Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win32 ZAccess Virus.....

This is a discussion on Win32 ZAccess Virus..... within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, About a week ago, my computer seemed to be running slower and slower each time I use it. At


 
 
Thread Tools Search this Thread
Old 03-19-2012, 01:25 PM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hello,

About a week ago, my computer seemed to be running slower and slower each time I use it. At that time I did have Kaspersky Anti-Virus 2012 and when I ran it, it gave me a potential virus called Win32 ZAccess (I believe) which I could not have deleted by Kaspersky.

Since y'all have done wonders for me in the past, I humbly come before you asking for your assistance again .....

Below is the DDS.txt results and I have included the Attach.zip attachment. Any help would be greatly appreciated !!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Tanya at 12:09:38 on 2012-03-19
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SecureW2\sw2_service.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SecureW2\sw2_tray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\ping.exe
C:\Documents and Settings\Tanya\Desktop\dds.scr
C:\WINDOWS\system32\REGSVR32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NecUsb3Sevic
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SecureW2 Tray] c:\program files\securew2\sw2_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1204,1610
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/InstallerControl.cab#version=6031,2009,1204,1613
DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/vdeskctrl.cab#version=6031,2009,1212,1610
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxp://oak3.vcu.edu/dwa8W.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxshost.cab#version=6031,2009,1204,1608
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxhost.cab#version=6031,2009,1204,1604
Notify: NecUsb3Sevices - USB3Sw32.dll
Notify: USB3Sw32 - USB3Sw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tanya\application data\mozilla\firefox\profiles\bi2jthal.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu/
FF - plugin: c:\documents and settings\tanya\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108317
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.hardId - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:23:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? Roxio UPnP Renderer 11;Roxio UPnP Renderer 11
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? NecUsb3;USB3 Service
S? SW2SVC;SecureW2 Service
.
=============== Created Last 30 ================
.
2012-03-17 03:57:59 38400 ----a-w- c:\windows\system32\USB3Sw32.dll
2012-03-17 03:57:59 157184 ----a-w- c:\windows\system32\NEUSBw32.dll
2012-03-16 23:14:26 -------- d-----w- C:\Cache
2012-03-16 23:13:24 -------- d-----w- C:\w
2012-03-16 23:13:24 -------- d-----w- C:\visi
2012-03-16 23:13:18 -------- d-----w- C:\e
2012-03-15 21:55:28 110992 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
2012-03-15 21:54:35 147856 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2012-03-15 14:13:37 -------- d-----w- C:\Data
2012-03-14 22:30:54 -------- d-----w- c:\documents and settings\all users\application data\DVD-Cloner
2012-03-14 22:30:53 -------- d-----w- C:\temp_dvd
2012-03-11 22:07:37 -------- d-----w- c:\documents and settings\tanya\application data\QuickScan
2012-03-11 02:11:18 -------- d-----w- c:\program files\iPod
2012-03-11 02:07:19 -------- d-----w- c:\program files\iTunes
2012-02-29 00:30:24 -------- d-----w- c:\documents and settings\all users\application data\xml_param
2012-02-28 21:45:17 -------- d-----w- c:\documents and settings\tanya\application data\Wondershare Video Converter Ultimate
2012-02-28 21:41:56 156160 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2012-02-28 21:41:31 892928 ----a-w- c:\windows\system32\iconv.dll
2012-02-28 21:41:30 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-02-28 20:58:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-28 20:31:34 -------- d-----w- c:\documents and settings\tanya\local settings\application data\Wondershare
2012-02-28 20:31:30 -------- d-----w- c:\program files\common files\Wondershare
2012-02-28 20:30:58 -------- d-----w- c:\program files\Wondershare
2012-02-27 20:23:16 -------- d-----w- c:\documents and settings\tanya\local settings\application data\Babylon
2012-02-27 20:23:15 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2012-02-27 20:23:14 -------- d-----w- c:\documents and settings\tanya\application data\Babylon
2012-02-27 20:22:42 -------- d-----w- c:\program files\pazera-software
2012-02-27 01:29:03 -------- d-----w- c:\documents and settings\tanya\application data\ImTOO
2012-02-25 02:44:29 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
==================== Find3M ====================
.
2012-02-25 02:43:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 19:52:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 1947 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 12:11:48.13 ===============
Attached Files
File Type: zip Attach.zip (5.7 KB, 24 views)
hbkvcu is offline  
Sponsored Links
Advertisement
 
Old 03-19-2012, 08:06 PM   #2
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.
__________________
NoodleTech is offline  
Old 03-19-2012, 08:43 PM   #3
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkvcu,

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan.
    • If Malicious objects are found, DO NOT cure them.
    • Choose Skip then click on Continue.
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)
__________________
NoodleTech is offline  
Sponsored Links
Advertisement
 
Old 03-20-2012, 06:53 AM   #4
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hi NoodleTech,

Thank you for your reply....I think I may have ran the program twice by mistake....Here is the info you requested

08:39:14.0511 3608 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
08:39:14.0571 3608 ============================================================
08:39:14.0571 3608 Current date / time: 2012/03/20 08:39:14.0571
08:39:14.0571 3608 SystemInfo:
08:39:14.0571 3608
08:39:14.0571 3608 OS Version: 5.1.2600 ServicePack: 3.0
08:39:14.0571 3608 Product type: Workstation
08:39:14.0571 3608 ComputerName: JESUS-62CD2C7E7
08:39:14.0571 3608 UserName: Tanya
08:39:14.0571 3608 Windows directory: C:\WINDOWS
08:39:14.0591 3608 System windows directory: C:\WINDOWS
08:39:14.0591 3608 Processor architecture: Intel x86
08:39:14.0591 3608 Number of processors: 1
08:39:14.0591 3608 Page size: 0x1000
08:39:14.0591 3608 Boot type: Normal boot
08:39:14.0591 3608 ============================================================
08:39:17.0706 3608 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1E48, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
08:39:17.0716 3608 Drive \Device\Harddisk1\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:39:17.0716 3608 \Device\Harddisk0\DR0:
08:39:17.0716 3608 MBR used
08:39:17.0716 3608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FC4131
08:39:17.0716 3608 \Device\Harddisk1\DR2:
08:39:17.0716 3608 MBR used
08:39:17.0716 3608 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x8, BlocksNum 0x777FF8
08:39:18.0096 3608 Initialize success
08:39:18.0096 3608 ============================================================
08:39:24.0085 3636 ============================================================
08:39:24.0085 3636 Scan started
08:39:24.0085 3636 Mode: Manual;
08:39:24.0085 3636 ============================================================
08:39:24.0456 3636 Abiosdsk - ok
08:39:24.0476 3636 abp480n5 - ok
08:39:24.0576 3636 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:39:24.0586 3636 ACPI - ok
08:39:24.0656 3636 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:39:24.0656 3636 ACPIEC - ok
08:39:24.0686 3636 adpu160m - ok
08:39:24.0746 3636 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
08:39:24.0746 3636 aeaudio - ok
08:39:24.0806 3636 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:39:24.0816 3636 aec - ok
08:39:24.0896 3636 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:39:24.0916 3636 AFD - ok
08:39:25.0136 3636 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:39:25.0177 3636 AgereSoftModem - ok
08:39:25.0257 3636 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:39:25.0267 3636 agp440 - ok
08:39:25.0287 3636 Aha154x - ok
08:39:25.0297 3636 aic78u2 - ok
08:39:25.0327 3636 aic78xx - ok
08:39:25.0367 3636 AliIde - ok
08:39:25.0387 3636 amsint - ok
08:39:25.0457 3636 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
08:39:25.0457 3636 APLMp50 - ok
08:39:25.0537 3636 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:39:25.0547 3636 Arp1394 - ok
08:39:25.0657 3636 asc - ok
08:39:25.0677 3636 asc3350p - ok
08:39:25.0697 3636 asc3550 - ok
08:39:25.0767 3636 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:39:25.0767 3636 AsyncMac - ok
08:39:25.0797 3636 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:39:25.0797 3636 atapi - ok
08:39:25.0827 3636 Atdisk - ok
08:39:25.0928 3636 ati2mtag (a3d210433cf6fc9269286b9a96b2e272) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:39:25.0958 3636 ati2mtag - ok
08:39:26.0008 3636 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:39:26.0008 3636 Atmarpc - ok
08:39:26.0088 3636 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:39:26.0088 3636 audstub - ok
08:39:26.0138 3636 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:39:26.0138 3636 Beep - ok
08:39:26.0208 3636 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:39:26.0208 3636 cbidf2k - ok
08:39:26.0248 3636 cd20xrnt - ok
08:39:26.0328 3636 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:39:26.0328 3636 Cdaudio - ok
08:39:26.0398 3636 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:39:26.0408 3636 Cdfs - ok
08:39:26.0458 3636 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:39:26.0458 3636 Cdrom - ok
08:39:26.0488 3636 Changer - ok
08:39:26.0589 3636 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:39:26.0589 3636 CmBatt - ok
08:39:26.0619 3636 CmdIde - ok
08:39:26.0659 3636 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:39:26.0659 3636 Compbatt - ok
08:39:26.0709 3636 Cpqarray - ok
08:39:26.0739 3636 dac2w2k - ok
08:39:26.0769 3636 dac960nt - ok
08:39:26.0809 3636 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:39:26.0809 3636 Disk - ok
08:39:26.0899 3636 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:39:26.0939 3636 dmboot - ok
08:39:27.0039 3636 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:39:27.0039 3636 dmio - ok
08:39:27.0109 3636 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:39:27.0129 3636 dmload - ok
08:39:27.0199 3636 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:39:27.0199 3636 DMusic - ok
08:39:27.0240 3636 dpti2o - ok
08:39:27.0290 3636 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:39:27.0290 3636 drmkaud - ok
08:39:27.0390 3636 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:39:27.0390 3636 Fastfat - ok
08:39:27.0420 3636 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:39:27.0420 3636 Fdc - ok
08:39:27.0460 3636 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:39:27.0460 3636 Fips - ok
08:39:27.0520 3636 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:39:27.0520 3636 Flpydisk - ok
08:39:27.0590 3636 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:39:27.0590 3636 FltMgr - ok
08:39:27.0670 3636 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:39:27.0670 3636 Fs_Rec - ok
08:39:27.0710 3636 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:39:27.0720 3636 Ftdisk - ok
08:39:27.0760 3636 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:39:27.0760 3636 GEARAspiWDM - ok
08:39:27.0850 3636 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:39:27.0850 3636 Gpc - ok
08:39:27.0921 3636 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:39:27.0921 3636 hidusb - ok
08:39:27.0961 3636 hpn - ok
08:39:28.0051 3636 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:39:28.0061 3636 HTTP - ok
08:39:28.0111 3636 i2omgmt - ok
08:39:28.0131 3636 i2omp - ok
08:39:28.0181 3636 i8042prt (49574e6539c2f460f54328391abbd243) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:39:28.0181 3636 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 49574e6539c2f460f54328391abbd243, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
08:39:28.0181 3636 i8042prt ( Virus.Win32.ZAccess.c ) - infected
08:39:28.0181 3636 i8042prt - detected Virus.Win32.ZAccess.c (0)
08:39:28.0221 3636 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:39:28.0221 3636 Imapi - ok
08:39:28.0281 3636 ini910u - ok
08:39:28.0331 3636 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:39:28.0331 3636 IntelIde - ok
08:39:28.0361 3636 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:39:28.0391 3636 intelppm - ok
08:39:28.0431 3636 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:39:28.0431 3636 Ip6Fw - ok
08:39:28.0481 3636 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:39:28.0481 3636 IpFilterDriver - ok
08:39:28.0541 3636 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:39:28.0541 3636 IpInIp - ok
08:39:28.0601 3636 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:39:28.0622 3636 IpNat - ok
08:39:28.0672 3636 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:39:28.0682 3636 IPSec - ok
08:39:28.0752 3636 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
08:39:28.0772 3636 irda - ok
08:39:28.0852 3636 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:39:28.0852 3636 IRENUM - ok
08:39:28.0932 3636 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:39:28.0942 3636 isapnp - ok
08:39:28.0972 3636 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:39:28.0972 3636 Kbdclass - ok
08:39:29.0072 3636 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:39:29.0072 3636 kbdhid - ok
08:39:29.0142 3636 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:39:29.0162 3636 kmixer - ok
08:39:29.0252 3636 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:39:29.0252 3636 KSecDD - ok
08:39:29.0292 3636 lbrtfdc - ok
08:39:29.0413 3636 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:39:29.0413 3636 mnmdd - ok
08:39:29.0453 3636 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:39:29.0453 3636 Modem - ok
08:39:29.0483 3636 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:39:29.0493 3636 Mouclass - ok
08:39:29.0583 3636 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:39:29.0583 3636 mouhid - ok
08:39:29.0663 3636 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:39:29.0663 3636 MountMgr - ok
08:39:29.0693 3636 mraid35x - ok
08:39:29.0713 3636 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:39:29.0723 3636 MRxDAV - ok
08:39:29.0833 3636 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:39:29.0843 3636 MRxSmb - ok
08:39:29.0983 3636 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:39:29.0983 3636 Msfs - ok
08:39:30.0024 3636 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:39:30.0024 3636 MSKSSRV - ok
08:39:30.0054 3636 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:39:30.0054 3636 MSPCLOCK - ok
08:39:30.0124 3636 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:39:30.0124 3636 MSPQM - ok
08:39:30.0194 3636 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:39:30.0194 3636 mssmbios - ok
08:39:30.0294 3636 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:39:30.0294 3636 Mup - ok
08:39:30.0354 3636 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:39:30.0354 3636 NDIS - ok
08:39:30.0454 3636 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:39:30.0454 3636 NdisTapi - ok
08:39:30.0524 3636 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:39:30.0524 3636 Ndisuio - ok
08:39:30.0604 3636 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:39:30.0604 3636 NdisWan - ok
08:39:30.0694 3636 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:39:30.0694 3636 NDProxy - ok
08:39:30.0755 3636 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:39:30.0775 3636 NetBIOS - ok
08:39:30.0815 3636 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:39:30.0815 3636 NetBT - ok
08:39:30.0895 3636 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:39:30.0895 3636 NIC1394 - ok
08:39:30.0975 3636 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:39:30.0975 3636 nm - ok
08:39:31.0055 3636 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:39:31.0055 3636 Npfs - ok
08:39:31.0135 3636 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:39:31.0175 3636 Ntfs - ok
08:39:31.0275 3636 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:39:31.0275 3636 Null - ok
08:39:31.0375 3636 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:39:31.0375 3636 NwlnkFlt - ok
08:39:31.0426 3636 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:39:31.0426 3636 NwlnkFwd - ok
08:39:31.0516 3636 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:39:31.0516 3636 ohci1394 - ok
08:39:31.0636 3636 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:39:31.0636 3636 Parport - ok
08:39:31.0676 3636 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:39:31.0676 3636 PartMgr - ok
08:39:31.0786 3636 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:39:31.0786 3636 ParVdm - ok
08:39:31.0816 3636 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:39:31.0826 3636 PCI - ok
08:39:31.0836 3636 PCIDump - ok
08:39:31.0906 3636 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
08:39:31.0916 3636 PCIIde - ok
08:39:31.0986 3636 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:39:31.0996 3636 Pcmcia - ok
08:39:32.0046 3636 PDCOMP - ok
08:39:32.0076 3636 PDFRAME - ok
08:39:32.0086 3636 PDRELI - ok
08:39:32.0117 3636 PDRFRAME - ok
08:39:32.0147 3636 perc2 - ok
08:39:32.0167 3636 perc2hib - ok
08:39:32.0247 3636 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:39:32.0247 3636 PptpMiniport - ok
08:39:32.0287 3636 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:39:32.0297 3636 PSched - ok
08:39:32.0377 3636 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:39:32.0377 3636 Ptilink - ok
08:39:32.0487 3636 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:39:32.0487 3636 PxHelp20 - ok
08:39:32.0547 3636 ql1080 - ok
08:39:32.0567 3636 Ql10wnt - ok
08:39:32.0597 3636 ql12160 - ok
08:39:32.0627 3636 ql1240 - ok
08:39:32.0647 3636 ql1280 - ok
08:39:32.0697 3636 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:39:32.0697 3636 RasAcd - ok
08:39:32.0747 3636 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
08:39:32.0747 3636 Rasirda - ok
08:39:32.0798 3636 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:39:32.0798 3636 Rasl2tp - ok
08:39:32.0858 3636 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:39:32.0858 3636 RasPppoe - ok
08:39:32.0898 3636 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:39:32.0898 3636 Raspti - ok
08:39:32.0938 3636 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:39:32.0938 3636 Rdbss - ok
08:39:32.0978 3636 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:39:32.0978 3636 RDPCDD - ok
08:39:33.0048 3636 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:39:33.0048 3636 rdpdr - ok
08:39:33.0138 3636 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:39:33.0148 3636 RDPWD - ok
08:39:33.0298 3636 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:39:33.0298 3636 rtl8139 - ok
08:39:33.0428 3636 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:39:33.0428 3636 Secdrv - ok
08:39:33.0499 3636 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:39:33.0509 3636 serenum - ok
08:39:33.0539 3636 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:39:33.0539 3636 Serial - ok
08:39:33.0619 3636 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:39:33.0619 3636 Sfloppy - ok
08:39:33.0689 3636 Simbad - ok
08:39:33.0729 3636 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
08:39:33.0729 3636 SMCIRDA - ok
08:39:33.0909 3636 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
08:39:33.0919 3636 smwdm - ok
08:39:33.0959 3636 Sparrow - ok
08:39:34.0019 3636 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:39:34.0019 3636 splitter - ok
08:39:34.0079 3636 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:39:34.0079 3636 sr - ok
08:39:34.0180 3636 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:39:34.0200 3636 Srv - ok
08:39:34.0310 3636 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:39:34.0330 3636 StillCam - ok
08:39:34.0390 3636 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:39:34.0390 3636 swenum - ok
08:39:34.0450 3636 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:39:34.0450 3636 swmidi - ok
08:39:34.0490 3636 symc810 - ok
08:39:34.0530 3636 symc8xx - ok
08:39:34.0560 3636 sym_hi - ok
08:39:34.0590 3636 sym_u3 - ok
08:39:34.0610 3636 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:39:34.0610 3636 sysaudio - ok
08:39:34.0710 3636 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:39:34.0720 3636 Tcpip - ok
08:39:34.0780 3636 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:39:34.0780 3636 TDPIPE - ok
08:39:34.0840 3636 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:39:34.0840 3636 TDTCP - ok
08:39:34.0870 3636 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:39:34.0901 3636 TermDD - ok
08:39:34.0971 3636 TosIde - ok
08:39:35.0021 3636 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:39:35.0021 3636 Udfs - ok
08:39:35.0081 3636 ultra - ok
08:39:35.0161 3636 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:39:35.0171 3636 Update - ok
08:39:35.0271 3636 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:39:35.0271 3636 USBAAPL - ok
08:39:35.0361 3636 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:39:35.0361 3636 usbccgp - ok
08:39:35.0421 3636 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:39:35.0421 3636 usbehci - ok
08:39:35.0531 3636 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:39:35.0551 3636 usbhub - ok
08:39:35.0642 3636 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:39:35.0642 3636 usbohci - ok
08:39:35.0732 3636 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:39:35.0732 3636 usbprint - ok
08:39:35.0802 3636 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:39:35.0812 3636 usbscan - ok
08:39:35.0862 3636 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:39:35.0862 3636 usbstor - ok
08:39:35.0902 3636 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:39:35.0902 3636 usbuhci - ok
08:39:35.0962 3636 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:39:35.0962 3636 VgaSave - ok
08:39:35.0992 3636 ViaIde - ok
08:39:36.0042 3636 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:39:36.0042 3636 VolSnap - ok
08:39:36.0313 3636 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
08:39:36.0413 3636 w29n51 - ok
08:39:36.0613 3636 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:39:36.0613 3636 Wanarp - ok
08:39:36.0673 3636 WDICA - ok
08:39:36.0713 3636 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:39:36.0713 3636 wdmaud - ok
08:39:36.0873 3636 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:39:36.0893 3636 WudfPf - ok
08:39:36.0943 3636 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:39:36.0943 3636 WudfRd - ok
08:39:37.0054 3636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:39:37.0755 3636 \Device\Harddisk0\DR0 - ok
08:39:37.0765 3636 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
08:39:43.0172 3636 \Device\Harddisk1\DR2 - ok
08:39:43.0243 3636 Boot (0x1200) (5e2b5af0e7f6dcb0d25cde93b9bb1620) \Device\Harddisk0\DR0\Partition0
08:39:43.0243 3636 \Device\Harddisk0\DR0\Partition0 - ok
08:39:43.0253 3636 Boot (0x1200) (b5e3058cb0e5b443aa20f7a5bbd9b500) \Device\Harddisk1\DR2\Partition0
08:39:43.0263 3636 \Device\Harddisk1\DR2\Partition0 - ok
08:39:43.0263 3636 ============================================================
08:39:43.0263 3636 Scan finished
08:39:43.0263 3636 ============================================================
08:39:43.0293 3628 Detected object count: 1
08:39:43.0293 3628 Actual detected object count: 1
08:44:05.0660 3628 i8042prt ( Virus.Win32.ZAccess.c ) - skipped by user
08:44:05.0660 3628 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Skip
08:44:56.0543 3228 ============================================================
08:44:56.0543 3228 Scan started
08:44:56.0543 3228 Mode: Manual;
08:44:56.0543 3228 ============================================================
08:44:56.0813 3228 Abiosdsk - ok
08:44:56.0843 3228 abp480n5 - ok
08:44:56.0934 3228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:44:56.0944 3228 ACPI - ok
08:44:57.0004 3228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:44:57.0004 3228 ACPIEC - ok
08:44:57.0024 3228 adpu160m - ok
08:44:57.0094 3228 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
08:44:57.0094 3228 aeaudio - ok
08:44:57.0154 3228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:44:57.0154 3228 aec - ok
08:44:57.0234 3228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:44:57.0234 3228 AFD - ok
08:44:57.0464 3228 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
08:44:57.0474 3228 AgereSoftModem - ok
08:44:57.0534 3228 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
08:44:57.0534 3228 agp440 - ok
08:44:57.0565 3228 Aha154x - ok
08:44:57.0585 3228 aic78u2 - ok
08:44:57.0615 3228 aic78xx - ok
08:44:57.0645 3228 AliIde - ok
08:44:57.0665 3228 amsint - ok
08:44:57.0715 3228 APLMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\WINDOWS\system32\Drivers\APLMp50.sys
08:44:57.0715 3228 APLMp50 - ok
08:44:57.0815 3228 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:44:57.0815 3228 Arp1394 - ok
08:44:57.0925 3228 asc - ok
08:44:57.0945 3228 asc3350p - ok
08:44:57.0975 3228 asc3550 - ok
08:44:58.0045 3228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:44:58.0045 3228 AsyncMac - ok
08:44:58.0075 3228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:44:58.0085 3228 atapi - ok
08:44:58.0115 3228 Atdisk - ok
08:44:58.0215 3228 ati2mtag (a3d210433cf6fc9269286b9a96b2e272) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
08:44:58.0225 3228 ati2mtag - ok
08:44:58.0266 3228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:44:58.0266 3228 Atmarpc - ok
08:44:58.0356 3228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:44:58.0356 3228 audstub - ok
08:44:58.0426 3228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:44:58.0426 3228 Beep - ok
08:44:58.0526 3228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:44:58.0526 3228 cbidf2k - ok
08:44:58.0586 3228 cd20xrnt - ok
08:44:58.0606 3228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:44:58.0616 3228 Cdaudio - ok
08:44:58.0686 3228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:44:58.0686 3228 Cdfs - ok
08:44:58.0726 3228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:44:58.0726 3228 Cdrom - ok
08:44:58.0746 3228 Changer - ok
08:44:58.0796 3228 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:44:58.0796 3228 CmBatt - ok
08:44:58.0836 3228 CmdIde - ok
08:44:58.0866 3228 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:44:58.0866 3228 Compbatt - ok
08:44:58.0896 3228 Cpqarray - ok
08:44:58.0916 3228 dac2w2k - ok
08:44:58.0946 3228 dac960nt - ok
08:44:58.0987 3228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:44:58.0987 3228 Disk - ok
08:44:59.0227 3228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:44:59.0237 3228 dmboot - ok
08:44:59.0357 3228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:44:59.0367 3228 dmio - ok
08:44:59.0417 3228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:44:59.0417 3228 dmload - ok
08:44:59.0487 3228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:44:59.0487 3228 DMusic - ok
08:44:59.0527 3228 dpti2o - ok
08:44:59.0557 3228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:44:59.0557 3228 drmkaud - ok
08:44:59.0648 3228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:44:59.0648 3228 Fastfat - ok
08:44:59.0718 3228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:44:59.0728 3228 Fdc - ok
08:44:59.0758 3228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:44:59.0758 3228 Fips - ok
08:44:59.0818 3228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:44:59.0818 3228 Flpydisk - ok
08:44:59.0918 3228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:44:59.0918 3228 FltMgr - ok
08:44:59.0958 3228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:44:59.0958 3228 Fs_Rec - ok
08:44:59.0998 3228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:44:59.0998 3228 Ftdisk - ok
08:45:00.0048 3228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:45:00.0048 3228 GEARAspiWDM - ok
08:45:00.0108 3228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:45:00.0108 3228 Gpc - ok
08:45:00.0188 3228 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:45:00.0188 3228 hidusb - ok
08:45:00.0228 3228 hpn - ok
08:45:00.0338 3228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:45:00.0338 3228 HTTP - ok
08:45:00.0429 3228 i2omgmt - ok
08:45:00.0459 3228 i2omp - ok
08:45:00.0509 3228 i8042prt (49574e6539c2f460f54328391abbd243) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:45:00.0509 3228 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 49574e6539c2f460f54328391abbd243, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
08:45:00.0509 3228 i8042prt ( Virus.Win32.ZAccess.c ) - infected
08:45:00.0509 3228 i8042prt - detected Virus.Win32.ZAccess.c (0)
08:45:00.0559 3228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:45:00.0559 3228 Imapi - ok
08:45:00.0589 3228 ini910u - ok
08:45:00.0629 3228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:45:00.0629 3228 IntelIde - ok
08:45:00.0679 3228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:45:00.0679 3228 intelppm - ok
08:45:00.0729 3228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:45:00.0729 3228 Ip6Fw - ok
08:45:00.0799 3228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:45:00.0799 3228 IpFilterDriver - ok
08:45:00.0869 3228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:45:00.0879 3228 IpInIp - ok
08:45:00.0919 3228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:45:00.0919 3228 IpNat - ok
08:45:01.0080 3228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:45:01.0080 3228 IPSec - ok
08:45:01.0140 3228 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
08:45:01.0140 3228 irda - ok
08:45:01.0180 3228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:45:01.0180 3228 IRENUM - ok
08:45:01.0230 3228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:45:01.0240 3228 isapnp - ok
08:45:01.0340 3228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:45:01.0340 3228 Kbdclass - ok
08:45:01.0430 3228 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:45:01.0430 3228 kbdhid - ok
08:45:01.0530 3228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:45:01.0530 3228 kmixer - ok
08:45:01.0610 3228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:45:01.0610 3228 KSecDD - ok
08:45:01.0650 3228 lbrtfdc - ok
08:45:01.0741 3228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:45:01.0741 3228 mnmdd - ok
08:45:01.0781 3228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:45:01.0781 3228 Modem - ok
08:45:01.0861 3228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:45:01.0861 3228 Mouclass - ok
08:45:01.0931 3228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:45:01.0931 3228 mouhid - ok
08:45:02.0081 3228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:45:02.0081 3228 MountMgr - ok
08:45:02.0101 3228 mraid35x - ok
08:45:02.0171 3228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:45:02.0171 3228 MRxDAV - ok
08:45:02.0281 3228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:45:02.0291 3228 MRxSmb - ok
08:45:02.0401 3228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:45:02.0401 3228 Msfs - ok
08:45:02.0452 3228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:45:02.0452 3228 MSKSSRV - ok
08:45:02.0542 3228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:45:02.0542 3228 MSPCLOCK - ok
08:45:02.0592 3228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:45:02.0592 3228 MSPQM - ok
08:45:02.0662 3228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:45:02.0662 3228 mssmbios - ok
08:45:02.0732 3228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:45:02.0732 3228 Mup - ok
08:45:02.0782 3228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:45:02.0782 3228 NDIS - ok
08:45:02.0862 3228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:45:02.0872 3228 NdisTapi - ok
08:45:02.0952 3228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:45:02.0952 3228 Ndisuio - ok
08:45:03.0072 3228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:45:03.0072 3228 NdisWan - ok
08:45:03.0153 3228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:45:03.0153 3228 NDProxy - ok
08:45:03.0203 3228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:45:03.0203 3228 NetBIOS - ok
08:45:03.0243 3228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:45:03.0243 3228 NetBT - ok
08:45:03.0323 3228 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:45:03.0323 3228 NIC1394 - ok
08:45:03.0373 3228 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:45:03.0373 3228 nm - ok
08:45:03.0423 3228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:45:03.0433 3228 Npfs - ok
08:45:03.0523 3228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:45:03.0523 3228 Ntfs - ok
08:45:03.0663 3228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:45:03.0663 3228 Null - ok
08:45:03.0743 3228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:45:03.0743 3228 NwlnkFlt - ok
08:45:03.0783 3228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:45:03.0783 3228 NwlnkFwd - ok
08:45:03.0844 3228 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:45:03.0844 3228 ohci1394 - ok
08:45:03.0934 3228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:45:03.0934 3228 Parport - ok
08:45:03.0984 3228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:45:03.0984 3228 PartMgr - ok
08:45:04.0014 3228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:45:04.0014 3228 ParVdm - ok
08:45:04.0034 3228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:45:04.0034 3228 PCI - ok
08:45:04.0064 3228 PCIDump - ok
08:45:04.0134 3228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
08:45:04.0144 3228 PCIIde - ok
08:45:04.0244 3228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
08:45:04.0244 3228 Pcmcia - ok
08:45:04.0294 3228 PDCOMP - ok
08:45:04.0324 3228 PDFRAME - ok
08:45:04.0344 3228 PDRELI - ok
08:45:04.0364 3228 PDRFRAME - ok
08:45:04.0394 3228 perc2 - ok
08:45:04.0414 3228 perc2hib - ok
08:45:04.0494 3228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:45:04.0494 3228 PptpMiniport - ok
08:45:04.0545 3228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:45:04.0545 3228 PSched - ok
08:45:04.0645 3228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:45:04.0655 3228 Ptilink - ok
08:45:04.0755 3228 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:45:04.0755 3228 PxHelp20 - ok
08:45:04.0785 3228 ql1080 - ok
08:45:04.0815 3228 Ql10wnt - ok
08:45:04.0835 3228 ql12160 - ok
08:45:04.0855 3228 ql1240 - ok
08:45:04.0885 3228 ql1280 - ok
08:45:04.0915 3228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:45:04.0915 3228 RasAcd - ok
08:45:05.0015 3228 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
08:45:05.0015 3228 Rasirda - ok
08:45:05.0095 3228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:45:05.0095 3228 Rasl2tp - ok
08:45:05.0155 3228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:45:05.0155 3228 RasPppoe - ok
08:45:05.0165 3228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:45:05.0175 3228 Raspti - ok
08:45:05.0256 3228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:45:05.0256 3228 Rdbss - ok
08:45:05.0316 3228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:45:05.0316 3228 RDPCDD - ok
08:45:05.0386 3228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:45:05.0386 3228 rdpdr - ok
08:45:05.0456 3228 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:45:05.0456 3228 RDPWD - ok
08:45:05.0626 3228 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:45:05.0626 3228 rtl8139 - ok
08:45:05.0746 3228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:45:05.0746 3228 Secdrv - ok
08:45:05.0806 3228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:45:05.0816 3228 serenum - ok
08:45:05.0846 3228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:45:05.0846 3228 Serial - ok
08:45:05.0907 3228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:45:05.0907 3228 Sfloppy - ok
08:45:05.0937 3228 Simbad - ok
08:45:05.0977 3228 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
08:45:05.0997 3228 SMCIRDA - ok
08:45:06.0107 3228 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
08:45:06.0107 3228 smwdm - ok
08:45:06.0207 3228 Sparrow - ok
08:45:06.0247 3228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:45:06.0247 3228 splitter - ok
08:45:06.0307 3228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:45:06.0307 3228 sr - ok
08:45:06.0397 3228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:45:06.0397 3228 Srv - ok
08:45:06.0467 3228 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
08:45:06.0467 3228 StillCam - ok
08:45:06.0517 3228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:45:06.0517 3228 swenum - ok
08:45:06.0577 3228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:45:06.0577 3228 swmidi - ok
08:45:06.0608 3228 symc810 - ok
08:45:06.0638 3228 symc8xx - ok
08:45:06.0658 3228 sym_hi - ok
08:45:06.0678 3228 sym_u3 - ok
08:45:06.0708 3228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:45:06.0708 3228 sysaudio - ok
08:45:06.0818 3228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:45:06.0818 3228 Tcpip - ok
08:45:06.0938 3228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:45:06.0938 3228 TDPIPE - ok
08:45:06.0978 3228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:45:06.0978 3228 TDTCP - ok
08:45:07.0018 3228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:45:07.0018 3228 TermDD - ok
08:45:07.0058 3228 TosIde - ok
08:45:07.0118 3228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:45:07.0118 3228 Udfs - ok
08:45:07.0138 3228 ultra - ok
08:45:07.0218 3228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:45:07.0218 3228 Update - ok
08:45:07.0329 3228 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:45:07.0329 3228 USBAAPL - ok
08:45:07.0489 3228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:45:07.0489 3228 usbccgp - ok
08:45:07.0519 3228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:45:07.0529 3228 usbehci - ok
08:45:07.0609 3228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:45:07.0609 3228 usbhub - ok
08:45:07.0639 3228 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:45:07.0639 3228 usbohci - ok
08:45:07.0699 3228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:45:07.0699 3228 usbprint - ok
08:45:07.0779 3228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:45:07.0779 3228 usbscan - ok
08:45:07.0819 3228 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:45:07.0819 3228 usbstor - ok
08:45:07.0859 3228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:45:07.0859 3228 usbuhci - ok
08:45:07.0979 3228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:45:07.0979 3228 VgaSave - ok
08:45:08.0020 3228 ViaIde - ok
08:45:08.0070 3228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:45:08.0070 3228 VolSnap - ok
08:45:08.0280 3228 w29n51 (a22abd73e0d6ba666cba4e86eeb001b3) C:\WINDOWS\system32\DRIVERS\w29n51.sys
08:45:08.0320 3228 w29n51 - ok
08:45:08.0470 3228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:45:08.0470 3228 Wanarp - ok
08:45:08.0490 3228 WDICA - ok
08:45:08.0530 3228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:45:08.0530 3228 wdmaud - ok
08:45:08.0691 3228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:45:08.0691 3228 WudfPf - ok
08:45:08.0741 3228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:45:08.0741 3228 WudfRd - ok
08:45:08.0841 3228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
08:45:09.0542 3228 \Device\Harddisk0\DR0 - ok
08:45:09.0562 3228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
08:45:14.0970 3228 \Device\Harddisk1\DR2 - ok
08:45:15.0120 3228 Boot (0x1200) (5e2b5af0e7f6dcb0d25cde93b9bb1620) \Device\Harddisk0\DR0\Partition0
08:45:15.0120 3228 \Device\Harddisk0\DR0\Partition0 - ok
08:45:15.0150 3228 Boot (0x1200) (b5e3058cb0e5b443aa20f7a5bbd9b500) \Device\Harddisk1\DR2\Partition0
08:45:15.0150 3228 \Device\Harddisk1\DR2\Partition0 - ok
08:45:15.0170 3228 ============================================================
08:45:15.0170 3228 Scan finished
08:45:15.0170 3228 ============================================================
08:45:15.0210 3216 Detected object count: 1
08:45:15.0210 3216 Actual detected object count: 1
08:45:35.0219 3216 i8042prt ( Virus.Win32.ZAccess.c ) - skipped by user
08:45:35.0219 3216 i8042prt ( Virus.Win32.ZAccess.c ) - User select action: Skip
hbkvcu is offline  
Old 03-20-2012, 09:16 AM   #5
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkcvu,

Please do the following

Refer to the ComboFix User's Guide
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on ComboFix.exe & follow the prompts.
  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________
NoodleTech is offline  
Old 03-20-2012, 01:33 PM   #6
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Hi NoodleTech,

Here are the results from ComboFix:

ComboFix 12-03-20.01 - Tanya 03/20/2012 14:32:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.307 [GMT -4:00]
Running from: c:\documents and settings\Tanya\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\rkpoirk.dll
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\USB3Sw32.dll
c:\windows\system32\w550mdfl.dll
.
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_zppinger
-------\Service_zppinger
.
.
((((((((((((((((((((((((( Files Created from 2012-02-20 to 2012-03-20 )))))))))))))))))))))))))))))))
.
.
2012-03-20 18:57 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-17 03:57 . 2012-03-17 03:57 157184 ----a-w- c:\windows\system32\NEUSBw32.dll
2012-03-16 23:14 . 2012-03-16 23:14 -------- d-----w- C:\Cache
2012-03-16 23:13 . 2012-03-17 01:56 -------- d-----w- C:\w
2012-03-16 23:13 . 2012-03-16 23:13 -------- d-----w- C:\visi
2012-03-16 23:13 . 2012-03-16 23:14 -------- d-----w- C:\e
2012-03-16 22:24 . 2012-03-16 22:28 -------- d-----w- c:\documents and settings\Tanya\Application Data\dvdcss
2012-03-15 21:55 . 2011-04-25 03:13 110992 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
2012-03-15 21:54 . 2011-04-25 03:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2012-03-15 14:13 . 2012-03-15 14:13 -------- d-----w- C:\Data
2012-03-14 22:58 . 2012-03-14 22:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\visi_coupon
2012-03-14 22:30 . 2012-03-14 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD-Cloner
2012-03-14 22:30 . 2012-03-14 22:30 -------- d-----w- C:\temp_dvd
2012-03-11 22:07 . 2012-03-11 22:07 -------- d-----w- c:\documents and settings\Tanya\Application Data\QuickScan
2012-03-11 02:11 . 2012-03-11 02:11 -------- d-----w- c:\program files\iPod
2012-03-11 02:07 . 2012-03-11 02:22 -------- d-----w- c:\program files\iTunes
2012-03-05 02:19 . 2012-03-05 02:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2012-03-05 02:13 . 2012-03-05 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-05 02:10 . 2012-03-05 02:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\BabylonToolbar
2012-03-05 02:10 . 2012-03-05 02:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\blekkotb
2012-02-29 00:30 . 2012-02-29 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\xml_param
2012-02-28 21:45 . 2012-02-28 21:45 -------- d-----w- c:\documents and settings\Tanya\Application Data\Wondershare Video Converter Ultimate
2012-02-28 21:41 . 2011-08-31 19:39 156160 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2012-02-28 21:41 . 2011-08-31 19:39 892928 ----a-w- c:\windows\system32\iconv.dll
2012-02-28 21:41 . 2011-08-31 19:39 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-02-28 20:31 . 2012-02-28 20:31 -------- d-----w- c:\documents and settings\Tanya\Local Settings\Application Data\Wondershare
2012-02-28 20:31 . 2012-02-28 20:31 -------- d-----w- c:\program files\Common Files\Wondershare
2012-02-28 20:30 . 2012-03-01 14:15 -------- d-----w- c:\program files\Wondershare
2012-02-27 20:23 . 2012-02-27 20:23 237 ----a-w- C:\user.js
2012-02-27 20:23 . 2012-02-27 20:23 -------- d-----w- c:\documents and settings\Tanya\Local Settings\Application Data\Babylon
2012-02-27 20:23 . 2012-02-27 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-02-27 20:23 . 2012-02-27 20:23 -------- d-----w- c:\documents and settings\Tanya\Application Data\Babylon
2012-02-27 20:22 . 2012-02-27 20:22 -------- d-----w- c:\program files\pazera-software
2012-02-27 01:29 . 2012-02-27 01:29 -------- d-----w- c:\documents and settings\Tanya\Application Data\ImTOO
2012-02-25 02:45 . 2012-02-25 02:45 -------- d-----w- c:\program files\Common Files\Java
2012-02-25 02:44 . 2012-02-25 02:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 02:43 . 2011-04-23 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 19:52 . 2011-06-01 22:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2009-07-08 22:30 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2009-07-08 22:30 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 00:51 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-07-08 11:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-19 21:28 . 2012-02-19 19:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SecureW2 Tray"="c:\program files\SecureW2\sw2_tray.exe" [2011-09-27 265608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-23 235168]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tanya^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Tanya\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2010-06-04 12:10 822384 ------w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 06:27 26105128 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 NecUsb3;USB3 Service;c:\windows\System32\svchost.exe -k NecUsb3Sevic [2/28/2006 8:00 AM 14336]
R2 SW2SVC;SecureW2 Service;c:\program files\SecureW2\sw2_service.exe [9/27/2011 5:05 AM 109960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NecUsb3Sevic REG_MULTI_SZ NecUsb3
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
zppinger
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: mswsock.dll
TCP: DhcpNameServer = 10.59.176.17 10.30.176.17 10.59.2.29 10.0.2.250 10.57.144.19
FF - ProfilePath - c:\documents and settings\Tanya\Application Data\Mozilla\Firefox\Profiles\bi2jthal.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu/
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108317
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.hardId - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-NecUsb3Sevices - USB3Sw32.dll
Notify-USB3Sw32 - USB3Sw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-20 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB27833$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b1,33,20,02,fe,dd,47,ab,6b,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b1,33,20,02,fe,dd,47,ab,6b,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(844)
c:\windows\system32\mswsock.dll
mswsock.dll 71a50000 258048 \\.\globalroot\systemroot\system32\mswsock.dll
.
- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2012-03-20 15:15:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-20 19:14
.
Pre-Run: 1,063,710,720 bytes free
Post-Run: 4,682,981,376 bytes free
.
- - End Of File - - 74CA1A1A4C22D8E4E4C81011A87A4ED1
hbkvcu is offline  
Old 03-21-2012, 10:11 AM   #7
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkvcu,

Please go to: VirusTotal

  • Click the Browse button and search for the following file: c:\windows\system32\NEUSBw32.dll
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.

===================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :reg
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NecUsb3
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________
NoodleTech is offline  
Old 03-21-2012, 10:48 AM   #8
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Please let me know if you would like this in an attachment as well

Here are the VirusTotal results:


SHA256: d1b49635253371281fbb9d2a83aeb901bc78012546fac5370d9a48d316ebfc92
File name: NEUSBw32.dll
Detection ratio: 16 / 43
Analysis date: 2012-03-21 16:22:22 UTC ( 2 minutes ago )

0
0
Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent 20120321
AntiVir TR/Refpron.1.65 20120321
Antiy-AVL - 20120321
Avast Win32:Malware-gen 20120320
AVG BackDoor.Generic15.WZZ 20120321
BitDefender Gen:Variant.Refpron.1 20120321
ByteHero - 20120319
CAT-QuickHeal - 20120321
ClamAV - 20120321
Commtouch - 20120321
Comodo - 20120321
DrWeb BackDoor.Pigeon1.8 20120321
Emsisoft Trojan.Win32.Agent!IK 20120321
eSafe - 20120320
eTrust-Vet - 20120321
F-Prot - 20120320
F-Secure Gen:Variant.Refpron.1 20120321
Fortinet W32/Agent.HPEQ!tr 20120321
GData Gen:Variant.Refpron.1 20120321
Ikarus Trojan.Win32.Agent 20120321
Jiangmin - 20120321
K7AntiVirus - 20120320
Kaspersky - 20120321
McAfee Generic BackDoor.ut 20120321
McAfee-GW-Edition Generic BackDoor.ut 20120321
Microsoft - 20120321
NOD32 - 20120321
Norman - 20120321
nProtect - 20120321
Panda Suspicious file 20120321
PCTools - 20120319
Prevx - 20120321
Rising - 20120321
Sophos - 20120321
SUPERAntiSpyware - 20120320
Symantec - 20120321
TheHacker - 20120321
TrendMicro - 20120321
TrendMicro-HouseCall - 20120321
VBA32 MalwareScope.Trojan-PSW.Game.16 20120321
VIPRE Trojan.Win32.Generic!BT 20120321
ViRobot - 20120321
VirusBuster - 20120321

Here are the SystemLook results:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:39 on 21/03/2012 by Tanya
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NecUsb3]
"Type"= 0x0000000120 (288)
"Start"= 0x0000000002 (2)
"ErrorControl"= 0x0000000001 (1)
"ImagePath"="%SystemRoot%\System32\svchost.exe -k NecUsb3Sevic"
"DisplayName"="USB3 Service"
"ObjectName"="LocalSystem"
"Description"="Support USB3 Services"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NecUsb3\Parameters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NecUsb3\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NecUsb3\Enum]


-= EOF =-
hbkvcu is offline  
Old 03-21-2012, 12:29 PM   #9
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkvcu,

No need for an attachment. That was fine, thanks .
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :regfind
    NEUSBw32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
__________________
NoodleTech is offline  
Old 03-21-2012, 12:39 PM   #10
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:34 on 21/03/2012 by Tanya
Administrator - Elevation successful

========== regfind ==========

Searching for "NEUSBw32.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"b"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NecUsb3\Parameters]
"ServiceDll"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NecUsb3\Parameters]
"ServiceDll"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NecUsb3\Parameters]
"ServiceDll"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_USERS\S-1-5-21-57989841-484763869-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"f"="C:\WINDOWS\system32\NEUSBw32.dll"
[HKEY_USERS\S-1-5-21-57989841-484763869-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]
"b"="C:\WINDOWS\system32\NEUSBw32.dll"

-= EOF =-
hbkvcu is offline  
Old 03-21-2012, 01:36 PM   #11
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

Code:
https://www.techsupportforum.com/forums/f50/win32-zaccess-virus-636435.html#post3672022

Collect::
c:\windows\system32\NEUSBw32.dll

Folder::
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\Tanya\Application Data\Babylon

Driver::
NecUsb3

NetSvc::
zppinger

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"NecUsb3Sevic"=-

Firefox::
FF - ProfilePath - c:\documents and settings\Tanya\Application Data\Mozilla\Firefox\Profiles\bi2jthal.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108317
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.hardId - 98f7c2dc000000000000000e35c699fa
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:23
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...




Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste
__________________
NoodleTech is offline  
Old 03-21-2012, 02:43 PM   #12
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



ComboFix 12-03-20.01 - Tanya 03/21/2012 15:59:36.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.304 [GMT -4:00]
Running from: c:\documents and settings\Tanya\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tanya\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\NEUSBw32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\NetworkService\Application Data\Adobe\sp.DLL
c:\documents and settings\Tanya\Application Data\Babylon
c:\documents and settings\Tanya\Application Data\Babylon\log_file.txt
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\bab033.tbinst.dat
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\bab091.norecovericon.dat
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\Babylon.dat
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\BExternal.dll
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\cmbx.png
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\common.js
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\eula.html
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\lngs.png
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.css
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.html
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1.js
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page1Lrg.css
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.css
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.html
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2.js
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\page9.html
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\pBar.gif
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title1.png
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\title2.png
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\HtmlScreens\vIcn.png
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\IECookieLow.dll
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\Setup-tbmntr903-9.0.3.35.zpb
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\Setup.exe
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\SetupStrings.dat
c:\documents and settings\Tanya\Local Settings\Application Data\Babylon\Setup\sqlite3.dll
c:\windows\$NtUninstallKB27833$\2865940075\@
c:\windows\$NtUninstallKB27833$\2865940075\cfg.ini
c:\windows\$NtUninstallKB27833$\2865940075\Desktop.ini
c:\windows\$NtUninstallKB27833$\2865940075\L\opellzcc
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\U\[email protected]
c:\windows\$NtUninstallKB27833$\2865940075\version
c:\windows\$NtUninstallKB27833$\2885624886
c:\windows\svcs.exe
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\neusbw32.dll
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\wg111nd5.dll
.
Infected copy of c:\windows\system32\drivers\ipsec.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NECUSB3
-------\Legacy_NETWORKLOG
-------\Service_NecUsb3
-------\Service_NetworkLog
-------\Service_SPService
-------\Legacy_irsir
-------\Service_irsir
.
.
((((((((((((((((((((((((( Files Created from 2012-02-21 to 2012-03-21 )))))))))))))))))))))))))))))))
.
.
2012-03-21 19:54 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-20 18:57 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-16 23:14 . 2012-03-16 23:14 -------- d-----w- C:\Cache
2012-03-16 23:13 . 2012-03-17 01:56 -------- d-----w- C:\w
2012-03-16 23:13 . 2012-03-16 23:13 -------- d-----w- C:\visi
2012-03-16 23:13 . 2012-03-16 23:14 -------- d-----w- C:\e
2012-03-16 22:24 . 2012-03-16 22:28 -------- d-----w- c:\documents and settings\Tanya\Application Data\dvdcss
2012-03-15 21:55 . 2011-04-25 03:13 110992 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\abhelperxpcom.dll
2012-03-15 21:54 . 2011-04-25 03:13 147856 ----a-w- c:\program files\Mozilla Firefox\extensions\[email protected]_bak2\components\kavlinkfilter.dll
2012-03-15 14:13 . 2012-03-15 14:13 -------- d-----w- C:\Data
2012-03-14 22:58 . 2012-03-14 22:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\visi_coupon
2012-03-14 22:30 . 2012-03-14 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD-Cloner
2012-03-14 22:30 . 2012-03-14 22:30 -------- d-----w- C:\temp_dvd
2012-03-11 22:07 . 2012-03-11 22:07 -------- d-----w- c:\documents and settings\Tanya\Application Data\QuickScan
2012-03-11 02:11 . 2012-03-11 02:11 -------- d-----w- c:\program files\iPod
2012-03-11 02:07 . 2012-03-11 02:22 -------- d-----w- c:\program files\iTunes
2012-03-05 02:19 . 2012-03-05 02:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Yahoo
2012-03-05 02:13 . 2012-03-05 02:13 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2012-03-05 02:10 . 2012-03-05 02:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\BabylonToolbar
2012-03-05 02:10 . 2012-03-05 02:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\blekkotb
2012-02-29 00:30 . 2012-02-29 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\xml_param
2012-02-28 21:45 . 2012-02-28 21:45 -------- d-----w- c:\documents and settings\Tanya\Application Data\Wondershare Video Converter Ultimate
2012-02-28 21:41 . 2011-08-31 19:39 156160 ----a-w- c:\windows\system32\WS_ContextMenu.dll
2012-02-28 21:41 . 2011-08-31 19:39 892928 ----a-w- c:\windows\system32\iconv.dll
2012-02-28 21:41 . 2011-08-31 19:39 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-02-28 20:31 . 2012-02-28 20:31 -------- d-----w- c:\documents and settings\Tanya\Local Settings\Application Data\Wondershare
2012-02-28 20:31 . 2012-02-28 20:31 -------- d-----w- c:\program files\Common Files\Wondershare
2012-02-28 20:30 . 2012-03-01 14:15 -------- d-----w- c:\program files\Wondershare
2012-02-27 20:23 . 2012-02-27 20:23 237 ----a-w- C:\user.js
2012-02-27 20:22 . 2012-02-27 20:22 -------- d-----w- c:\program files\pazera-software
2012-02-27 01:29 . 2012-02-27 01:29 -------- d-----w- c:\documents and settings\Tanya\Application Data\ImTOO
2012-02-25 02:45 . 2012-02-25 02:45 -------- d-----w- c:\program files\Common Files\Java
2012-02-25 02:44 . 2012-02-25 02:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-25 02:43 . 2011-04-23 01:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-19 19:52 . 2011-06-01 22:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-15 16:01 . 2009-07-08 22:30 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 16:01 . 2009-07-08 22:30 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-03 09:22 . 2006-02-28 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 00:51 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-07-08 11:05 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-19 21:28 . 2012-02-19 19:54 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_19.08.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-21 20:21 . 2012-03-21 20:21 16384 c:\windows\Temp\Perflib_Perfdata_408.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"SecureW2 Tray"="c:\program files\SecureW2\sw2_tray.exe" [2011-09-27 265608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-20 1679360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-23 235168]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NecUsb3Sevices]
USB3Sw32.dll [BU]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tanya^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Tanya\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2010-06-04 12:10 822384 ------w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 06:27 26105128 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\FrostWire 5\\FrostWire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"\\??\\c:\\WINDOWS\\system32\\winlogon.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 SW2SVC;SecureW2 Service;c:\program files\SecureW2\sw2_service.exe [9/27/2011 5:05 AM 109960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
irsir
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
TCP: DhcpNameServer = 10.59.176.17 10.30.176.17 10.59.2.29 10.0.2.250 10.57.144.19
FF - ProfilePath - c:\documents and settings\Tanya\Application Data\Mozilla\Firefox\Profiles\bi2jthal.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.vcu.edu/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-03-21 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB27833$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b1,33,20,02,fe,dd,47,ab,6b,52,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,db,b1,33,20,02,fe,dd,47,ab,6b,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1676)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\AGRSMMSG.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2012-03-21 16:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-21 20:27
ComboFix2.txt 2012-03-20 19:15
.
Pre-Run: 4,605,968,384 bytes free
Post-Run: 4,666,085,376 bytes free
.
- - End Of File - - C66461AAFB5336DA091650A3CC2CA2B1
hbkvcu is offline  
Old 03-21-2012, 02:47 PM   #13
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



It also seems like after I ran the program (or during the program), my keyboard and mousepad aren't working. I am typing this on another computer.
hbkvcu is offline  
Old 03-21-2012, 04:11 PM   #14
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkvcu,

Please restart your computer and see if your keyboard and mouse functionality are restored.
__________________
NoodleTech is offline  
Old 03-21-2012, 04:49 PM   #15
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



I rebooted...but the cursor is in the middle of the screen...and I cant move it with my mousepad.
hbkvcu is offline  
Old 03-21-2012, 07:01 PM   #16
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Does your keyboard work now? Can you try using an external mouse?
__________________
NoodleTech is offline  
Old 03-21-2012, 07:42 PM   #17
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



The external mouse works....But the keyboard doesn't....
hbkvcu is offline  
Old 03-22-2012, 12:38 AM   #18
Security Team
Analyst
 
Join Date: Dec 2008
Posts: 412
OS: Windows 7

My System


Hi hbkvcu,

Let's see if your keyboard and trackpad work in safe mode.

To boot into safe mode follow these steps:
  • Turn on or restart your computer
  • As the computer is booting, press and hold your F8 Key
  • This should bring up the Windows Advanced Options Menu
  • Use your arrow keys to move to Safe Mode and press your Enter Key

Once your computer has booted to safe mode, try using the keyboard and mouse. Let me know if they work.
__________________
NoodleTech is offline  
Old 03-22-2012, 07:49 AM   #19
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



Even in Safe Mode....both the mousepad and the keyboard still does not work...
hbkvcu is offline  
Old 03-22-2012, 08:22 AM   #20
Registered Member
 
Join Date: Mar 2009
Posts: 90
OS: Windows 10



I'm back up working....

Keyboard and mousepad that is....
hbkvcu is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible Win32/small.ca virus
Hello, This morning i received a message from my windows action center telling me that i somehow gotten the win32/small.ca virus After searching google for possible solutions i found some guides (these of which had me download TDSSKiller.exe, and Malwarebytes) After seeing that most of the...
Psycotech Resolved HJT Threads 20 03-22-2012 10:15 PM
win32/heur
i could use some info on how to remove this virus from the registry.it seems to only be effecting internet explorer,everytime i open explorer i get the error message that explorer has stopped working.i can use safari - but i still need to clean 2 - win32/heir from my pc.trendmicro detected them but...
slopez Windows 7 , Windows Vista Support 1 03-12-2012 06:53 PM
Win32/Sirefef.DN trojan
Hi there. Eset is reporting that I've got Win32/Sirefef.DN trojan in Operating memory. I've tried cleaning it, but it returns. Computer behaviour is getting worse. Some examples: New firefox tabs opening Firefox redirects to ebay Computer fans varying wildly when idle Malware software...
tryingtimes Resolved HJT Threads 139 03-12-2012 02:04 AM
Unremovable Viruses "Win32/Karagany.I" and "Win32/Winwebsec" from Undeletable File
Microsoft Security Essentials (MSE) keeps identifying the following malware. Every time I try to delete it, MSE says the deletion is successful, but the problem returns in a few minutes.TrojanDownloader:Win32/Karagany.I Rogue:Win32/Winwebsec Looking at the detailed information from MSE, I...
SeriousCat Virus/Trojan/Spyware Help 2 03-01-2012 10:43 AM
Hacktool:Win32/ Keygen
What are the ramifications of having this? Every virus scan I perform turns up negative- except for Microsoft Essentials. Threat medium- cannot remove, quarantined once, but still present and unmitigated. :banghead: Any insight would be much appreciated
betsythedoxie Resolved HJT Threads 1 02-29-2012 09:07 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:54 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts