Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #31  
Old April 26th, 2012, 02:45 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
aswMBR

I cant open the DAT file. ..?
Reply With Quote


  #32  
Old April 26th, 2012, 02:47 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
jpshort

SystemLook 30.07.11 by jpshortstuff
Log created at 21:47 on 25/04/2012 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys --a---- 138496 bytes [23:13 01/08/2011] [13:25 16/02/2011] 8D499B1276012EB907E7A9E0F4D8FDA4
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys --a---- 138496 bytes [15:07 16/10/2008] [15:07 16/10/2008] 38D7B715504DA4741DF35E3594FE2099
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys --a---- 138496 bytes [18:33 12/10/2011] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys -----c- 138496 bytes [05:27 03/08/2011] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys -----c- 138112 bytes [05:21 03/08/2011] [07:00 14/04/2008] 322D0E36693D6E24A2398BEE62A268CD
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys -----c- 138496 bytes [23:02 17/10/2011] [13:22 16/02/2011] 355556D9E580915118CD7EF736653A89
C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9 aa3d47009fe2d95c9f43154\SP3GDR\afd.sys --a---- 138496 bytes [16:21 16/04/2012] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9 aa3d47009fe2d95c9f43154\SP3QFE\afd.sys --a---- 138496 bytes [16:21 16/04/2012] [13:41 17/08/2011] F6B7B1ECD7B41736BDB6FF4B092BCB79
C:\WINDOWS\SoftwareDistribution\Download\ff0686f2f 699fa07ed5ad0848fa3055b\sp3gdr\afd.sys --a---- 138496 bytes [14:43 16/10/2008] [14:43 16/10/2008] 7618D5218F2A614672EC61A80D854A37
C:\WINDOWS\system32\dllcache\afd.sys --a--c- 138496 bytes [07:00 14/04/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\system32\drivers\afd.sys --a---- 138496 bytes [07:00 14/04/2008] [13:49 17/08/2011] 1E44BC1E83D8FD2305F8D452DB109CF9

-= EOF =-
Reply With Quote
  #33  
Old April 26th, 2012, 03:29 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
Not sure, but very difficult to tell what has been spoofed by some active unseen malware (That we do not see verification of any bad copies, though our scans indicate a malware-altered version is running).


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

Code:
KillAll::
FCopy::C:\WINDOWS\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys | C:\WINDOWS\system32\drivers\afd.sys
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
  #34  
Old April 26th, 2012, 03:32 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
If ComboFix seems to freeze the system after it shows no activity for 1/2 hour or so (it may go quite a while - check it by clicking on Start, to see if the system is frozen), go ahead and press and hold the power button for a count of 8 or so, to do a hard shutdown. Boot up, wait to see if ComboFix reinstates it run, and if not, run and post a new TDSSKiller scan log please. If ComboFix does run, again give it a good long piece of time to do it's work.
Reply With Quote
  #35  
Old April 27th, 2012, 03:04 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
tdds

22:01:08.0761 1520 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:01:09.0089 1520 ================================================== ==========
22:01:09.0089 1520 Current date / time: 2012/04/26 22:01:09.0089
22:01:09.0089 1520 SystemInfo:
22:01:09.0089 1520
22:01:09.0089 1520 OS Version: 5.1.2600 ServicePack: 3.0
22:01:09.0089 1520 Product type: Workstation
22:01:09.0089 1520 ComputerName: WATERS-365D2DA1
22:01:09.0089 1520 UserName: Administrator
22:01:09.0089 1520 Windows directory: C:\WINDOWS
22:01:09.0089 1520 System windows directory: C:\WINDOWS
22:01:09.0089 1520 Processor architecture: Intel x86
22:01:09.0089 1520 Number of processors: 2
22:01:09.0089 1520 Page size: 0x1000
22:01:09.0089 1520 Boot type: Normal boot
22:01:09.0089 1520 ================================================== ==========
22:01:12.0605 1520 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:01:12.0621 1520 Drive \Device\Harddisk1\DR2 - Size: 0x1E4700000 (7.57 Gb), SectorSize: 0x200, Cylinders: 0x3DC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
Reply With Quote
  #36  
Old April 27th, 2012, 11:56 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
Help me out on that last one - it does not look like a full log file, and not sure why.
Reply With Quote
  #37  
Old April 29th, 2012, 04:42 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
try this

22:01:08.0761 1520 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
22:01:09.0089 1520 ================================================== ==========
22:01:09.0089 1520 Current date / time: 2012/04/26 22:01:09.0089
22:01:09.0089 1520 SystemInfo:
22:01:09.0089 1520
22:01:09.0089 1520 OS Version: 5.1.2600 ServicePack: 3.0
22:01:09.0089 1520 Product type: Workstation
22:01:09.0089 1520 ComputerName: WATERS-365D2DA1
22:01:09.0089 1520 UserName: Administrator
22:01:09.0089 1520 Windows directory: C:\WINDOWS
22:01:09.0089 1520 System windows directory: C:\WINDOWS
22:01:09.0089 1520 Processor architecture: Intel x86
22:01:09.0089 1520 Number of processors: 2
22:01:09.0089 1520 Page size: 0x1000
22:01:09.0089 1520 Boot type: Normal boot
22:01:09.0089 1520 ================================================== ==========
22:01:12.0605 1520 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:01:12.0621 1520 Drive \Device\Harddisk1\DR2 - Size: 0x1E4700000 (7.57 Gb), SectorSize: 0x200, Cylinders: 0x3DC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:01:12.0621 1520 ================================================== ==========
22:01:12.0621 1520 \Device\Harddisk0\DR0:
22:01:12.0621 1520 MBR partitions:
22:01:12.0621 1520 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782
22:01:12.0621 1520 \Device\Harddisk1\DR2:
22:01:12.0621 1520 MBR partitions:
22:01:12.0621 1520 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xF21880
22:01:12.0621 1520 ================================================== ==========
22:01:12.0652 1520 C: <-> \Device\Harddisk0\DR0\Partition0
22:01:12.0652 1520 ================================================== ==========
22:01:12.0652 1520 Initialize success
22:01:12.0652 1520 ================================================== ==========
22:01:18.0950 3360 ================================================== ==========
22:01:18.0950 3360 Scan started
22:01:18.0950 3360 Mode: Manual;
22:01:18.0950 3360 ================================================== ==========
22:01:19.0559 3360 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:01:19.0559 3360 !SASCORE - ok
22:01:19.0668 3360 Abiosdsk - ok
22:01:19.0668 3360 abp480n5 - ok
22:01:19.0746 3360 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:01:19.0746 3360 ACPI - ok
22:01:19.0809 3360 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
22:01:19.0809 3360 ACPIEC - ok
22:01:19.0809 3360 adpu160m - ok
22:01:19.0871 3360 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:01:19.0887 3360 aec - ok
22:01:19.0950 3360 AFD (d6644d111b815bb034ff78feb2e3e1c5) C:\WINDOWS\System32\drivers\afd.sys
22:01:19.0950 3360 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: d6644d111b815bb034ff78feb2e3e1c5, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
22:01:19.0950 3360 AFD ( Virus.Win32.ZAccess.k ) - infected
22:01:19.0950 3360 AFD - detected Virus.Win32.ZAccess.k (0)
22:01:19.0950 3360 Aha154x - ok
22:01:19.0965 3360 aic78u2 - ok
22:01:19.0981 3360 aic78xx - ok
22:01:20.0012 3360 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
22:01:20.0028 3360 Alerter - ok
22:01:20.0043 3360 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
22:01:20.0043 3360 ALG - ok
22:01:20.0043 3360 AliIde - ok
22:01:20.0059 3360 amsint - ok
22:01:20.0137 3360 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:01:20.0137 3360 Apple Mobile Device - ok
22:01:20.0184 3360 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
22:01:20.0184 3360 AppMgmt - ok
22:01:20.0215 3360 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:01:20.0215 3360 Arp1394 - ok
22:01:20.0231 3360 asc - ok
22:01:20.0231 3360 asc3350p - ok
22:01:20.0231 3360 asc3550 - ok
22:01:20.0403 3360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspn et_state.exe
22:01:20.0434 3360 aspnet_state - ok
22:01:20.0465 3360 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:01:20.0465 3360 AsyncMac - ok
22:01:20.0512 3360 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:01:20.0528 3360 atapi - ok
22:01:20.0528 3360 Atdisk - ok
22:01:20.0543 3360 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:01:20.0543 3360 Atmarpc - ok
22:01:20.0590 3360 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
22:01:20.0590 3360 AudioSrv - ok
22:01:20.0637 3360 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:01:20.0637 3360 audstub - ok
22:01:20.0684 3360 AVG Security Toolbar Service - ok
22:01:20.0747 3360 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:01:20.0762 3360 b57w2k - ok
22:01:20.0809 3360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:01:20.0809 3360 Beep - ok
22:01:20.0903 3360 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
22:01:20.0950 3360 BITS - ok
22:01:20.0997 3360 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
22:01:20.0997 3360 Browser - ok
22:01:21.0106 3360 catchme - ok
22:01:21.0153 3360 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:01:21.0153 3360 cbidf2k - ok
22:01:21.0153 3360 cd20xrnt - ok
22:01:21.0168 3360 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:01:21.0168 3360 Cdaudio - ok
22:01:21.0215 3360 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:01:21.0215 3360 Cdfs - ok
22:01:21.0247 3360 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:01:21.0262 3360 Cdrom - ok
22:01:21.0262 3360 cerc6 - ok
22:01:21.0262 3360 Changer - ok
22:01:21.0294 3360 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
22:01:21.0294 3360 CiSvc - ok
22:01:21.0309 3360 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
22:01:21.0309 3360 ClipSrv - ok
22:01:21.0387 3360 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
22:01:21.0450 3360 clr_optimization_v2.0.50727_32 - ok
22:01:21.0559 3360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
22:01:21.0622 3360 clr_optimization_v4.0.30319_32 - ok
22:01:21.0684 3360 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:01:21.0684 3360 CmBatt - ok
22:01:21.0700 3360 CmdIde - ok
22:01:21.0715 3360 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:01:21.0715 3360 Compbatt - ok
22:01:21.0715 3360 COMSysApp - ok
22:01:21.0731 3360 Cpqarray - ok
22:01:21.0762 3360 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
22:01:21.0762 3360 CryptSvc - ok
22:01:21.0762 3360 dac2w2k - ok
22:01:21.0778 3360 dac960nt - ok
22:01:21.0872 3360 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
22:01:21.0872 3360 DcomLaunch - ok
22:01:21.0934 3360 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
22:01:21.0934 3360 Dhcp - ok
22:01:21.0950 3360 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:01:21.0950 3360 Disk - ok
22:01:21.0950 3360 dmadmin - ok
22:01:22.0090 3360 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:01:22.0122 3360 dmboot - ok
22:01:22.0137 3360 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:01:22.0153 3360 dmio - ok
22:01:22.0184 3360 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:01:22.0184 3360 dmload - ok
22:01:22.0215 3360 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
22:01:22.0215 3360 dmserver - ok
22:01:22.0247 3360 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:01:22.0247 3360 DMusic - ok
22:01:22.0278 3360 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
22:01:22.0278 3360 Dnscache - ok
22:01:22.0309 3360 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
22:01:22.0309 3360 Dot3svc - ok
22:01:22.0356 3360 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
22:01:22.0372 3360 dot4 - ok
22:01:22.0387 3360 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
22:01:22.0387 3360 Dot4Print - ok
22:01:22.0403 3360 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
22:01:22.0403 3360 dot4usb - ok
22:01:22.0403 3360 dpti2o - ok
22:01:22.0434 3360 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:01:22.0434 3360 drmkaud - ok
22:01:22.0450 3360 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
22:01:22.0465 3360 EapHost - ok
22:01:22.0497 3360 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
22:01:22.0497 3360 ERSvc - ok
22:01:22.0544 3360 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:01:22.0559 3360 Eventlog - ok
22:01:22.0637 3360 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
22:01:22.0653 3360 EventSystem - ok
22:01:22.0872 3360 EvtEng (c37b83b51cdf10e5bb6f78a7e4fed11a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:01:22.0887 3360 EvtEng - ok
22:01:22.0966 3360 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:01:22.0966 3360 Fastfat - ok
22:01:23.0028 3360 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:23.0044 3360 FastUserSwitchingCompatibility - ok
22:01:23.0091 3360 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:01:23.0091 3360 Fdc - ok
22:01:23.0137 3360 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:01:23.0137 3360 Fips - ok
22:01:23.0153 3360 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:01:23.0153 3360 Flpydisk - ok
22:01:23.0200 3360 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:01:23.0200 3360 FltMgr - ok
22:01:23.0341 3360 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
22:01:23.0341 3360 FontCache3.0.0.0 - ok
22:01:23.0372 3360 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:01:23.0372 3360 Fs_Rec - ok
22:01:23.0403 3360 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:01:23.0403 3360 Ftdisk - ok
22:01:23.0450 3360 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
22:01:23.0450 3360 GEARAspiWDM - ok
22:01:23.0466 3360 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:01:23.0466 3360 Gpc - ok
22:01:23.0528 3360 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:01:23.0544 3360 HDAudBus - ok
22:01:23.0559 3360 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:01:23.0575 3360 helpsvc - ok
22:01:23.0575 3360 HidServ - ok
22:01:23.0622 3360 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:01:23.0622 3360 HidUsb - ok
22:01:23.0669 3360 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
22:01:23.0684 3360 hkmsvc - ok
22:01:23.0684 3360 hpn - ok
22:01:23.0716 3360 HSFHWAZL (b1526810210980bed9d22315946c919d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:01:23.0731 3360 HSFHWAZL - ok
22:01:23.0856 3360 HSF_DPV (ddbd528e60f5961c142a490dc4ea7780) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:01:23.0888 3360 HSF_DPV - ok
22:01:23.0950 3360 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:01:23.0950 3360 HTTP - ok
22:01:24.0013 3360 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
22:01:24.0013 3360 HTTPFilter - ok
22:01:24.0013 3360 i2omgmt - ok
22:01:24.0028 3360 i2omp - ok
22:01:24.0091 3360 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:01:24.0091 3360 i8042prt - ok
22:01:24.0747 3360 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:01:24.0966 3360 ialm - ok
22:01:25.0294 3360 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:01:25.0310 3360 idsvc - ok
22:01:25.0450 3360 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:01:25.0450 3360 Imapi - ok
22:01:25.0528 3360 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
22:01:25.0528 3360 ImapiService - ok
22:01:25.0544 3360 ini910u - ok
22:01:25.0560 3360 IntelIde - ok
22:01:25.0606 3360 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:01:25.0606 3360 intelppm - ok
22:01:25.0653 3360 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:01:25.0653 3360 Ip6Fw - ok
22:01:25.0700 3360 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:01:25.0700 3360 IpFilterDriver - ok
22:01:25.0700 3360 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:01:25.0700 3360 IpInIp - ok
22:01:25.0747 3360 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:01:25.0747 3360 IpNat - ok
22:01:25.0778 3360 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:01:25.0778 3360 IPSec - ok
22:01:25.0810 3360 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:01:25.0825 3360 IRENUM - ok
22:01:25.0872 3360 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:01:25.0872 3360 isapnp - ok
22:01:26.0013 3360 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
22:01:26.0013 3360 JavaQuickStarterService - ok
22:01:26.0044 3360 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:01:26.0044 3360 Kbdclass - ok
22:01:26.0075 3360 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:01:26.0075 3360 kbdhid - ok
22:01:26.0153 3360 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:01:26.0153 3360 kmixer - ok
22:01:26.0185 3360 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:01:26.0200 3360 KSecDD - ok
22:01:26.0247 3360 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
22:01:26.0247 3360 LanmanServer - ok
22:01:26.0310 3360 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
22:01:26.0325 3360 lanmanworkstation - ok
22:01:26.0325 3360 lbrtfdc - ok
22:01:26.0388 3360 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
22:01:26.0388 3360 LmHosts - ok
22:01:26.0419 3360 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
22:01:26.0419 3360 MBAMProtector - ok
22:01:26.0419 3360 MBAMService - ok
22:01:26.0466 3360 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:01:26.0466 3360 mdmxsdk - ok
22:01:26.0497 3360 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
22:01:26.0513 3360 Messenger - ok
22:01:26.0513 3360 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:01:26.0513 3360 mnmdd - ok
22:01:26.0560 3360 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
22:01:26.0560 3360 mnmsrvc - ok
22:01:26.0591 3360 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:01:26.0591 3360 Modem - ok
22:01:26.0607 3360 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:01:26.0607 3360 Mouclass - ok
22:01:26.0653 3360 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:01:26.0653 3360 mouhid - ok
22:01:26.0669 3360 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:01:26.0669 3360 MountMgr - ok
22:01:26.0669 3360 mraid35x - ok
22:01:26.0700 3360 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:01:26.0700 3360 MRxDAV - ok
22:01:26.0778 3360 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:01:26.0794 3360 MRxSmb - ok
22:01:26.0841 3360 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
22:01:26.0841 3360 MSDTC - ok
22:01:26.0872 3360 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:01:26.0872 3360 Msfs - ok
22:01:26.0872 3360 MSIServer - ok
22:01:26.0935 3360 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:01:26.0935 3360 MSKSSRV - ok
22:01:26.0935 3360 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:01:26.0935 3360 MSPCLOCK - ok
22:01:26.0950 3360 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:01:26.0950 3360 MSPQM - ok
22:01:26.0997 3360 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:01:26.0997 3360 mssmbios - ok
22:01:27.0044 3360 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:01:27.0044 3360 Mup - ok
22:01:27.0122 3360 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
22:01:27.0138 3360 napagent - ok
22:01:27.0169 3360 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:01:27.0185 3360 NDIS - ok
22:01:27.0216 3360 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:01:27.0216 3360 NdisTapi - ok
22:01:27.0278 3360 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:01:27.0278 3360 Ndisuio - ok
22:01:27.0294 3360 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:01:27.0310 3360 NdisWan - ok
22:01:27.0341 3360 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:01:27.0341 3360 NDProxy - ok
22:01:27.0357 3360 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:01:27.0357 3360 NetBIOS - ok
22:01:27.0403 3360 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:01:27.0419 3360 NetBT - ok
22:01:27.0450 3360 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:01:27.0450 3360 NetDDE - ok
22:01:27.0466 3360 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
22:01:27.0466 3360 NetDDEdsdm - ok
22:01:27.0497 3360 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:27.0497 3360 Netlogon - ok
22:01:27.0528 3360 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
22:01:27.0544 3360 Netman - ok
22:01:27.0700 3360 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
22:01:27.0732 3360 NetTcpPortSharing - ok
22:01:28.0263 3360 NETw5x32 (91f027c242d3ff6e5c09f92a0518297f) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
22:01:28.0435 3360 NETw5x32 - ok
22:01:28.0591 3360 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:01:28.0607 3360 NIC1394 - ok
22:01:28.0669 3360 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
22:01:28.0685 3360 Nla - ok
22:01:28.0732 3360 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:01:28.0732 3360 Npfs - ok
22:01:28.0794 3360 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:01:28.0810 3360 Ntfs - ok
22:01:28.0857 3360 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:28.0857 3360 NtLmSsp - ok
22:01:28.0935 3360 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
22:01:28.0950 3360 NtmsSvc - ok
22:01:29.0013 3360 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:01:29.0013 3360 Null - ok
22:01:29.0076 3360 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:01:29.0076 3360 NwlnkFlt - ok
22:01:29.0091 3360 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:01:29.0091 3360 NwlnkFwd - ok
22:01:29.0122 3360 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:01:29.0122 3360 ohci1394 - ok
22:01:29.0169 3360 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
22:01:29.0169 3360 Parport - ok
22:01:29.0169 3360 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:01:29.0185 3360 PartMgr - ok
22:01:29.0232 3360 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:01:29.0232 3360 ParVdm - ok
22:01:29.0247 3360 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:01:29.0247 3360 PCI - ok
22:01:29.0294 3360 PCIDump - ok
22:01:29.0294 3360 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:01:29.0294 3360 PCIIde - ok
22:01:29.0341 3360 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:01:29.0357 3360 Pcmcia - ok
22:01:29.0357 3360 PDCOMP - ok
22:01:29.0357 3360 PDFRAME - ok
22:01:29.0372 3360 PDRELI - ok
22:01:29.0372 3360 PDRFRAME - ok
22:01:29.0388 3360 perc2 - ok
22:01:29.0388 3360 perc2hib - ok
22:01:29.0466 3360 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
22:01:29.0466 3360 PlugPlay - ok
22:01:29.0482 3360 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:29.0482 3360 PolicyAgent - ok
22:01:29.0497 3360 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:01:29.0497 3360 PptpMiniport - ok
22:01:29.0497 3360 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:29.0513 3360 ProtectedStorage - ok
22:01:29.0513 3360 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:01:29.0529 3360 PSched - ok
22:01:29.0529 3360 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:01:29.0529 3360 Ptilink - ok
22:01:29.0544 3360 ql1080 - ok
22:01:29.0544 3360 Ql10wnt - ok
22:01:29.0544 3360 ql12160 - ok
22:01:29.0560 3360 ql1240 - ok
22:01:29.0560 3360 ql1280 - ok
22:01:29.0591 3360 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:01:29.0591 3360 RasAcd - ok
22:01:29.0622 3360 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
22:01:29.0622 3360 RasAuto - ok
22:01:29.0654 3360 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:01:29.0654 3360 Rasl2tp - ok
22:01:29.0701 3360 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
22:01:29.0701 3360 RasMan - ok
22:01:29.0716 3360 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:01:29.0716 3360 RasPppoe - ok
22:01:29.0716 3360 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:01:29.0732 3360 Raspti - ok
22:01:29.0763 3360 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:01:29.0763 3360 Rdbss - ok
22:01:29.0779 3360 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:01:29.0779 3360 RDPCDD - ok
22:01:29.0826 3360 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:01:29.0826 3360 rdpdr - ok
22:01:29.0904 3360 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
22:01:29.0904 3360 RDPWD - ok
22:01:29.0951 3360 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
22:01:29.0951 3360 RDSessMgr - ok
22:01:29.0982 3360 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:01:29.0982 3360 redbook - ok
22:01:30.0185 3360 RegSrvc (c96980cccf84329824623b0b50383703) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:01:30.0201 3360 RegSrvc - ok
22:01:30.0247 3360 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
22:01:30.0263 3360 RemoteAccess - ok
22:01:30.0294 3360 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
22:01:30.0294 3360 RemoteRegistry - ok
22:01:30.0357 3360 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
22:01:30.0357 3360 RpcLocator - ok
22:01:30.0451 3360 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
22:01:30.0451 3360 RpcSs - ok
22:01:30.0513 3360 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
22:01:30.0529 3360 RSVP - ok
22:01:30.0716 3360 S24EventMonitor (0fcb7eeb0e81a777735a5af185f56c2b) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
22:01:30.0748 3360 S24EventMonitor - ok
22:01:30.0794 3360 s24trans (96b4494d4734970f47c566e098c4f527) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:01:30.0794 3360 s24trans - ok
22:01:30.0841 3360 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
22:01:30.0841 3360 SamSs - ok
22:01:30.0919 3360 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:01:30.0919 3360 SASDIFSV - ok
22:01:30.0951 3360 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:01:30.0951 3360 SASKUTIL - ok
22:01:31.0013 3360 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
22:01:31.0013 3360 SCardSvr - ok
22:01:31.0091 3360 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
22:01:31.0107 3360 Schedule - ok
22:01:31.0138 3360 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:01:31.0138 3360 sdbus - ok
22:01:31.0169 3360 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:01:31.0169 3360 Secdrv - ok
22:01:31.0232 3360 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
22:01:31.0232 3360 seclogon - ok
22:01:31.0248 3360 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
22:01:31.0248 3360 SENS - ok
22:01:31.0294 3360 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:01:31.0294 3360 Serenum - ok
22:01:31.0310 3360 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
22:01:31.0310 3360 Serial - ok
22:01:31.0373 3360 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:01:31.0373 3360 Sfloppy - ok
22:01:31.0466 3360 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
22:01:31.0482 3360 SharedAccess - ok
22:01:31.0544 3360 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:31.0544 3360 ShellHWDetection - ok
22:01:31.0560 3360 Simbad - ok
22:01:31.0576 3360 Sparrow - ok
22:01:31.0623 3360 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:01:31.0623 3360 splitter - ok
22:01:31.0685 3360 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
22:01:31.0685 3360 Spooler - ok
22:01:31.0732 3360 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:01:31.0732 3360 sr - ok
22:01:31.0763 3360 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
22:01:31.0779 3360 srservice - ok
22:01:31.0841 3360 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:01:31.0857 3360 Srv - ok
22:01:31.0920 3360 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
22:01:31.0920 3360 SSDPSRV - ok
22:01:31.0998 3360 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
22:01:32.0013 3360 STacSV - ok
22:01:32.0170 3360 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
22:01:32.0201 3360 STHDA - ok
22:01:32.0263 3360 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
22:01:32.0279 3360 stisvc - ok
22:01:32.0373 3360 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:01:32.0373 3360 swenum - ok
22:01:32.0404 3360 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:01:32.0404 3360 swmidi - ok
22:01:32.0404 3360 SwPrv - ok
22:01:32.0420 3360 symc810 - ok
22:01:32.0420 3360 symc8xx - ok
22:01:32.0435 3360 sym_hi - ok
22:01:32.0435 3360 sym_u3 - ok
22:01:32.0466 3360 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:01:32.0482 3360 sysaudio - ok
22:01:32.0529 3360 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
22:01:32.0545 3360 SysmonLog - ok
22:01:32.0591 3360 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
22:01:32.0591 3360 TapiSrv - ok
22:01:32.0685 3360 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:01:32.0701 3360 Tcpip - ok
22:01:32.0732 3360 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:01:32.0732 3360 TDPIPE - ok
22:01:32.0748 3360 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:01:32.0748 3360 TDTCP - ok
22:01:32.0795 3360 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:01:32.0795 3360 TermDD - ok
22:01:32.0857 3360 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
22:01:32.0873 3360 TermService - ok
22:01:32.0951 3360 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
22:01:32.0951 3360 Themes - ok
22:01:32.0998 3360 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
22:01:32.0998 3360 TlntSvr - ok
22:01:32.0998 3360 TosIde - ok
22:01:33.0060 3360 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
22:01:33.0060 3360 TrkWks - ok
22:01:33.0107 3360 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:01:33.0123 3360 Udfs - ok
22:01:33.0123 3360 UIUSys - ok
22:01:33.0123 3360 ultra - ok
22:01:33.0217 3360 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:01:33.0232 3360 Update - ok
22:01:33.0310 3360 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
22:01:33.0326 3360 upnphost - ok
22:01:33.0373 3360 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
22:01:33.0373 3360 UPS - ok
22:01:33.0435 3360 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
22:01:33.0435 3360 USBAAPL - ok
22:01:33.0482 3360 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
22:01:33.0482 3360 USBCCID - ok
22:01:33.0529 3360 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:01:33.0545 3360 usbehci - ok
22:01:33.0545 3360 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:01:33.0560 3360 usbhub - ok
22:01:33.0592 3360 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:01:33.0592 3360 usbscan - ok
22:01:33.0623 3360 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:01:33.0623 3360 usbstor - ok
22:01:33.0623 3360 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:01:33.0623 3360 usbuhci - ok
22:01:33.0732 3360 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:01:33.0732 3360 VgaSave - ok
22:01:33.0732 3360 ViaIde - ok
22:01:33.0795 3360 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:01:33.0795 3360 VolSnap - ok
22:01:33.0873 3360 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
22:01:33.0888 3360 VSS - ok
22:01:34.0138 3360 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
22:01:34.0170 3360 vToolbarUpdater10.2.0 - ok
22:01:34.0232 3360 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
22:01:34.0232 3360 W32Time - ok
22:01:34.0295 3360 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:01:34.0295 3360 Wanarp - ok
22:01:34.0310 3360 WDICA - ok
22:01:34.0357 3360 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:01:34.0357 3360 wdmaud - ok
22:01:34.0389 3360 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
22:01:34.0404 3360 WebClient - ok
22:01:34.0498 3360 winachsf (96aff1738271755a39b52eef7e35f98f) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:01:34.0529 3360 winachsf - ok
22:01:34.0607 3360 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
22:01:34.0607 3360 winmgmt - ok
22:01:34.0795 3360 WLANKEEPER (c9b9942eeca0b82e35d60627e365510a) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
22:01:34.0810 3360 WLANKEEPER - ok
22:01:34.0873 3360 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
22:01:34.0873 3360 WmdmPmSN - ok
22:01:34.0998 3360 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
22:01:34.0998 3360 Wmi - ok
22:01:35.0029 3360 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:01:35.0045 3360 WmiAcpi - ok
22:01:35.0076 3360 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:01:35.0092 3360 WmiApSrv - ok
22:01:35.0248 3360 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
22:01:35.0264 3360 WMPNetworkSvc - ok
22:01:35.0529 3360 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
22:01:35.0561 3360 WPFFontCache_v0400 - ok
22:01:35.0654 3360 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:01:35.0670 3360 WS2IFSL - ok
22:01:35.0717 3360 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
22:01:35.0732 3360 wscsvc - ok
22:01:35.0779 3360 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
22:01:35.0779 3360 wuauserv - ok
22:01:35.0873 3360 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
22:01:35.0889 3360 WZCSVC - ok
22:01:35.0967 3360 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
22:01:35.0967 3360 xmlprov - ok
22:01:36.0014 3360 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:01:36.0357 3360 \Device\Harddisk0\DR0 - ok
22:01:36.0373 3360 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
22:01:37.0498 3360 \Device\Harddisk1\DR2 - ok
22:01:37.0498 3360 Boot (0x1200) (6eae2cc19ccbb9df4e32bdcaed758273) \Device\Harddisk0\DR0\Partition0
22:01:37.0498 3360 \Device\Harddisk0\DR0\Partition0 - ok
22:01:37.0514 3360 Boot (0x1200) (06c700e4e6cd2cf3e575affe527d4db1) \Device\Harddisk1\DR2\Partition0
22:01:37.0514 3360 \Device\Harddisk1\DR2\Partition0 - ok
22:01:37.0514 3360 ================================================== ==========
22:01:37.0514 3360 Scan finished
22:01:37.0514 3360 ================================================== ==========
22:01:37.0529 3340 Detected object count: 1
22:01:37.0529 3340 Actual detected object count: 1
22:01:45.0733 3340 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
22:01:48.0437 3340 Backup copy not found, trying to cure infected file..
22:01:48.0437 3340 C:\WINDOWS\System32\drivers\afd.sys - Cure failed (FFFFFFFF)
22:01:48.0437 3340 C:\WINDOWS\System32\drivers\afd.sys - processing error
22:01:50.0218 3340 AFD ( Virus.Win32.ZAccess.k ) - User select action: Cure
23:43:53.0421 3160 Deinitialize success
Reply With Quote
  #38  
Old April 30th, 2012, 12:29 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
afd.sys still altered. Let's replace it using a different approach.

But first, reboot and run TDSSKiller again. If this new log is not the same as the one just posted, please post that for review. Sometimes an extra reboot is needed for the changes to take.
Reply With Quote
  #39  
Old April 30th, 2012, 02:09 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
?

How do you copy the log? There's a report inside but not made as a text document.I tried copying to quaranteen, not copying to quaranteen and other steps.
Reply With Quote
  #40  
Old April 30th, 2012, 02:20 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
It should be here, with a name reflecting the time/date of the run:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt
Reply With Quote
  #41  
Old May 1st, 2012, 03:19 AM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
tdds

It will not post - file characters too long And there is no file like: TDSSKiller.2.2.0 More like: TDSSKiller.2.7.33.0_29.04.2012_21.04.33_log

Last edited by pmarc; May 1st, 2012 at 03:27 AM.
Reply With Quote
  #42  
Old May 1st, 2012, 03:41 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
TDSSKiller.2.7.33.0_29.04.2012_21.04.33_log

29.04.2012


Date the log was created. That is the one with too many characters - the most recent one?
Reply With Quote
  #43  
Old May 1st, 2012, 02:16 PM
pmarc pmarc is offline
Member
 
Join Date: Feb 2009
Posts: 32
log

Yes
Reply With Quote
  #44  
Old May 2nd, 2012, 12:29 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,815
Zip a copy of it, and send it to jintan@malwarecrypt.com as an attachment. Please place "Submitted Files -pmarc/cth/tdss" as the email Subject.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:28 AM.