Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by the google redirect virus and possibly others


  • This topic is locked This topic is locked
38 replies to this topic

#1 virus_victim

virus_victim

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 29 September 2011 - 01:44 PM

Hi,
My laptop has been infected by the google redirect virus about 3 months ago. I used malware megabytes, spybot and superantispyware to 'remove' it. But the virus kept coming back and now nothing that I do seems to be working.
When I click on a google search result I am redirect to a website that is different from the one I clicked on. These are mostly advertisement sites.
This is also true on Yahoo search.
My laptop has progressively slowed down in the last three months and got really worse in the last few days. It hangs frequently and I have to hard boot it. Running more than one or two applications slows it down considerably and switching between applications takes a minute even when these are just two acrobat readers or a firefox browser. Switching between tabs on the browser takes a long time. Text that I type, such as this message, often has a time lag in appearing on the screen, even though I have no other processes running.
Some of the scans by Spybot and malware megabytes detected malware and trojans, which keep reappearing.
I have attached a a log of dds.scr. The first three times I ran it, my laptop froze, so the log is from the fourth fun.
I have not been able to run gmer without freezing my computer. So I will attach the log if an when gmer runs successfully.

Thank you for any help that anyone can offer.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 30 September 2011 - 08:59 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 02 October 2011 - 12:05 AM

My computer has the google redirect virus. I have run MBAM and superantispyware which detected and removed a bunch of trojans and tracking cookies, nut the problem persists. Moreover my computer has slowed down dramatically in the last week. My laptop is a Dell inspiron running Windows XP. I have run dds.scr and the output is below. Thanks in advance.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by phani at 15:21:34 on 2011-09-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.314 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\phani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\phani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\sziebho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [03EE35CE] c:\documents and settings\phani\application data\03ee35ce\03EE35CE.EXE
uRun: [Google Update] "c:\documents and settings\phani\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 152.15.252.38 152.15.41.32
TCP: Interfaces\{6B1910D8-DB60-400E-8DE1-45F2E243638D} : DhcpNameServer = 152.15.252.38 152.15.41.32
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
AppInit_DLLs: c:\windows\system32\msdmo32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\phani\application data\mozilla\firefox\profiles\lsxg2yix.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=e924440a-6469-4718-b7f6-6a13dee20fb5&apn_ptnrs=FV&apn_sauid=5C72EEE0-3419-47A8-BB49-A988D2BFB043&apn_dtid=YYYYYYYYUS&q=
FF - plugin: c:\documents and settings\phani\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\phani\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\phani\local settings\application data\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-2-1 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-4 2234296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-16 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110927.002\NAVENG.SYS [2011-9-27 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110927.002\NAVEX15.SYS [2011-9-27 1576312]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176]
S2 PEVSystemStart;PEVSystemStart;"c:\combofix\pev.cfxxe" exec /i "c:\combofix\hidec.cfxxe" "c:\combofix\swreg.cfxxe" acl "hkey_local_machine\system\currentcontrolset\enum\root\legacy_beep" /reset /q --> c:\combofix\pev.cfxxe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-3-17 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-3-17 30104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-26 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\nch software\broadcam\broadcam.exe [2009-11-10 946180]
.
=============== Created Last 30 ================
.
2011-09-06 19:59:10 -------- d-----w- c:\documents and settings\phani\local settings\application data\AskToolbar
2011-09-06 19:58:45 -------- d-----w- c:\program files\Ask.com
2011-09-06 19:57:03 -------- d-----w- c:\program files\FreeTime
2011-09-03 18:20:46 -------- d-----w- c:\program files\ImageMagick-6.7.2-Q16
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-22 13:52:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 21:23:32 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-08-18 19:27:09 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-08-18 19:27:09 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-08-18 19:27:09 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-01 13:22:37 0 ----a-w- c:\windows\Ocaweciduwato.bin
2011-07-28 21:41:42 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-28 21:41:42 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-28 21:41:42 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-28 21:41:42 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-28 21:41:42 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-28 21:41:42 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-28 21:41:40 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-28 21:41:40 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-28 21:41:40 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-28 21:41:40 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-28 21:41:40 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-28 21:41:40 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 22:39:13 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HM080II rev.YE100-15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865154C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x8651c8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x8651c730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86651AB8]
3 CLASSPNP[0xF76A1FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8678F710]
\Driver\atapi[0x865632E0] -> IRP_MJ_CREATE -> 0x865154C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x865152E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:25:37.92 ===============


From the attach.txt file -

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/31/2009 2:03:26 AM
System Uptime: 9/28/2011 2:59:05 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0XD720
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 51 GiB total, 3.622 GiB free.
D: is CDROM ()
F: is FIXED (FAT32) - 466 GiB total, 92.125 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_14F100C3&REV_0900\4&2973568E&0&0102
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01BD1028&REV_01\4&2FE911E8&0&0AF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01BD1028&REV_0A\4&2FE911E8&0&0BF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0852&SUBSYS_01BD1028&REV_05\4&2FE911E8&0&0CF0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01BD1028&REV_01\3&61AAA01&0&FB
Service:
.
==== System Restore Points ===================
.
RP752: 8/12/2011 7:59:38 AM - Software Distribution Service 3.0
RP753: 8/13/2011 11:53:56 AM - System Checkpoint
RP754: 8/14/2011 11:59:38 AM - System Checkpoint
RP755: 8/15/2011 12:24:14 PM - System Checkpoint
RP756: 8/16/2011 4:12:20 PM - System Checkpoint
RP757: 8/18/2011 10:18:09 AM - System Checkpoint
RP758: 8/19/2011 3:25:40 PM - System Checkpoint
RP759: 8/20/2011 8:52:22 PM - System Checkpoint
RP760: 8/22/2011 10:39:15 AM - System Checkpoint
RP761: 8/24/2011 12:02:21 PM - System Checkpoint
RP762: 8/25/2011 9:26:33 AM - Software Distribution Service 3.0
RP763: 8/26/2011 10:17:58 AM - System Checkpoint
RP764: 8/28/2011 12:03:31 PM - System Checkpoint
RP765: 8/29/2011 5:28:39 PM - System Checkpoint
RP766: 8/30/2011 11:51:30 PM - System Checkpoint
RP767: 9/1/2011 2:41:49 AM - System Checkpoint
RP768: 9/2/2011 9:21:29 AM - System Checkpoint
RP769: 9/3/2011 10:30:02 AM - System Checkpoint
RP770: 9/4/2011 1:29:55 PM - System Checkpoint
RP771: 9/5/2011 6:01:40 PM - System Checkpoint
RP772: 9/6/2011 5:17:40 PM - Installed Windows XP -- Software Updates KB952011.
RP773: 9/7/2011 10:44:52 PM - System Checkpoint
RP774: 9/8/2011 1:39:08 AM - Software Distribution Service 3.0
RP775: 9/9/2011 12:21:56 AM - Software Distribution Service 3.0
RP776: 9/10/2011 12:59:17 AM - Software Distribution Service 3.0
RP777: 9/11/2011 10:39:32 AM - System Checkpoint
RP778: 9/12/2011 10:53:44 AM - System Checkpoint
RP779: 9/13/2011 2:34:41 PM - System Checkpoint
RP780: 9/14/2011 8:06:53 PM - System Checkpoint
RP781: 9/15/2011 12:58:04 AM - Software Distribution Service 3.0
RP782: 9/16/2011 11:54:45 AM - System Checkpoint
RP783: 9/17/2011 12:58:21 PM - System Checkpoint
RP784: 9/18/2011 7:53:14 PM - System Checkpoint
RP785: 9/20/2011 10:57:30 AM - System Checkpoint
RP786: 9/21/2011 12:09:49 PM - System Checkpoint
RP787: 9/22/2011 3:52:16 PM - System Checkpoint
RP788: 9/23/2011 8:16:15 PM - System Checkpoint
RP789: 9/25/2011 12:52:13 PM - System Checkpoint
RP790: 9/26/2011 6:11:38 PM - System Checkpoint
RP791: 9/28/2011 10:17:56 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
ActiveState ActiveTcl 8.4.14.0
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Akamai NetSession Interface
Apple Application Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AutoUpdate
BroadCam Video Streaming Server
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CDBurnerXP
DealScout for FireFox
Degrib 1.92 (aka NDFD GRIB2 Decoder)
Dell Wireless WLAN Card
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DjVuLibre+DjView
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
GPL Ghostscript 8.63
GPL Ghostscript 8.64
GSview 4.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HYSPLIT
ImageMagick 6.7.2-0 Q16 (2011-09-15)
Inkscape 0.48.1
IsoBuster 2.5
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 22
jEdit 4.3pre17
LiveUpdate 3.3 (Symantec Corporation)
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware version 1.51.1.1800
MATLAB Family of Products Release 14
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiKTeX 2.9
Mozilla Firefox 6.0.2 (x86 en-US)
Mozilla Thunderbird (3.0.10)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
Notepad++
OGA Notifier 2.0.0048.0
Picasa 3
Python 2.5.1
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.3
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
SSH Secure Shell
SUPERAntiSpyware
Symantec Endpoint Protection
Texmaker
TeXnicCenter Version 1.0 Stable RC1
TextPad 5
TeXworks 0.4.2
TOEFL Official Guide 2.05.0021
TOEFL Sample Questions
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
VideoLAN VLC media player 0.8.6
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
Wolfram Mathematica 7 for Students (M-WIN-G 7.0.0 1148361)
Wolfram Notebook Indexer 2.0
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
9/28/2011 3:08:05 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.
9/28/2011 11:58:52 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
9/28/2011 10:40:06 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 10:40:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
9/28/2011 10:40:02 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/28/2011 10:29:50 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
9/28/2011 10:29:50 AM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 10:29:50 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/28/2011 10:16:20 AM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 0018F3519C1D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/27/2011 5:29:13 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/22/2011 2:10:49 PM, error: Dhcp [1002] - The IP address lease 192.168.0.102 for the Network Card with network address 0018F3519C1D has been denied by the DHCP server 192.168.27.254 (The DHCP Server sent a DHCPNACK message).
9/22/2011 2:10:29 PM, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
9/21/2011 1:24:52 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
.
==== End Of File ===========================

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:29 PM

Posted 02 October 2011 - 11:46 PM

Hello virus_victim,

I have merged your new topic to your previous topic on the same issue. You may wish to bookmark the URL for this topic so you can find it again easily. e-mail notification is not reliable. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom of topic. Starting new topics confuses things for all concerned and delays the assistance you receive.

Back to you gringo,

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 03 October 2011 - 12:39 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 03 October 2011 - 03:41 PM

Hi Gringo,
I have run Combofix. I had to get to work to even check this forum as my laptop essentially just hanged up over the time. After running Combofix today, my computer is much better. There are some still problems.
My browser repeatedly hangs with the message 'unresponsive script'.
When I open multiple applications (acrobat reader, word, firefox, matlab),the computer still freezes. I am inclined to think that it the browser and acrobat which are causing the problems.
I had a plugin called 'Dealscout' which I never installed which despite my trials I could not remove. I am unable to check if that plugin has now been removed.
Thank you for the help. Attached is the Combofix log -

ComboFix 11-10-03.01 - phani 10/03/2011 12:48:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.260 [GMT -4:00]
Running from: c:\documents and settings\phani\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\phani\ghkwtwjdqs.tmp
c:\program files\google\common\google updater\googleupdaterservice.exe
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-03 04:00 . 2011-10-03 04:00 -------- d-----w- c:\documents and settings\Administrator\TeXworks
2011-10-03 03:36 . 2011-10-03 03:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\MathWorks
2011-10-03 01:12 . 2011-10-03 03:39 -------- d-----w- c:\documents and settings\Administrator\.jedit
2011-10-03 01:09 . 2011-10-03 01:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Helios
2011-10-03 00:28 . 2011-10-03 03:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\SSH
2011-10-01 21:05 . 2011-10-01 21:05 -------- d-----w- c:\program files\Common Files\Wolfram Research
2011-10-01 21:05 . 2011-10-01 21:05 -------- d-----w- c:\program files\Common Files\ResearchSoft
2011-09-28 15:38 . 2011-09-28 15:42 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-09-27 19:42 . 2011-09-27 19:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-09-06 19:58 . 2011-09-06 19:59 -------- d-----w- c:\program files\Ask.com
2011-09-06 19:57 . 2011-09-06 19:57 -------- d-----w- c:\program files\FreeTime
2011-09-03 18:20 . 2011-09-03 18:21 -------- d-----w- c:\program files\ImageMagick-6.7.2-Q16
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 16:41 . 2011-08-18 21:23 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2011-09-09 09:12 . 2008-04-14 09:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2011-08-18 20:59 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 13:52 . 2011-06-11 19:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-18 19:27 . 2011-08-18 19:35 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-08-18 19:27 . 2011-08-18 03:17 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-08-18 19:27 . 2011-08-18 03:17 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-07-28 21:41 . 2011-07-28 21:41 546256 ----a-r- c:\windows\system32\SZComp5.dll
2011-07-28 21:41 . 2011-07-28 21:41 456144 ----a-r- c:\windows\system32\SZBase5.dll
2011-07-28 21:41 . 2011-07-28 21:41 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-07-28 21:41 . 2011-07-28 21:41 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-07-28 21:41 . 2011-07-28 21:41 22992 ----a-r- c:\windows\system32\SZIO5.dll
2011-07-28 21:41 . 2011-07-28 21:41 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-07-28 21:41 . 2011-07-28 21:41 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2011-07-28 21:41 . 2011-07-28 21:41 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-07-28 21:41 . 2011-07-28 21:41 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2011-07-28 21:41 . 2011-07-28 21:41 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-07-28 21:41 . 2011-07-28 21:41 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2011-07-28 21:41 . 2011-07-28 21:41 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2011-07-15 13:29 . 2008-04-14 09:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2008-04-14 09:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-09-06 20:51 . 2011-08-01 17:42 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 22:23 1493160 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-29 4611456]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^phani^Start Menu^Programs^Startup^eCentral.lnk]
path=c:\documents and settings\phani\Start Menu\Programs\Startup\eCentral.lnk
backup=c:\windows\pss\eCentral.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^phani^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\phani\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 08:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCam]
2009-11-10 16:31 946180 ----a-w- c:\program files\NCH Software\BroadCam\broadcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 22:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2008-02-01 09:25 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-08 03:01 136176 ----atw- c:\documents and settings\phani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 19:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"matlabserver"=2 (0x2)
"YahooAUService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"ImapiService"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=3 (0x3)
"BroadCamService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"McComponentHostService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Tcl\\bin\\wish84.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\phani\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\7.0\\math.exe"=
"c:\\MATLAB701\\bin\\win32\\MATLAB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\8.0\\math.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/3/2009 2:42 PM 721904]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 7:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 5:00 AM 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/16/2011 2:29 PM 105592]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/17/2010 9:06 PM 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/17/2010 9:06 PM 30104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [5/29/2007 5:55 PM 23888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S4 BroadCamService;BroadCam Video Streaming Server;c:\program files\NCH Software\BroadCam\broadcam.exe [11/10/2009 12:31 PM 946180]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2010 8:12 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2010 8:12 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 00:11]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-27 00:11]
.
2011-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-823518204-1801674531-1003Core.job
- c:\documents and settings\phani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 03:01]
.
2011-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-823518204-1801674531-1003UA.job
- c:\documents and settings\phani\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 03:01]
.
2011-10-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-07-26 22:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 152.15.252.38 152.15.41.32
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\phani\Application Data\Mozilla\Firefox\Profiles\lsxg2yix.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=e924440a-6469-4718-b7f6-6a13dee20fb5&apn_ptnrs=FV&apn_sauid=5C72EEE0-3419-47A8-BB49-A988D2BFB043&apn_dtid=YYYYYYYYUS&q=
.
- - - - ORPHANS REMOVED - - - -
.
Notify-TPSvc - TPSvc.dll
SafeBoot-Symantec Antvirus
MSConfigStartUp-03EE35CE - c:\documents and settings\phani\Application Data\03EE35CE\03EE35CE.EXE
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-fhumcbkp - c:\documents and settings\phani\Local Settings\Application Data\rqscyh\wdccsftav.exe
MSConfigStartUp-Gizmo5 - c:\program files\Gizmo5\Gizmo5.exe
AddRemove-MatlabR14 - c:\matlab701\uninstall\uninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 13:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HM080II rev.YE100-15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x864B62E0
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\.exe\shell\open]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'lsass.exe'(964)
c:\windows\system32\WININET.dll
.
Completion time: 2011-10-03 13:42:43
ComboFix-quarantined-files.txt 2011-10-03 17:42
.
Pre-Run: 1,061,179,392 bytes free
Post-Run: 2,322,563,072 bytes free
.
- - End Of File - - 87A9734BA47742D8F9FAE19F06446454

#7 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 03 October 2011 - 04:02 PM

After about 45 minutes of use, my computer is dead slow again and freezing with just 'My computer' open. Thank you in advance for the help.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 03 October 2011 - 07:29 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2011 - 10:37 AM

Hi Gringo,
Below is the TDSSKiller log -
00:41:35.0890 10704 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
00:41:37.0906 10704 ============================================================
00:41:37.0906 10704 Current date / time: 2011/10/04 00:41:37.0906
00:41:37.0906 10704 SystemInfo:
00:41:37.0906 10704
00:41:37.0906 10704 OS Version: 5.1.2600 ServicePack: 3.0
00:41:37.0906 10704 Product type: Workstation
00:41:37.0906 10704 ComputerName: VT-8D8FDDC9D94D
00:41:37.0906 10704 UserName: phani
00:41:37.0906 10704 Windows directory: C:\WINDOWS
00:41:37.0906 10704 System windows directory: C:\WINDOWS
00:41:37.0906 10704 Processor architecture: Intel x86
00:41:37.0906 10704 Number of processors: 2
00:41:37.0906 10704 Page size: 0x1000
00:41:37.0906 10704 Boot type: Normal boot
00:41:37.0906 10704 ============================================================
00:41:52.0328 10704 Initialize success
00:43:23.0843 6716 ============================================================
00:43:23.0843 6716 Scan started
00:43:23.0843 6716 Mode: Manual;
00:43:23.0843 6716 ============================================================
00:43:43.0531 6716 Abiosdsk - ok
00:43:43.0750 6716 abp480n5 - ok
00:43:44.0203 6716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:43:45.0468 6716 ACPI - ok
00:43:45.0984 6716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:43:47.0296 6716 ACPIEC - ok
00:43:47.0500 6716 adpu160m - ok
00:43:47.0812 6716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:43:48.0859 6716 aec - ok
00:43:50.0140 6716 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
00:43:55.0218 6716 AFD - ok
00:43:55.0984 6716 Aha154x - ok
00:43:56.0796 6716 aic78u2 - ok
00:43:57.0640 6716 aic78xx - ok
00:43:58.0562 6716 AliIde - ok
00:43:59.0875 6716 amsint - ok
00:44:01.0796 6716 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:44:03.0250 6716 Arp1394 - ok
00:44:04.0031 6716 asc - ok
00:44:04.0906 6716 asc3350p - ok
00:44:05.0875 6716 asc3550 - ok
00:44:07.0296 6716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:44:07.0796 6716 AsyncMac - ok
00:44:09.0062 6716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:44:10.0218 6716 atapi - ok
00:44:11.0093 6716 Atdisk - ok
00:44:13.0578 6716 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
00:44:19.0546 6716 ati2mtag - ok
00:44:21.0046 6716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:44:21.0796 6716 Atmarpc - ok
00:44:22.0296 6716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:44:22.0953 6716 audstub - ok
00:44:23.0843 6716 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:44:24.0656 6716 Avgfwdx - ok
00:44:24.0781 6716 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
00:44:24.0781 6716 Avgfwfd - ok
00:44:25.0843 6716 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:44:27.0093 6716 BCM43XX - ok
00:44:27.0671 6716 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:44:27.0937 6716 bcm4sbxp - ok
00:44:28.0578 6716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:44:28.0875 6716 Beep - ok
00:44:29.0281 6716 catchme - ok
00:44:29.0859 6716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:44:30.0218 6716 cbidf2k - ok
00:44:30.0921 6716 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:44:31.0609 6716 CCDECODE - ok
00:44:32.0546 6716 cd20xrnt - ok
00:44:33.0406 6716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:44:33.0562 6716 Cdaudio - ok
00:44:34.0625 6716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:44:36.0031 6716 Cdfs - ok
00:44:37.0156 6716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:44:38.0968 6716 Cdrom - ok
00:44:40.0031 6716 Changer - ok
00:44:41.0125 6716 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:44:43.0125 6716 CmBatt - ok
00:44:44.0046 6716 CmdIde - ok
00:44:45.0343 6716 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
00:44:45.0875 6716 COH_Mon - ok
00:44:47.0187 6716 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:44:47.0812 6716 Compbatt - ok
00:44:48.0406 6716 Cpqarray - ok
00:44:49.0000 6716 dac2w2k - ok
00:44:49.0406 6716 dac960nt - ok
00:44:50.0203 6716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:44:50.0625 6716 Disk - ok
00:44:52.0640 6716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:44:54.0828 6716 dmboot - ok
00:44:56.0046 6716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:44:57.0000 6716 dmio - ok
00:44:58.0187 6716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:44:58.0578 6716 dmload - ok
00:44:59.0515 6716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:44:59.0875 6716 DMusic - ok
00:45:00.0906 6716 dpti2o - ok
00:45:02.0125 6716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:45:02.0406 6716 drmkaud - ok
00:45:03.0625 6716 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:45:06.0703 6716 eeCtrl - ok
00:45:08.0125 6716 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:45:11.0500 6716 EraserUtilRebootDrv - ok
00:45:12.0328 6716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:45:12.0796 6716 Fastfat - ok
00:45:13.0328 6716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:45:13.0734 6716 Fdc - ok
00:45:13.0968 6716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:45:14.0343 6716 Fips - ok
00:45:14.0765 6716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:45:14.0921 6716 Flpydisk - ok
00:45:15.0109 6716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:45:15.0250 6716 FltMgr - ok
00:45:15.0578 6716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:45:15.0734 6716 Fs_Rec - ok
00:45:16.0109 6716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:45:16.0125 6716 Ftdisk - ok
00:45:16.0453 6716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:45:16.0593 6716 Gpc - ok
00:45:17.0078 6716 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:45:17.0078 6716 HDAudBus - ok
00:45:17.0250 6716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:45:17.0375 6716 HidUsb - ok
00:45:17.0656 6716 hpn - ok
00:45:18.0437 6716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:45:20.0265 6716 HTTP - ok
00:45:20.0687 6716 i2omgmt - ok
00:45:21.0281 6716 i2omp - ok
00:45:21.0718 6716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:45:21.0718 6716 i8042prt - ok
00:45:21.0984 6716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:45:21.0984 6716 Imapi - ok
00:45:22.0375 6716 ini910u - ok
00:45:22.0718 6716 IntelIde - ok
00:45:23.0062 6716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:45:23.0312 6716 intelppm - ok
00:45:24.0453 6716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:45:24.0656 6716 Ip6Fw - ok
00:45:25.0125 6716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:45:25.0265 6716 IpFilterDriver - ok
00:45:25.0500 6716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:45:25.0625 6716 IpInIp - ok
00:45:26.0046 6716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:45:26.0562 6716 IpNat - ok
00:45:27.0140 6716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:45:27.0140 6716 IPSec - ok
00:45:27.0593 6716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:45:27.0968 6716 IRENUM - ok
00:45:28.0625 6716 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
00:45:29.0343 6716 is3srv - ok
00:45:29.0734 6716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:45:29.0750 6716 isapnp - ok
00:45:30.0296 6716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:45:30.0453 6716 Kbdclass - ok
00:45:30.0875 6716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:45:30.0953 6716 kbdhid - ok
00:45:31.0234 6716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:45:31.0250 6716 kmixer - ok
00:45:31.0671 6716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:45:31.0671 6716 KSecDD - ok
00:45:31.0937 6716 Lavasoft Kernexplorer - ok
00:45:32.0359 6716 lbrtfdc - ok
00:45:32.0687 6716 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
00:45:32.0687 6716 LVUSBSta - ok
00:45:32.0906 6716 MBAMSwissArmy - ok
00:45:33.0281 6716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:45:33.0281 6716 mnmdd - ok
00:45:34.0031 6716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:45:34.0218 6716 Modem - ok
00:45:35.0156 6716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:45:35.0406 6716 Mouclass - ok
00:45:36.0078 6716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:45:36.0250 6716 mouhid - ok
00:45:36.0953 6716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:45:37.0656 6716 MountMgr - ok
00:45:37.0828 6716 mraid35x - ok
00:45:38.0359 6716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:45:38.0687 6716 MRxDAV - ok
00:45:39.0187 6716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:45:39.0359 6716 MRxSmb - ok
00:45:39.0750 6716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:45:40.0000 6716 Msfs - ok
00:45:40.0703 6716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:45:40.0953 6716 MSKSSRV - ok
00:45:41.0437 6716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:45:41.0656 6716 MSPCLOCK - ok
00:45:42.0015 6716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:45:42.0828 6716 MSPQM - ok
00:45:44.0093 6716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:45:45.0265 6716 mssmbios - ok
00:45:46.0500 6716 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:45:47.0343 6716 MSTEE - ok
00:45:48.0921 6716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:45:49.0843 6716 Mup - ok
00:45:51.0093 6716 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:45:51.0812 6716 NABTSFEC - ok
00:45:53.0375 6716 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.001\NAVENG.SYS
00:45:53.0453 6716 NAVENG - ok
00:45:56.0281 6716 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.001\NAVEX15.SYS
00:45:56.0390 6716 NAVEX15 - ok
00:45:57.0937 6716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:45:58.0171 6716 NDIS - ok
00:45:59.0953 6716 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:46:01.0609 6716 NdisIP - ok
00:46:03.0656 6716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:46:07.0140 6716 NdisTapi - ok
00:46:08.0937 6716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:46:09.0109 6716 Ndisuio - ok
00:46:10.0859 6716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:46:15.0296 6716 NdisWan - ok
00:46:17.0187 6716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:46:17.0187 6716 NDProxy - ok
00:46:19.0109 6716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:46:19.0734 6716 NetBIOS - ok
00:46:21.0812 6716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:46:21.0812 6716 NetBT - ok
00:46:22.0703 6716 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:46:22.0703 6716 NIC1394 - ok
00:46:23.0703 6716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:46:23.0703 6716 Npfs - ok
00:46:24.0453 6716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:46:24.0828 6716 Ntfs - ok
00:46:25.0265 6716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:46:25.0296 6716 Null - ok
00:46:25.0828 6716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:46:26.0046 6716 NwlnkFlt - ok
00:46:26.0968 6716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:46:28.0000 6716 NwlnkFwd - ok
00:46:29.0125 6716 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:46:29.0125 6716 ohci1394 - ok
00:46:30.0781 6716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:46:30.0906 6716 Parport - ok
00:46:32.0687 6716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:46:32.0718 6716 PartMgr - ok
00:46:34.0406 6716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:46:35.0156 6716 ParVdm - ok
00:46:36.0953 6716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:46:38.0578 6716 PCI - ok
00:46:39.0562 6716 PCIDump - ok
00:46:41.0125 6716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:46:41.0125 6716 PCIIde - ok
00:46:42.0656 6716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:46:44.0203 6716 Pcmcia - ok
00:46:45.0421 6716 PDCOMP - ok
00:46:46.0484 6716 PDFRAME - ok
00:46:47.0796 6716 PDRELI - ok
00:46:48.0781 6716 PDRFRAME - ok
00:46:49.0796 6716 perc2 - ok
00:46:50.0812 6716 perc2hib - ok
00:46:52.0656 6716 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
00:46:54.0921 6716 PID_0928 - ok
00:46:55.0984 6716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:46:55.0984 6716 PptpMiniport - ok
00:46:56.0812 6716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:46:56.0828 6716 PSched - ok
00:46:57.0921 6716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:46:57.0921 6716 Ptilink - ok
00:46:58.0921 6716 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:47:01.0640 6716 PxHelp20 - ok
00:47:02.0687 6716 ql1080 - ok
00:47:03.0296 6716 Ql10wnt - ok
00:47:03.0875 6716 ql12160 - ok
00:47:04.0687 6716 ql1240 - ok
00:47:05.0500 6716 ql1280 - ok
00:47:06.0203 6716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:47:06.0203 6716 RasAcd - ok
00:47:07.0250 6716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:47:07.0437 6716 Rasl2tp - ok
00:47:08.0296 6716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:47:08.0531 6716 RasPppoe - ok
00:47:09.0546 6716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:47:09.0546 6716 Raspti - ok
00:47:10.0562 6716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:47:10.0656 6716 Rdbss - ok
00:47:11.0687 6716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:47:11.0687 6716 RDPCDD - ok
00:47:12.0562 6716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:47:12.0703 6716 rdpdr - ok
00:47:13.0890 6716 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:47:13.0890 6716 RDPWD - ok
00:47:14.0781 6716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:47:16.0453 6716 redbook - ok
00:47:17.0281 6716 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
00:47:18.0109 6716 SASDIFSV - ok
00:47:18.0828 6716 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
00:47:18.0968 6716 SASKUTIL - ok
00:47:20.0546 6716 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
00:47:20.0625 6716 sdbus - ok
00:47:21.0828 6716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:47:23.0703 6716 Secdrv - ok
00:47:24.0359 6716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:47:24.0796 6716 Serial - ok
00:47:25.0687 6716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:47:25.0687 6716 Sfloppy - ok
00:47:26.0562 6716 Simbad - ok
00:47:27.0593 6716 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:47:28.0265 6716 SLIP - ok
00:47:29.0312 6716 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
00:47:29.0906 6716 SONYPVU1 - ok
00:47:30.0562 6716 Sparrow - ok
00:47:31.0609 6716 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
00:47:31.0890 6716 SPBBCDrv - ok
00:47:32.0437 6716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:47:32.0437 6716 splitter - ok
00:47:33.0125 6716 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
00:47:33.0140 6716 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
00:47:33.0140 6716 sptd ( LockedFile.Multi.Generic ) - warning
00:47:33.0140 6716 sptd - detected LockedFile.Multi.Generic (1)
00:47:33.0531 6716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:47:33.0656 6716 sr - ok
00:47:34.0093 6716 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
00:47:34.0109 6716 SRTSP - ok
00:47:34.0453 6716 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
00:47:34.0875 6716 SRTSPL - ok
00:47:35.0453 6716 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
00:47:35.0468 6716 SRTSPX - ok
00:47:35.0843 6716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:47:35.0875 6716 Srv - ok
00:47:36.0546 6716 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
00:47:37.0250 6716 STHDA - ok
00:47:37.0656 6716 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:47:37.0687 6716 streamip - ok
00:47:37.0812 6716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:47:37.0812 6716 swenum - ok
00:47:38.0531 6716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:47:38.0531 6716 swmidi - ok
00:47:38.0750 6716 symc810 - ok
00:47:38.0906 6716 symc8xx - ok
00:47:39.0000 6716 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:47:39.0000 6716 SymEvent - ok
00:47:39.0093 6716 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
00:47:39.0187 6716 SYMREDRV - ok
00:47:39.0328 6716 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
00:47:39.0359 6716 SYMTDI - ok
00:47:39.0500 6716 sym_hi - ok
00:47:39.0625 6716 sym_u3 - ok
00:47:39.0890 6716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:47:39.0890 6716 sysaudio - ok
00:47:40.0093 6716 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
00:47:40.0093 6716 szkg5 - ok
00:47:40.0250 6716 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
00:47:40.0250 6716 szkgfs - ok
00:47:40.0609 6716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:47:41.0406 6716 Tcpip - ok
00:47:41.0593 6716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:47:41.0671 6716 TDPIPE - ok
00:47:42.0015 6716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:47:42.0125 6716 TDTCP - ok
00:47:42.0187 6716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:47:42.0218 6716 TermDD - ok
00:47:42.0375 6716 TosIde - ok
00:47:42.0593 6716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:47:42.0718 6716 Udfs - ok
00:47:42.0781 6716 ultra - ok
00:47:42.0968 6716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:47:43.0203 6716 Update - ok
00:47:43.0390 6716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:47:43.0531 6716 usbccgp - ok
00:47:43.0687 6716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:47:43.0781 6716 usbehci - ok
00:47:43.0875 6716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:47:43.0953 6716 usbhub - ok
00:47:44.0062 6716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:47:44.0171 6716 USBSTOR - ok
00:47:44.0250 6716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:47:44.0343 6716 usbuhci - ok
00:47:44.0484 6716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:47:44.0546 6716 VgaSave - ok
00:47:44.0609 6716 ViaIde - ok
00:47:44.0734 6716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:47:44.0796 6716 VolSnap - ok
00:47:44.0968 6716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:47:45.0078 6716 Wanarp - ok
00:47:45.0156 6716 WDICA - ok
00:47:45.0250 6716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:47:45.0328 6716 wdmaud - ok
00:47:45.0453 6716 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
00:47:45.0593 6716 WINIO - ok
00:47:45.0765 6716 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:47:45.0859 6716 WSTCODEC - ok
00:47:46.0015 6716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:47:46.0171 6716 WudfPf - ok
00:47:46.0281 6716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:47:46.0390 6716 WudfRd - ok
00:47:46.0453 6716 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
00:47:46.0453 6716 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - infected
00:47:46.0453 6716 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
00:47:46.0484 6716 Boot (0x1200) (411789eec57e1f1a8f9d906fbaaeb928) \Device\Harddisk0\DR0\Partition0
00:47:46.0500 6716 \Device\Harddisk0\DR0\Partition0 - ok
00:47:46.0500 6716 ============================================================
00:47:46.0500 6716 Scan finished
00:47:46.0500 6716 ============================================================
00:47:46.0578 5036 Detected object count: 2
00:47:46.0578 5036 Actual detected object count: 2
01:38:10.0437 5036 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:38:10.0671 5036 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
01:38:11.0781 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - will be cured on reboot
01:38:11.0796 5036 \Device\Harddisk0\DR0 - ok
01:38:11.0796 5036 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.a ) - User select action: Cure
01:38:27.0078 2868 Deinitialize success

Symantec also found a trojan at the end of TDSSKiller scan. Below is the log -

10/4/2011 1:06 Trojan Horse Quarantined field[1].swf File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OSU7YC5G\ VT-8D8FDDC9D94D SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully.

9/30/2011 9:41 Trojan Horse Quarantined field[1].swf File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\B889NZWQ\ VT-8D8FDDC9D94D SYSTEM Infected Quarantine Clean security risk Quarantine Auto-Protect scan The file was quarantined successfully.

I frequently get an 'unresponsive script' message when I run Mozilla, freezing the browser for a while. Is this also due to some malware?

Thank you

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 04 October 2011 - 12:20 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com

DDS::
uStart Page = hxxp://www.ask.com/?l=dis&o=14597

Firefox::
FF - ProfilePath - c:\documents and settings\phani\Application Data\Mozilla\Firefox\Profiles\lsxg2yix.default\
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&apn_uid=e924440a-6469-4718-b7f6-6a13dee20fb5&apn_ptnrs=FV&apn_sauid=5C72EEE0-3419-47A8-BB49-A988D2BFB043&apn_dtid=YYYYYYYYUS&q=


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2011 - 03:08 PM

I have run the script file you gave through combofix. But combofix does not seem to do anything. The first two times the screen went blank after about 30 minutes and the computer just froze, so I had to hard boot. Now the third time, combofix has been running for over an hour without completing even the 1st stage. I can see only the blue screen with the first 3 lines - 'Scanning for...', 'This typically...' and 'However, scan times...'.
I have disabled symantec and superantisypware before I ran combofix and I am not running any other application on my infected computer.
Should I wait and try the same process if necessary?
Thank you
Phani

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 04 October 2011 - 04:03 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2011 - 09:49 PM

Hi Gringo,
I tried running the script in safe mode, but the same problem persists. It has been an hour since I ran combofix, but even the 1st stage is not completed. Moreover the computer has frozen (the time shown is 1 hour behind), although the mouse pointer can still be moved.
What should I do next?
Phani

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:29 PM

Posted 04 October 2011 - 10:07 PM

Hello


restart the computer and rerun TDSSKiller again and give me the reporty


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 virus_victim

virus_victim
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:07:29 PM

Posted 04 October 2011 - 10:41 PM

Hi Gringo,
Below is the log from TDSSKiller. Only one suspicious object was found and the scan was over in seconds.

23:36:35.0484 3008 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
23:36:35.0875 3008 ============================================================
23:36:35.0875 3008 Current date / time: 2011/10/04 23:36:35.0875
23:36:35.0875 3008 SystemInfo:
23:36:35.0875 3008
23:36:35.0875 3008 OS Version: 5.1.2600 ServicePack: 3.0
23:36:35.0875 3008 Product type: Workstation
23:36:35.0875 3008 ComputerName: VT-8D8FDDC9D94D
23:36:35.0890 3008 UserName: phani
23:36:35.0890 3008 Windows directory: C:\WINDOWS
23:36:35.0890 3008 System windows directory: C:\WINDOWS
23:36:35.0890 3008 Processor architecture: Intel x86
23:36:35.0890 3008 Number of processors: 2
23:36:35.0890 3008 Page size: 0x1000
23:36:35.0890 3008 Boot type: Normal boot
23:36:35.0890 3008 ============================================================
23:36:37.0671 3008 Initialize success
23:36:44.0640 3756 ============================================================
23:36:44.0640 3756 Scan started
23:36:44.0640 3756 Mode: Manual;
23:36:44.0640 3756 ============================================================
23:36:46.0578 3756 Abiosdsk - ok
23:36:46.0593 3756 abp480n5 - ok
23:36:46.0656 3756 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:36:46.0656 3756 ACPI - ok
23:36:46.0703 3756 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:36:46.0718 3756 ACPIEC - ok
23:36:46.0734 3756 adpu160m - ok
23:36:46.0781 3756 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:36:46.0796 3756 aec - ok
23:36:46.0843 3756 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:36:46.0859 3756 AFD - ok
23:36:46.0859 3756 Aha154x - ok
23:36:46.0875 3756 aic78u2 - ok
23:36:46.0890 3756 aic78xx - ok
23:36:46.0906 3756 AliIde - ok
23:36:46.0921 3756 amsint - ok
23:36:46.0984 3756 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:36:46.0984 3756 Arp1394 - ok
23:36:47.0000 3756 asc - ok
23:36:47.0000 3756 asc3350p - ok
23:36:47.0015 3756 asc3550 - ok
23:36:47.0046 3756 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:36:47.0046 3756 AsyncMac - ok
23:36:47.0062 3756 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:36:47.0062 3756 atapi - ok
23:36:47.0078 3756 Atdisk - ok
23:36:47.0203 3756 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:36:47.0234 3756 ati2mtag - ok
23:36:47.0312 3756 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:36:47.0312 3756 Atmarpc - ok
23:36:47.0359 3756 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:36:47.0359 3756 audstub - ok
23:36:47.0406 3756 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:36:47.0406 3756 Avgfwdx - ok
23:36:47.0406 3756 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:36:47.0406 3756 Avgfwfd - ok
23:36:47.0500 3756 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:36:47.0515 3756 BCM43XX - ok
23:36:47.0562 3756 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:36:47.0562 3756 bcm4sbxp - ok
23:36:47.0578 3756 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:36:47.0578 3756 Beep - ok
23:36:47.0703 3756 catchme - ok
23:36:47.0750 3756 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:36:47.0765 3756 cbidf2k - ok
23:36:47.0796 3756 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:36:47.0812 3756 CCDECODE - ok
23:36:47.0828 3756 cd20xrnt - ok
23:36:47.0843 3756 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:36:47.0843 3756 Cdaudio - ok
23:36:47.0906 3756 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:36:47.0906 3756 Cdfs - ok
23:36:47.0953 3756 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:36:47.0968 3756 Cdrom - ok
23:36:47.0968 3756 Changer - ok
23:36:48.0015 3756 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:36:48.0015 3756 CmBatt - ok
23:36:48.0015 3756 CmdIde - ok
23:36:48.0062 3756 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
23:36:48.0062 3756 COH_Mon - ok
23:36:48.0093 3756 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:36:48.0093 3756 Compbatt - ok
23:36:48.0109 3756 Cpqarray - ok
23:36:48.0125 3756 dac2w2k - ok
23:36:48.0140 3756 dac960nt - ok
23:36:48.0171 3756 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:36:48.0171 3756 Disk - ok
23:36:48.0250 3756 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:36:48.0265 3756 dmboot - ok
23:36:48.0312 3756 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:36:48.0312 3756 dmio - ok
23:36:48.0328 3756 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:36:48.0328 3756 dmload - ok
23:36:48.0406 3756 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:36:48.0406 3756 DMusic - ok
23:36:48.0421 3756 dpti2o - ok
23:36:48.0437 3756 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:36:48.0437 3756 drmkaud - ok
23:36:48.0593 3756 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:36:48.0609 3756 eeCtrl - ok
23:36:48.0671 3756 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:36:48.0671 3756 EraserUtilRebootDrv - ok
23:36:48.0687 3756 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:36:48.0765 3756 Fastfat - ok
23:36:48.0812 3756 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:36:48.0812 3756 Fdc - ok
23:36:48.0828 3756 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:36:48.0828 3756 Fips - ok
23:36:48.0843 3756 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:36:48.0843 3756 Flpydisk - ok
23:36:48.0875 3756 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:36:48.0875 3756 FltMgr - ok
23:36:48.0906 3756 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:36:48.0906 3756 Fs_Rec - ok
23:36:48.0937 3756 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:36:48.0937 3756 Ftdisk - ok
23:36:48.0953 3756 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:36:48.0953 3756 Gpc - ok
23:36:49.0015 3756 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:36:49.0015 3756 HDAudBus - ok
23:36:49.0078 3756 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:36:49.0078 3756 HidUsb - ok
23:36:49.0093 3756 hpn - ok
23:36:49.0156 3756 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:36:49.0156 3756 HTTP - ok
23:36:49.0171 3756 i2omgmt - ok
23:36:49.0171 3756 i2omp - ok
23:36:49.0218 3756 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:36:49.0218 3756 i8042prt - ok
23:36:49.0250 3756 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:36:49.0250 3756 Imapi - ok
23:36:49.0265 3756 ini910u - ok
23:36:49.0281 3756 IntelIde - ok
23:36:49.0296 3756 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:36:49.0296 3756 intelppm - ok
23:36:49.0312 3756 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:36:49.0312 3756 Ip6Fw - ok
23:36:49.0375 3756 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:36:49.0375 3756 IpFilterDriver - ok
23:36:49.0406 3756 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:36:49.0406 3756 IpInIp - ok
23:36:49.0437 3756 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:36:49.0437 3756 IpNat - ok
23:36:49.0453 3756 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:36:49.0453 3756 IPSec - ok
23:36:49.0500 3756 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:36:49.0500 3756 IRENUM - ok
23:36:49.0546 3756 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
23:36:49.0562 3756 is3srv - ok
23:36:49.0593 3756 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:36:49.0593 3756 isapnp - ok
23:36:49.0609 3756 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:36:49.0609 3756 Kbdclass - ok
23:36:49.0671 3756 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:36:49.0671 3756 kbdhid - ok
23:36:49.0718 3756 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:36:49.0718 3756 kmixer - ok
23:36:49.0765 3756 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:36:49.0765 3756 KSecDD - ok
23:36:49.0828 3756 Lavasoft Kernexplorer - ok
23:36:49.0843 3756 lbrtfdc - ok
23:36:49.0906 3756 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
23:36:49.0906 3756 LVUSBSta - ok
23:36:49.0921 3756 MBAMSwissArmy - ok
23:36:49.0984 3756 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:36:49.0984 3756 mnmdd - ok
23:36:50.0031 3756 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:36:50.0046 3756 Modem - ok
23:36:50.0078 3756 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:36:50.0078 3756 Mouclass - ok
23:36:50.0109 3756 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:36:50.0109 3756 mouhid - ok
23:36:50.0140 3756 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:36:50.0140 3756 MountMgr - ok
23:36:50.0140 3756 mraid35x - ok
23:36:50.0171 3756 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:36:50.0187 3756 MRxDAV - ok
23:36:50.0250 3756 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:36:50.0265 3756 MRxSmb - ok
23:36:50.0281 3756 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:36:50.0281 3756 Msfs - ok
23:36:50.0343 3756 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:36:50.0343 3756 MSKSSRV - ok
23:36:50.0375 3756 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:36:50.0375 3756 MSPCLOCK - ok
23:36:50.0390 3756 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:36:50.0390 3756 MSPQM - ok
23:36:50.0421 3756 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:36:50.0421 3756 mssmbios - ok
23:36:50.0468 3756 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:36:50.0468 3756 MSTEE - ok
23:36:50.0515 3756 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:36:50.0515 3756 Mup - ok
23:36:50.0546 3756 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:36:50.0546 3756 NABTSFEC - ok
23:36:50.0718 3756 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.025\NAVENG.SYS
23:36:50.0718 3756 NAVENG - ok
23:36:50.0843 3756 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.025\NAVEX15.SYS
23:36:50.0859 3756 NAVEX15 - ok
23:36:50.0921 3756 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:36:50.0921 3756 NDIS - ok
23:36:50.0937 3756 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:36:50.0937 3756 NdisIP - ok
23:36:50.0968 3756 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:36:50.0968 3756 NdisTapi - ok
23:36:51.0015 3756 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:36:51.0031 3756 Ndisuio - ok
23:36:51.0046 3756 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:36:51.0046 3756 NdisWan - ok
23:36:51.0093 3756 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:36:51.0093 3756 NDProxy - ok
23:36:51.0125 3756 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:36:51.0125 3756 NetBIOS - ok
23:36:51.0140 3756 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:36:51.0156 3756 NetBT - ok
23:36:51.0203 3756 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:36:51.0203 3756 NIC1394 - ok
23:36:51.0218 3756 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:36:51.0234 3756 Npfs - ok
23:36:51.0281 3756 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:36:51.0281 3756 Ntfs - ok
23:36:51.0312 3756 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:36:51.0312 3756 Null - ok
23:36:51.0359 3756 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:36:51.0359 3756 NwlnkFlt - ok
23:36:51.0390 3756 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:36:51.0390 3756 NwlnkFwd - ok
23:36:51.0453 3756 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:36:51.0453 3756 ohci1394 - ok
23:36:51.0468 3756 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:36:51.0468 3756 Parport - ok
23:36:51.0484 3756 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:36:51.0484 3756 PartMgr - ok
23:36:51.0515 3756 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:36:51.0515 3756 ParVdm - ok
23:36:51.0546 3756 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:36:51.0546 3756 PCI - ok
23:36:51.0562 3756 PCIDump - ok
23:36:51.0609 3756 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:36:51.0625 3756 PCIIde - ok
23:36:51.0671 3756 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:36:51.0687 3756 Pcmcia - ok
23:36:51.0703 3756 PDCOMP - ok
23:36:51.0718 3756 PDFRAME - ok
23:36:51.0718 3756 PDRELI - ok
23:36:51.0734 3756 PDRFRAME - ok
23:36:51.0750 3756 perc2 - ok
23:36:51.0765 3756 perc2hib - ok
23:36:51.0843 3756 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
23:36:51.0843 3756 PID_0928 - ok
23:36:51.0890 3756 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:36:51.0890 3756 PptpMiniport - ok
23:36:51.0921 3756 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:36:51.0921 3756 PSched - ok
23:36:51.0937 3756 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:36:51.0937 3756 Ptilink - ok
23:36:51.0984 3756 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:36:52.0000 3756 PxHelp20 - ok
23:36:52.0000 3756 ql1080 - ok
23:36:52.0015 3756 Ql10wnt - ok
23:36:52.0031 3756 ql12160 - ok
23:36:52.0046 3756 ql1240 - ok
23:36:52.0062 3756 ql1280 - ok
23:36:52.0078 3756 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:36:52.0078 3756 RasAcd - ok
23:36:52.0109 3756 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:36:52.0109 3756 Rasl2tp - ok
23:36:52.0125 3756 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:36:52.0140 3756 RasPppoe - ok
23:36:52.0156 3756 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:36:52.0156 3756 Raspti - ok
23:36:52.0187 3756 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:36:52.0187 3756 Rdbss - ok
23:36:52.0203 3756 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:36:52.0203 3756 RDPCDD - ok
23:36:52.0265 3756 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:36:52.0265 3756 rdpdr - ok
23:36:52.0328 3756 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:36:52.0328 3756 RDPWD - ok
23:36:52.0343 3756 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:36:52.0343 3756 redbook - ok
23:36:52.0453 3756 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:36:52.0453 3756 SASDIFSV - ok
23:36:52.0468 3756 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:36:52.0468 3756 SASKUTIL - ok
23:36:52.0531 3756 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:36:52.0531 3756 sdbus - ok
23:36:52.0562 3756 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:36:52.0562 3756 Secdrv - ok
23:36:52.0593 3756 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:36:52.0593 3756 Serial - ok
23:36:52.0625 3756 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:36:52.0625 3756 Sfloppy - ok
23:36:52.0640 3756 Simbad - ok
23:36:52.0687 3756 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:36:52.0687 3756 SLIP - ok
23:36:52.0750 3756 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:36:52.0750 3756 SONYPVU1 - ok
23:36:52.0765 3756 Sparrow - ok
23:36:52.0875 3756 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:36:52.0875 3756 SPBBCDrv - ok
23:36:52.0937 3756 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:36:52.0937 3756 splitter - ok
23:36:53.0015 3756 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
23:36:53.0015 3756 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
23:36:53.0015 3756 sptd ( LockedFile.Multi.Generic ) - warning
23:36:53.0015 3756 sptd - detected LockedFile.Multi.Generic (1)
23:36:53.0078 3756 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:36:53.0078 3756 sr - ok
23:36:53.0093 3756 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
23:36:53.0093 3756 SRTSP - ok
23:36:53.0140 3756 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
23:36:53.0140 3756 SRTSPL - ok
23:36:53.0171 3756 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
23:36:53.0171 3756 SRTSPX - ok
23:36:53.0234 3756 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:36:53.0234 3756 Srv - ok
23:36:53.0312 3756 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
23:36:53.0343 3756 STHDA - ok
23:36:53.0390 3756 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:36:53.0390 3756 streamip - ok
23:36:53.0437 3756 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:36:53.0453 3756 swenum - ok
23:36:53.0468 3756 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:36:53.0468 3756 swmidi - ok
23:36:53.0484 3756 symc810 - ok
23:36:53.0500 3756 symc8xx - ok
23:36:53.0531 3756 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:36:53.0531 3756 SymEvent - ok
23:36:53.0593 3756 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:36:53.0593 3756 SYMREDRV - ok
23:36:53.0640 3756 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:36:53.0640 3756 SYMTDI - ok
23:36:53.0656 3756 sym_hi - ok
23:36:53.0671 3756 sym_u3 - ok
23:36:53.0703 3756 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:36:53.0703 3756 sysaudio - ok
23:36:53.0765 3756 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
23:36:53.0765 3756 szkg5 - ok
23:36:53.0781 3756 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
23:36:53.0781 3756 szkgfs - ok
23:36:53.0843 3756 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:36:53.0859 3756 Tcpip - ok
23:36:53.0906 3756 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:36:53.0906 3756 TDPIPE - ok
23:36:53.0921 3756 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:36:53.0921 3756 TDTCP - ok
23:36:53.0953 3756 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:36:53.0953 3756 TermDD - ok
23:36:53.0984 3756 TosIde - ok
23:36:54.0031 3756 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:36:54.0046 3756 Udfs - ok
23:36:54.0062 3756 ultra - ok
23:36:54.0140 3756 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:36:54.0140 3756 Update - ok
23:36:54.0203 3756 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:36:54.0203 3756 usbccgp - ok
23:36:54.0265 3756 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:36:54.0265 3756 usbehci - ok
23:36:54.0281 3756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:36:54.0281 3756 usbhub - ok
23:36:54.0328 3756 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:36:54.0328 3756 USBSTOR - ok
23:36:54.0343 3756 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:36:54.0359 3756 usbuhci - ok
23:36:54.0421 3756 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:36:54.0421 3756 VgaSave - ok
23:36:54.0437 3756 ViaIde - ok
23:36:54.0453 3756 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:36:54.0468 3756 VolSnap - ok
23:36:54.0500 3756 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:36:54.0500 3756 Wanarp - ok
23:36:54.0515 3756 WDICA - ok
23:36:54.0578 3756 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:36:54.0578 3756 wdmaud - ok
23:36:54.0625 3756 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
23:36:54.0671 3756 WINIO - ok
23:36:54.0765 3756 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:36:54.0765 3756 WSTCODEC - ok
23:36:54.0812 3756 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:36:54.0812 3756 WudfPf - ok
23:36:54.0843 3756 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:36:54.0843 3756 WudfRd - ok
23:36:54.0890 3756 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:36:55.0187 3756 \Device\Harddisk0\DR0 - ok
23:36:55.0187 3756 Boot (0x1200) (411789eec57e1f1a8f9d906fbaaeb928) \Device\Harddisk0\DR0\Partition0
23:36:55.0187 3756 \Device\Harddisk0\DR0\Partition0 - ok
23:36:55.0187 3756 ============================================================
23:36:55.0187 3756 Scan finished
23:36:55.0187 3756 ============================================================
23:36:55.0203 3744 Detected object count: 1
23:36:55.0203 3744 Actual detected object count: 1
23:37:42.0671 3744 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:37:42.0671 3744 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
23:37:48.0156 1808 ============================================================
23:37:48.0156 1808 Scan started
23:37:48.0156 1808 Mode: Manual;
23:37:48.0156 1808 ============================================================
23:37:48.0875 1808 Abiosdsk - ok
23:37:48.0890 1808 abp480n5 - ok
23:37:48.0937 1808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:37:48.0953 1808 ACPI - ok
23:37:49.0000 1808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:37:49.0000 1808 ACPIEC - ok
23:37:49.0000 1808 adpu160m - ok
23:37:49.0062 1808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:37:49.0062 1808 aec - ok
23:37:49.0125 1808 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
23:37:49.0125 1808 AFD - ok
23:37:49.0125 1808 Aha154x - ok
23:37:49.0140 1808 aic78u2 - ok
23:37:49.0156 1808 aic78xx - ok
23:37:49.0171 1808 AliIde - ok
23:37:49.0187 1808 amsint - ok
23:37:49.0234 1808 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:37:49.0234 1808 Arp1394 - ok
23:37:49.0250 1808 asc - ok
23:37:49.0265 1808 asc3350p - ok
23:37:49.0281 1808 asc3550 - ok
23:37:49.0312 1808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:37:49.0312 1808 AsyncMac - ok
23:37:49.0328 1808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:37:49.0328 1808 atapi - ok
23:37:49.0328 1808 Atdisk - ok
23:37:49.0468 1808 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
23:37:49.0484 1808 ati2mtag - ok
23:37:49.0515 1808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:37:49.0515 1808 Atmarpc - ok
23:37:49.0562 1808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:37:49.0562 1808 audstub - ok
23:37:49.0609 1808 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:37:49.0609 1808 Avgfwdx - ok
23:37:49.0609 1808 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
23:37:49.0609 1808 Avgfwfd - ok
23:37:49.0703 1808 BCM43XX (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
23:37:49.0703 1808 BCM43XX - ok
23:37:49.0765 1808 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:37:49.0765 1808 bcm4sbxp - ok
23:37:49.0781 1808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:37:49.0781 1808 Beep - ok
23:37:49.0906 1808 catchme - ok
23:37:49.0953 1808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:37:49.0953 1808 cbidf2k - ok
23:37:50.0000 1808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:37:50.0000 1808 CCDECODE - ok
23:37:50.0015 1808 cd20xrnt - ok
23:37:50.0031 1808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:37:50.0031 1808 Cdaudio - ok
23:37:50.0093 1808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:37:50.0093 1808 Cdfs - ok
23:37:50.0140 1808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:37:50.0140 1808 Cdrom - ok
23:37:50.0156 1808 Changer - ok
23:37:50.0187 1808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:37:50.0187 1808 CmBatt - ok
23:37:50.0203 1808 CmdIde - ok
23:37:50.0250 1808 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys
23:37:50.0250 1808 COH_Mon - ok
23:37:50.0265 1808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:37:50.0265 1808 Compbatt - ok
23:37:50.0281 1808 Cpqarray - ok
23:37:50.0296 1808 dac2w2k - ok
23:37:50.0312 1808 dac960nt - ok
23:37:50.0328 1808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:37:50.0328 1808 Disk - ok
23:37:50.0437 1808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
23:37:50.0437 1808 dmboot - ok
23:37:50.0484 1808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
23:37:50.0484 1808 dmio - ok
23:37:50.0500 1808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:37:50.0500 1808 dmload - ok
23:37:50.0546 1808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:37:50.0546 1808 DMusic - ok
23:37:50.0562 1808 dpti2o - ok
23:37:50.0578 1808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:37:50.0593 1808 drmkaud - ok
23:37:50.0718 1808 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:37:50.0718 1808 eeCtrl - ok
23:37:50.0765 1808 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:37:50.0765 1808 EraserUtilRebootDrv - ok
23:37:50.0796 1808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:37:50.0796 1808 Fastfat - ok
23:37:50.0828 1808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
23:37:50.0828 1808 Fdc - ok
23:37:50.0843 1808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
23:37:50.0843 1808 Fips - ok
23:37:50.0859 1808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:37:50.0859 1808 Flpydisk - ok
23:37:50.0890 1808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:37:50.0890 1808 FltMgr - ok
23:37:50.0921 1808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:37:50.0921 1808 Fs_Rec - ok
23:37:50.0953 1808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:37:50.0953 1808 Ftdisk - ok
23:37:50.0968 1808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:37:50.0968 1808 Gpc - ok
23:37:51.0031 1808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:37:51.0031 1808 HDAudBus - ok
23:37:51.0109 1808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:37:51.0109 1808 HidUsb - ok
23:37:51.0125 1808 hpn - ok
23:37:51.0187 1808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
23:37:51.0187 1808 HTTP - ok
23:37:51.0203 1808 i2omgmt - ok
23:37:51.0218 1808 i2omp - ok
23:37:51.0250 1808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:37:51.0250 1808 i8042prt - ok
23:37:51.0281 1808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:37:51.0281 1808 Imapi - ok
23:37:51.0296 1808 ini910u - ok
23:37:51.0312 1808 IntelIde - ok
23:37:51.0328 1808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:37:51.0328 1808 intelppm - ok
23:37:51.0359 1808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:37:51.0359 1808 Ip6Fw - ok
23:37:51.0406 1808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:37:51.0406 1808 IpFilterDriver - ok
23:37:51.0421 1808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:37:51.0421 1808 IpInIp - ok
23:37:51.0468 1808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:37:51.0468 1808 IpNat - ok
23:37:51.0484 1808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:37:51.0484 1808 IPSec - ok
23:37:51.0531 1808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:37:51.0531 1808 IRENUM - ok
23:37:51.0578 1808 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\drivers\is3srv.sys
23:37:51.0578 1808 is3srv - ok
23:37:51.0609 1808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:37:51.0609 1808 isapnp - ok
23:37:51.0640 1808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:37:51.0640 1808 Kbdclass - ok
23:37:51.0703 1808 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:37:51.0703 1808 kbdhid - ok
23:37:51.0750 1808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:37:51.0750 1808 kmixer - ok
23:37:51.0781 1808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
23:37:51.0796 1808 KSecDD - ok
23:37:51.0859 1808 Lavasoft Kernexplorer - ok
23:37:51.0875 1808 lbrtfdc - ok
23:37:51.0937 1808 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
23:37:51.0937 1808 LVUSBSta - ok
23:37:51.0953 1808 MBAMSwissArmy - ok
23:37:52.0000 1808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:37:52.0000 1808 mnmdd - ok
23:37:52.0062 1808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
23:37:52.0062 1808 Modem - ok
23:37:52.0093 1808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:37:52.0093 1808 Mouclass - ok
23:37:52.0125 1808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:37:52.0125 1808 mouhid - ok
23:37:52.0156 1808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:37:52.0156 1808 MountMgr - ok
23:37:52.0156 1808 mraid35x - ok
23:37:52.0187 1808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:37:52.0203 1808 MRxDAV - ok
23:37:52.0265 1808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:37:52.0281 1808 MRxSmb - ok
23:37:52.0296 1808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:37:52.0296 1808 Msfs - ok
23:37:52.0359 1808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:37:52.0359 1808 MSKSSRV - ok
23:37:52.0375 1808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:37:52.0390 1808 MSPCLOCK - ok
23:37:52.0406 1808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:37:52.0406 1808 MSPQM - ok
23:37:52.0437 1808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:37:52.0437 1808 mssmbios - ok
23:37:52.0484 1808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:37:52.0484 1808 MSTEE - ok
23:37:52.0531 1808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
23:37:52.0531 1808 Mup - ok
23:37:52.0562 1808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:37:52.0562 1808 NABTSFEC - ok
23:37:52.0750 1808 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.025\NAVENG.SYS
23:37:52.0750 1808 NAVENG - ok
23:37:52.0859 1808 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111003.025\NAVEX15.SYS
23:37:52.0890 1808 NAVEX15 - ok
23:37:52.0937 1808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:37:52.0953 1808 NDIS - ok
23:37:52.0968 1808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:37:52.0968 1808 NdisIP - ok
23:37:53.0000 1808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:37:53.0000 1808 NdisTapi - ok
23:37:53.0046 1808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:37:53.0046 1808 Ndisuio - ok
23:37:53.0078 1808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:37:53.0078 1808 NdisWan - ok
23:37:53.0125 1808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
23:37:53.0125 1808 NDProxy - ok
23:37:53.0140 1808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:37:53.0140 1808 NetBIOS - ok
23:37:53.0171 1808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:37:53.0171 1808 NetBT - ok
23:37:53.0234 1808 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:37:53.0234 1808 NIC1394 - ok
23:37:53.0250 1808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:37:53.0250 1808 Npfs - ok
23:37:53.0296 1808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:37:53.0312 1808 Ntfs - ok
23:37:53.0343 1808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:37:53.0343 1808 Null - ok
23:37:53.0390 1808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:37:53.0390 1808 NwlnkFlt - ok
23:37:53.0421 1808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:37:53.0421 1808 NwlnkFwd - ok
23:37:53.0468 1808 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:37:53.0468 1808 ohci1394 - ok
23:37:53.0500 1808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
23:37:53.0500 1808 Parport - ok
23:37:53.0515 1808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:37:53.0515 1808 PartMgr - ok
23:37:53.0531 1808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
23:37:53.0531 1808 ParVdm - ok
23:37:53.0562 1808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
23:37:53.0562 1808 PCI - ok
23:37:53.0578 1808 PCIDump - ok
23:37:53.0625 1808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:37:53.0625 1808 PCIIde - ok
23:37:53.0687 1808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:37:53.0687 1808 Pcmcia - ok
23:37:53.0703 1808 PDCOMP - ok
23:37:53.0718 1808 PDFRAME - ok
23:37:53.0718 1808 PDRELI - ok
23:37:53.0734 1808 PDRFRAME - ok
23:37:53.0750 1808 perc2 - ok
23:37:53.0765 1808 perc2hib - ok
23:37:53.0843 1808 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
23:37:53.0859 1808 PID_0928 - ok
23:37:53.0890 1808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:37:53.0890 1808 PptpMiniport - ok
23:37:53.0921 1808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:37:53.0921 1808 PSched - ok
23:37:53.0953 1808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:37:53.0953 1808 Ptilink - ok
23:37:54.0000 1808 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:37:54.0000 1808 PxHelp20 - ok
23:37:54.0000 1808 ql1080 - ok
23:37:54.0015 1808 Ql10wnt - ok
23:37:54.0031 1808 ql12160 - ok
23:37:54.0046 1808 ql1240 - ok
23:37:54.0062 1808 ql1280 - ok
23:37:54.0078 1808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:37:54.0078 1808 RasAcd - ok
23:37:54.0093 1808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:37:54.0093 1808 Rasl2tp - ok
23:37:54.0125 1808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:37:54.0125 1808 RasPppoe - ok
23:37:54.0140 1808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:37:54.0156 1808 Raspti - ok
23:37:54.0171 1808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:37:54.0171 1808 Rdbss - ok
23:37:54.0187 1808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:37:54.0187 1808 RDPCDD - ok
23:37:54.0265 1808 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:37:54.0265 1808 rdpdr - ok
23:37:54.0312 1808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
23:37:54.0312 1808 RDPWD - ok
23:37:54.0328 1808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:37:54.0328 1808 redbook - ok
23:37:54.0453 1808 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
23:37:54.0453 1808 SASDIFSV - ok
23:37:54.0468 1808 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
23:37:54.0468 1808 SASKUTIL - ok
23:37:54.0531 1808 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:37:54.0531 1808 sdbus - ok
23:37:54.0546 1808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:37:54.0546 1808 Secdrv - ok
23:37:54.0593 1808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
23:37:54.0593 1808 Serial - ok
23:37:54.0609 1808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:37:54.0625 1808 Sfloppy - ok
23:37:54.0640 1808 Simbad - ok
23:37:54.0687 1808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:37:54.0687 1808 SLIP - ok
23:37:54.0734 1808 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:37:54.0734 1808 SONYPVU1 - ok
23:37:54.0750 1808 Sparrow - ok
23:37:54.0828 1808 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:37:54.0843 1808 SPBBCDrv - ok
23:37:54.0890 1808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:37:54.0890 1808 splitter - ok
23:37:54.0968 1808 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
23:37:54.0968 1808 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
23:37:54.0968 1808 sptd ( LockedFile.Multi.Generic ) - warning
23:37:54.0968 1808 sptd - detected LockedFile.Multi.Generic (1)
23:37:55.0031 1808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
23:37:55.0031 1808 sr - ok
23:37:55.0046 1808 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS
23:37:55.0062 1808 SRTSP - ok
23:37:55.0093 1808 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
23:37:55.0093 1808 SRTSPL - ok
23:37:55.0125 1808 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
23:37:55.0125 1808 SRTSPX - ok
23:37:55.0187 1808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
23:37:55.0187 1808 Srv - ok
23:37:55.0265 1808 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
23:37:55.0281 1808 STHDA - ok
23:37:55.0343 1808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:37:55.0343 1808 streamip - ok
23:37:55.0390 1808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:37:55.0390 1808 swenum - ok
23:37:55.0421 1808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:37:55.0421 1808 swmidi - ok
23:37:55.0437 1808 symc810 - ok
23:37:55.0453 1808 symc8xx - ok
23:37:55.0484 1808 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
23:37:55.0484 1808 SymEvent - ok
23:37:55.0531 1808 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
23:37:55.0531 1808 SYMREDRV - ok
23:37:55.0578 1808 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
23:37:55.0578 1808 SYMTDI - ok
23:37:55.0593 1808 sym_hi - ok
23:37:55.0609 1808 sym_u3 - ok
23:37:55.0640 1808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:37:55.0640 1808 sysaudio - ok
23:37:55.0703 1808 szkg5 (8fe4ecc7877fcfe4e59414708898073d) C:\WINDOWS\system32\DRIVERS\szkg.sys
23:37:55.0703 1808 szkg5 - ok
23:37:55.0718 1808 szkgfs (410a02a920fa9daeec56364e839597c1) C:\WINDOWS\system32\drivers\szkgfs.sys
23:37:55.0718 1808 szkgfs - ok
23:37:55.0781 1808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:37:55.0796 1808 Tcpip - ok
23:37:55.0828 1808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:37:55.0828 1808 TDPIPE - ok
23:37:55.0859 1808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:37:55.0859 1808 TDTCP - ok
23:37:55.0906 1808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:37:55.0906 1808 TermDD - ok
23:37:55.0921 1808 TosIde - ok
23:37:55.0984 1808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:37:55.0984 1808 Udfs - ok
23:37:56.0000 1808 ultra - ok
23:37:56.0078 1808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:37:56.0078 1808 Update - ok
23:37:56.0140 1808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:37:56.0140 1808 usbccgp - ok
23:37:56.0187 1808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:37:56.0203 1808 usbehci - ok
23:37:56.0218 1808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:37:56.0218 1808 usbhub - ok
23:37:56.0265 1808 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:37:56.0265 1808 USBSTOR - ok
23:37:56.0281 1808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:37:56.0281 1808 usbuhci - ok
23:37:56.0343 1808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:37:56.0343 1808 VgaSave - ok
23:37:56.0359 1808 ViaIde - ok
23:37:56.0390 1808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
23:37:56.0390 1808 VolSnap - ok
23:37:56.0421 1808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:37:56.0421 1808 Wanarp - ok
23:37:56.0437 1808 WDICA - ok
23:37:56.0500 1808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:37:56.0500 1808 wdmaud - ok
23:37:56.0562 1808 WINIO (363438fbfd6dbf489c2d65ab25c2c5b4) C:\WINDOWS\system32\winio.sys
23:37:56.0562 1808 WINIO - ok
23:37:56.0640 1808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:37:56.0640 1808 WSTCODEC - ok
23:37:56.0687 1808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:37:56.0687 1808 WudfPf - ok
23:37:56.0734 1808 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:37:56.0734 1808 WudfRd - ok
23:37:56.0765 1808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
23:37:57.0062 1808 \Device\Harddisk0\DR0 - ok
23:37:57.0062 1808 Boot (0x1200) (411789eec57e1f1a8f9d906fbaaeb928) \Device\Harddisk0\DR0\Partition0
23:37:57.0062 1808 \Device\Harddisk0\DR0\Partition0 - ok
23:37:57.0062 1808 ============================================================
23:37:57.0062 1808 Scan finished
23:37:57.0062 1808 ============================================================
23:37:57.0078 3732 Detected object count: 1
23:37:57.0078 3732 Actual detected object count: 1
23:38:02.0546 3732 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:38:02.0546 3732 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


Phani




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users