt file onto the Combofix icon on your desktop.  Combofix will run again.  Please post the log here for review.

0
 

Author Comment

by:manch03
ID: 36896766
Illegal operation attempted on a registry key that has been marked for deletion.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36897373
Please reboot your computer and check to see if the problem is resolved.
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36899053
@manch03,

Is this issue resolved?

If not, please open an elevated cmd prompt (Start - All Programs - Accessories - right-click Command Prompt - Run as administrator).  At the prompt, type the following:

sfc /scannow

Let it complete. reboot. check to see if issue is resolved.

0
 

Author Comment

by:manch03
ID: 36900581
I did get it to work after the reboot. Is that all I need to do?  I R
ran the combo fix again and rebooted    Anything else I need to do?
0
 
LVL 23

Expert Comment

by:phototropic
ID: 36900910
How is your computer responding now?  Are the issues in your question resolved?  If they are you should uninstall Combofix.  

Click on Start, then enter "combofix /uninstall" (without the quotes) in the Search field.  Press Enter - click on Run.  There is a walkthrough with illustrations in the Bleeping Computer tutorial, under "Uninstall Combofix".
0
 

Author Comment

by:manch03
ID: 36903102
Yes, it seems to running good now with no pop ups and I am able to run all the executable.  I will uninstall combo fix - thank you so much for your help.  
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now