ZeroAccess Rootkit .. need help ..

[jvguardianz]

Hi
my laptop is being infected since 4 days ago .. when I try to search on Google, it will redirect to another sites ..
and when I tried to scan it with antivirus, it seems to be closed early without any notice ..

here's the DDS log ..

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_27
Run by gagaga at 22:12:25 on 2011-10-02
Microsoft Windows 8 Ultimate 6.1.7600.0.1252.1.1033.18.1909.1047 [GMT 7:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\windows\1798245580:871616660.exe
C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\ChiconyCam\CECPLFKT.exe
C:\Program Files\Connectify\Connectifyd.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\lxdpcoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\ControlCenter\controlcenter.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe
H:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Lexmark Z2300 Series\lxdpMsdMon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\SpyNoMore\SNM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
H:\Program Files\PC Tools Security\BDT\FGuard.exe
E:\Internet Download Manager\IDMan.exe
C:\Program Files\Connectify\Connectify.exe
H:\eBoostr\eBoostrCP.exe
E:\Rainmeter\Rainmeter.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\windows\system32\svchost.exe -k imgsvc
H:\Program Files\Modem AC2726i UI\bin\MonServiceUDisk.exe
C:\Program Files\Motorola\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
E:\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Motorola\Bluetooth\audiosrv.exe
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files\Connectify\ConnectifyNetServices.exe
C:\windows\system32\conhost.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\AUDIODG.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - h:\program files\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Winamp Toolbar Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot_.dll
BHO: AutorunsDisabled - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - e:\internet download manager\IDMIECC.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - h:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: SBCONVERT Class: {3017fb3e-9a77-4396-88c5-0ec9548fb42f} - c:\program files\speedbit video downloader\tbu80\tbcore3.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - c:\progra~1\search~1\SEARCH~1.DLL
BHO: Shop to Win 11: {67d688ec-87da-4a28-bfa5-c4db8be5c9ea} - c:\program files\shop to win 11\Shop to Win 11.dll
BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot_.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - e:\dap\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedb~1\tbu80\grabber.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\tbu80\tbcore3.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} -
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\tbcore3.dll
TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot_.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - h:\program files\pc tools security\bdt\PCTBrowserDefender.dll
uRun: [IDMan] e:\internet download manager\IDMan.exe /onboot
uRun: [SM?RT-Protection] c:\program files\smadav\SM?RTP.exe rtp
uRun: [Connectify] c:\program files\connectify\Connectify.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ControlCenter] c:\program files\controlcenter\ControlCenter.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BTMTrayAgent] rundll32.exe "c:\program files\motorola\bluetooth\btmshell.dll",TrayApp
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [lxdpmon.exe] "c:\program files\lexmark z2300 series\lxdpmon.exe"
mRun: [lxdpamon] "c:\program files\lexmark z2300 series\lxdpamon.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [SpywareTerminatorShield] c:\program files\spyware terminator\SpywareTerminatorShield.exe
mRun: [SpywareTerminatorUpdater] c:\program files\spyware terminator\SpywareTerminatorUpdate.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PCTools FGuard] h:\program files\pc tools security\bdt\FGuard.exe
mRun: [Malwarebytes' Anti-Malware] "h:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eboost~1.lnk - h:\eboostr\eBoostrCP.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hotkey.lnk - c:\program files\hotkey\Hotkey.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - e:\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - e:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - e:\internet download manager\IEGetVL.htm
IE: Download with IDM - e:\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\motorola\bluetooth\btmiesend.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 202.162.209.26 8.8.8.8
TCP: Interfaces\{10A33F2F-37CE-42B1-B6E8-D52AE9B6547F} : NameServer = 192.168.2.1
TCP: Interfaces\{2B04DE6A-5FCE-4181-8E1B-3C684EF814EB} : NameServer = 10.8.15.15 10.8.17.4
TCP: Interfaces\{E27EC556-CE80-4AB8-9A8A-DD3CDB802EDB} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{E27EC556-CE80-4AB8-9A8A-DD3CDB802EDB} : DhcpNameServer = 202.162.209.26 8.8.8.8
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\dap\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - e:\dap\dapie.dll
Notify: igfxcui - igfxdev.dll
STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\w7fbc\dll.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
mASetup: {8BE421A2-13EA-4507-BB04-22A818F9FF74} - c:\program files\win32\windl.exe s
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gagaga\appdata\roaming\mozilla\firefox\profiles\m9wbz0wb.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: h:\itunes\mozilla plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-26 263888]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-9-26 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-9-26 656320]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2008-5-30 27704]
R1 cnnctfy2;Connectify LightWeight Filter;c:\windows\system32\drivers\cnnctfy2.sys [2011-9-26 27248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-26 251560]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2011-9-26 32768]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\motorola\bluetooth\obexsrv.exe [2011-1-18 508680]
R2 Browser Defender Update Service;Browser Defender Update Service;h:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-9-27 337872]
R2 CECFLPKT;CECFLPKT;c:\program files\chiconycam\CECPLFKT.exe [2011-1-18 84592]
R2 Connectify;Connectify;c:\program files\connectify\Connectifyd.exe [2011-3-10 892992]
R2 HWEasyDevice;HWEasyDevice;c:\program files\controlcenter\HWEasy.sys [2010-10-25 16640]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-10-25 13336]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-2-12 85768]
R2 lxdp_device;lxdp_device;c:\windows\system32\lxdpcoms.exe -service --> c:\windows\system32\lxdpcoms.exe -service [?]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-9-26 160576]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2011-9-26 482992]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-9-29 13752]
R2 UDisk Monitor;UDisk Monitor;h:\program files\modem ac2726i ui\bin\MonServiceUDisk.exe [2011-9-2 266240]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-10-25 2320920]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-5-10 17984]
R3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\motorola\bluetooth\devmgrsrv.exe [2011-1-18 3512072]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\motorola\bluetooth\audiosrv.exe [2011-1-18 901384]
R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2011-3-8 29248]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2002-1-1 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2002-1-1 232960]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-1-18 140376]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver;c:\windows\system32\drivers\JME.sys [2011-1-18 110064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-21 22216]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-9-27 56536]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\drivers\rtl8192ce.sys [2011-1-18 984168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 EBOOSTRSVC;eBoostr Service;h:\eboostr\EBstrSvc.exe [2010-4-15 647296]
S2 lxdpCATSCustConnectService;lxdpCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdpserv.exe [2007-12-1 98984]
S2 MBAMService;MBAMService;h:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-21 366152]
S2 PowerBiosServer;PowerBiosServer;c:\program files\hotkey\PowerBiosServer.exe [2010-3-3 33792]
S2 StarWindServiceAE;StarWind AE Service;e:\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 372736]
S2 tuEaglesService;tuEagles Service; [x]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S2 WRConsumerService;Webroot Client Service;"c:\program files\webroot\webrootsecurity\wrconsumerservice.exe" --> c:\program files\webroot\webrootsecurity\WRConsumerService.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btmaudio;Motorola Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-1-18 33280]
S3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\drivers\btmcom.sys [2011-1-18 41344]
S3 BTMMODEM;Bluetooth Modem Device;c:\windows\system32\drivers\btmcom.sys [2011-1-18 41344]
S3 BTMNET;Motorola Bluetooth Network Adapter Service;c:\windows\system32\drivers\btmnet.sys [2011-1-18 21760]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\drivers\btmusb.sys [2011-1-18 395776]
S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2011-3-8 29248]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-8-19 200192]
S3 HideMyIpSRV;HideMyIpSRV;e:\hide my ip\HideMyIpSrv.exe [2011-3-3 3039536]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2011-8-19 101376]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-10-25 67624]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-9-27 89472]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-9-27 56536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-9-27 125248]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-26 70536]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2011-1-18 3314048]
S3 sdAuxService;PC Tools Auxiliary Service;h:\program files\pc tools security\pctsAuxs.exe [2011-9-26 371472]
S3 sdCoreService;PC Tools Security Service;h:\program files\pc tools security\pctsSvc.exe [2011-9-26 1117144]
S3 ThreatFire;ThreatFire;h:\program files\pc tools security\tfengine\tfservice.exe service --> h:\program files\pc tools security\tfengine\TFService.exe service [?]
S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [2011-10-2 339600]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-9-29 99768]
S3 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~3\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~3\VideoAcceleratorService.exe -start -scm [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-9-2 104704]
.
=============== Created Last 30 ================
.
2011-10-02 14:47:24 94896 ----a-w- c:\windows\system32\drivers\81363479.sys
2011-10-02 14:42:04 -------- d-s---w- C:\ComboFix
2011-10-02 14:14:22 339600 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2011-09-29 05:21:35 -------- d-----w- c:\users\gagaga\appdata\local\Threat Expert
2011-09-27 15:58:59 -------- d-----w- c:\users\gagaga\appdata\local\ElevatedDiagnostics
2011-09-27 15:55:11 -------- d-----w- c:\program files\PC Tools Registry Tool
2011-09-27 15:44:13 767952 ----a-w- c:\windows\BDTSupport.dll
2011-09-27 15:44:12 2074576 ----a-w- c:\windows\PCTBDCore.dll
2011-09-27 15:44:12 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-09-27 15:44:12 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-09-27 15:43:14 233976 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2011-09-27 15:43:13 69392 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-27 15:43:12 51984 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-27 15:43:12 33552 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-27 15:43:02 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-09-27 15:43:02 31960 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-09-27 15:43:01 56536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-09-27 15:43:01 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-09-27 14:31:15 47616 ----a-w- C:\Win32kDiag.exe
2011-09-27 14:30:28 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-09-27 14:17:13 48016 --sha-w- c:\windows\system32\c_50510.nl_
2011-09-27 08:14:58 98816 ----a-w- c:\windows\sed.exe
2011-09-27 08:14:58 518144 ----a-w- c:\windows\SWREG.exe
2011-09-27 08:14:58 256000 ----a-w- c:\windows\PEV.exe
2011-09-27 08:14:58 208896 ----a-w- c:\windows\MBR.exe
2011-09-26 16:53:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-26 16:43:51 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-09-26 16:43:51 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-09-26 16:43:50 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-26 16:43:50 105280 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-26 16:43:42 263888 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-26 16:43:42 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-26 16:43:39 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-26 16:43:32 -------- d-----w- c:\users\gagaga\appdata\roaming\PC Tools
2011-09-26 16:43:32 -------- d-----w- c:\program files\common files\PC Tools
2011-09-26 16:29:33 -------- d-----w- c:\programdata\PC Tools
2011-09-26 16:13:40 520496 ----a-w- c:\windows\Listdlls.exe
2011-09-26 16:13:31 423288 ----a-w- c:\windows\handle.exe
2011-09-26 16:04:42 1152 ----a-w- c:\windows\system32\windrv.sys
2011-09-26 16:04:24 -------- d-----w- c:\program files\SpyNoMore
2011-09-26 15:44:19 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-09-26 15:44:19 -------- d-----w- c:\users\gagaga\appdata\roaming\Spyware Terminator
2011-09-26 15:44:19 -------- d-----w- c:\programdata\Spyware Terminator
2011-09-26 15:44:18 -------- d-----w- c:\program files\Spyware Terminator
2011-09-26 15:03:14 -------- d-----w- c:\program files\Webroot
2011-09-26 14:51:50 -------- d-----w- c:\users\gagaga\appdata\roaming\AVG
2011-09-26 14:26:38 -------- d-----w- c:\users\gagaga\appdata\roaming\Smadav
2011-09-26 10:58:49 27248 ----a-w- c:\windows\system32\drivers\cnnctfy2.sys
2011-09-21 15:03:29 -------- d-----w- c:\users\gagaga\appdata\roaming\Research In Motion
2011-09-21 15:02:38 -------- d-----w- c:\program files\common files\Research In Motion
2011-09-21 12:09:02 -------- d-----w- c:\users\gagaga\appdata\local\Connectify
2011-09-21 12:08:04 -------- d-----w- c:\program files\Connectify
2011-09-18 10:11:31 -------- d-----w- c:\users\gagaga\appdata\local\PackageAware
2011-09-17 08:01:46 -------- d-----w- c:\users\gagaga\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-17 05:19:18 -------- d-----w- c:\users\gagaga\appdata\local\Microsoft Help
2011-09-12 11:12:56 -------- d-----w- c:\users\gagaga\appdata\roaming\Password Solutions
2011-09-10 17:57:53 -------- d-----w- c:\users\gagaga\appdata\roaming\Malwarebytes
2011-09-09 15:47:45 -------- d-----w- c:\users\gagaga\appdata\roaming\IDM
2011-09-09 15:47:44 -------- d-----w- c:\users\gagaga\appdata\roaming\DMCache
2011-09-09 14:06:53 -------- d-----w- c:\programdata\ALM
2011-09-09 14:01:41 -------- d-----w- c:\users\gagaga\appdata\local\Adobe
2011-09-09 09:23:52 -------- d-----w- c:\users\gagaga\appdata\local\Apple Computer
2011-09-09 09:12:56 -------- d-----w- c:\users\gagaga\appdata\local\Mozilla
2011-09-09 09:02:00 -------- d-----w- c:\users\gagaga\appdata\local\Microsoft Games
2011-09-09 09:01:49 -------- d-----w- c:\users\gagaga\appdata\local\Winamp Toolbar
2011-09-09 08:57:37 -------- d-----w- c:\users\gagaga\appdata\roaming\DAEMON Tools Pro
2011-09-09 08:57:17 -------- d-----w- c:\users\gagaga\appdata\roaming\Rainmeter
2011-09-09 08:56:58 -------- d-----w- c:\users\gagaga\appdata\roaming\Intel Corporation
2011-09-08 05:21:13 10752 ----a-w- c:\windows\system32\zfeuipcpbleyrbr.exe
2011-09-03 09:42:42 -------- d-----w- c:\program files\YouTube Downloader Toolbar
2011-09-03 09:42:42 -------- d-----w- c:\program files\common files\Spigot
2011-09-03 09:42:42 -------- d-----w- c:\program files\Application Updater
.
==================== Find3M ====================
.
2011-10-02 14:34:20 36352 ----a-w- c:\windows\system32\drivers\netbios.sys
2011-10-02 14:22:33 594600 ----a-w- c:\windows\system32\lxdpcoms.exe
2011-10-02 14:14:34 36352 ----a-w- c:\windows\system32\drivers\netbios.sys_CLN
2011-10-02 02:17:27 187904 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-09-29 16:31:02 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-09-29 13:43:58 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-09-27 23:47:40 35328 ----a-w- c:\windows\system32\drivers\blbdrive.sys
2011-09-27 17:13:51 108544 ----a-w- c:\windows\system32\drivers\cdrom.sys
2011-09-27 17:07:56 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-27 14:30:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-21 17:06:43 256 ----a-w- c:\windows\system32\pool.bin
2011-09-19 15:28:43 3766 --sha-w- c:\programdata\KGyGaAvL.sys
2011-09-19 15:28:43 168 --sh--r- c:\programdata\CD1FD9D0D0.sys
2011-09-09 08:41:19 8107 ----a-w- c:\windows\w7dsd.reg
2011-09-09 08:41:19 8089 ----a-w- c:\windows\w7dse.reg
2011-08-31 10:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 11:59:12 233888 ----a-w- c:\windows\system32\DreamScene.dll
2011-07-28 03:52:06 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-03-13 12:22:34 15296 ----a-w- c:\program files\virtual88.ini
.
============= FINISH: 22:13:27.79 ===============

please help me ..

[jeffce]

Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

• I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for the issues on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

Having said that....Let's get going!! :thumbup:
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

If you would like to continue with the cleaning please continue with the following instructions and I will be more than happy to help.
----------


Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
• Right-click and Run as Administrator GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------


Please download aswMBR to your desktop.

• Double click the aswMBR icon to run it.
  Vista and Windows 7 users right click the icon and choose "Run as administrator".
• Click the Scan button to start scan.
• When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

Click the image to enlarge it
----------

In your next reply please post the logs created by GMER and aswMBR.

(Note: I will be traveling this week for work but will be able to review your logs in the evenings Central Standard Time. I will do my best to be quick with my responses.)

[jvguardianz]

Hi Jeff,
unfortunately, when i tried to run these programs, it suddenly disappeared ..
I don't know why .. but I think this is because the rootkit ..


Regards, Jeremy

[jeffce]

Hi,

Is it alright to call you Jeremy?
---------

Try to run GMER again in Safe Mode. Don't worry about aswMBR.

Reboot Your System in Safe Mode

How to use the F8 method to Start Your Computer in Safe Mode

• Restart the computer.
• As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
• Use the arrow keys to select the Safe mode with Networking menu item
• Press Enter.

Let me know what happens after you run GMER. If there are any messages given let me know what they were.

[jvguardianz]

Hi Jeff
yeah, my name is Jeremy
and sorry for my bad english x_x

this is the Gmer's log with IAT/EAT untick

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-03 19:04:25
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1
Running: gmer.exe; Driver: C:\Users\gagaga\AppData\Local\Temp\kxtiapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x892DC0B6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x892DC37E]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x892DC67A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x892DBB26]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83499579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834BDF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 834C582C 8 Bytes [B6, C0, 2D, 89, 7E, C3, 2D, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 834C5864 4 Bytes [7A, C6, 2D, 89]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 834C5CB8 4 Bytes [26, BB, 2D, 89]
.text autochk.exe 004311D1 73 Bytes [10, 08, FE, 75, 41, 8B, 4D, ...]
.text autochk.exe 0043121B 4 Bytes [0F, 84, C8, 00]
.text autochk.exe 00431220 129 Bytes [00, 83, 7D, 18, 00, 7E, 6D, ...]
.text autochk.exe 004312A2 1 Byte [00]
.text autochk.exe 004312A2 7 Bytes [00, 00, C7, 44, 01, 04, 00]
.text ...

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000007c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 e:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x82 0x1F 0xD8 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x6C 0xEC 0x03 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x02 0x68 0xFE ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x44 0x49 0xC4 0x5F ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEB 0xF2 0x22 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 e:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x82 0x1F 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x6C 0xEC 0x03 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x02 0x68 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x44 0x49 0xC4 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEB 0xF2 0x22 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 e:\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 H:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x98 0x82 0x1F 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x6C 0xEC 0x03 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0x02 0x68 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a1 0x10 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x7C 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x44 0x49 0xC4 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xEB 0xF2 0x22 0x2D ...

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB7320$\3423350635 0 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\@ 2048 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\click.tlb 2144 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\L 0 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\L\xadqgnnk 74240 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\loader.tlb 2540 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U 0 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@000000c0 3584 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@80000000 26112 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@800000c0 35840 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@800000cb 27648 bytes
File C:\Windows\$NtUninstallKB7320$\3423350635\U\@800000cf 27648 bytes
File C:\Windows\$NtUninstallKB7320$\833271713 0 bytes
ADS C:\Windows\1798245580:871616660.exe 816 bytes executable <-- ROOTKIT !!!

---- Services - GMER 1.0.15 ----

Service C:\windows\1798245580:871616660.exe [MANUAL] cc0c2f6b <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----


Thanks and regards,
Jeremy

[jeffce]

Hi Jeremy,

No...your English is fine, but if there is something that you do not understand please let me know before attempting any of my instructions.
----------

Please do the following...

Please download TDSSKiller.zip

• Extract it to your desktop
• Right-click and Run as Administrator TDSSKiller.exe
• Press Start Scan
  
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now
• Copy and paste the log in your next reply
  
  • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Download Combofix from any of the links below but rename it to vageta.com before saving it to your Desktop.

Link 1
Link 2


==================================

Right-click and Run as Administrator on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[jvguardianz]

Hi
Sorry, when I ran combofix it's freezing .. And I left for 4 hours and it's still freezing .. I don't know ..

This is the TDSSKiller's log,

10:24:08.0964 7636 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
10:24:09.0609 7636 ============================================================
10:24:09.0609 7636 Current date / time: 2011/10/04 10:24:09.0609
10:24:09.0609 7636 SystemInfo:
10:24:09.0609 7636
10:24:09.0609 7636 OS Version: 6.1.7600 ServicePack: 0.0
10:24:09.0609 7636 Product type: Workstation
10:24:09.0610 7636 ComputerName: VAN-ROWLAND
10:24:09.0610 7636 UserName: gagaga
10:24:09.0610 7636 Windows directory: C:\windows
10:24:09.0610 7636 System windows directory: C:\windows
10:24:09.0610 7636 Processor architecture: Intel x86
10:24:09.0610 7636 Number of processors: 4
10:24:09.0610 7636 Page size: 0x1000
10:24:09.0610 7636 Boot type: Normal boot
10:24:09.0610 7636 ============================================================
10:24:10.0177 7636 Initialize success
10:24:12.0757 6316 ============================================================
10:24:12.0757 6316 Scan started
10:24:12.0757 6316 Mode: Manual;
10:24:12.0757 6316 ============================================================
10:24:15.0025 6316 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
10:24:15.0027 6316 1394ohci - ok
10:24:15.0157 6316 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
10:24:15.0160 6316 ACPI - ok
10:24:15.0241 6316 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
10:24:15.0242 6316 AcpiPmi - ok
10:24:15.0390 6316 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
10:24:15.0391 6316 adfs - ok
10:24:15.0561 6316 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
10:24:15.0564 6316 adp94xx - ok
10:24:15.0654 6316 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
10:24:15.0656 6316 adpahci - ok
10:24:15.0762 6316 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
10:24:15.0763 6316 adpu320 - ok
10:24:15.0931 6316 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
10:24:15.0933 6316 AFD - ok
10:24:16.0040 6316 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
10:24:16.0041 6316 agp440 - ok
10:24:16.0134 6316 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
10:24:16.0136 6316 aic78xx - ok
10:24:16.0217 6316 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
10:24:16.0218 6316 aliide - ok
10:24:16.0302 6316 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
10:24:16.0303 6316 amdagp - ok
10:24:16.0396 6316 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
10:24:16.0397 6316 amdide - ok
10:24:16.0478 6316 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
10:24:16.0480 6316 AmdK8 - ok
10:24:16.0552 6316 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
10:24:16.0553 6316 AmdPPM - ok
10:24:16.0664 6316 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
10:24:16.0665 6316 amdsata - ok
10:24:16.0778 6316 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
10:24:16.0780 6316 amdsbs - ok
10:24:16.0852 6316 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
10:24:16.0854 6316 amdxata - ok
10:24:16.0977 6316 ApfiltrService (91b05bbb609c79d73e2332b6e5f99aea) C:\windows\system32\DRIVERS\Apfiltr.sys
10:24:16.0979 6316 ApfiltrService - ok
10:24:17.0056 6316 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
10:24:17.0057 6316 AppID - ok
10:24:17.0229 6316 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
10:24:17.0230 6316 arc - ok
10:24:17.0312 6316 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
10:24:17.0313 6316 arcsas - ok
10:24:17.0457 6316 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
10:24:17.0458 6316 AsyncMac - ok
10:24:17.0572 6316 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
10:24:17.0573 6316 atapi - ok
10:24:17.0726 6316 athr (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
10:24:17.0733 6316 athr - ok
10:24:17.0859 6316 atksgt (72bc628af75c4c3250f2a3bac260265a) C:\windows\system32\DRIVERS\atksgt.sys
10:24:17.0861 6316 atksgt - ok
10:24:17.0988 6316 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
10:24:17.0991 6316 b06bdrv - ok
10:24:18.0073 6316 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
10:24:18.0075 6316 b57nd60x - ok
10:24:18.0210 6316 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
10:24:18.0211 6316 Beep - ok
10:24:18.0349 6316 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
10:24:18.0351 6316 blbdrive - ok
10:24:18.0451 6316 Bowrpisku - ok
10:24:18.0615 6316 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
10:24:18.0617 6316 bowser - ok
10:24:18.0716 6316 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:24:18.0717 6316 BrFiltLo - ok
10:24:18.0803 6316 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:24:18.0804 6316 BrFiltUp - ok
10:24:18.0971 6316 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
10:24:18.0973 6316 Brserid - ok
10:24:19.0069 6316 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
10:24:19.0071 6316 BrSerWdm - ok
10:24:19.0146 6316 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
10:24:19.0147 6316 BrUsbMdm - ok
10:24:19.0241 6316 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
10:24:19.0243 6316 BrUsbSer - ok
10:24:19.0303 6316 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
10:24:19.0305 6316 BTHMODEM - ok
10:24:19.0378 6316 btmaudio (e7a9b9bd82ab26f70d4f27b462baaab4) C:\windows\system32\drivers\btmaud.sys
10:24:19.0379 6316 btmaudio - ok
10:24:19.0489 6316 BTMCOM (6f14bb67ae49143df6d56bd52c1cb925) C:\windows\system32\Drivers\btmcom.sys
10:24:19.0490 6316 BTMCOM - ok
10:24:19.0588 6316 BTMMODEM (6f14bb67ae49143df6d56bd52c1cb925) C:\windows\system32\DRIVERS\btmcom.sys
10:24:19.0590 6316 BTMMODEM - ok
10:24:19.0669 6316 BTMNET (922bf70dc146c9551c37f7103cf0d173) C:\windows\system32\DRIVERS\btmnet.sys
10:24:19.0670 6316 BTMNET - ok
10:24:19.0802 6316 BTMUSB (c4f585f57315d692fee8ad6aaeb7c460) C:\windows\system32\Drivers\btmusb.sys
10:24:19.0805 6316 BTMUSB - ok
10:24:19.0937 6316 catchme - ok
10:24:20.0054 6316 cc0c2f6b (8f2bb1827cac01aee6a16e30a1260199) C:\windows\1798245580:871616660.exe
10:24:20.0056 6316 Suspicious file (Hidden): C:\windows\1798245580:871616660.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
10:24:20.0056 6316 cc0c2f6b ( HiddenFile.Multi.Generic ) - warning
10:24:20.0056 6316 cc0c2f6b - detected HiddenFile.Multi.Generic (1)
10:24:20.0136 6316 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
10:24:20.0137 6316 cdfs - ok
10:24:20.0293 6316 cdrblock (15e3e2920adac7450e0c7ae5f23a5f53) C:\windows\system32\DRIVERS\cdrblock.sys
10:24:20.0295 6316 cdrblock - ok
10:24:20.0410 6316 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
10:24:20.0412 6316 cdrom - ok
10:24:20.0570 6316 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
10:24:20.0572 6316 circlass - ok
10:24:20.0651 6316 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
10:24:20.0654 6316 CLFS - ok
10:24:20.0811 6316 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
10:24:20.0812 6316 CmBatt - ok
10:24:20.0873 6316 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
10:24:20.0874 6316 cmdide - ok
10:24:20.0984 6316 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
10:24:20.0987 6316 CNG - ok
10:24:21.0127 6316 cnnctfy2 (4eb6222be3c3c8071f4a9ca076241d1d) C:\windows\system32\DRIVERS\cnnctfy2.sys
10:24:21.0129 6316 cnnctfy2 - ok
10:24:21.0240 6316 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
10:24:21.0241 6316 Compbatt - ok
10:24:21.0347 6316 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
10:24:21.0349 6316 CompositeBus - ok
10:24:21.0459 6316 connctfy (f483412cb726f5f09d73d92fe395f548) C:\windows\system32\DRIVERS\connctfy.sys
10:24:21.0460 6316 connctfy - ok
10:24:21.0509 6316 connctfyMP (f483412cb726f5f09d73d92fe395f548) C:\windows\system32\DRIVERS\connctfy.sys
10:24:21.0510 6316 connctfyMP - ok
10:24:21.0647 6316 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
10:24:21.0648 6316 crcdisk - ok
10:24:21.0806 6316 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\windows\system32\drivers\csc.sys
10:24:21.0809 6316 CSC - ok
10:24:21.0967 6316 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
10:24:21.0969 6316 DfsC - ok
10:24:22.0130 6316 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
10:24:22.0132 6316 discache - ok
10:24:22.0206 6316 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
10:24:22.0207 6316 Disk - ok
10:24:22.0285 6316 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
10:24:22.0287 6316 drmkaud - ok
10:24:22.0444 6316 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\windows\System32\drivers\dxgkrnl.sys
10:24:22.0449 6316 DXGKrnl - ok
10:24:22.0552 6316 EagleNT - ok
10:24:22.0703 6316 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
10:24:22.0719 6316 ebdrv - ok
10:24:22.0866 6316 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\windows\system32\Drivers\ElbyCDIO.sys
10:24:22.0867 6316 ElbyCDIO - ok
10:24:22.0947 6316 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
10:24:22.0950 6316 elxstor - ok
10:24:23.0029 6316 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
10:24:23.0031 6316 ErrDev - ok
10:24:23.0183 6316 ewusbnet (8d3622d9b3d93354504ffc23dd287173) C:\windows\system32\DRIVERS\ewusbnet.sys
10:24:23.0185 6316 ewusbnet - ok
10:24:23.0258 6316 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
10:24:23.0260 6316 exfat - ok
10:24:23.0352 6316 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
10:24:23.0354 6316 fastfat - ok
10:24:23.0435 6316 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
10:24:23.0436 6316 fdc - ok
10:24:23.0546 6316 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
10:24:23.0547 6316 FileInfo - ok
10:24:23.0636 6316 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
10:24:23.0638 6316 Filetrace - ok
10:24:23.0721 6316 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
10:24:23.0722 6316 flpydisk - ok
10:24:23.0788 6316 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
10:24:23.0791 6316 FltMgr - ok
10:24:23.0891 6316 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
10:24:23.0892 6316 FsDepends - ok
10:24:23.0996 6316 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
10:24:23.0998 6316 Fs_Rec - ok
10:24:24.0103 6316 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
10:24:24.0105 6316 fvevol - ok
10:24:24.0181 6316 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
10:24:24.0183 6316 gagp30kx - ok
10:24:24.0284 6316 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:24:24.0285 6316 GEARAspiWDM - ok
10:24:24.0345 6316 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
10:24:24.0347 6316 hcw85cir - ok
10:24:24.0468 6316 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
10:24:24.0470 6316 HdAudAddService - ok
10:24:24.0555 6316 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
10:24:24.0556 6316 HDAudBus - ok
10:24:24.0647 6316 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
10:24:24.0648 6316 HECI - ok
10:24:24.0760 6316 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
10:24:24.0762 6316 HidBatt - ok
10:24:24.0828 6316 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
10:24:24.0830 6316 HidBth - ok
10:24:24.0930 6316 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
10:24:24.0932 6316 HidIr - ok
10:24:25.0029 6316 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
10:24:25.0030 6316 HidUsb - ok
10:24:25.0136 6316 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
10:24:25.0137 6316 HpSAMD - ok
10:24:25.0237 6316 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
10:24:25.0241 6316 HTTP - ok
10:24:25.0375 6316 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\windows\system32\DRIVERS\ewusbmdm.sys
10:24:25.0377 6316 hwdatacard - ok
10:24:25.0492 6316 HWEasyDevice (e50b92e7e413226a8a912948b073f50a) C:\Program Files\ControlCenter\HWEasy.sys
10:24:25.0493 6316 HWEasyDevice - ok
10:24:25.0573 6316 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
10:24:25.0575 6316 hwpolicy - ok
10:24:25.0714 6316 hwusbdev (c88631ff6492e192b59c49869924633a) C:\windows\system32\DRIVERS\ewusbdev.sys
10:24:25.0715 6316 hwusbdev - ok
10:24:25.0822 6316 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
10:24:25.0824 6316 i8042prt - ok
10:24:25.0904 6316 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\windows\system32\DRIVERS\iaStor.sys
10:24:25.0908 6316 iaStor - ok
10:24:26.0014 6316 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
10:24:26.0018 6316 iaStorV - ok
10:24:26.0138 6316 IDMWFP (a99b28d267c4d661d976975db9c6726f) C:\windows\system32\DRIVERS\idmwfp.sys
10:24:26.0140 6316 IDMWFP - ok
10:24:26.0386 6316 igfx (59fa038451070172e47d0cd347f32bc4) C:\windows\system32\DRIVERS\igdkmd32.sys
10:24:26.0430 6316 igfx - ok
10:24:26.0514 6316 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
10:24:26.0516 6316 iirsp - ok
10:24:26.0578 6316 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
10:24:26.0581 6316 Impcd - ok
10:24:26.0613 6316 IntcAzAudAddService - ok
10:24:26.0683 6316 IntcDAud (bf31740828a26ab451803e3b35432651) C:\windows\system32\DRIVERS\IntcDAud.sys
10:24:26.0686 6316 IntcDAud - ok
10:24:26.0731 6316 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
10:24:26.0733 6316 intelide - ok
10:24:26.0752 6316 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
10:24:26.0753 6316 intelppm - ok
10:24:26.0789 6316 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:24:26.0790 6316 IpFilterDriver - ok
10:24:26.0837 6316 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
10:24:26.0839 6316 IPMIDRV - ok
10:24:26.0888 6316 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
10:24:26.0890 6316 IPNAT - ok
10:24:26.0938 6316 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
10:24:26.0939 6316 IRENUM - ok
10:24:26.0969 6316 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
10:24:26.0970 6316 isapnp - ok
10:24:26.0999 6316 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
10:24:27.0001 6316 iScsiPrt - ok
10:24:27.0064 6316 JMCR (39eb87caa898cb7c9270100c179aa57c) C:\windows\system32\DRIVERS\jmcr.sys
10:24:27.0066 6316 JMCR - ok
10:24:27.0140 6316 JME (891abf9a7583e03d4e3fdf492ffed0e5) C:\windows\system32\DRIVERS\JME.sys
10:24:27.0142 6316 JME - ok
10:24:27.0178 6316 kamurur - ok
10:24:27.0219 6316 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
10:24:27.0221 6316 kbdclass - ok
10:24:27.0257 6316 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
10:24:27.0260 6316 kbdhid - ok
10:24:27.0331 6316 KLIF - ok
10:24:27.0370 6316 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
10:24:27.0373 6316 KSecDD - ok
10:24:27.0415 6316 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
10:24:27.0419 6316 KSecPkg - ok
10:24:27.0469 6316 L1C (4566fd5f4416e7fef3600e4b30d086c3) C:\windows\system32\DRIVERS\L1C62x86.sys
10:24:27.0472 6316 L1C - ok
10:24:27.0538 6316 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\windows\system32\DRIVERS\lirsgt.sys
10:24:27.0540 6316 lirsgt - ok
10:24:27.0616 6316 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
10:24:27.0619 6316 lltdio - ok
10:24:27.0666 6316 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
10:24:27.0668 6316 LSI_FC - ok
10:24:27.0699 6316 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
10:24:27.0702 6316 LSI_SAS - ok
10:24:27.0724 6316 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:24:27.0726 6316 LSI_SAS2 - ok
10:24:27.0752 6316 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:24:27.0755 6316 LSI_SCSI - ok
10:24:27.0799 6316 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
10:24:27.0802 6316 luafv - ok
10:24:27.0888 6316 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\windows\system32\drivers\mbam.sys
10:24:27.0890 6316 MBAMProtector - ok
10:24:28.0005 6316 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\windows\system32\DRIVERS\mcdbus.sys
10:24:28.0009 6316 mcdbus - ok
10:24:28.0066 6316 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
10:24:28.0069 6316 megasas - ok
10:24:28.0091 6316 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
10:24:28.0095 6316 MegaSR - ok
10:24:28.0120 6316 MEMSWEEP2 - ok
10:24:28.0158 6316 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
10:24:28.0161 6316 Modem - ok
10:24:28.0203 6316 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
10:24:28.0205 6316 monitor - ok
10:24:28.0244 6316 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
10:24:28.0247 6316 mouclass - ok
10:24:28.0264 6316 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
10:24:28.0267 6316 mouhid - ok
10:24:28.0287 6316 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
10:24:28.0290 6316 mountmgr - ok
10:24:28.0311 6316 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
10:24:28.0314 6316 mpio - ok
10:24:28.0344 6316 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
10:24:28.0346 6316 mpsdrv - ok
10:24:28.0382 6316 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
10:24:28.0385 6316 MRxDAV - ok
10:24:28.0435 6316 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\windows\system32\DRIVERS\mrxsmb.sys
10:24:28.0438 6316 mrxsmb - ok
10:24:28.0486 6316 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:24:28.0491 6316 mrxsmb10 - ok
10:24:28.0513 6316 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:24:28.0516 6316 mrxsmb20 - ok
10:24:28.0532 6316 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
10:24:28.0535 6316 msahci - ok
10:24:28.0571 6316 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
10:24:28.0575 6316 msdsm - ok
10:24:28.0631 6316 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
10:24:28.0633 6316 Msfs - ok
10:24:28.0650 6316 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
10:24:28.0653 6316 mshidkmdf - ok
10:24:28.0673 6316 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
10:24:28.0675 6316 msisadrv - ok
10:24:28.0709 6316 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
10:24:28.0712 6316 MSKSSRV - ok
10:24:28.0729 6316 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
10:24:28.0731 6316 MSPCLOCK - ok
10:24:28.0756 6316 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
10:24:28.0759 6316 MSPQM - ok
10:24:28.0792 6316 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
10:24:28.0796 6316 MsRPC - ok
10:24:28.0833 6316 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
10:24:28.0836 6316 mssmbios - ok
10:24:28.0860 6316 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
10:24:28.0862 6316 MSTEE - ok
10:24:28.0883 6316 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
10:24:28.0885 6316 MTConfig - ok
10:24:28.0903 6316 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
10:24:28.0906 6316 Mup - ok
10:24:28.0966 6316 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
10:24:28.0970 6316 NativeWifiP - ok
10:24:28.0998 6316 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
10:24:29.0006 6316 NDIS - ok
10:24:29.0029 6316 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
10:24:29.0032 6316 NdisCap - ok
10:24:29.0075 6316 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
10:24:29.0078 6316 NdisTapi - ok
10:24:29.0125 6316 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
10:24:29.0128 6316 Ndisuio - ok
10:24:29.0174 6316 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
10:24:29.0177 6316 NdisWan - ok
10:24:29.0200 6316 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
10:24:29.0203 6316 NDProxy - ok
10:24:29.0246 6316 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
10:24:29.0249 6316 NetBIOS - ok
10:24:29.0293 6316 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
10:24:29.0297 6316 NetBT - ok
10:24:29.0381 6316 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
10:24:29.0384 6316 nfrd960 - ok
10:24:29.0439 6316 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
10:24:29.0442 6316 Npfs - ok
10:24:29.0463 6316 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
10:24:29.0466 6316 nsiproxy - ok
10:24:29.0512 6316 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
10:24:29.0526 6316 Ntfs - ok
10:24:29.0547 6316 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
10:24:29.0549 6316 Null - ok
10:24:29.0575 6316 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
10:24:29.0579 6316 nvraid - ok
10:24:29.0597 6316 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
10:24:29.0600 6316 nvstor - ok
10:24:29.0626 6316 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
10:24:29.0629 6316 nv_agp - ok
10:24:29.0660 6316 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
10:24:29.0663 6316 ohci1394 - ok
10:24:29.0699 6316 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
10:24:29.0702 6316 Parport - ok
10:24:29.0717 6316 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
10:24:29.0720 6316 partmgr - ok
10:24:29.0747 6316 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
10:24:29.0750 6316 Parvdm - ok
10:24:29.0779 6316 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
10:24:29.0783 6316 pci - ok
10:24:29.0807 6316 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
10:24:29.0809 6316 pciide - ok
10:24:29.0844 6316 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
10:24:29.0848 6316 pcmcia - ok
10:24:29.0915 6316 PCTAppEvent (a69352268f6fdb3c2b4515f224a0e167) C:\windows\system32\drivers\PCTAppEvent.sys
10:24:29.0918 6316 PCTAppEvent - ok
10:24:29.0967 6316 PCTCore (2d5c059c1a12babf336f319f45c161d3) C:\windows\system32\drivers\PCTCore.sys
10:24:29.0972 6316 PCTCore - ok
10:24:30.0022 6316 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\windows\system32\drivers\pctDS.sys
10:24:30.0028 6316 pctDS - ok
10:24:30.0089 6316 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\windows\system32\drivers\pctEFA.sys
10:24:30.0098 6316 pctEFA - ok
10:24:30.0145 6316 PCTFW-PacketFilter (60af5fa418efe284fb81dbbf5a0391fb) C:\windows\system32\drivers\pctNdis-PacketFilter.sys
10:24:30.0148 6316 PCTFW-PacketFilter - ok
10:24:30.0208 6316 pctgntdi (5be722c8c9bba995693c8cd524d83b27) C:\Windows\System32\drivers\pctgntdi.sys
10:24:30.0213 6316 pctgntdi - ok
10:24:30.0250 6316 pctNdis (fc38ec6e59d11c5ad4c5ea3878174995) C:\windows\system32\DRIVERS\pctNdis.sys
10:24:30.0253 6316 pctNdis - ok
10:24:30.0257 6316 pctNdisMP (fc38ec6e59d11c5ad4c5ea3878174995) C:\windows\system32\DRIVERS\pctNdis.sys
10:24:30.0259 6316 pctNdisMP - ok
10:24:30.0309 6316 pctplfw (fe6803af91ddb32ff8edf5d6c0d370af) C:\Windows\System32\drivers\pctplfw.sys
10:24:30.0313 6316 pctplfw - ok
10:24:30.0337 6316 pctplsg (1ea4b41d30f28ff5e186a49b4a1d36d9) C:\Windows\System32\drivers\pctplsg.sys
10:24:30.0340 6316 pctplsg - ok
10:24:30.0371 6316 PCTSD (83ddd552f7f1043f764e8cc88ff41232) C:\windows\system32\Drivers\PCTSD.sys
10:24:30.0375 6316 PCTSD - ok
10:24:30.0441 6316 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
10:24:30.0444 6316 pcw - ok
10:24:30.0476 6316 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
10:24:30.0484 6316 PEAUTH - ok
10:24:30.0557 6316 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
10:24:30.0561 6316 PptpMiniport - ok
10:24:30.0596 6316 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
10:24:30.0598 6316 Processor - ok
10:24:30.0636 6316 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
10:24:30.0639 6316 Psched - ok
10:24:30.0691 6316 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
10:24:30.0705 6316 ql2300 - ok
10:24:30.0732 6316 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
10:24:30.0735 6316 ql40xx - ok
10:24:30.0760 6316 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
10:24:30.0763 6316 QWAVEdrv - ok
10:24:30.0790 6316 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
10:24:30.0793 6316 RasAcd - ok
10:24:30.0824 6316 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
10:24:30.0826 6316 RasAgileVpn - ok
10:24:30.0867 6316 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
10:24:30.0870 6316 Rasl2tp - ok
10:24:30.0891 6316 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
10:24:30.0894 6316 RasPppoe - ok
10:24:30.0914 6316 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
10:24:30.0917 6316 RasSstp - ok
10:24:30.0938 6316 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
10:24:30.0943 6316 rdbss - ok
10:24:30.0990 6316 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
10:24:30.0993 6316 rdpbus - ok
10:24:31.0009 6316 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
10:24:31.0012 6316 RDPCDD - ok
10:24:31.0051 6316 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\windows\system32\drivers\rdpdr.sys
10:24:31.0054 6316 RDPDR - ok
10:24:31.0067 6316 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
10:24:31.0069 6316 RDPENCDD - ok
10:24:31.0082 6316 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
10:24:31.0085 6316 RDPREFMP - ok
10:24:31.0133 6316 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
10:24:31.0137 6316 RDPWD - ok
10:24:31.0162 6316 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
10:24:31.0166 6316 rdyboost - ok
10:24:31.0233 6316 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\windows\system32\Drivers\RimUsb.sys
10:24:31.0235 6316 RimUsb - ok
10:24:31.0271 6316 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\windows\system32\DRIVERS\RimSerial.sys
10:24:31.0274 6316 RimVSerPort - ok
10:24:31.0289 6316 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
10:24:31.0292 6316 ROOTMODEM - ok
10:24:31.0346 6316 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
10:24:31.0349 6316 rspndr - ok
10:24:31.0410 6316 RTL8192Ce (66193dc6392719bbd20a2181d0dd1dc5) C:\windows\system32\DRIVERS\rtl8192Ce.sys
10:24:31.0422 6316 RTL8192Ce - ok
10:24:31.0533 6316 S6000KNT (f30d73dd5953f5ac168eca38296a7936) C:\windows\system32\Drivers\S6000KNT.sys
10:24:31.0566 6316 S6000KNT - ok
10:24:31.0656 6316 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
10:24:31.0660 6316 sbp2port - ok
10:24:31.0683 6316 SBRE - ok
10:24:31.0729 6316 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
10:24:31.0732 6316 scfilter - ok
10:24:31.0802 6316 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
10:24:31.0806 6316 sdbus - ok
10:24:31.0834 6316 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:24:31.0837 6316 secdrv - ok
10:24:31.0864 6316 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
10:24:31.0867 6316 Serenum - ok
10:24:31.0880 6316 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
10:24:31.0883 6316 Serial - ok
10:24:31.0894 6316 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
10:24:31.0897 6316 sermouse - ok
10:24:31.0916 6316 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
10:24:31.0919 6316 sffdisk - ok
10:24:31.0929 6316 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
10:24:31.0933 6316 sffp_mmc - ok
10:24:31.0943 6316 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
10:24:31.0946 6316 sffp_sd - ok
10:24:31.0956 6316 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
10:24:31.0959 6316 sfloppy - ok
10:24:32.0013 6316 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
10:24:32.0016 6316 sisagp - ok
10:24:32.0042 6316 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:24:32.0045 6316 SiSRaid2 - ok
10:24:32.0064 6316 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
10:24:32.0068 6316 SiSRaid4 - ok
10:24:32.0080 6316 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
10:24:32.0082 6316 Smb - ok
10:24:32.0144 6316 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
10:24:32.0147 6316 spldr - ok
10:24:32.0205 6316 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\windows\System32\Drivers\sptd.sys
10:24:32.0206 6316 Suspicious file (NoAccess): C:\windows\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9
10:24:32.0208 6316 sptd ( LockedFile.Multi.Generic ) - warning
10:24:32.0208 6316 sptd - detected LockedFile.Multi.Generic (1)
10:24:32.0249 6316 sp_rsdrv2 (7b426b8e809edf081d771ef429345528) C:\windows\system32\drivers\sp_rsdrv2.sys
10:24:32.0252 6316 sp_rsdrv2 - ok
10:24:32.0273 6316 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\windows\system32\DRIVERS\srv.sys
10:24:32.0279 6316 srv - ok
10:24:32.0342 6316 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
10:24:32.0348 6316 srv2 - ok
10:24:32.0392 6316 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\windows\system32\DRIVERS\srvnet.sys
10:24:32.0396 6316 srvnet - ok
10:24:32.0461 6316 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
10:24:32.0464 6316 stexstor - ok
10:24:32.0505 6316 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
10:24:32.0508 6316 swenum - ok
10:24:32.0564 6316 SynTP (c939137d8c3b64f4f30996764aeec4d0) C:\windows\system32\DRIVERS\SynTP.sys
10:24:32.0569 6316 SynTP - ok
10:24:32.0606 6316 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\windows\system32\DRIVERS\taphss.sys
10:24:32.0609 6316 taphss - ok
10:24:32.0653 6316 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\drivers\tcpip.sys
10:24:32.0666 6316 Tcpip - ok
10:24:32.0708 6316 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\windows\system32\DRIVERS\tcpip.sys
10:24:32.0716 6316 TCPIP6 - ok
10:24:32.0756 6316 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
10:24:32.0759 6316 tcpipreg - ok
10:24:32.0786 6316 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
10:24:32.0789 6316 TDPIPE - ok
10:24:32.0828 6316 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
10:24:32.0831 6316 TDTCP - ok
10:24:32.0851 6316 tdx (27f5ed7d8070693b390b5c4f60cfa99b) C:\windows\system32\DRIVERS\tdx.sys
10:24:32.0855 6316 tdx ( Rootkit.Win32.ZAccess.e ) - infected
10:24:32.0855 6316 tdx - detected Rootkit.Win32.ZAccess.e (0)
10:24:32.0899 6316 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
10:24:32.0902 6316 TermDD - ok
10:24:32.0992 6316 TrufosAlt (02c37a5b1187f0b1a0b33c42047f2d7d) C:\windows\system32\DRIVERS\TrufosAlt.sys
10:24:32.0997 6316 TrufosAlt - ok
10:24:33.0050 6316 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
10:24:33.0053 6316 tssecsrv - ok
10:24:33.0124 6316 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
10:24:33.0128 6316 tunnel - ok
10:24:33.0177 6316 TurboB (c0847edcccef8d4f5354e82ec9e90159) C:\windows\system32\DRIVERS\TurboB.sys
10:24:33.0180 6316 TurboB - ok
10:24:33.0206 6316 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
10:24:33.0209 6316 uagp35 - ok
10:24:33.0254 6316 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
10:24:33.0258 6316 udfs - ok
10:24:33.0321 6316 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
10:24:33.0325 6316 uliagpkx - ok
10:24:33.0382 6316 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
10:24:33.0385 6316 umbus - ok
10:24:33.0396 6316 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
10:24:33.0399 6316 UmPass - ok
10:24:33.0457 6316 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
10:24:33.0460 6316 usbccgp - ok
10:24:33.0481 6316 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
10:24:33.0485 6316 usbcir - ok
10:24:33.0509 6316 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
10:24:33.0513 6316 usbehci - ok
10:24:33.0532 6316 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
10:24:33.0538 6316 usbhub - ok
10:24:33.0567 6316 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
10:24:33.0570 6316 usbohci - ok
10:24:33.0607 6316 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
10:24:33.0610 6316 usbprint - ok
10:24:33.0671 6316 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
10:24:33.0673 6316 usbscan - ok
10:24:33.0703 6316 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:24:33.0706 6316 USBSTOR - ok
10:24:33.0732 6316 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
10:24:33.0734 6316 usbuhci - ok
10:24:33.0750 6316 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
10:24:33.0754 6316 usbvideo - ok
10:24:33.0791 6316 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\windows\system32\DRIVERS\VClone.sys
10:24:33.0794 6316 VClone - ok
10:24:33.0814 6316 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
10:24:33.0817 6316 vdrvroot - ok
10:24:33.0859 6316 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
10:24:33.0862 6316 vga - ok
10:24:33.0901 6316 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
10:24:33.0904 6316 VgaSave - ok
10:24:33.0929 6316 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
10:24:33.0933 6316 vhdmp - ok
10:24:33.0959 6316 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
10:24:33.0963 6316 viaagp - ok
10:24:33.0975 6316 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
10:24:33.0978 6316 ViaC7 - ok
10:24:34.0001 6316 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
10:24:34.0004 6316 viaide - ok
10:24:34.0079 6316 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
10:24:34.0082 6316 volmgr - ok
10:24:34.0118 6316 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
10:24:34.0124 6316 volmgrx - ok
10:24:34.0176 6316 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
10:24:34.0181 6316 volsnap - ok
10:24:34.0210 6316 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
10:24:34.0214 6316 vsmraid - ok
10:24:34.0238 6316 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
10:24:34.0240 6316 vwifibus - ok
10:24:34.0284 6316 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
10:24:34.0287 6316 vwififlt - ok
10:24:34.0317 6316 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
10:24:34.0321 6316 vwifimp - ok
10:24:34.0373 6316 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
10:24:34.0376 6316 WacomPen - ok
10:24:34.0427 6316 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
10:24:34.0431 6316 WANARP - ok
10:24:34.0435 6316 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
10:24:34.0437 6316 Wanarpv6 - ok
10:24:34.0466 6316 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
10:24:34.0469 6316 Wd - ok
10:24:34.0496 6316 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
10:24:34.0502 6316 Wdf01000 - ok
10:24:34.0575 6316 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
10:24:34.0577 6316 WfpLwf - ok
10:24:34.0593 6316 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
10:24:34.0596 6316 WIMMount - ok
10:24:34.0648 6316 WinFLdrv (7acc77e135a709ae0f7e1df428a2f908) C:\windows\system32\WinFLdrv.sys
10:24:34.0665 6316 Suspicious file (Hidden): C:\windows\system32\WinFLdrv.sys. md5: 7acc77e135a709ae0f7e1df428a2f908
10:24:34.0665 6316 WinFLdrv ( HiddenFile.Multi.Generic ) - warning
10:24:34.0665 6316 WinFLdrv - detected HiddenFile.Multi.Generic (1)
10:24:34.0733 6316 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
10:24:34.0736 6316 WinUsb - ok
10:24:34.0762 6316 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
10:24:34.0765 6316 WmiAcpi - ok
10:24:34.0816 6316 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
10:24:34.0819 6316 ws2ifsl - ok
10:24:34.0851 6316 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
10:24:34.0855 6316 WudfPf - ok
10:24:34.0873 6316 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
10:24:34.0878 6316 WUDFRd - ok
10:24:34.0891 6316 XDva386 - ok
10:24:34.0901 6316 XDva387 - ok
10:24:34.0953 6316 ztemtusbser (20f4f87625edddb97b48da66ace7dc8d) C:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
10:24:34.0956 6316 ztemtusbser - ok
10:24:35.0022 6316 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:24:35.0034 6316 \Device\Harddisk0\DR0 - ok
10:24:35.0040 6316 Boot (0x1200) (7566fee14cb3d57df2ae367cc5420d0e) \Device\Harddisk0\DR0\Partition0
10:24:35.0041 6316 \Device\Harddisk0\DR0\Partition0 - ok
10:24:35.0061 6316 Boot (0x1200) (bbd672f438e29a15a40e68abaf7f05b9) \Device\Harddisk0\DR0\Partition1
10:24:35.0062 6316 \Device\Harddisk0\DR0\Partition1 - ok
10:24:35.0085 6316 Boot (0x1200) (70795076a1d7376d52708d4dffec5417) \Device\Harddisk0\DR0\Partition2
10:24:35.0086 6316 \Device\Harddisk0\DR0\Partition2 - ok
10:24:35.0087 6316 ============================================================
10:24:35.0087 6316 Scan finished
10:24:35.0087 6316 ============================================================
10:24:35.0097 5888 Detected object count: 4
10:24:35.0097 5888 Actual detected object count: 4
10:24:41.0910 5888 cc0c2f6b ( HiddenFile.Multi.Generic ) - skipped by user
10:24:41.0910 5888 cc0c2f6b ( HiddenFile.Multi.Generic ) - User select action: Skip
10:24:41.0911 5888 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:24:41.0911 5888 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:24:41.0997 5888 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\windows\system32\drivers\tdx.sys) error 1813
10:24:42.0610 5888 Backup copy found, using it..
10:24:42.0620 5888 C:\windows\system32\DRIVERS\tdx.sys - will be cured on reboot
10:24:42.0620 5888 tdx ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
10:24:42.0623 5888 WinFLdrv ( HiddenFile.Multi.Generic ) - skipped by user
10:24:42.0623 5888 WinFLdrv ( HiddenFile.Multi.Generic ) - User select action: Skip
10:24:44.0147 6824 Deinitialize success


thanks and regards,
Jeremy

[jeffce]

Hi Jeremy,

Thanks for the TDSSKiller log.
----------

We need to try to get ComboFix to run but with this particular infection (which happens to be particularly nasty) we have to do things a little bit differently. For the next part you need to have a thumb drive (flash drive, usb drive, jump drive or whatever else you may call it). Please do the following...

Please delete the ComboFix icon off of your Desktop where you originally saved it by using Right-Click > Delete.
----------

Download Combofix from any of the links below but rename it to svchost.exe before saving it to your Thumbdrive. Once it is downloaded to the thumbdrive I want you to transfer that file directly to your C:\ drive folder.

Link 1
Link 2


==================================

Right-click and Run as Administrator on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[jeffce]

Hi,

Do you still need help?

[jeffce]

Due to lack of feedback, this topic will now be closed.
If you are the original poster and you still require help, please start a new thread.