Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Flash, Reboot loop; Browser Hijack


  • This topic is locked This topic is locked
88 replies to this topic

#1 Eugene1

Eugene1

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 14 October 2011 - 11:50 PM

UPDATE: when running GMER, infection apparently detected it and blocked it. Then blocked internet access, am attaching forwarded files from a temp computer and connection. Could not complete gmer but stopped it scanning before the block and saved - attached. I have not heard of this before; why block net access?

Thanks for this forum and service!
Using Windows XP Pro, SP3 - behind Trendnet router - home network - no one else using it at the time

Problem Beginning:
1. Noticed sloooowdown while loading pages only at Android Nook forums and XDA forums; several other tabs open, and none were sluggish loading.
2. Decided to close Explorer, wasn't responding.


3. Don't recall order of the next two events -
-- An unrequested popup security warning appeared asking whether I wanted to dl a file from IEFrame.dll. Hitting "cancel" or "x" wouldn't close it.
-- Desktop icons disappeared along with taskbar access and Start

4. Ctrl-Alt-Del

Symptoms:
1. Won't boot to Windows. Gets to initial Windows mostly black screen, with loading bar followed by a very rapid blue screen flashing by and then reboots - rinse and repeat.

2. Safe Mode - same result except when loading files, and asked whether to skip SPTD.SYS and I do, Safe Mode will load. I later renamed SPTD.sys, Windows still doesn't load normally, but Safe Mode will.

3. Attempted to run MalwareBytes, HiJack This, Blacklight, Superantispyware, Avast - all fail in various ways ("no rights to runs this", "won't run in software mode", "windows cannot find file", or for Avast iirc, scan instantly "finishes", claiming zero problems). I now have a very bad feeling...

4. Ran System Restore to point at previous day. At reboot, failed the same way, however in Safe Mode, message said "Success" for System Restore.

5. In Safe Mode, Googled for these problems but found that "SPTD.sys" links were always redirected to starfeedsmixer in various configurations of the name. search-system.com appeared often also. Other browser destinations - like this one! - aren't hijacked.

6. Sometimes, a link that is hijacked will go to a presumably fake "page not found" site: "The Click Check", which says, "Please assist us in improving our service by confirming which service referred you here" and requiring a security code of letters to be entered (as legit sites often do).

7. Occasionaly, a security popup will appear, randomly, asking about "navcard HTML doc from ieframe.dll", and won't close. Another one was, "dnserrordiagoff_webOC...from ieframe.dll"

Other Steps taken before posting here:
1. Ran Kaspersky's TDSS (sp?)Killer, found two files - one was identified only as "process - cd" and a code I don't have; the other "process - system"
Quarantined, but no change in behavior.
2. Ran Kaspersky Rescue disk, with medium level scan, and set security to "High". Ran overnight. Identified a number of threats as "high", most were in system restore. Two were the items in TDSS Killer quarantine.I could not find a way to quarantine in the Rescue Disk, only Disinfect, Delete, or Skip. So I too recommended actions, including deleting the two quarantined.
3. Rebooted - no change. Same reboot loop with flash of BSOD.
4. Looked in Registry for entries identifying search-system.com, msadblock32.exe but found none.
5. (Have lost desktop items and Start key now, after message, "Explorer has encountered a problem and must shut down", although it didn't)
6. Processes show only one unfamiliar one running: 896970201:642943434.exe - User is "System". I have never seen that or anything resembling it. Can't kill it.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by user at 22:07:41 on 2011-10-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1382 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\896970201:642943434.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\user\LOCALS~1\Temp\~nsu.tmp\Au_.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://simhq.com/forum/ubbthreads.php/forum_summary.html
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
uInternet Settings,ProxyOverride = localhost;127.0.01
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [igndlm.exe] c:\program files\d2ddownload manager\DLM.exe /windowsstart /startifwork
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [EaseUs Watch] "f:\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "f:\todo backup\bin\TrayNotify.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInstall.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198560724609
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdateonline.msi.com/autobios/LOnline/RELEASECAB/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.uwyo.edu/dana-cached/sc/JuniperSetupClient.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{5FA28DF0-FDD0-40A9-B97D-E4368C916079} : DhcpNameServer = 192.168.10.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-10-2 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-10-2 42376]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-11-5 210736]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-12-10 113664]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-8-2 22784]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-3 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-3-31 320856]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-10-2 16008]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-10-2 184072]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-4-28 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-4-28 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-3-31 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-26 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2010-9-6 2077072]
S2 EaseUS Agent;EaseUS Agent;f:\todo backup\bin\Agent.exe [2011-10-2 60040]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-7-4 16384]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2010-12-24 401920]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 cpuz132;cpuz132;\??\c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\user\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2008-7-30 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2008-10-8 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2008-10-8 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2008-10-8 72728]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2008-12-20 38528]
S3 gel90xne;gel90xne;\??\c:\docume~1\user\locals~1\temp\gel90xne.sys --> c:\docume~1\user\locals~1\temp\gel90xne.sys [?]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [2011-5-26 6656]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\msi\msiwdev\DVDSYS32_100507.sys [2010-5-10 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\msi\msiwdev\msibios32_100507.sys [2010-5-10 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\msi\msiwdev\VGASYS32_100507.sys [2010-5-10 16696]
S3 MsibiosDevice;MsibiosDevice;c:\program files\msi\live update 4\lu4\msibios.sys [2010-10-11 18432]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2009-5-15 36384]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\msi\msiwdev\NTIOLib.sys [2011-1-27 7680]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-2-8 100456]
S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-1 2214504]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-23 27064]
S3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [2006-9-13 136832]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2011b\RpcAgentSrv.exe [2010-12-10 93848]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-4-28 12872]
S3 STONEDRV;AmScope MD Driver;c:\windows\system32\drivers\stonedrv.sys [2010-2-19 17328]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2007-11-5 732672]
S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [2007-11-5 1656576]
S3 tportcls;tportcls;\??\c:\docume~1\user\locals~1\temp\tportcls.sys --> c:\docume~1\user\locals~1\temp\tportcls.sys [?]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [2011-5-26 10240]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-14 03:36:11 -------- d-s---w- C:\ComboFix
2011-10-14 03:30:45 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-13 05:22:40 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 05:03:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-13 05:03:24 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 03:54:51 -------- d-sh--w- c:\documents and settings\user\local settings\application data\d9ad7635
2011-10-10 02:52:33 -------- d-----w- c:\documents and settings\all users\application data\GetGames
2011-10-03 02:31:36 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-10-03 02:31:36 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-10-03 02:31:36 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-10-03 02:31:34 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-10-03 02:30:30 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-10-02 01:48:58 -------- d-sh--w- c:\documents and settings\all users\application data\DSS
2011-10-01 23:32:13 -------- d-----w- c:\program files\D2DDownload Manager
2011-09-29 10:29:36 -------- d-----w- c:\documents and settings\user\local settings\application data\cYo
2011-09-29 10:29:36 -------- d-----w- c:\documents and settings\user\application data\cYo
2011-09-29 10:27:36 -------- d-----w- c:\program files\ComicRack
2011-09-29 05:21:16 -------- d-----w- c:\program files\PDF to ePub Converter
2011-09-27 03:34:39 -------- d-----w- c:\program files\eBookConverter
2011-09-27 01:36:19 -------- d-----w- c:\documents and settings\user\local settings\application data\DeDRMPrefs
2011-09-27 00:50:41 -------- d-----w- c:\documents and settings\user\application data\calibre
2011-09-27 00:50:19 -------- d-----w- c:\program files\Calibre2
2011-09-26 03:02:35 -------- d-----w- c:\documents and settings\user\cr3
2011-09-26 02:53:56 -------- d-----w- c:\program files\ePub to Kindle Converter
2011-09-26 02:35:22 -------- d-----w- c:\program files\FBReader
2011-09-20 01:40:15 -------- d-----w- c:\documents and settings\user\local settings\application data\Amazon
2011-09-18 04:12:17 -------- d-----w- c:\documents and settings\user\application data\AstroPlanner
2011-09-18 04:12:17 -------- d-----w- c:\documents and settings\all users\application data\AstroPlanner
2011-09-16 19:22:52 -------- d-----w- c:\documents and settings\user\application data\f-secure
2011-09-16 19:22:32 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-09-16 18:40:58 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2011-10-11 19:50:12 1361 --sha-w- c:\windows\system32\mmf.sys
2011-09-30 02:07:34 274200 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-09-30 02:07:34 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-09-22 00:04:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:11:14 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45:29 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:38:05 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 05:16:29 274200 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-09-04 20:42:09 25088 ----a-w- c:\windows\system32\ebkp.dll
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-06 05:33:21 326144 ----a-w- c:\windows\system32\EAREMOVE.EXE
2011-07-22 20:51:50 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-03-01 19:21:32 379252 ----a-w- c:\program files\UnGEXUSACAN.exe
.
============= FINISH: 22:07:56.87 ===============

Attached Files


Edited by Eugene1, 15 October 2011 - 01:47 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 17 October 2011 - 11:18 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 01:07 PM

Thank you so much, Gringo. I can see how swamped you guys are. When I get back home this afternoon I will attempt combo fix. The infection had blocked browser access, but I had dl-ed combofix to the desktop earlier, thinking to be ready. Will report results and go from there. If net access remains blocked but email still functions (which is how I was able to post the logs), I will have to jury rig getting results - positive or negative - posted here via another machine and connection.

One question: Although I did not let Combo Fix run through, I launched it to see whether it would report recovery console missing, it did not complain about the console, but it did ask for AV program to be shut down (Avast). However, iirc Avast was paused until reboot (this is all in safe mode, as normal Windows will not load). Combo Fix reported AV running regardless of what closing function I selected for Avast. Advice on this?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 18 October 2011 - 02:47 PM

OK send me the report when ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 05:41 PM

Here is the log, with a few comments. I am happy to rerun combofix and update if you want. Also, concerned about the Avast conflict and seek advice. I have done everything I can find to "stop" or end it.

Am sending this before restating the infected computer, as running it has interfered with internet connectivity and I wanted to be sure to get this out. Will post again with any news about how infected computer has responded.

1. Infected computer is running in safe mode & infection prevents browser access but not email access; this response from a separate computer.

2. As mentione3d earlier, combofix reports Avast is running, but Avast warns it is not running any of eight protection modules including live scanning. I see nothing in services other than the avast UI about Avast, but stop that ui process.

3. As I had mentioned this earlier, and because Avast says it is not active, I went ahead and ran combofix.

3. Combofix runs, but says it is out of date do I want to update. I distrusted that, fearing the infection was the source so said "No" - probably an error from being overly paranoid now.

4. Combofix runs in Reduced Functionality, reports no Recovery console, which does download without incident although it took a long time, over ten minutes befopre combofix resumed.

5. Log is below. There were no reboots requested.

ComboFix 11-10-13.05 - user 10/18/2011 15:06:01.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1694 [GMT -7:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\user\Application Data\inst.exe
c:\documents and settings\user\WINDOWS
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\bin
c:\windows\system32\bin\DartSock.dll
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))))
.
.
2011-10-14 03:30 . 2011-10-14 03:30 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-13 05:22 . 2011-10-13 05:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-13 05:03 . 2011-10-13 05:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-13 03:54 . 2011-10-13 03:54 -------- d-sh--w- c:\documents and settings\user\Local Settings\Application Data\d9ad7635
2011-10-10 02:52 . 2011-10-10 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\GetGames
2011-10-03 02:31 . 2011-08-06 07:52 184072 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-10-03 02:31 . 2011-08-06 07:52 16008 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-10-03 02:31 . 2011-08-06 07:52 38920 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-10-03 02:31 . 2011-08-06 07:52 42376 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-10-03 02:30 . 2011-08-06 07:52 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-10-02 01:48 . 2011-10-02 01:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\DSS
2011-10-01 23:33 . 2011-10-02 01:01 -------- d-----w- c:\documents and settings\user\Application Data\IGN_DLM
2011-10-01 23:32 . 2011-10-01 23:32 -------- d-----w- c:\program files\D2DDownload Manager
2011-09-29 10:29 . 2011-09-29 10:29 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\cYo
2011-09-29 10:29 . 2011-09-29 10:29 -------- d-----w- c:\documents and settings\user\Application Data\cYo
2011-09-29 10:27 . 2011-09-29 10:28 -------- d-----w- c:\program files\ComicRack
2011-09-29 05:21 . 2011-09-29 05:21 -------- d-----w- c:\program files\PDF to ePub Converter
2011-09-27 03:34 . 2011-09-27 03:34 -------- d-----w- c:\program files\eBookConverter
2011-09-27 01:36 . 2011-09-27 01:36 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\DeDRMPrefs
2011-09-27 00:50 . 2011-09-29 23:32 -------- d-----w- c:\documents and settings\user\Application Data\calibre
2011-09-27 00:50 . 2011-09-30 23:49 -------- d-----w- c:\program files\Calibre2
2011-09-26 03:02 . 2011-09-26 03:07 -------- d-----w- c:\documents and settings\user\cr3
2011-09-26 02:53 . 2011-09-26 02:53 -------- d-----w- c:\program files\ePub to Kindle Converter
2011-09-26 02:35 . 2011-09-26 03:11 -------- d-----w- c:\program files\FBReader
2011-09-20 01:40 . 2011-09-20 01:40 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-22 00:04 . 2011-06-23 01:22 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-09 09:11 . 2004-10-08 12:01 599552 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 20:45 . 2010-08-27 00:49 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2007-11-11 01:09 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-04 05:56 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-04-01 02:02 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2007-11-11 01:09 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2007-11-11 01:09 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2007-11-11 01:09 110552 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-06 20:36 . 2007-11-11 01:09 104536 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-06 20:36 . 2008-04-01 02:02 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 20:33 . 2007-11-11 01:09 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-04 20:42 . 2011-09-04 20:42 25088 ----a-w- c:\windows\system32\ebkp.dll
2011-09-01 00:00 . 2011-04-28 01:41 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 06:46 . 2009-08-18 18:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-18 06:46 . 2009-08-18 18:24 18328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-06 05:33 . 2008-04-16 22:43 326144 ----a-w- c:\windows\system32\EAREMOVE.EXE
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2008-03-01 19:21 . 2008-03-01 19:17 379252 ----a-w- c:\program files\UnGEXUSACAN.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe
[7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie8\iexplore.exe
[7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe
[7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe
[7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe
[7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
[7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe
[7] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe
[7] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
[7] 2008-04-22 . 232B22817B90AE0AFF2D189E3E3735AC . 625664 . . [7.00.6000.16674] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe
[7] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
[-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe
[-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
[-] 2007-10-10 . E854D02E4231F704D9BE782A424E6D8B . 625152 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe
[-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe
[-] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe
[-] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2GDR\iexplore.exe
[-] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
[-] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\SoftwareDistribution\Download\0eda838ef8ec599d822155030a70ecac\SP2QFE\iexplore.exe
[7] 2007-08-14 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe
[7] 2004-10-08 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\user\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\D2DDownload Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-05 49152]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576]
"EaseUs Watch"="f:\todo backup\bin\EuWatch.exe" [2011-08-06 70792]
"EaseUs Tray"="f:\todo backup\bin\TrayNotify.exe" [2011-08-06 744072]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-9-6 6871952]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-22 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-05 17:59 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DualCoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\documents and settings\user\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-06-08 00:48 362488 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 23:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AmazonGSDownloaderTray]
2009-10-23 19:31 326144 ----a-w- c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-11-20 17:06 178688 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2009-01-29 22:20 57344 ----a-w- c:\clonecd\CloneCDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2008-02-21 02:58 19456 ----a-w- c:\windows\system32\CtHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 07:55 25600 ----a-w- c:\windows\system32\Ctxfihlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DelReg]
2008-05-14 01:26 196608 ----a-w- c:\program files\MSI\DualCoreCenter\DelReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 15:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcqu]
2009-04-30 00:44 278528 ------w- c:\program files\Creative\MediaSource5\MtdAcqu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-05-25 06:09 13895272 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-05-25 06:09 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-05-05 07:02 1632360 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPIRun]
2006-11-30 02:35 8704 ----a-r- c:\windows\system32\SPIRun.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 21:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-08 00:47 2605424 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 20:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"SeaPort"=2 (0x2)
"ForceWare Intelligent Application Manager (IAM)"=2 (0x2)
"C-DillaCdaC11BA"=3 (0x3)
"ACDaemon"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\ArmA\\arma.exe"=
"c:\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Codemasters\\OF Dragon Rising\\OFDR.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\eSim Games\\SB Pro PE\\Release\\SBProPEcm.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\section 8 prejudice\\Binaries\\Win32\\S9-Win32-F.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\batman arkham asylum goty\\Binaries\\BmLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\divinity ii - dragon knight saga\\bin\\Divinity2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\gothic\\system\\Gothic.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOpsMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty black ops\\BlackOps.exe"=
"f:\\Codemasters\\Operation Flashpoint Red River\\RedRiver.exe"=
"f:\\Codemasters\\Operation Flashpoint Red River\\RedRiverLauncher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [10/2/2011 7:31 PM 38920]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [10/2/2011 7:31 PM 42376]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [11/5/2007 1:19 AM 210736]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/10/2010 6:37 PM 113664]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [8/2/2007 9:32 AM 22784]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/3/2011 10:56 PM 442200]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/31/2008 7:02 PM 320856]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [10/2/2011 7:31 PM 16008]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [10/2/2011 7:31 PM 184072]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [4/28/2009 10:33 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 10:33 AM 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/31/2008 7:02 PM 20568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [9/6/2010 3:20 AM 2077072]
S2 EaseUS Agent;EaseUS Agent;f:\todo backup\bin\Agent.exe [10/2/2011 7:30 PM 60040]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [7/4/2011 12:38 AM 16384]
S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [12/24/2010 7:59 PM 401920]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 5:44 AM 580992]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [7/30/2008 7:56 PM 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [12/20/2008 4:33 PM 38528]
S3 gel90xne;gel90xne;\??\c:\docume~1\user\LOCALS~1\Temp\gel90xne.sys --> c:\docume~1\user\LOCALS~1\Temp\gel90xne.sys [?]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [5/26/2011 9:29 PM 6656]
S3 MSI_DVD_010507;MSI_DVD_010507;c:\progra~1\MSI\MSIWDev\DVDSYS32_100507.sys [5/10/2010 10:44 AM 22328]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios32_100507.sys [5/10/2010 10:44 AM 25912]
S3 MSI_VGASYS_010507;MSI_VGASYS_010507;c:\progra~1\MSI\MSIWDev\VGASYS32_100507.sys [5/10/2010 10:44 AM 16696]
S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [10/11/2010 3:40 PM 18432]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [5/15/2009 2:20 PM 36384]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib.sys [1/27/2011 2:43 PM 7680]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2/8/2011 8:45 PM 100456]
S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [6/1/2011 8:55 PM 2214504]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/8/2007 4:25 PM 47360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/23/2011 4:08 PM 27064]
S3 SaiH0762;SaiH0762;c:\windows\system32\drivers\SaiH0762.sys [9/13/2006 1:31 PM 136832]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011b\RpcAgentSrv.exe [12/10/2010 7:13 PM 93848]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 10:33 AM 12872]
S3 STONEDRV;AmScope MD Driver;c:\windows\system32\drivers\stonedrv.sys [2/19/2010 11:24 PM 17328]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [11/5/2007 2:03 AM 732672]
S3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [11/5/2007 2:03 AM 1656576]
S3 tportcls;tportcls;\??\c:\docume~1\user\LOCALS~1\Temp\tportcls.sys --> c:\docume~1\user\LOCALS~1\Temp\tportcls.sys [?]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [5/26/2011 9:29 PM 10240]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://simhq.com/forum/ubbthreads.php/forum_summary.html
uInternet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
uInternet Settings,ProxyOverride = localhost;127.0.01
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.10.1
Handler: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - c:\windows\system32\ebkp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-HP Software Update - c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
MSConfigStartUp-RivaTunerStartupDaemon - c:\program files\RivaTuner v2.06\RivaTuner.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-Falcon 4.0 - c:\microprose\Falcon4\Uninst.isu
AddRemove-HighwayToTheReichv2070 - c:\windows\iun6002.exe
AddRemove-JeppChart - c:\program files\Jeppesen Sanderson
AddRemove-OVT Scanner - c:\windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner
AddRemove-Privateer 2 - The Darkening - D:\uninstall.exe
AddRemove-spwawv820Public - c:\windows\iun6002.exe
AddRemove-Total Air War - c:\did\TAW\DeIsL1.isu
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\user\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-18 15:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB20583$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\d9ad7635]
"ImagePath"="\systemroot\896970201:642943434.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-1801674531-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:16,0e,85,0b,ec,6d,2b,a0,8f,a0,a5,79,8e,ce,ad,cb,e4,d5,7e,f0,12,3d,a6,
f5,85,69,28,36,8f,af,24,b3,03,93,a5,58,b5,81,35,b3,8a,cc,6c,fe,7a,10,e4,6c,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
[HKEY_USERS\S-1-5-21-1214440339-1801674531-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:85,32,1f,94,7a,35,20,a2,d3,8d,de,10,ad,a8,d4,1f,3a,20,f0,b1,37,
f0,f7,a3,05,e5,3a,6e,7a,92,f9,65,9b,41,aa,a6,91,c1,1a,a8,15,1b,19,c2,98,1c,\
"rkeysecu"=hex:a3,15,dc,25,a3,8c,57,52,7c,20,81,66,cd,c4,0f,8d
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:f4,00,a4,1f,f7,25,cd,0f,57,fc,c4,65,80,17,5e,c1,53,04,b1,f8,af,ae,1f,
e8,b6,14,18,f6,06,6f,91,34,22,a7,97,d7,c2,a9,65,7c,3c,9e,3b,e0,88,a1,87,c8
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Completion time: 2011-10-18 15:10:48
ComboFix-quarantined-files.txt 2011-10-18 22:10
.
Pre-Run: 126,323,728,384 bytes free
Post-Run: 126,341,877,760 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 28B1A182073675EBD081141ABCFC3750

#6 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 05:54 PM

No change at all in infected computer.
BSOD quick flash and reboot.
Safe Mode with networking will not allow browser access.

When I rebooted it after combofix had completed, ther ewas a very brief black screen with choice of Windows or debugging mode, but so fast I couldn't read both choices and understand intent - before it attempted to launch windows (and failed as usual).

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 18 October 2011 - 08:14 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 09:10 PM

Here is TDSS log. Not much. Notified of update, but hitting "load update" buton did nothing.

Do you have advice on combofix and its update from my reported out of date version? And the Avast reported running by combofix??



18:55:08.0328 0492 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
18:55:10.0328 0492 ============================================================
18:55:10.0328 0492 Current date / time: 2011/10/18 18:55:10.0328
18:55:10.0328 0492 SystemInfo:
18:55:10.0328 0492
18:55:10.0328 0492 OS Version: 5.1.2600 ServicePack: 3.0
18:55:10.0328 0492 Product type: Workstation
18:55:10.0328 0492 ComputerName: EUGENE
18:55:10.0328 0492 UserName: user
18:55:10.0328 0492 Windows directory: C:\WINDOWS
18:55:10.0328 0492 System windows directory: C:\WINDOWS
18:55:10.0328 0492 Processor architecture: Intel x86
18:55:10.0328 0492 Number of processors: 2
18:55:10.0328 0492 Page size: 0x1000
18:55:10.0328 0492 Boot type: Safe boot with network
18:55:10.0328 0492 ============================================================
18:55:15.0093 0492 Initialize success
18:55:55.0968 0272 ============================================================
18:55:55.0984 0272 Scan started
18:55:55.0984 0272 Mode: Manual;
18:55:55.0984 0272 ============================================================
18:55:57.0750 0272 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:55:57.0750 0272 Aavmker4 - ok
18:55:57.0765 0272 Abiosdsk - ok
18:55:57.0781 0272 abp480n5 - ok
18:55:57.0875 0272 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:57.0875 0272 ACPI - ok
18:55:57.0906 0272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:55:57.0906 0272 ACPIEC - ok
18:55:57.0921 0272 adpu160m - ok
18:55:57.0968 0272 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:55:57.0968 0272 aec - ok
18:55:58.0078 0272 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
18:55:58.0078 0272 Afc - ok
18:55:58.0109 0272 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
18:55:58.0109 0272 AFD - ok
18:55:58.0125 0272 Aha154x - ok
18:55:58.0140 0272 aic78u2 - ok
18:55:58.0140 0272 aic78xx - ok
18:55:58.0171 0272 AliIde - ok
18:55:58.0218 0272 amsint - ok
18:55:58.0296 0272 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
18:55:58.0312 0272 APL531 - ok
18:55:58.0359 0272 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:55:58.0359 0272 Arp1394 - ok
18:55:58.0359 0272 asc - ok
18:55:58.0375 0272 asc3350p - ok
18:55:58.0390 0272 asc3550 - ok
18:55:58.0484 0272 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
18:55:58.0484 0272 aswFsBlk - ok
18:55:58.0515 0272 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
18:55:58.0515 0272 aswMon2 - ok
18:55:58.0546 0272 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
18:55:58.0546 0272 aswRdr - ok
18:55:58.0656 0272 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
18:55:58.0656 0272 aswSnx - ok
18:55:58.0718 0272 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
18:55:58.0718 0272 aswSP - ok
18:55:58.0734 0272 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
18:55:58.0734 0272 aswTdi - ok
18:55:58.0750 0272 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:55:58.0750 0272 AsyncMac - ok
18:55:58.0781 0272 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:55:58.0781 0272 atapi - ok
18:55:58.0781 0272 Atdisk - ok
18:55:58.0875 0272 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
18:55:58.0875 0272 atksgt - ok
18:55:58.0906 0272 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:55:58.0906 0272 Atmarpc - ok
18:55:58.0953 0272 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:55:58.0953 0272 audstub - ok
18:55:59.0015 0272 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:55:59.0015 0272 BANTExt - ok
18:55:59.0062 0272 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:55:59.0062 0272 Beep - ok
18:55:59.0218 0272 catchme - ok
18:55:59.0265 0272 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:55:59.0265 0272 cbidf2k - ok
18:55:59.0312 0272 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:55:59.0312 0272 CCDECODE - ok
18:55:59.0328 0272 cd20xrnt - ok
18:55:59.0343 0272 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:55:59.0343 0272 Cdaudio - ok
18:55:59.0359 0272 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:55:59.0359 0272 Cdfs - ok
18:55:59.0406 0272 Cdrom (2ed5a57463e7d8fbd9c6f942d1bc2aed) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:55:59.0406 0272 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 2ed5a57463e7d8fbd9c6f942d1bc2aed, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc
18:55:59.0406 0272 Cdrom ( ForgedFile.Multi.Generic ) - warning
18:55:59.0406 0272 Cdrom - detected ForgedFile.Multi.Generic (1)
18:55:59.0406 0272 Changer - ok
18:55:59.0468 0272 CmdIde - ok
18:55:59.0593 0272 COMMONFX.DLL (ecd78c93a8ca1e280e10e24188e6568e) C:\WINDOWS\system32\COMMONFX.DLL
18:55:59.0609 0272 COMMONFX.DLL - ok
18:55:59.0640 0272 Cpqarray - ok
18:55:59.0640 0272 cpuz132 - ok
18:55:59.0750 0272 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
18:55:59.0750 0272 CT20XUT - ok
18:55:59.0781 0272 CT20XUT.DLL - ok
18:55:59.0796 0272 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
18:55:59.0796 0272 CT20XUT.SYS - ok
18:55:59.0843 0272 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
18:55:59.0859 0272 ctac32k - ok
18:55:59.0875 0272 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:55:59.0890 0272 ctaud2k - ok
18:55:59.0953 0272 CTAUDFX.DLL (ccbcdd95116b993dfa523b3ecc88f73d) C:\WINDOWS\system32\CTAUDFX.DLL
18:55:59.0953 0272 CTAUDFX.DLL - ok
18:56:00.0015 0272 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:56:00.0015 0272 ctdvda2k - ok
18:56:00.0093 0272 CTEAPSFX.DLL (3d411b5df969c0f1dd062aa147bed524) C:\WINDOWS\system32\CTEAPSFX.DLL
18:56:00.0125 0272 CTEAPSFX.DLL - ok
18:56:00.0156 0272 CTEDSPFX.DLL (fe0823d8280a51a5575ae2fd9a3732e2) C:\WINDOWS\system32\CTEDSPFX.DLL
18:56:00.0171 0272 CTEDSPFX.DLL - ok
18:56:00.0187 0272 CTEDSPIO.DLL (eaf112535481ab76a022a274f1a8f924) C:\WINDOWS\system32\CTEDSPIO.DLL
18:56:00.0187 0272 CTEDSPIO.DLL - ok
18:56:00.0203 0272 CTEDSPSY.DLL (db50923f48b8a8fd80329dae21ad316c) C:\WINDOWS\system32\CTEDSPSY.DLL
18:56:00.0218 0272 CTEDSPSY.DLL - ok
18:56:00.0234 0272 CTERFXFX.DLL (c7f3e238871c8a0473430f8f87921ec5) C:\WINDOWS\system32\CTERFXFX.DLL
18:56:00.0234 0272 CTERFXFX.DLL - ok
18:56:00.0296 0272 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
18:56:00.0328 0272 CTEXFIFX - ok
18:56:00.0328 0272 CTEXFIFX.DLL - ok
18:56:00.0375 0272 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
18:56:00.0390 0272 CTEXFIFX.SYS - ok
18:56:00.0406 0272 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
18:56:00.0406 0272 CTHWIUT - ok
18:56:00.0421 0272 CTHWIUT.DLL - ok
18:56:00.0437 0272 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
18:56:00.0437 0272 CTHWIUT.SYS - ok
18:56:00.0437 0272 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:56:00.0437 0272 ctprxy2k - ok
18:56:00.0515 0272 CTSBLFX.DLL (48184677fac84ada4b20b1fbbacea95d) C:\WINDOWS\system32\CTSBLFX.DLL
18:56:00.0531 0272 CTSBLFX.DLL - ok
18:56:00.0546 0272 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:56:00.0546 0272 ctsfm2k - ok
18:56:00.0593 0272 CTUSFSYN (665f71dc4c78359390b7dc6ced092066) C:\WINDOWS\system32\drivers\ctusfsyn.sys
18:56:00.0609 0272 CTUSFSYN - ok
18:56:00.0687 0272 CyUsb (56da869b46a09f57166fc86bf46d0084) C:\WINDOWS\system32\Drivers\CyUsb.sys
18:56:00.0687 0272 CyUsb - ok
18:56:00.0718 0272 d9ad7635 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\896970201:642943434.exe
18:56:02.0687 0272 Suspicious file (Hidden): C:\WINDOWS\896970201:642943434.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
18:56:02.0687 0272 d9ad7635 ( HiddenFile.Multi.Generic ) - warning
18:56:02.0687 0272 d9ad7635 - detected HiddenFile.Multi.Generic (1)
18:56:02.0734 0272 dac2w2k - ok
18:56:02.0750 0272 dac960nt - ok
18:56:02.0843 0272 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
18:56:02.0843 0272 DAdderFltr - ok
18:56:02.0890 0272 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:56:02.0906 0272 Disk - ok
18:56:03.0015 0272 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:56:03.0031 0272 dmboot - ok
18:56:03.0093 0272 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:56:03.0093 0272 dmio - ok
18:56:03.0109 0272 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:56:03.0109 0272 dmload - ok
18:56:03.0187 0272 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:56:03.0187 0272 DMusic - ok
18:56:03.0218 0272 dpti2o - ok
18:56:03.0265 0272 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:56:03.0265 0272 drmkaud - ok
18:56:03.0390 0272 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
18:56:03.0390 0272 ElbyCDFL - ok
18:56:03.0437 0272 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
18:56:03.0437 0272 ElbyCDIO - ok
18:56:03.0468 0272 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
18:56:03.0468 0272 emupia - ok
18:56:03.0500 0272 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
18:56:03.0500 0272 ENTECH - ok
18:56:03.0687 0272 EUBAKUP (f34188f9ded0af2944626e9fa23a3a31) C:\WINDOWS\system32\drivers\eubakup.sys
18:56:03.0687 0272 EUBAKUP - ok
18:56:03.0703 0272 EUBKMON (9c0685995d1c4559e1ae01c1c6c3f8ee) C:\WINDOWS\system32\drivers\EUBKMON.sys
18:56:03.0703 0272 EUBKMON - ok
18:56:03.0765 0272 EUDSKACS (342ebaa6751cd7a9f3276e6be33ce611) C:\WINDOWS\system32\drivers\eudskacs.sys
18:56:03.0765 0272 EUDSKACS - ok
18:56:03.0781 0272 EUFDDISK (c187459052186af1baa0fa481cee26a4) C:\WINDOWS\system32\drivers\EuFdDisk.sys
18:56:03.0781 0272 EUFDDISK - ok
18:56:03.0828 0272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:56:03.0828 0272 Fastfat - ok
18:56:03.0875 0272 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:56:03.0875 0272 Fdc - ok
18:56:03.0875 0272 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:56:03.0890 0272 Fips - ok
18:56:03.0953 0272 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:56:03.0953 0272 Flpydisk - ok
18:56:04.0000 0272 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:56:04.0000 0272 FltMgr - ok
18:56:04.0031 0272 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:56:04.0031 0272 Fs_Rec - ok
18:56:04.0046 0272 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:56:04.0046 0272 Ftdisk - ok
18:56:04.0093 0272 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
18:56:04.0093 0272 GcKernel - ok
18:56:04.0281 0272 gel90xne - ok
18:56:04.0281 0272 GMSIPCI - ok
18:56:04.0328 0272 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:56:04.0328 0272 Gpc - ok
18:56:04.0375 0272 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
18:56:04.0390 0272 ha20x2k - ok
18:56:04.0437 0272 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
18:56:04.0437 0272 hamachi - ok
18:56:04.0484 0272 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:56:04.0484 0272 HDAudBus - ok
18:56:04.0562 0272 hidkmdf (bb1822838c0714b3c03efe0f209d135d) C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
18:56:04.0562 0272 hidkmdf - ok
18:56:04.0609 0272 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
18:56:04.0609 0272 HIDSwvd - ok
18:56:04.0656 0272 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:56:04.0656 0272 HidUsb - ok
18:56:04.0671 0272 hpn - ok
18:56:04.0734 0272 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:56:04.0734 0272 HPZid412 - ok
18:56:04.0750 0272 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:56:04.0750 0272 HPZipr12 - ok
18:56:04.0750 0272 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:56:04.0750 0272 HPZius12 - ok
18:56:04.0812 0272 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:56:04.0812 0272 HTTP - ok
18:56:04.0828 0272 i2omgmt - ok
18:56:04.0828 0272 i2omp - ok
18:56:04.0843 0272 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:56:04.0843 0272 i8042prt - ok
18:56:04.0937 0272 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:56:04.0937 0272 Imapi - ok
18:56:04.0953 0272 ini910u - ok
18:56:04.0968 0272 IntelIde - ok
18:56:05.0000 0272 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:56:05.0000 0272 intelppm - ok
18:56:05.0031 0272 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:56:05.0031 0272 Ip6Fw - ok
18:56:05.0046 0272 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:56:05.0046 0272 IpFilterDriver - ok
18:56:05.0062 0272 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:56:05.0062 0272 IpInIp - ok
18:56:05.0093 0272 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:56:05.0093 0272 IpNat - ok
18:56:05.0109 0272 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:56:05.0109 0272 IPSec - ok
18:56:05.0125 0272 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:56:05.0125 0272 IRENUM - ok
18:56:05.0156 0272 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:56:05.0156 0272 isapnp - ok
18:56:05.0156 0272 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:56:05.0156 0272 Kbdclass - ok
18:56:05.0171 0272 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:56:05.0171 0272 kbdhid - ok
18:56:05.0203 0272 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:56:05.0203 0272 kmixer - ok
18:56:05.0234 0272 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:56:05.0234 0272 KSecDD - ok
18:56:05.0250 0272 lbrtfdc - ok
18:56:05.0328 0272 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
18:56:05.0328 0272 lirsgt - ok
18:56:05.0390 0272 MagicTune - ok
18:56:05.0421 0272 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:56:05.0421 0272 mnmdd - ok
18:56:05.0453 0272 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:56:05.0453 0272 Modem - ok
18:56:05.0484 0272 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:56:05.0484 0272 Mouclass - ok
18:56:05.0531 0272 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:56:05.0546 0272 mouhid - ok
18:56:05.0578 0272 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:56:05.0578 0272 MountMgr - ok
18:56:05.0578 0272 mraid35x - ok
18:56:05.0593 0272 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:56:05.0593 0272 MRxDAV - ok
18:56:05.0640 0272 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:56:05.0671 0272 MRxSmb - ok
18:56:05.0875 0272 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:56:05.0890 0272 Msfs - ok
18:56:06.0234 0272 MsibiosDevice (73df019bb316f317e60ae8758a52b3d1) C:\Program Files\MSI\Live Update 4\LU4\msibios.sys
18:56:06.0250 0272 MsibiosDevice - ok
18:56:06.0390 0272 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
18:56:06.0406 0272 MSI_DVD_010507 - ok
18:56:06.0546 0272 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
18:56:06.0578 0272 MSI_MSIBIOS_010507 - ok
18:56:06.0656 0272 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
18:56:06.0656 0272 MSI_VGASYS_010507 - ok
18:56:06.0984 0272 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:56:07.0000 0272 MSKSSRV - ok
18:56:07.0031 0272 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:56:07.0031 0272 MSPCLOCK - ok
18:56:07.0218 0272 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:56:07.0218 0272 MSPQM - ok
18:56:07.0343 0272 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:56:07.0359 0272 mssmbios - ok
18:56:07.0593 0272 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:56:07.0609 0272 MSTEE - ok
18:56:07.0796 0272 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:56:07.0796 0272 Mup - ok
18:56:07.0890 0272 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:56:07.0906 0272 NABTSFEC - ok
18:56:08.0000 0272 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:56:08.0000 0272 NDIS - ok
18:56:08.0062 0272 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:56:08.0062 0272 NdisIP - ok
18:56:08.0125 0272 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:56:08.0125 0272 NdisTapi - ok
18:56:08.0156 0272 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:56:08.0156 0272 Ndisuio - ok
18:56:08.0187 0272 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:56:08.0203 0272 NdisWan - ok
18:56:08.0250 0272 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:56:08.0250 0272 NDProxy - ok
18:56:08.0281 0272 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:56:08.0281 0272 NetBIOS - ok
18:56:08.0312 0272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:56:08.0312 0272 NetBT - ok
18:56:08.0484 0272 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:56:08.0484 0272 NIC1394 - ok
18:56:08.0718 0272 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:56:08.0734 0272 Npfs - ok
18:56:08.0953 0272 npusbio (0a01056f5128d80f6e6826e32ba52177) C:\WINDOWS\system32\Drivers\npusbio.sys
18:56:08.0968 0272 npusbio - ok
18:56:09.0109 0272 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:56:09.0125 0272 Ntfs - ok
18:56:09.0359 0272 NTIOLib_1_0_8 (aa70ed3b0d93c1073260a5043805b6db) C:\PROGRA~1\MSI\MSIWDev\NTIOLib.sys
18:56:09.0359 0272 NTIOLib_1_0_8 - ok
18:56:09.0609 0272 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:56:09.0640 0272 Null - ok
18:56:11.0671 0272 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:56:12.0984 0272 nv - ok
18:56:13.0390 0272 nvata (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\DRIVERS\nvata.sys
18:56:13.0406 0272 nvata - ok
18:56:13.0546 0272 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
18:56:13.0562 0272 nvatabus - ok
18:56:13.0812 0272 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
18:56:13.0812 0272 nvgts - ok
18:56:13.0875 0272 NVHDA (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys
18:56:13.0906 0272 NVHDA - ok
18:56:14.0359 0272 nvnetbus - ok
18:56:14.0546 0272 NVR0Dev (eda6e97b453388bb51ce84b8a11d9d13) C:\WINDOWS\nvoclk64.sys
18:56:14.0656 0272 NVR0Dev - ok
18:56:15.0656 0272 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:56:15.0656 0272 NwlnkFlt - ok
18:56:15.0796 0272 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:56:15.0796 0272 NwlnkFwd - ok
18:56:15.0875 0272 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
18:56:15.0875 0272 NwlnkIpx - ok
18:56:15.0906 0272 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
18:56:15.0906 0272 NwlnkNb - ok
18:56:15.0984 0272 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
18:56:16.0000 0272 NwlnkSpx - ok
18:56:16.0062 0272 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:56:16.0078 0272 ohci1394 - ok
18:56:16.0171 0272 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:56:16.0171 0272 ossrv - ok
18:56:16.0281 0272 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys
18:56:16.0281 0272 papycpu2 - ok
18:56:16.0328 0272 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys
18:56:16.0328 0272 papyjoy - ok
18:56:16.0375 0272 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:56:16.0390 0272 Parport - ok
18:56:16.0468 0272 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:56:16.0484 0272 PartMgr - ok
18:56:16.0515 0272 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:56:16.0515 0272 ParVdm - ok
18:56:16.0546 0272 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:56:16.0578 0272 PCI - ok
18:56:16.0578 0272 PCIDump - ok
18:56:16.0625 0272 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:56:16.0625 0272 PCIIde - ok
18:56:16.0703 0272 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:56:16.0703 0272 Pcmcia - ok
18:56:16.0750 0272 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
18:56:16.0781 0272 pcouffin - ok
18:56:16.0875 0272 PDCOMP - ok
18:56:16.0953 0272 PDFRAME - ok
18:56:16.0968 0272 PDRELI - ok
18:56:17.0015 0272 PDRFRAME - ok
18:56:17.0031 0272 perc2 - ok
18:56:17.0140 0272 perc2hib - ok
18:56:17.0359 0272 PfModNT (391cc6558303c5c3de04a5d50f1c4b2a) C:\WINDOWS\system32\drivers\PfModNT.sys
18:56:17.0375 0272 PfModNT - ok
18:56:17.0578 0272 portio (c0e3dec0b84a2607ee017a173fb9087c) C:\WINDOWS\system32\DRIVERS\throttle.sys
18:56:17.0578 0272 portio - ok
18:56:17.0703 0272 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:56:17.0703 0272 PptpMiniport - ok
18:56:17.0765 0272 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:56:17.0765 0272 PSched - ok
18:56:17.0828 0272 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:56:17.0828 0272 Ptilink - ok
18:56:17.0937 0272 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:56:17.0953 0272 PxHelp20 - ok
18:56:18.0000 0272 ql1080 - ok
18:56:18.0031 0272 Ql10wnt - ok
18:56:18.0140 0272 ql12160 - ok
18:56:18.0187 0272 ql1240 - ok
18:56:18.0203 0272 ql1280 - ok
18:56:18.0296 0272 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:56:18.0312 0272 RasAcd - ok
18:56:18.0375 0272 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:56:18.0406 0272 Rasl2tp - ok
18:56:18.0437 0272 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:56:18.0437 0272 RasPppoe - ok
18:56:18.0437 0272 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:56:18.0437 0272 Raspti - ok
18:56:18.0468 0272 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:56:18.0468 0272 Rdbss - ok
18:56:18.0484 0272 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:56:18.0484 0272 RDPCDD - ok
18:56:18.0500 0272 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:56:18.0515 0272 rdpdr - ok
18:56:18.0546 0272 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:56:18.0578 0272 RDPWD - ok
18:56:18.0656 0272 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:56:18.0656 0272 redbook - ok
18:56:18.0953 0272 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
18:56:18.0968 0272 Revoflt - ok
18:56:19.0296 0272 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
18:56:19.0359 0272 RT61 - ok
18:56:19.0484 0272 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
18:56:19.0515 0272 RTL8023xp - ok
18:56:19.0656 0272 SaiH0762 (34ea7d80b2e7899b99bd525428cdce94) C:\WINDOWS\system32\DRIVERS\SaiH0762.sys
18:56:19.0656 0272 SaiH0762 - ok
18:56:19.0796 0272 SaiMini (c16d95bd9fdb381689053cb5ecac9e40) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
18:56:19.0812 0272 SaiMini - ok
18:56:19.0921 0272 SaiNtBus (e549bf8b944a6cc6356b322cbb83c796) C:\WINDOWS\system32\drivers\SaiBus.sys
18:56:19.0921 0272 SaiNtBus - ok
18:56:20.0218 0272 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
18:56:20.0218 0272 SANDRA - ok
18:56:20.0421 0272 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:56:20.0437 0272 SASDIFSV - ok
18:56:20.0515 0272 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
18:56:20.0656 0272 SASENUM - ok
18:56:20.0843 0272 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
18:56:20.0875 0272 SASKUTIL - ok
18:56:21.0203 0272 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:56:21.0265 0272 Secdrv - ok
18:56:21.0843 0272 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:56:21.0843 0272 serenum - ok
18:56:22.0171 0272 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:56:22.0406 0272 Serial - ok
18:56:23.0203 0272 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:56:23.0234 0272 Sfloppy - ok
18:56:23.0609 0272 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\WINDOWS\system32\DRIVERS\Si3531.sys
18:56:23.0812 0272 Si3531 - ok
18:56:24.0156 0272 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
18:56:24.0203 0272 SiFilter - ok
18:56:24.0328 0272 Simbad - ok
18:56:24.0531 0272 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
18:56:24.0687 0272 SiRemFil - ok
18:56:24.0828 0272 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:56:24.0843 0272 SLIP - ok
18:56:25.0031 0272 snapman (624f51c7c12b9aeec433a2dd9b43f90f) C:\WINDOWS\system32\DRIVERS\snapman.sys
18:56:25.0046 0272 snapman - ok
18:56:25.0390 0272 Sparrow - ok
18:56:25.0984 0272 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:56:25.0984 0272 splitter - ok
18:56:26.0390 0272 sptd - ok
18:56:26.0828 0272 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:56:26.0906 0272 sr - ok
18:56:27.0234 0272 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:56:27.0265 0272 Srv - ok
18:56:27.0609 0272 StarOpen - ok
18:56:28.0000 0272 STONEDRV (d1b20880314b2b95aa441f5017e91525) C:\WINDOWS\system32\Drivers\stonedrv.sys
18:56:28.0000 0272 STONEDRV - ok
18:56:28.0062 0272 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:56:28.0093 0272 streamip - ok
18:56:28.0296 0272 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:56:28.0296 0272 swenum - ok
18:56:28.0328 0272 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:56:28.0328 0272 swmidi - ok
18:56:28.0421 0272 symc810 - ok
18:56:28.0593 0272 symc8xx - ok
18:56:28.0875 0272 sym_hi - ok
18:56:29.0109 0272 sym_u3 - ok
18:56:29.0171 0272 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:56:29.0171 0272 sysaudio - ok
18:56:29.0312 0272 t3 (1673ce6acc8da51310be807f4375cc6b) C:\WINDOWS\system32\drivers\t3.sys
18:56:29.0328 0272 t3 - ok
18:56:29.0671 0272 t3filt (56ab74ae2da9393ec266281f9a504d68) C:\WINDOWS\system32\drivers\t3filt.sys
18:56:29.0796 0272 t3filt - ok
18:56:30.0031 0272 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:56:30.0140 0272 Tcpip - ok
18:56:30.0359 0272 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:56:30.0359 0272 TDPIPE - ok
18:56:30.0656 0272 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:56:30.0671 0272 TDTCP - ok
18:56:31.0109 0272 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:56:31.0125 0272 TermDD - ok
18:56:31.0906 0272 timounter (1dcf219ec8de87c99b5ad6216000f6d3) C:\WINDOWS\system32\DRIVERS\timntr.sys
18:56:32.0218 0272 timounter - ok
18:56:32.0281 0272 TosIde - ok
18:56:32.0437 0272 tportcls - ok
18:56:32.0859 0272 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:56:32.0890 0272 Udfs - ok
18:56:33.0062 0272 ultra - ok
18:56:33.0281 0272 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:56:33.0296 0272 Update - ok
18:56:33.0796 0272 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:56:33.0796 0272 usbccgp - ok
18:56:33.0968 0272 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:56:34.0000 0272 usbehci - ok
18:56:34.0296 0272 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:56:34.0296 0272 usbhub - ok
18:56:34.0437 0272 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:56:34.0437 0272 usbohci - ok
18:56:35.0000 0272 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:56:35.0000 0272 usbprint - ok
18:56:35.0609 0272 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:56:35.0609 0272 usbstor - ok
18:56:36.0265 0272 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:56:36.0328 0272 VgaSave - ok
18:56:36.0703 0272 ViaIde - ok
18:56:37.0265 0272 VKbms (07c20e596a0838809bc5ff5de5a65973) C:\WINDOWS\system32\DRIVERS\VKbms.sys
18:56:37.0281 0272 VKbms - ok
18:56:37.0968 0272 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:56:38.0078 0272 VolSnap - ok
18:56:38.0406 0272 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:56:38.0421 0272 Wanarp - ok
18:56:39.0046 0272 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
18:56:39.0046 0272 Wdf01000 - ok
18:56:39.0281 0272 WDICA - ok
18:56:39.0625 0272 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:56:39.0875 0272 wdmaud - ok
18:56:40.0187 0272 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
18:56:40.0187 0272 WinUSB - ok
18:56:40.0343 0272 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:56:40.0343 0272 WpdUsb - ok
18:56:40.0421 0272 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:56:40.0421 0272 WS2IFSL - ok
18:56:40.0546 0272 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:56:40.0546 0272 WSTCODEC - ok
18:56:40.0921 0272 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:56:41.0046 0272 WudfPf - ok
18:56:41.0406 0272 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:56:41.0421 0272 WudfRd - ok
18:56:42.0093 0272 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
18:56:42.0171 0272 zumbus - ok
18:56:42.0656 0272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:56:43.0000 0272 \Device\Harddisk0\DR0 - ok
18:56:43.0000 0272 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:56:43.0000 0272 \Device\Harddisk1\DR1 - ok
18:56:43.0015 0272 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
18:56:43.0015 0272 \Device\Harddisk2\DR2 - ok
18:56:43.0031 0272 Boot (0x1200) (34e3e5e2ff97bb5215eb00f6e578db3e) \Device\Harddisk0\DR0\Partition0
18:56:43.0046 0272 \Device\Harddisk0\DR0\Partition0 - ok
18:56:43.0062 0272 Boot (0x1200) (bd34c4666d3ed15cffa633102e57d5b8) \Device\Harddisk1\DR1\Partition0
18:56:43.0062 0272 \Device\Harddisk1\DR1\Partition0 - ok
18:56:43.0062 0272 Boot (0x1200) (a6d14b0050b164afc94413d88ad1d232) \Device\Harddisk1\DR1\Partition1
18:56:43.0078 0272 \Device\Harddisk1\DR1\Partition1 - ok
18:56:43.0078 0272 Boot (0x1200) (c403e640deaaf14308ce5a849567c061) \Device\Harddisk2\DR2\Partition0
18:56:43.0078 0272 \Device\Harddisk2\DR2\Partition0 - ok
18:56:43.0078 0272 ============================================================
18:56:43.0078 0272 Scan finished
18:56:43.0078 0272 ============================================================
18:56:43.0109 0964 Detected object count: 2
18:56:43.0109 0964 Actual detected object count: 2
18:56:58.0140 0964 Cdrom ( ForgedFile.Multi.Generic ) - skipped by user
18:56:58.0140 0964 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Skip
18:56:58.0140 0964 d9ad7635 ( HiddenFile.Multi.Generic ) - skipped by user
18:56:58.0140 0964 d9ad7635 ( HiddenFile.Multi.Generic ) - User select action: Skip

#9 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 09:14 PM

Also, still no browser access on infected computer, so only way to download anything new to it will be via email. Is that acceptable if needed? I am reluctant to attach a USB flash drive to infected machine for fear of spreading back to my netbook I am using to reach you.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 18 October 2011 - 09:32 PM

lease run the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    NetBT.sys
    afd.sys
    ipsec.sys
    
    :reg
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\afd /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\netbt /s
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\ipsec /s
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 09:42 PM

Gringo will try, but as you know machine cannot launch browser. Will have to email these two items to it and run that way. Hope that is legit for your purpose.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 18 October 2011 - 09:46 PM

understood
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 10:26 PM

Outlook or the infection stripped out the renamed System Lock file. However, I also renamed the newer version of TDSS Killer and it made it through. Ran, rootkit detected, rebooted, and here is the log.

Can now boot into Windows normally, at least once, but still no Explorer browser access. Any chance you can advise how to unlock that access? Would speed up this process.

Windows is auto installing Tuesday updates on infected machine, I hope that doesn't make things worse.


20:05:35.0828 2032 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
20:05:37.0828 2032 ============================================================
20:05:37.0828 2032 Current date / time: 2011/10/18 20:05:37.0828
20:05:37.0828 2032 SystemInfo:
20:05:37.0828 2032
20:05:37.0828 2032 OS Version: 5.1.2600 ServicePack: 3.0
20:05:37.0828 2032 Product type: Workstation
20:05:37.0828 2032 ComputerName: EUGENE
20:05:37.0828 2032 UserName: user
20:05:37.0828 2032 Windows directory: C:\WINDOWS
20:05:37.0828 2032 System windows directory: C:\WINDOWS
20:05:37.0828 2032 Processor architecture: Intel x86
20:05:37.0828 2032 Number of processors: 2
20:05:37.0828 2032 Page size: 0x1000
20:05:37.0828 2032 Boot type: Safe boot with network
20:05:37.0828 2032 ============================================================
20:05:42.0000 2032 Initialize success
20:06:04.0250 0544 ============================================================
20:06:04.0250 0544 Scan started
20:06:04.0250 0544 Mode: Manual;
20:06:04.0250 0544 ============================================================
20:06:06.0031 0544 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys
20:06:06.0031 0544 Aavmker4 - ok
20:06:06.0046 0544 Abiosdsk - ok
20:06:06.0062 0544 abp480n5 - ok
20:06:06.0156 0544 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:06:06.0156 0544 ACPI - ok
20:06:06.0187 0544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:06:06.0187 0544 ACPIEC - ok
20:06:06.0203 0544 adpu160m - ok
20:06:06.0250 0544 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:06:06.0250 0544 aec - ok
20:06:06.0359 0544 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
20:06:06.0359 0544 Afc - ok
20:06:06.0390 0544 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
20:06:06.0390 0544 AFD - ok
20:06:06.0390 0544 Aha154x - ok
20:06:06.0406 0544 aic78u2 - ok
20:06:06.0421 0544 aic78xx - ok
20:06:06.0437 0544 AliIde - ok
20:06:06.0500 0544 amsint - ok
20:06:06.0578 0544 APL531 (1fc8a7e5c3aed31f00940c6ab2fd9b49) C:\WINDOWS\system32\Drivers\ov550i.sys
20:06:06.0593 0544 APL531 - ok
20:06:06.0625 0544 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:06:06.0625 0544 Arp1394 - ok
20:06:06.0640 0544 asc - ok
20:06:06.0656 0544 asc3350p - ok
20:06:06.0656 0544 asc3550 - ok
20:06:06.0750 0544 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys
20:06:06.0750 0544 aswFsBlk - ok
20:06:06.0796 0544 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys
20:06:06.0796 0544 aswMon2 - ok
20:06:06.0812 0544 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys
20:06:06.0812 0544 aswRdr - ok
20:06:06.0937 0544 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys
20:06:06.0953 0544 aswSnx - ok
20:06:07.0015 0544 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys
20:06:07.0015 0544 aswSP - ok
20:06:07.0031 0544 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys
20:06:07.0031 0544 aswTdi - ok
20:06:07.0046 0544 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:06:07.0046 0544 AsyncMac - ok
20:06:07.0062 0544 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:06:07.0062 0544 atapi - ok
20:06:07.0078 0544 Atdisk - ok
20:06:07.0187 0544 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:06:07.0187 0544 atksgt - ok
20:06:07.0218 0544 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:06:07.0218 0544 Atmarpc - ok
20:06:07.0265 0544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:06:07.0265 0544 audstub - ok
20:06:07.0328 0544 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
20:06:07.0328 0544 BANTExt - ok
20:06:07.0375 0544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:06:07.0375 0544 Beep - ok
20:06:07.0546 0544 catchme - ok
20:06:07.0593 0544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:06:07.0593 0544 cbidf2k - ok
20:06:07.0640 0544 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:06:07.0640 0544 CCDECODE - ok
20:06:07.0656 0544 cd20xrnt - ok
20:06:07.0671 0544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:06:07.0671 0544 Cdaudio - ok
20:06:07.0687 0544 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:06:07.0687 0544 Cdfs - ok
20:06:07.0718 0544 Cdrom (2ed5a57463e7d8fbd9c6f942d1bc2aed) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:06:07.0718 0544 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: 2ed5a57463e7d8fbd9c6f942d1bc2aed, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc
20:06:07.0718 0544 Cdrom ( Rootkit.Win32.ZAccess.g ) - infected
20:06:07.0718 0544 Cdrom - detected Rootkit.Win32.ZAccess.g (0)
20:06:07.0734 0544 Changer - ok
20:06:07.0781 0544 CmdIde - ok
20:06:07.0890 0544 COMMONFX.DLL (ecd78c93a8ca1e280e10e24188e6568e) C:\WINDOWS\system32\COMMONFX.DLL
20:06:07.0906 0544 COMMONFX.DLL - ok
20:06:07.0921 0544 Cpqarray - ok
20:06:07.0937 0544 cpuz132 - ok
20:06:08.0031 0544 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\system32\drivers\CT20XUT.SYS
20:06:08.0031 0544 CT20XUT - ok
20:06:08.0062 0544 CT20XUT.DLL - ok
20:06:08.0078 0544 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\WINDOWS\System32\drivers\CT20XUT.SYS
20:06:08.0078 0544 CT20XUT.SYS - ok
20:06:08.0140 0544 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\WINDOWS\system32\drivers\ctac32k.sys
20:06:08.0140 0544 ctac32k - ok
20:06:08.0171 0544 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\WINDOWS\system32\drivers\ctaud2k.sys
20:06:08.0187 0544 ctaud2k - ok
20:06:08.0234 0544 CTAUDFX.DLL (ccbcdd95116b993dfa523b3ecc88f73d) C:\WINDOWS\system32\CTAUDFX.DLL
20:06:08.0250 0544 CTAUDFX.DLL - ok
20:06:08.0296 0544 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\WINDOWS\system32\drivers\ctdvda2k.sys
20:06:08.0296 0544 ctdvda2k - ok
20:06:08.0328 0544 CTEAPSFX.DLL (3d411b5df969c0f1dd062aa147bed524) C:\WINDOWS\system32\CTEAPSFX.DLL
20:06:08.0328 0544 CTEAPSFX.DLL - ok
20:06:08.0359 0544 CTEDSPFX.DLL (fe0823d8280a51a5575ae2fd9a3732e2) C:\WINDOWS\system32\CTEDSPFX.DLL
20:06:08.0359 0544 CTEDSPFX.DLL - ok
20:06:08.0375 0544 CTEDSPIO.DLL (eaf112535481ab76a022a274f1a8f924) C:\WINDOWS\system32\CTEDSPIO.DLL
20:06:08.0375 0544 CTEDSPIO.DLL - ok
20:06:08.0406 0544 CTEDSPSY.DLL (db50923f48b8a8fd80329dae21ad316c) C:\WINDOWS\system32\CTEDSPSY.DLL
20:06:08.0406 0544 CTEDSPSY.DLL - ok
20:06:08.0421 0544 CTERFXFX.DLL (c7f3e238871c8a0473430f8f87921ec5) C:\WINDOWS\system32\CTERFXFX.DLL
20:06:08.0421 0544 CTERFXFX.DLL - ok
20:06:08.0484 0544 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\system32\drivers\CTEXFIFX.SYS
20:06:08.0515 0544 CTEXFIFX - ok
20:06:08.0531 0544 CTEXFIFX.DLL - ok
20:06:08.0578 0544 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\WINDOWS\System32\drivers\CTEXFIFX.SYS
20:06:08.0578 0544 CTEXFIFX.SYS - ok
20:06:08.0593 0544 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\system32\drivers\CTHWIUT.SYS
20:06:08.0593 0544 CTHWIUT - ok
20:06:08.0609 0544 CTHWIUT.DLL - ok
20:06:08.0625 0544 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\WINDOWS\System32\drivers\CTHWIUT.SYS
20:06:08.0625 0544 CTHWIUT.SYS - ok
20:06:08.0640 0544 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\WINDOWS\system32\drivers\ctprxy2k.sys
20:06:08.0640 0544 ctprxy2k - ok
20:06:08.0703 0544 CTSBLFX.DLL (48184677fac84ada4b20b1fbbacea95d) C:\WINDOWS\system32\CTSBLFX.DLL
20:06:08.0718 0544 CTSBLFX.DLL - ok
20:06:08.0734 0544 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:06:08.0750 0544 ctsfm2k - ok
20:06:08.0796 0544 CTUSFSYN (665f71dc4c78359390b7dc6ced092066) C:\WINDOWS\system32\drivers\ctusfsyn.sys
20:06:08.0796 0544 CTUSFSYN - ok
20:06:08.0859 0544 CyUsb (56da869b46a09f57166fc86bf46d0084) C:\WINDOWS\system32\Drivers\CyUsb.sys
20:06:08.0859 0544 CyUsb - ok
20:06:08.0906 0544 d9ad7635 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\896970201:642943434.exe
20:06:10.0859 0544 Suspicious file (Hidden): C:\WINDOWS\896970201:642943434.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
20:06:10.0859 0544 d9ad7635 ( HiddenFile.Multi.Generic ) - warning
20:06:10.0859 0544 d9ad7635 - detected HiddenFile.Multi.Generic (1)
20:06:10.0890 0544 dac2w2k - ok
20:06:10.0921 0544 dac960nt - ok
20:06:11.0046 0544 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
20:06:11.0046 0544 DAdderFltr - ok
20:06:11.0093 0544 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:06:11.0093 0544 Disk - ok
20:06:11.0171 0544 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:06:11.0187 0544 dmboot - ok
20:06:11.0203 0544 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:06:11.0203 0544 dmio - ok
20:06:11.0218 0544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:06:11.0218 0544 dmload - ok
20:06:11.0265 0544 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:06:11.0265 0544 DMusic - ok
20:06:11.0296 0544 dpti2o - ok
20:06:11.0328 0544 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:06:11.0328 0544 drmkaud - ok
20:06:11.0468 0544 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
20:06:11.0468 0544 ElbyCDFL - ok
20:06:11.0515 0544 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:06:11.0515 0544 ElbyCDIO - ok
20:06:11.0546 0544 emupia (04afe5c11777e33178ec11e1fac47b07) C:\WINDOWS\system32\drivers\emupia2k.sys
20:06:11.0546 0544 emupia - ok
20:06:11.0578 0544 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
20:06:11.0578 0544 ENTECH - ok
20:06:11.0734 0544 EUBAKUP (f34188f9ded0af2944626e9fa23a3a31) C:\WINDOWS\system32\drivers\eubakup.sys
20:06:11.0734 0544 EUBAKUP - ok
20:06:11.0750 0544 EUBKMON (9c0685995d1c4559e1ae01c1c6c3f8ee) C:\WINDOWS\system32\drivers\EUBKMON.sys
20:06:11.0750 0544 EUBKMON - ok
20:06:11.0812 0544 EUDSKACS (342ebaa6751cd7a9f3276e6be33ce611) C:\WINDOWS\system32\drivers\eudskacs.sys
20:06:11.0812 0544 EUDSKACS - ok
20:06:11.0828 0544 EUFDDISK (c187459052186af1baa0fa481cee26a4) C:\WINDOWS\system32\drivers\EuFdDisk.sys
20:06:11.0828 0544 EUFDDISK - ok
20:06:11.0890 0544 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:06:11.0890 0544 Fastfat - ok
20:06:11.0921 0544 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:06:11.0921 0544 Fdc - ok
20:06:11.0937 0544 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:06:11.0937 0544 Fips - ok
20:06:12.0000 0544 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:06:12.0000 0544 Flpydisk - ok
20:06:12.0046 0544 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:06:12.0046 0544 FltMgr - ok
20:06:12.0078 0544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:06:12.0078 0544 Fs_Rec - ok
20:06:12.0125 0544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:06:12.0125 0544 Ftdisk - ok
20:06:12.0187 0544 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
20:06:12.0187 0544 GcKernel - ok
20:06:12.0375 0544 gel90xne - ok
20:06:12.0390 0544 GMSIPCI - ok
20:06:12.0437 0544 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:06:12.0437 0544 Gpc - ok
20:06:12.0484 0544 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\WINDOWS\system32\drivers\ha20x2k.sys
20:06:12.0515 0544 ha20x2k - ok
20:06:12.0546 0544 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:06:12.0546 0544 hamachi - ok
20:06:12.0593 0544 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:06:12.0593 0544 HDAudBus - ok
20:06:12.0671 0544 hidkmdf (bb1822838c0714b3c03efe0f209d135d) C:\WINDOWS\system32\DRIVERS\hidkmdf.sys
20:06:12.0671 0544 hidkmdf - ok
20:06:12.0718 0544 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
20:06:12.0718 0544 HIDSwvd - ok
20:06:12.0765 0544 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:06:12.0765 0544 HidUsb - ok
20:06:12.0781 0544 hpn - ok
20:06:12.0843 0544 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:06:12.0843 0544 HPZid412 - ok
20:06:12.0859 0544 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:06:12.0859 0544 HPZipr12 - ok
20:06:12.0859 0544 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:06:12.0859 0544 HPZius12 - ok
20:06:12.0906 0544 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:06:12.0906 0544 HTTP - ok
20:06:12.0921 0544 i2omgmt - ok
20:06:12.0937 0544 i2omp - ok
20:06:12.0953 0544 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:06:12.0953 0544 i8042prt - ok
20:06:13.0031 0544 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:06:13.0031 0544 Imapi - ok
20:06:13.0046 0544 ini910u - ok
20:06:13.0062 0544 IntelIde - ok
20:06:13.0109 0544 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:06:13.0109 0544 intelppm - ok
20:06:13.0125 0544 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:06:13.0125 0544 Ip6Fw - ok
20:06:13.0156 0544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:06:13.0156 0544 IpFilterDriver - ok
20:06:13.0156 0544 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:06:13.0156 0544 IpInIp - ok
20:06:13.0187 0544 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:06:13.0187 0544 IpNat - ok
20:06:13.0218 0544 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:06:13.0218 0544 IPSec - ok
20:06:13.0218 0544 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:06:13.0218 0544 IRENUM - ok
20:06:13.0250 0544 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:06:13.0250 0544 isapnp - ok
20:06:13.0265 0544 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:06:13.0265 0544 Kbdclass - ok
20:06:13.0265 0544 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:06:13.0281 0544 kbdhid - ok
20:06:13.0296 0544 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:06:13.0296 0544 kmixer - ok
20:06:13.0312 0544 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:06:13.0312 0544 KSecDD - ok
20:06:13.0328 0544 lbrtfdc - ok
20:06:13.0421 0544 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:06:13.0421 0544 lirsgt - ok
20:06:13.0468 0544 MagicTune - ok
20:06:13.0515 0544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:06:13.0515 0544 mnmdd - ok
20:06:13.0531 0544 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:06:13.0531 0544 Modem - ok
20:06:13.0562 0544 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:06:13.0562 0544 Mouclass - ok
20:06:13.0609 0544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:06:13.0609 0544 mouhid - ok
20:06:13.0625 0544 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:06:13.0625 0544 MountMgr - ok
20:06:13.0640 0544 mraid35x - ok
20:06:13.0656 0544 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:06:13.0656 0544 MRxDAV - ok
20:06:13.0703 0544 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:06:13.0703 0544 MRxSmb - ok
20:06:13.0765 0544 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:06:13.0765 0544 Msfs - ok
20:06:13.0921 0544 MsibiosDevice (73df019bb316f317e60ae8758a52b3d1) C:\Program Files\MSI\Live Update 4\LU4\msibios.sys
20:06:13.0921 0544 MsibiosDevice - ok
20:06:13.0968 0544 MSI_DVD_010507 (09a00b8c911d32a0cfeb747be9ce5dab) C:\PROGRA~1\MSI\MSIWDev\DVDSYS32_100507.sys
20:06:13.0968 0544 MSI_DVD_010507 - ok
20:06:14.0000 0544 MSI_MSIBIOS_010507 (3846c05a66a3f5cd1d33e1a323c1762c) C:\PROGRA~1\MSI\MSIWDev\msibios32_100507.sys
20:06:14.0000 0544 MSI_MSIBIOS_010507 - ok
20:06:14.0031 0544 MSI_VGASYS_010507 (8d603678c3961bed302163964ad6a38e) C:\PROGRA~1\MSI\MSIWDev\VGASYS32_100507.sys
20:06:14.0031 0544 MSI_VGASYS_010507 - ok
20:06:14.0078 0544 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:06:14.0078 0544 MSKSSRV - ok
20:06:14.0093 0544 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:06:14.0093 0544 MSPCLOCK - ok
20:06:14.0109 0544 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:06:14.0125 0544 MSPQM - ok
20:06:14.0171 0544 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:06:14.0171 0544 mssmbios - ok
20:06:14.0234 0544 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:06:14.0234 0544 MSTEE - ok
20:06:14.0265 0544 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:06:14.0265 0544 Mup - ok
20:06:14.0312 0544 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:06:14.0312 0544 NABTSFEC - ok
20:06:14.0359 0544 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:06:14.0359 0544 NDIS - ok
20:06:14.0406 0544 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:06:14.0406 0544 NdisIP - ok
20:06:14.0437 0544 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:06:14.0437 0544 NdisTapi - ok
20:06:14.0453 0544 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:06:14.0453 0544 Ndisuio - ok
20:06:14.0468 0544 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:06:14.0468 0544 NdisWan - ok
20:06:14.0500 0544 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:06:14.0500 0544 NDProxy - ok
20:06:14.0515 0544 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:06:14.0515 0544 NetBIOS - ok
20:06:14.0562 0544 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:06:14.0562 0544 NetBT - ok
20:06:14.0671 0544 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:06:14.0671 0544 NIC1394 - ok
20:06:14.0718 0544 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:06:14.0718 0544 Npfs - ok
20:06:14.0781 0544 npusbio (0a01056f5128d80f6e6826e32ba52177) C:\WINDOWS\system32\Drivers\npusbio.sys
20:06:14.0781 0544 npusbio - ok
20:06:14.0843 0544 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:06:14.0859 0544 Ntfs - ok
20:06:14.0984 0544 NTIOLib_1_0_8 (aa70ed3b0d93c1073260a5043805b6db) C:\PROGRA~1\MSI\MSIWDev\NTIOLib.sys
20:06:14.0984 0544 NTIOLib_1_0_8 - ok
20:06:15.0046 0544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:06:15.0046 0544 Null - ok
20:06:15.0453 0544 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:06:15.0765 0544 nv - ok
20:06:15.0796 0544 nvata (dc1f9954b5eddd147af7e5c420be7b93) C:\WINDOWS\system32\DRIVERS\nvata.sys
20:06:15.0796 0544 nvata - ok
20:06:15.0812 0544 nvatabus (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\drivers\nvatabus.sys
20:06:15.0812 0544 nvatabus - ok
20:06:15.0843 0544 nvgts (619d8943725402d1179941fd58574cc8) C:\WINDOWS\system32\DRIVERS\nvgts.sys
20:06:15.0843 0544 nvgts - ok
20:06:15.0890 0544 NVHDA (50acb7253d1104e5917e15a0670d63d5) C:\WINDOWS\system32\drivers\nvhda32.sys
20:06:15.0890 0544 NVHDA - ok
20:06:15.0937 0544 nvnetbus - ok
20:06:16.0031 0544 NVR0Dev (eda6e97b453388bb51ce84b8a11d9d13) C:\WINDOWS\nvoclk64.sys
20:06:16.0031 0544 NVR0Dev - ok
20:06:16.0093 0544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:06:16.0093 0544 NwlnkFlt - ok
20:06:16.0109 0544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:06:16.0109 0544 NwlnkFwd - ok
20:06:16.0171 0544 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
20:06:16.0171 0544 NwlnkIpx - ok
20:06:16.0203 0544 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
20:06:16.0203 0544 NwlnkNb - ok
20:06:16.0234 0544 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
20:06:16.0234 0544 NwlnkSpx - ok
20:06:16.0250 0544 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:06:16.0250 0544 ohci1394 - ok
20:06:16.0312 0544 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:06:16.0312 0544 ossrv - ok
20:06:16.0406 0544 papycpu2 (f5cf06754ae54d9d3353fc9c59bc4e04) C:\WINDOWS\System32\DRIVERS\papycpu2.sys
20:06:16.0406 0544 papycpu2 - ok
20:06:16.0437 0544 papyjoy (b09a71e8e1e127455f3a2fe83d38851f) C:\WINDOWS\System32\DRIVERS\papyjoy.sys
20:06:16.0437 0544 papyjoy - ok
20:06:16.0484 0544 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:06:16.0484 0544 Parport - ok
20:06:16.0515 0544 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:06:16.0515 0544 PartMgr - ok
20:06:16.0546 0544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:06:16.0546 0544 ParVdm - ok
20:06:16.0562 0544 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:06:16.0562 0544 PCI - ok
20:06:16.0578 0544 PCIDump - ok
20:06:16.0578 0544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:06:16.0578 0544 PCIIde - ok
20:06:16.0609 0544 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:06:16.0609 0544 Pcmcia - ok
20:06:16.0656 0544 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
20:06:16.0656 0544 pcouffin - ok
20:06:16.0656 0544 PDCOMP - ok
20:06:16.0671 0544 PDFRAME - ok
20:06:16.0687 0544 PDRELI - ok
20:06:16.0703 0544 PDRFRAME - ok
20:06:16.0703 0544 perc2 - ok
20:06:16.0718 0544 perc2hib - ok
20:06:16.0781 0544 PfModNT (391cc6558303c5c3de04a5d50f1c4b2a) C:\WINDOWS\system32\drivers\PfModNT.sys
20:06:16.0781 0544 PfModNT - ok
20:06:16.0890 0544 portio (c0e3dec0b84a2607ee017a173fb9087c) C:\WINDOWS\system32\DRIVERS\throttle.sys
20:06:16.0890 0544 portio - ok
20:06:16.0921 0544 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:06:16.0921 0544 PptpMiniport - ok
20:06:16.0921 0544 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:06:16.0937 0544 PSched - ok
20:06:16.0968 0544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:06:16.0968 0544 Ptilink - ok
20:06:17.0000 0544 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:06:17.0000 0544 PxHelp20 - ok
20:06:17.0000 0544 ql1080 - ok
20:06:17.0015 0544 Ql10wnt - ok
20:06:17.0031 0544 ql12160 - ok
20:06:17.0046 0544 ql1240 - ok
20:06:17.0046 0544 ql1280 - ok
20:06:17.0093 0544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:06:17.0093 0544 RasAcd - ok
20:06:17.0109 0544 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:06:17.0109 0544 Rasl2tp - ok
20:06:17.0125 0544 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:06:17.0125 0544 RasPppoe - ok
20:06:17.0140 0544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:06:17.0140 0544 Raspti - ok
20:06:17.0156 0544 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:06:17.0156 0544 Rdbss - ok
20:06:17.0171 0544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:06:17.0171 0544 RDPCDD - ok
20:06:17.0187 0544 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:06:17.0203 0544 rdpdr - ok
20:06:17.0250 0544 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:06:17.0250 0544 RDPWD - ok
20:06:17.0296 0544 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:06:17.0296 0544 redbook - ok
20:06:17.0406 0544 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
20:06:17.0406 0544 Revoflt - ok
20:06:17.0500 0544 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys
20:06:17.0515 0544 RT61 - ok
20:06:17.0546 0544 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
20:06:17.0546 0544 RTL8023xp - ok
20:06:17.0609 0544 SaiH0762 (34ea7d80b2e7899b99bd525428cdce94) C:\WINDOWS\system32\DRIVERS\SaiH0762.sys
20:06:17.0609 0544 SaiH0762 - ok
20:06:17.0640 0544 SaiMini (c16d95bd9fdb381689053cb5ecac9e40) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
20:06:17.0640 0544 SaiMini - ok
20:06:17.0718 0544 SaiNtBus (e549bf8b944a6cc6356b322cbb83c796) C:\WINDOWS\system32\drivers\SaiBus.sys
20:06:17.0718 0544 SaiNtBus - ok
20:06:17.0906 0544 SANDRA (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011b\WNt500x86\Sandra.sys
20:06:17.0906 0544 SANDRA - ok
20:06:18.0015 0544 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:06:18.0015 0544 SASDIFSV - ok
20:06:18.0062 0544 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
20:06:18.0062 0544 SASENUM - ok
20:06:18.0078 0544 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
20:06:18.0078 0544 SASKUTIL - ok
20:06:18.0203 0544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:06:18.0203 0544 Secdrv - ok
20:06:18.0250 0544 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:06:18.0250 0544 serenum - ok
20:06:18.0265 0544 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:06:18.0265 0544 Serial - ok
20:06:18.0296 0544 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:06:18.0312 0544 Sfloppy - ok
20:06:18.0375 0544 Si3531 (4346d5bbdde7756d8614a3f193d60984) C:\WINDOWS\system32\DRIVERS\Si3531.sys
20:06:18.0375 0544 Si3531 - ok
20:06:18.0375 0544 SiFilter (e853c341bbf4ac0007a8db0858dbb09d) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:06:18.0375 0544 SiFilter - ok
20:06:18.0390 0544 Simbad - ok
20:06:18.0406 0544 SiRemFil (d80e6f142eb4963e82a8537dd745f51b) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:06:18.0406 0544 SiRemFil - ok
20:06:18.0468 0544 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:06:18.0468 0544 SLIP - ok
20:06:18.0500 0544 snapman (624f51c7c12b9aeec433a2dd9b43f90f) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:06:18.0500 0544 snapman - ok
20:06:18.0500 0544 Sparrow - ok
20:06:18.0562 0544 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:06:18.0562 0544 splitter - ok
20:06:18.0562 0544 sptd - ok
20:06:18.0609 0544 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:06:18.0609 0544 sr - ok
20:06:18.0640 0544 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:06:18.0640 0544 Srv - ok
20:06:18.0687 0544 StarOpen - ok
20:06:18.0765 0544 STONEDRV (d1b20880314b2b95aa441f5017e91525) C:\WINDOWS\system32\Drivers\stonedrv.sys
20:06:18.0765 0544 STONEDRV - ok
20:06:18.0812 0544 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:06:18.0812 0544 streamip - ok
20:06:18.0843 0544 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:06:18.0843 0544 swenum - ok
20:06:18.0859 0544 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:06:18.0859 0544 swmidi - ok
20:06:18.0875 0544 symc810 - ok
20:06:18.0890 0544 symc8xx - ok
20:06:18.0890 0544 sym_hi - ok
20:06:18.0906 0544 sym_u3 - ok
20:06:18.0921 0544 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:06:18.0921 0544 sysaudio - ok
20:06:19.0015 0544 t3 (1673ce6acc8da51310be807f4375cc6b) C:\WINDOWS\system32\drivers\t3.sys
20:06:19.0031 0544 t3 - ok
20:06:19.0109 0544 t3filt (56ab74ae2da9393ec266281f9a504d68) C:\WINDOWS\system32\drivers\t3filt.sys
20:06:19.0156 0544 t3filt - ok
20:06:19.0203 0544 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:06:19.0203 0544 Tcpip - ok
20:06:19.0265 0544 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:06:19.0265 0544 TDPIPE - ok
20:06:19.0312 0544 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:06:19.0312 0544 TDTCP - ok
20:06:19.0328 0544 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:06:19.0328 0544 TermDD - ok
20:06:19.0375 0544 timounter (1dcf219ec8de87c99b5ad6216000f6d3) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:06:19.0390 0544 timounter - ok
20:06:19.0406 0544 TosIde - ok
20:06:19.0562 0544 tportcls - ok
20:06:19.0609 0544 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:06:19.0609 0544 Udfs - ok
20:06:19.0609 0544 ultra - ok
20:06:19.0640 0544 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:06:19.0640 0544 Update - ok
20:06:19.0718 0544 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:06:19.0718 0544 usbccgp - ok
20:06:19.0765 0544 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:06:19.0765 0544 usbehci - ok
20:06:19.0781 0544 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:06:19.0781 0544 usbhub - ok
20:06:19.0796 0544 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:06:19.0796 0544 usbohci - ok
20:06:19.0828 0544 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:06:19.0828 0544 usbprint - ok
20:06:19.0859 0544 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:06:19.0859 0544 usbstor - ok
20:06:19.0859 0544 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:06:19.0859 0544 VgaSave - ok
20:06:19.0875 0544 ViaIde - ok
20:06:19.0937 0544 VKbms (07c20e596a0838809bc5ff5de5a65973) C:\WINDOWS\system32\DRIVERS\VKbms.sys
20:06:19.0937 0544 VKbms - ok
20:06:19.0953 0544 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:06:19.0953 0544 VolSnap - ok
20:06:19.0984 0544 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:06:19.0984 0544 Wanarp - ok
20:06:20.0046 0544 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:06:20.0046 0544 Wdf01000 - ok
20:06:20.0046 0544 WDICA - ok
20:06:20.0078 0544 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:06:20.0078 0544 wdmaud - ok
20:06:20.0156 0544 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:06:20.0156 0544 WinUSB - ok
20:06:20.0234 0544 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:06:20.0234 0544 WpdUsb - ok
20:06:20.0281 0544 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:06:20.0281 0544 WS2IFSL - ok
20:06:20.0328 0544 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:06:20.0328 0544 WSTCODEC - ok
20:06:20.0359 0544 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:06:20.0359 0544 WudfPf - ok
20:06:20.0359 0544 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:06:20.0375 0544 WudfRd - ok
20:06:20.0421 0544 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
20:06:20.0421 0544 zumbus - ok
20:06:20.0515 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:06:20.0656 0544 \Device\Harddisk0\DR0 - ok
20:06:20.0656 0544 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:06:20.0671 0544 \Device\Harddisk1\DR1 - ok
20:06:20.0671 0544 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
20:06:20.0671 0544 \Device\Harddisk2\DR2 - ok
20:06:20.0687 0544 Boot (0x1200) (34e3e5e2ff97bb5215eb00f6e578db3e) \Device\Harddisk0\DR0\Partition0
20:06:20.0687 0544 \Device\Harddisk0\DR0\Partition0 - ok
20:06:20.0687 0544 Boot (0x1200) (bd34c4666d3ed15cffa633102e57d5b8) \Device\Harddisk1\DR1\Partition0
20:06:20.0687 0544 \Device\Harddisk1\DR1\Partition0 - ok
20:06:20.0703 0544 Boot (0x1200) (a6d14b0050b164afc94413d88ad1d232) \Device\Harddisk1\DR1\Partition1
20:06:20.0703 0544 \Device\Harddisk1\DR1\Partition1 - ok
20:06:20.0703 0544 Boot (0x1200) (c403e640deaaf14308ce5a849567c061) \Device\Harddisk2\DR2\Partition0
20:06:20.0703 0544 \Device\Harddisk2\DR2\Partition0 - ok
20:06:20.0718 0544 ============================================================
20:06:20.0718 0544 Scan finished
20:06:20.0718 0544 ============================================================
20:06:20.0734 0536 Detected object count: 2
20:06:20.0734 0536 Actual detected object count: 2
20:06:42.0640 0536 Backup copy found, using it..
20:06:42.0640 0536 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot
20:06:42.0640 0536 Cdrom ( Rootkit.Win32.ZAccess.g ) - User select action: Cure
20:06:42.0640 0536 d9ad7635 ( HiddenFile.Multi.Generic ) - skipped by user
20:06:42.0640 0536 d9ad7635 ( HiddenFile.Multi.Generic ) - User select action: Skip
20:06:50.0125 2028 Deinitialize success

#14 Eugene1

Eugene1
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 18 October 2011 - 10:29 PM

Going to try to sneak System Lock back via email again, differently named again.

Outlook warned about a renamed combo fix being unlikely to open at the receiver end, so I didn't try it.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:18 PM

Posted 18 October 2011 - 10:30 PM

Hello


do post 10 and lets see where we stand



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users