Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe has infected me


  • This topic is locked This topic is locked
47 replies to this topic

#1 XanatosNemos

XanatosNemos

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 28 November 2011 - 01:18 AM

ORIGINAL POST
------------------

originally i had gotten this and read over someone elses post on ping.exe followed the instructions with combofix and deleted the virus, about a week ago. Today avg starts popping up around 10pm often saying so and so is infected, inaccessible or undeletable etc.

and I notice Ping.exe is running again and slowing my computer down dramatically. I hate to bother you guys once again with my problems, but it seems I will need the pros on this one.

~Xanatos

------------------

following directions from http://www.bleepingcomputer.com/forums/topic429642.html

WAS UNABLE TO RUN GMER, xp security 2012 virus blocks it.


DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Owner at 1:10:37 on 2011-11-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2252 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Documents and Settings\Owner\Local Settings\Application Data\ayd.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://greensboro.craigslist.org/rea/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [3219583623] c:\documents and settings\owner\local settings\application data\ayd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "c:\program files\steelseries\world of warcraft cataclysm mmo gaming mouse\WoWMHID2.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2D3D8F48-6329-4894-A4C2-D0523C012394} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\f3j2v9u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.infowars.com/|http://www.facebook.com/profile.php?id=667655236&ref=profile|http://wbe03.mibbit.com/?server=irc.gamesurge.net&channel=%23dominions&noServerTab=false&noticesToActiveTab=false
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dbb871f&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-12-15 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-10 2253120]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-5-10 119656]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2010-12-15 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-4-21 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-28 03:07:34 275968 ----a-w- c:\documents and settings\owner\local settings\application data\ayd.exe
2011-11-22 20:03:35 -------- d-----w- c:\documents and settings\owner\application data\ZekkIVOyA
2011-11-22 20:03:35 -------- d-----w- c:\documents and settings\owner\application data\bzzzP0yycAivDoF
2011-11-22 19:59:54 -------- d-----w- c:\program files\B1B1A
2011-11-22 19:59:07 -------- d-----w- c:\program files\LP
2011-11-22 19:59:02 -------- d-----w- c:\documents and settings\owner\application data\qoonnG4amH6s
2011-11-22 19:59:02 -------- d-----w- c:\documents and settings\owner\application data\pSS11ivD3
2011-11-22 19:58:41 -------- d-----w- c:\documents and settings\owner\application data\cqjUUCelIBrzNyA
2011-11-22 19:58:40 -------- d-----w- c:\documents and settings\owner\application data\oXwwkUUVrlOtx0u
2011-11-21 19:33:02 -------- d-----w- C:\ComboFix
2011-11-16 01:42:42 98816 ----a-w- c:\windows\sed.exe
2011-11-16 01:42:42 518144 ----a-w- c:\windows\SWREG.exe
2011-11-16 01:42:42 256000 ----a-w- c:\windows\PEV.exe
2011-11-16 01:42:42 208896 ----a-w- c:\windows\MBR.exe
2011-11-15 21:55:15 -------- d-----w- c:\documents and settings\owner\application data\D06B1
2011-11-15 21:55:09 -------- d-----w- c:\documents and settings\owner\application data\wAA00ucS2ib3p
2011-11-15 21:55:08 -------- d-----w- c:\documents and settings\owner\application data\EL99hTTXqjUelBr
2011-11-15 02:07:48 -------- d-----w- c:\program files\Sony
2011-11-15 02:07:39 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-11-15 02:07:39 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-11-15 02:07:39 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-11-15 02:07:39 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-11-15 02:07:39 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-11-15 02:07:33 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-11-15 02:07:33 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-11-14 04:19:54 -------- d-----w- c:\program files\Citrix
.
==================== Find3M ====================
.
2011-11-22 20:15:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-25 23:45:56 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-25 23:45:56 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-25 23:45:54 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-25 20:52:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 1:11:31.76 ===============

BC AdBot (Login to Remove)

 


#2 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 29 November 2011 - 12:51 AM

i wasnt able to open my browser or msn messenger today and used a flash drive (will it be infected now also?) to switch Rkill over to stop the virus long enough for me to be able to open programs, and it seemed to help with the xp security 2012 crap, although Ping.exe still returns every few seconds

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 30 November 2011 - 01:40 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


Running OTM

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Processes
    :Services
    :Reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "3219583623"=-
    :Files
    c:\documents and settings\owner\local settings\application data\ayd.exe
    c:\documents and settings\owner\application data\ZekkIVOyA
    c:\documents and settings\owner\application data\bzzzP0yycAivDoF
    c:\program files\B1B1A
    c:\documents and settings\owner\application data\qoonnG4amH6s
    c:\documents and settings\owner\application data\pSS11ivD3
    c:\documents and settings\owner\application data\cqjUUCelIBrzNyA
    c:\documents and settings\owner\application data\oXwwkUUVrlOtx0u
    c:\documents and settings\owner\application data\D06B1
    c:\documents and settings\owner\application data\wAA00ucS2ib3p
    c:\documents and settings\owner\application data\EL99hTTXqjUelBr
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [EMPTYFLASH]
    [resethosts]
    [createrestorepoint]
    
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


NEXT:



Running ComboFix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.
They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
    Posted Image
    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#4 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 30 November 2011 - 03:24 PM

i have run combofix which might have eliminated the issue, i have the utmost respect for the help here but i couldnt operate any longer without some freedom from ping.exe, i hope you can still help make sure its eliminated (i had done this before a few weeks ago but it came back somehow)

#5 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 30 November 2011 - 03:25 PM

oh no, it figures I just ran combofix before you responded, sigh, how should I proceed? Sorry about the hassle.

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 01 December 2011 - 01:47 AM

No worries, could you post the log file from ComboFix? It can be located in your C:\ drive named ComboFix.txt.

Post the contents of it for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 01 December 2011 - 07:17 AM

i have qoobox folder and comfix in C drive, comfix is empty, qoobox seems to have multiple files, however, none are dated for the one scan from yesterday, they are all from a few weeks ago when i had to run it for this same virus.

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 01 December 2011 - 08:42 PM

Okay, please download a new copy of ComboFix and run a scan with it, post the log file that it produces then.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 03 December 2011 - 04:01 PM

ComboFix 11-12-03.01 - Owner 12/03/2011 14:51:57.16.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2741 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 01:49 . 2011-12-03 01:49 -------- d-----w- c:\windows\Installing Adobe Acrobat Reader
2011-12-03 01:49 . 2011-12-03 01:49 -------- d-----w- c:\program files\Microsoft Games
2011-11-30 19:49 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-11-30 19:49 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-22 20:03 . 2011-11-22 20:03 -------- d-----w- c:\documents and settings\Owner\Application Data\ZekkIVOyA
2011-11-22 20:03 . 2011-11-22 20:03 -------- d-----w- c:\documents and settings\Owner\Application Data\bzzzP0yycAivDoF
2011-11-22 19:59 . 2011-11-22 20:57 -------- d-----w- c:\program files\B1B1A
2011-11-22 19:59 . 2011-11-22 19:59 -------- d-----w- c:\documents and settings\Owner\Application Data\qoonnG4amH6s
2011-11-22 19:59 . 2011-11-22 19:59 -------- d-----w- c:\documents and settings\Owner\Application Data\pSS11ivD3
2011-11-22 19:58 . 2011-11-22 19:58 -------- d-----w- c:\documents and settings\Owner\Application Data\cqjUUCelIBrzNyA
2011-11-22 19:58 . 2011-11-22 19:58 -------- d-----w- c:\documents and settings\Owner\Application Data\oXwwkUUVrlOtx0u
2011-11-15 21:55 . 2011-11-22 20:06 -------- d-----w- c:\documents and settings\Owner\Application Data\D06B1
2011-11-15 21:55 . 2011-11-15 21:55 -------- d-----w- c:\documents and settings\Owner\Application Data\wAA00ucS2ib3p
2011-11-15 21:55 . 2011-11-15 21:55 -------- d-----w- c:\documents and settings\Owner\Application Data\EL99hTTXqjUelBr
2011-11-15 02:07 . 2011-11-15 02:07 -------- d-----w- c:\program files\Sony
2011-11-15 02:07 . 2005-03-24 10:18 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-15 02:07 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-15 02:07 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-15 02:07 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-15 02:07 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-15 02:07 . 2011-11-15 02:07 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-15 02:07 . 2011-11-15 02:07 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-11-14 04:19 . 2011-11-15 01:30 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 20:15 . 2004-08-10 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-25 20:52 . 2011-05-16 18:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-04-20 16:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-08-09 21:07 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-08-09 21:07 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-04-08 02:15 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-04-08 02:15 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-04-08 02:15 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2011-04-08 02:15 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-04-08 02:15 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-30 00:47 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-07-30 00:47 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-04-20 17:11 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2010-04-20 17:10 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2009-08-17 04:57 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2009-08-17 04:57 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2009-08-17 04:57 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-08-17 04:57 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2009-08-17 04:57 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 17:41 . 2011-04-30 22:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_02.13.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-03 19:49 . 2011-12-03 19:49 16384 c:\windows\temp\Perflib_Perfdata_66c.dat
+ 2011-11-29 18:25 . 2011-11-29 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-20 16:42 . 2011-11-29 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-20 16:42 . 2010-04-20 17:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-26 15:50 . 2011-11-30 19:48 1984 c:\windows\system32\d3d9caps.dat
- 2010-07-26 15:50 . 2011-11-16 01:50 1984 c:\windows\system32\d3d9caps.dat
+ 2011-11-29 18:11 . 2011-11-29 18:11 100926 c:\windows\system32\itusbcore.dat
+ 2011-11-29 18:03 . 2011-11-29 18:03 2186240 c:\windows\Installer\6504b.msi
+ 2011-11-22 20:05 . 2011-11-22 20:05 4671488 c:\windows\Installer\18bc3.msi
+ 2011-12-01 03:31 . 2011-12-01 03:31 4671488 c:\windows\Installer\182dab2.msi
+ 2011-12-01 03:29 . 2011-12-01 03:29 2186240 c:\windows\Installer\182daae.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2010-12-07 1987072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Age of Wonders Shadow Magic\\AoWSM.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold\\Stronghold.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Games\\Stronghold\\Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\dominions3\\dom3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Wow\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Age of Wonders Shadow Magic\\Strange Lands Mod.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Diablo 2
"4000:TCP"= 4000:TCP:Diablo 2
"2302:UDP"= 2302:UDP:AOW
"6073:TCP"= 6073:TCP:AOW
"6112:UDP"= 6112:UDP:wc3
"6113:TCP"= 6113:TCP:wc3
"6113:UDP"= 6113:UDP:wc3
"6114:TCP"= 6114:TCP:wc3
"6114:UDP"= 6114:UDP:wc3
"6115:TCP"= 6115:TCP:wc3
"6115:UDP"= 6115:UDP:wc3
"6116:TCP"= 6116:TCP:wc3
"6116:UDP"= 6116:UDP:wc3
"6117:TCP"= 6117:TCP:wc3
"6117:UDP"= 6117:UDP:wc3
"6118:TCP"= 6118:TCP:wc3
"6118:UDP"= 6118:UDP:wc3
"6119:TCP"= 6119:TCP:wc3
"6119:UDP"= 6119:UDP:wc3
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/11/2011 4:22 PM 436792]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [12/15/2010 9:09 PM 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/10/2011 6:07 PM 2253120]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/10/2011 6:05 PM 119656]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [12/15/2010 7:03 PM 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/10/2004 6:00 AM 14336]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/21/2010 11:59 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://greensboro.craigslist.org/rea/
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3j2v9u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.infowars.com/|http://www.facebook.com/profile.php?id=667655236&ref=profile|http://wbe03.mibbit.com/?server=irc.gamesurge.net&channel=%23dominions&noServerTab=false&noticesToActiveTab=false
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dbb871f&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-03 14:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1229272821-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(296)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-03 15:00:00
ComboFix-quarantined-files.txt 2011-12-03 19:59
ComboFix2.txt 2011-11-30 20:07
ComboFix3.txt 2011-11-21 19:44
ComboFix4.txt 2011-11-16 02:16
.
Pre-Run: 100,981,997,568 bytes free
Post-Run: 101,443,817,472 bytes free
.
- - End Of File - - C5AF6693DE6D2F265B72F17604633409

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 04 December 2011 - 02:11 AM

Hi!

Please run the following scans:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\documents and settings\Owner\Application Data\ZekkIVOyA
c:\documents and settings\Owner\Application Data\bzzzP0yycAivDoF
c:\program files\B1B1A
c:\documents and settings\Owner\Application Data\qoonnG4amH6s
c:\documents and settings\Owner\Application Data\pSS11ivD3
c:\documents and settings\Owner\Application Data\cqjUUCelIBrzNyA
c:\documents and settings\Owner\Application Data\oXwwkUUVrlOtx0u
c:\documents and settings\Owner\Application Data\D06B1
c:\documents and settings\Owner\Application Data\wAA00ucS2ib3p
c:\documents and settings\Owner\Application Data\EL99hTTXqjUelBr

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 05 December 2011 - 04:39 PM

ComboFix 11-12-05.04 - Owner 12/05/2011 16:27:08.17.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3198.2724 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\bzzzP0yycAivDoF
c:\documents and settings\Owner\Application Data\cqjUUCelIBrzNyA
c:\documents and settings\Owner\Application Data\D06B1
c:\documents and settings\Owner\Application Data\D06B1\1B1A.06B
c:\documents and settings\Owner\Application Data\EL99hTTXqjUelBr
c:\documents and settings\Owner\Application Data\oXwwkUUVrlOtx0u
c:\documents and settings\Owner\Application Data\pSS11ivD3
c:\documents and settings\Owner\Application Data\qoonnG4amH6s
c:\documents and settings\Owner\Application Data\qoonnG4amH6s\AV Protection 2011.ico
c:\documents and settings\Owner\Application Data\wAA00ucS2ib3p
c:\documents and settings\Owner\Application Data\ZekkIVOyA
c:\documents and settings\Owner\Application Data\ZekkIVOyA\AV Protection 2011.ico
c:\program files\B1B1A
.
.
((((((((((((((((((((((((( Files Created from 2011-11-05 to 2011-12-05 )))))))))))))))))))))))))))))))
.
.
2011-12-05 21:18 . 2011-12-05 21:18 -------- d-----w- c:\windows\LastGood.Tmp
2011-12-03 01:49 . 2011-12-03 01:49 -------- d-----w- c:\windows\Installing Adobe Acrobat Reader
2011-12-03 01:49 . 2011-12-03 01:49 -------- d-----w- c:\program files\Microsoft Games
2011-11-30 19:49 . 2008-04-14 04:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-11-30 19:49 . 2008-04-14 04:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-11-15 02:07 . 2011-11-15 02:07 -------- d-----w- c:\program files\Sony
2011-11-15 02:07 . 2005-03-24 10:18 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-11-15 02:07 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-11-15 02:07 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-11-15 02:07 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-11-15 02:07 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-11-15 02:07 . 2011-11-15 02:07 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-11-15 02:07 . 2011-11-15 02:07 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-11-14 04:19 . 2011-11-15 01:30 -------- d-----w- c:\program files\Citrix
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-22 20:15 . 2004-08-10 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-10-25 20:52 . 2011-05-16 18:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2010-04-20 16:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-08 04:50 . 2011-08-09 21:07 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-08-09 21:07 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2011-04-08 02:15 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-04-08 02:15 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2011-04-08 02:15 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2011-04-08 02:15 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2011-04-08 02:15 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2011-04-08 02:15 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-30 00:47 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-07-30 00:47 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-04-20 17:11 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2010-04-20 17:10 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2009-08-17 04:57 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2009-08-17 04:57 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2009-08-17 04:57 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2009-08-17 04:57 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2009-08-17 04:57 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 17:41 . 2011-04-30 22:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-16_02.13.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-05 21:34 . 2011-12-05 21:34 16384 c:\windows\temp\Perflib_Perfdata_1b8.dat
+ 2011-11-29 18:25 . 2011-11-29 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-20 16:42 . 2011-11-29 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-04-20 16:42 . 2010-04-20 17:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-07-26 15:50 . 2011-11-16 01:50 1984 c:\windows\system32\d3d9caps.dat
+ 2010-07-26 15:50 . 2011-11-30 19:48 1984 c:\windows\system32\d3d9caps.dat
+ 2011-11-29 18:11 . 2011-11-29 18:11 100926 c:\windows\system32\itusbcore.dat
+ 2011-11-29 18:03 . 2011-11-29 18:03 2186240 c:\windows\Installer\6504b.msi
+ 2011-12-03 21:10 . 2011-12-03 21:10 4671488 c:\windows\Installer\4a1636.msi
+ 2011-12-03 21:10 . 2011-12-03 21:10 2186240 c:\windows\Installer\4a1632.msi
+ 2011-11-22 20:05 . 2011-11-22 20:05 4671488 c:\windows\Installer\18bc3.msi
+ 2011-12-01 03:31 . 2011-12-01 03:31 4671488 c:\windows\Installer\182dab2.msi
+ 2011-12-01 03:29 . 2011-12-01 03:29 2186240 c:\windows\Installer\182daae.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-03-08 3972440]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2010-08-20 33120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"SteelSeries World of Warcraft Cataclysm MMO Gaming Mouse"="c:\program files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMHID2.exe" [2010-12-07 1987072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Diablo II\\Diablo II.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Age of Wonders Shadow Magic\\AoWSM.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\FireFly Studios\\Stronghold\\Stronghold.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Games\\Stronghold\\Crusader\\Stronghold Crusader.exe"=
"c:\\Program Files\\dominions3\\dom3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\Wow\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Age of Wonders Shadow Magic\\Strange Lands Mod.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Diablo 2
"4000:TCP"= 4000:TCP:Diablo 2
"2302:UDP"= 2302:UDP:AOW
"6073:TCP"= 6073:TCP:AOW
"6112:UDP"= 6112:UDP:wc3
"6113:TCP"= 6113:TCP:wc3
"6113:UDP"= 6113:UDP:wc3
"6114:TCP"= 6114:TCP:wc3
"6114:UDP"= 6114:UDP:wc3
"6115:TCP"= 6115:TCP:wc3
"6115:UDP"= 6115:UDP:wc3
"6116:TCP"= 6116:TCP:wc3
"6116:UDP"= 6116:UDP:wc3
"6117:TCP"= 6117:TCP:wc3
"6117:UDP"= 6117:UDP:wc3
"6118:TCP"= 6118:TCP:wc3
"6118:UDP"= 6118:UDP:wc3
"6119:TCP"= 6119:TCP:wc3
"6119:UDP"= 6119:UDP:wc3
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/11/2011 4:22 PM 436792]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [12/15/2010 9:09 PM 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [5/10/2011 6:07 PM 2253120]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/10/2011 6:05 PM 119656]
R3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [12/15/2010 7:03 PM 17408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 SqlCSS;SQL Server EXPRESS;c:\windows\System32\svchost.exe -k Sqlses [8/10/2004 6:00 AM 14336]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [4/21/2010 11:59 AM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 7:18 PM 23680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Sqlses REG_MULTI_SZ SqlCSS
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://greensboro.craigslist.org/rea/
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f3j2v9u6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.infowars.com/|http://www.facebook.com/profile.php?id=667655236&ref=profile|http://wbe03.mibbit.com/?server=irc.gamesurge.net&channel=%23dominions&noServerTab=false&noticesToActiveTab=false
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dbb871f&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-05 16:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1229272821-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(548)
c:\windows\system32\WININET.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Taskbar Shuffle\tbhookin.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\RunDLL32.exe
c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\SteelSeries\World of Warcraft Cataclysm MMO Gaming Mouse\WoWMTray2.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-05 16:38:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-05 21:38
ComboFix2.txt 2011-12-03 20:00
ComboFix3.txt 2011-11-30 20:07
ComboFix4.txt 2011-11-21 19:44
ComboFix5.txt 2011-12-05 21:26
.
Pre-Run: 101,826,105,344 bytes free
Post-Run: 101,812,117,504 bytes free
.
- - End Of File - - D44031E652862FF3700739A0A17F613B

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 06 December 2011 - 01:41 AM

Hi!

Do you happen to have the TDSSKiller log file for me to review??

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 06 December 2011 - 07:06 PM

Whoops here it is:

15:11:44.0000 1932 TDSS rootkit removing tool 2.6.20.0 Nov 22 2011 12:05:55
15:11:44.0296 1932 ============================================================
15:11:44.0296 1932 Current date / time: 2011/11/22 15:11:44.0296
15:11:44.0296 1932 SystemInfo:
15:11:44.0296 1932
15:11:44.0296 1932 OS Version: 5.1.2600 ServicePack: 3.0
15:11:44.0296 1932 Product type: Workstation
15:11:44.0296 1932 ComputerName: WINDOWS-215B4D1
15:11:44.0296 1932 UserName: Owner
15:11:44.0296 1932 Windows directory: C:\WINDOWS
15:11:44.0296 1932 System windows directory: C:\WINDOWS
15:11:44.0296 1932 Processor architecture: Intel x86
15:11:44.0296 1932 Number of processors: 2
15:11:44.0296 1932 Page size: 0x1000
15:11:44.0296 1932 Boot type: Safe boot with network
15:11:44.0296 1932 ============================================================
15:11:45.0890 1932 Initialize success
15:12:50.0625 1844 ============================================================
15:12:50.0625 1844 Scan started
15:12:50.0625 1844 Mode: Manual;
15:12:50.0625 1844 ============================================================
15:12:51.0046 1844 Abiosdsk - ok
15:12:51.0078 1844 abp480n5 - ok
15:12:51.0156 1844 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:12:51.0156 1844 ACPI - ok
15:12:51.0203 1844 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:12:51.0203 1844 ACPIEC - ok
15:12:51.0281 1844 adpu160m - ok
15:12:51.0500 1844 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:12:51.0515 1844 aec - ok
15:12:51.0625 1844 AFD (c38d5eb0cd4fabbdcb05cfa0fcf19c12) C:\WINDOWS\System32\drivers\afd.sys
15:12:51.0625 1844 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: c38d5eb0cd4fabbdcb05cfa0fcf19c12, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
15:12:51.0625 1844 AFD ( Rootkit.Win32.ZAccess.k ) - infected
15:12:51.0625 1844 AFD - detected Rootkit.Win32.ZAccess.k (0)
15:12:51.0640 1844 Aha154x - ok
15:12:51.0656 1844 aic78u2 - ok
15:12:51.0687 1844 aic78xx - ok
15:12:51.0734 1844 AliIde - ok
15:12:51.0750 1844 amsint - ok
15:12:51.0890 1844 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:12:51.0890 1844 Arp1394 - ok
15:12:51.0906 1844 asc - ok
15:12:51.0921 1844 asc3350p - ok
15:12:51.0953 1844 asc3550 - ok
15:12:52.0062 1844 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:12:52.0062 1844 AsyncMac - ok
15:12:52.0140 1844 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:12:52.0140 1844 atapi - ok
15:12:52.0156 1844 Atdisk - ok
15:12:52.0250 1844 ati2mtag (205a9e5c6d3b60659f0dc40542a8b29f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
15:12:52.0265 1844 ati2mtag - ok
15:12:52.0281 1844 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:12:52.0281 1844 Atmarpc - ok
15:12:52.0343 1844 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:12:52.0343 1844 audstub - ok
15:12:52.0421 1844 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
15:12:52.0421 1844 AVGIDSDriver - ok
15:12:52.0484 1844 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
15:12:52.0500 1844 AVGIDSEH - ok
15:12:52.0546 1844 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
15:12:52.0546 1844 AVGIDSFilter - ok
15:12:52.0609 1844 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
15:12:52.0609 1844 AVGIDSShim - ok
15:12:52.0687 1844 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
15:12:52.0687 1844 Avgldx86 - ok
15:12:52.0750 1844 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
15:12:52.0750 1844 Avgmfx86 - ok
15:12:52.0843 1844 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
15:12:52.0843 1844 Avgrkx86 - ok
15:12:52.0875 1844 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
15:12:52.0875 1844 Avgtdix - ok
15:12:52.0937 1844 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:12:52.0937 1844 b57w2k - ok
15:12:53.0015 1844 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:12:53.0015 1844 Beep - ok
15:12:53.0203 1844 catchme - ok
15:12:53.0265 1844 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:12:53.0265 1844 cbidf2k - ok
15:12:53.0281 1844 cd20xrnt - ok
15:12:53.0343 1844 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:12:53.0343 1844 Cdaudio - ok
15:12:53.0406 1844 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:12:53.0406 1844 Cdfs - ok
15:12:53.0468 1844 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:12:53.0468 1844 Cdrom - ok
15:12:53.0515 1844 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
15:12:53.0515 1844 cercsr6 - ok
15:12:53.0531 1844 Changer - ok
15:12:53.0625 1844 CmdIde - ok
15:12:53.0703 1844 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
15:12:53.0703 1844 COMMONFX - ok
15:12:53.0718 1844 COMMONFX.DLL - ok
15:12:53.0750 1844 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
15:12:53.0750 1844 COMMONFX.SYS - ok
15:12:53.0812 1844 Cpqarray - ok
15:12:53.0906 1844 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
15:12:53.0906 1844 CT20XUT.DLL - ok
15:12:53.0968 1844 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
15:12:53.0968 1844 ctac32k - ok
15:12:54.0000 1844 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
15:12:54.0015 1844 ctaud2k - ok
15:12:54.0046 1844 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
15:12:54.0046 1844 CTAUDFX - ok
15:12:54.0062 1844 CTAUDFX.DLL - ok
15:12:54.0109 1844 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
15:12:54.0109 1844 CTAUDFX.SYS - ok
15:12:54.0187 1844 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
15:12:54.0187 1844 ctdvda2k - ok
15:12:54.0234 1844 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
15:12:54.0234 1844 CTEAPSFX.DLL - ok
15:12:54.0250 1844 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
15:12:54.0265 1844 CTEDSPFX.DLL - ok
15:12:54.0296 1844 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
15:12:54.0296 1844 CTEDSPIO.DLL - ok
15:12:54.0328 1844 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
15:12:54.0328 1844 CTEDSPSY.DLL - ok
15:12:54.0359 1844 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
15:12:54.0375 1844 CTERFXFX - ok
15:12:54.0390 1844 CTERFXFX.DLL - ok
15:12:54.0437 1844 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
15:12:54.0437 1844 CTERFXFX.SYS - ok
15:12:54.0500 1844 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
15:12:54.0515 1844 CTEXFIFX.DLL - ok
15:12:54.0562 1844 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
15:12:54.0562 1844 CTHWIUT.DLL - ok
15:12:54.0625 1844 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
15:12:54.0625 1844 ctprxy2k - ok
15:12:54.0656 1844 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
15:12:54.0671 1844 CTSBLFX - ok
15:12:54.0687 1844 CTSBLFX.DLL - ok
15:12:54.0734 1844 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
15:12:54.0734 1844 CTSBLFX.SYS - ok
15:12:54.0750 1844 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
15:12:54.0765 1844 ctsfm2k - ok
15:12:54.0781 1844 dac2w2k - ok
15:12:54.0796 1844 dac960nt - ok
15:12:54.0890 1844 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:12:54.0890 1844 Disk - ok
15:12:54.0968 1844 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:12:54.0984 1844 dmboot - ok
15:12:55.0000 1844 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:12:55.0000 1844 dmio - ok
15:12:55.0031 1844 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:12:55.0031 1844 dmload - ok
15:12:55.0093 1844 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:12:55.0093 1844 DMusic - ok
15:12:55.0140 1844 dpti2o - ok
15:12:55.0187 1844 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:12:55.0187 1844 drmkaud - ok
15:12:55.0312 1844 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
15:12:55.0328 1844 emupia - ok
15:12:55.0406 1844 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:12:55.0406 1844 Fastfat - ok
15:12:55.0468 1844 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
15:12:55.0468 1844 Fdc - ok
15:12:55.0484 1844 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:12:55.0484 1844 Fips - ok
15:12:55.0500 1844 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
15:12:55.0500 1844 Flpydisk - ok
15:12:55.0546 1844 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:12:55.0562 1844 FltMgr - ok
15:12:55.0593 1844 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:12:55.0593 1844 Fs_Rec - ok
15:12:55.0640 1844 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:12:55.0656 1844 Ftdisk - ok
15:12:55.0718 1844 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
15:12:55.0718 1844 gameenum - ok
15:12:55.0765 1844 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:12:55.0765 1844 GEARAspiWDM - ok
15:12:55.0828 1844 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:12:55.0828 1844 Gpc - ok
15:12:55.0906 1844 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
15:12:55.0937 1844 ha10kx2k - ok
15:12:56.0000 1844 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
15:12:56.0000 1844 hamachi - ok
15:12:56.0031 1844 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
15:12:56.0031 1844 hap16v2k - ok
15:12:56.0062 1844 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
15:12:56.0078 1844 hap17v2k - ok
15:12:56.0109 1844 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:12:56.0125 1844 HDAudBus - ok
15:12:56.0203 1844 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:12:56.0203 1844 HidUsb - ok
15:12:56.0218 1844 hpn - ok
15:12:56.0312 1844 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:12:56.0312 1844 HTTP - ok
15:12:56.0343 1844 i2omgmt - ok
15:12:56.0359 1844 i2omp - ok
15:12:56.0437 1844 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:12:56.0437 1844 i8042prt - ok
15:12:56.0500 1844 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
15:12:56.0500 1844 iastor - ok
15:12:56.0531 1844 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:12:56.0531 1844 Imapi - ok
15:12:56.0578 1844 ini910u - ok
15:12:56.0609 1844 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:12:56.0609 1844 IntelIde - ok
15:12:56.0640 1844 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:12:56.0640 1844 intelppm - ok
15:12:56.0687 1844 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:12:56.0687 1844 Ip6Fw - ok
15:12:56.0718 1844 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:12:56.0718 1844 IpFilterDriver - ok
15:12:56.0750 1844 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:12:56.0750 1844 IpInIp - ok
15:12:56.0781 1844 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:12:56.0781 1844 IpNat - ok
15:12:56.0812 1844 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:12:56.0828 1844 IPSec - ok
15:12:56.0859 1844 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:12:56.0859 1844 IRENUM - ok
15:12:56.0906 1844 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:12:56.0906 1844 isapnp - ok
15:12:56.0937 1844 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:12:56.0953 1844 Kbdclass - ok
15:12:56.0984 1844 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:12:56.0984 1844 kbdhid - ok
15:12:57.0046 1844 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:12:57.0046 1844 kmixer - ok
15:12:57.0093 1844 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:12:57.0093 1844 KSecDD - ok
15:12:57.0140 1844 lbrtfdc - ok
15:12:57.0265 1844 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
15:12:57.0281 1844 MHNDRV - ok
15:12:57.0328 1844 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:12:57.0328 1844 mnmdd - ok
15:12:57.0375 1844 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:12:57.0390 1844 Modem - ok
15:12:57.0468 1844 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
15:12:57.0468 1844 motccgp - ok
15:12:57.0500 1844 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
15:12:57.0500 1844 motccgpfl - ok
15:12:57.0562 1844 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
15:12:57.0562 1844 motmodem - ok
15:12:57.0578 1844 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
15:12:57.0578 1844 motport - ok
15:12:57.0640 1844 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:12:57.0640 1844 Mouclass - ok
15:12:57.0703 1844 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:12:57.0703 1844 mouhid - ok
15:12:57.0765 1844 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:12:57.0765 1844 MountMgr - ok
15:12:57.0781 1844 mraid35x - ok
15:12:57.0828 1844 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:12:57.0843 1844 MRxDAV - ok
15:12:57.0906 1844 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:12:57.0906 1844 MRxSmb - ok
15:12:57.0953 1844 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:12:57.0953 1844 Msfs - ok
15:12:58.0046 1844 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:12:58.0046 1844 MSKSSRV - ok
15:12:58.0093 1844 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:12:58.0093 1844 MSPCLOCK - ok
15:12:58.0109 1844 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:12:58.0109 1844 MSPQM - ok
15:12:58.0140 1844 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:12:58.0140 1844 mssmbios - ok
15:12:58.0187 1844 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:12:58.0187 1844 Mup - ok
15:12:58.0218 1844 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:12:58.0234 1844 NDIS - ok
15:12:58.0265 1844 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:12:58.0265 1844 NdisTapi - ok
15:12:58.0296 1844 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:12:58.0296 1844 Ndisuio - ok
15:12:58.0312 1844 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:12:58.0312 1844 NdisWan - ok
15:12:58.0359 1844 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:12:58.0359 1844 NDProxy - ok
15:12:58.0390 1844 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:12:58.0390 1844 NetBIOS - ok
15:12:58.0453 1844 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:12:58.0468 1844 NetBT - ok
15:12:58.0531 1844 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:12:58.0546 1844 NIC1394 - ok
15:12:58.0562 1844 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:12:58.0578 1844 Npfs - ok
15:12:58.0609 1844 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:12:58.0625 1844 Ntfs - ok
15:12:58.0718 1844 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:12:58.0718 1844 Null - ok
15:12:59.0078 1844 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:12:59.0343 1844 nv - ok
15:12:59.0406 1844 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
15:12:59.0406 1844 NVHDA - ok
15:12:59.0468 1844 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:12:59.0468 1844 NwlnkFlt - ok
15:12:59.0484 1844 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:12:59.0484 1844 NwlnkFwd - ok
15:12:59.0515 1844 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:12:59.0515 1844 ohci1394 - ok
15:12:59.0578 1844 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
15:12:59.0593 1844 oreans32 - ok
15:12:59.0656 1844 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
15:12:59.0656 1844 ossrv - ok
15:12:59.0703 1844 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:12:59.0703 1844 Parport - ok
15:12:59.0718 1844 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:12:59.0718 1844 PartMgr - ok
15:12:59.0765 1844 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:12:59.0765 1844 ParVdm - ok
15:12:59.0812 1844 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:12:59.0812 1844 PCI - ok
15:12:59.0828 1844 PCIDump - ok
15:12:59.0843 1844 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
15:12:59.0843 1844 PCIIde - ok
15:12:59.0921 1844 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:12:59.0921 1844 Pcmcia - ok
15:12:59.0937 1844 PDCOMP - ok
15:12:59.0953 1844 PDFRAME - ok
15:12:59.0953 1844 PDRELI - ok
15:12:59.0968 1844 PDRFRAME - ok
15:12:59.0984 1844 perc2 - ok
15:13:00.0000 1844 perc2hib - ok
15:13:00.0062 1844 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:13:00.0062 1844 PptpMiniport - ok
15:13:00.0062 1844 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:13:00.0078 1844 PSched - ok
15:13:00.0078 1844 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:13:00.0078 1844 Ptilink - ok
15:13:00.0171 1844 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:13:00.0171 1844 PxHelp20 - ok
15:13:00.0187 1844 ql1080 - ok
15:13:00.0203 1844 Ql10wnt - ok
15:13:00.0203 1844 ql12160 - ok
15:13:00.0218 1844 ql1240 - ok
15:13:00.0234 1844 ql1280 - ok
15:13:00.0296 1844 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:13:00.0296 1844 RasAcd - ok
15:13:00.0312 1844 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:13:00.0312 1844 Rasl2tp - ok
15:13:00.0328 1844 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:13:00.0328 1844 RasPppoe - ok
15:13:00.0343 1844 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:13:00.0343 1844 Raspti - ok
15:13:00.0359 1844 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:13:00.0359 1844 Rdbss - ok
15:13:00.0375 1844 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:13:00.0390 1844 RDPCDD - ok
15:13:00.0406 1844 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:13:00.0406 1844 rdpdr - ok
15:13:00.0453 1844 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:13:00.0453 1844 RDPWD - ok
15:13:00.0484 1844 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:13:00.0500 1844 redbook - ok
15:13:00.0671 1844 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:13:00.0671 1844 SASDIFSV - ok
15:13:00.0687 1844 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:13:00.0687 1844 SASKUTIL - ok
15:13:00.0781 1844 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:13:00.0781 1844 Secdrv - ok
15:13:00.0828 1844 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:13:00.0828 1844 serenum - ok
15:13:00.0843 1844 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:13:00.0843 1844 Serial - ok
15:13:00.0890 1844 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:13:00.0890 1844 Sfloppy - ok
15:13:00.0906 1844 Simbad - ok
15:13:00.0921 1844 Sparrow - ok
15:13:00.0984 1844 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:13:00.0984 1844 splitter - ok
15:13:01.0046 1844 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
15:13:01.0046 1844 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
15:13:01.0046 1844 sptd ( LockedFile.Multi.Generic ) - warning
15:13:01.0062 1844 sptd - detected LockedFile.Multi.Generic (1)
15:13:01.0062 1844 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:13:01.0078 1844 sr - ok
15:13:01.0140 1844 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:13:01.0156 1844 Srv - ok
15:13:01.0203 1844 SSMO3v2Filter (0c4fffa5653683da37d463c5507ca41d) C:\WINDOWS\system32\drivers\MO3v2Driver.sys
15:13:01.0203 1844 SSMO3v2Filter - ok
15:13:01.0296 1844 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:13:01.0296 1844 swenum - ok
15:13:01.0359 1844 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:13:01.0359 1844 swmidi - ok
15:13:01.0375 1844 symc810 - ok
15:13:01.0390 1844 symc8xx - ok
15:13:01.0390 1844 sym_hi - ok
15:13:01.0406 1844 sym_u3 - ok
15:13:01.0468 1844 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:13:01.0468 1844 sysaudio - ok
15:13:01.0546 1844 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:13:01.0562 1844 Tcpip - ok
15:13:01.0609 1844 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:13:01.0609 1844 TDPIPE - ok
15:13:01.0656 1844 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:13:01.0656 1844 TDTCP - ok
15:13:01.0687 1844 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:13:01.0687 1844 TermDD - ok
15:13:01.0703 1844 TosIde - ok
15:13:01.0765 1844 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:13:01.0781 1844 Udfs - ok
15:13:01.0781 1844 ultra - ok
15:13:01.0796 1844 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:13:01.0812 1844 Update - ok
15:13:01.0875 1844 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:13:01.0875 1844 USBAAPL - ok
15:13:01.0968 1844 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:13:01.0968 1844 usbccgp - ok
15:13:02.0000 1844 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:13:02.0000 1844 usbehci - ok
15:13:02.0046 1844 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:13:02.0062 1844 usbhub - ok
15:13:02.0125 1844 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:13:02.0125 1844 USBSTOR - ok
15:13:02.0171 1844 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:13:02.0171 1844 usbuhci - ok
15:13:02.0234 1844 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:13:02.0234 1844 VgaSave - ok
15:13:02.0250 1844 ViaIde - ok
15:13:02.0312 1844 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:13:02.0312 1844 VolSnap - ok
15:13:02.0375 1844 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:13:02.0375 1844 Wanarp - ok
15:13:02.0453 1844 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:13:02.0453 1844 Wdf01000 - ok
15:13:02.0468 1844 WDICA - ok
15:13:02.0531 1844 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:13:02.0531 1844 wdmaud - ok
15:13:02.0625 1844 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
15:13:02.0640 1844 WpdUsb - ok
15:13:02.0703 1844 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:13:02.0703 1844 WudfPf - ok
15:13:02.0750 1844 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:13:02.0750 1844 WudfRd - ok
15:13:02.0828 1844 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
15:13:02.0921 1844 \Device\Harddisk0\DR0 - ok
15:13:02.0921 1844 Boot (0x1200) (d8376b14f85d8fd079aef869caccb5a3) \Device\Harddisk0\DR0\Partition0
15:13:02.0921 1844 \Device\Harddisk0\DR0\Partition0 - ok
15:13:02.0921 1844 ============================================================
15:13:02.0921 1844 Scan finished
15:13:02.0921 1844 ============================================================
15:13:02.0937 2012 Detected object count: 2
15:13:02.0937 2012 Actual detected object count: 2
15:14:07.0718 2012 Backup copy found, using it..
15:14:07.0734 2012 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
15:14:09.0125 2012 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
15:14:09.0125 2012 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:14:09.0125 2012 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:14:34.0578 1768 Deinitialize success

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:06 PM

Posted 07 December 2011 - 01:26 AM

Good Evening,

Please run a new scan with both TDSSKiller and ComboFix and post both of those log files for me to review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 XanatosNemos

XanatosNemos
  • Topic Starter

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Local time:07:06 PM

Posted 08 December 2011 - 08:31 PM

20:28:43.0032 5048 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:28:43.0173 5048 ============================================================
20:28:43.0173 5048 Current date / time: 2011/12/08 20:28:43.0173
20:28:43.0173 5048 SystemInfo:
20:28:43.0173 5048
20:28:43.0173 5048 OS Version: 5.1.2600 ServicePack: 3.0
20:28:43.0173 5048 Product type: Workstation
20:28:43.0173 5048 ComputerName: WINDOWS-215B4D1
20:28:43.0173 5048 UserName: Owner
20:28:43.0173 5048 Windows directory: C:\WINDOWS
20:28:43.0173 5048 System windows directory: C:\WINDOWS
20:28:43.0173 5048 Processor architecture: Intel x86
20:28:43.0173 5048 Number of processors: 2
20:28:43.0173 5048 Page size: 0x1000
20:28:43.0173 5048 Boot type: Normal boot
20:28:43.0173 5048 ============================================================
20:28:43.0516 5048 Initialize success
20:28:50.0470 3896 ============================================================
20:28:50.0470 3896 Scan started
20:28:50.0470 3896 Mode: Manual; SigCheck; TDLFS;
20:28:50.0470 3896 ============================================================
20:28:51.0235 3896 Abiosdsk - ok
20:28:51.0266 3896 abp480n5 - ok
20:28:51.0329 3896 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:28:52.0376 3896 ACPI - ok
20:28:52.0485 3896 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:28:52.0641 3896 ACPIEC - ok
20:28:52.0657 3896 adpu160m - ok
20:28:52.0688 3896 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:28:52.0860 3896 aec - ok
20:28:52.0907 3896 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:28:53.0001 3896 AFD - ok
20:28:53.0016 3896 Aha154x - ok
20:28:53.0016 3896 aic78u2 - ok
20:28:53.0032 3896 aic78xx - ok
20:28:53.0048 3896 AliIde - ok
20:28:53.0063 3896 amsint - ok
20:28:53.0110 3896 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:28:53.0266 3896 Arp1394 - ok
20:28:53.0282 3896 asc - ok
20:28:53.0298 3896 asc3350p - ok
20:28:53.0313 3896 asc3550 - ok
20:28:53.0360 3896 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:28:53.0516 3896 AsyncMac - ok
20:28:53.0563 3896 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:28:53.0719 3896 atapi - ok
20:28:53.0735 3896 Atdisk - ok
20:28:53.0798 3896 ati2mtag (205a9e5c6d3b60659f0dc40542a8b29f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:28:53.0907 3896 ati2mtag - ok
20:28:53.0923 3896 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:28:54.0079 3896 Atmarpc - ok
20:28:54.0141 3896 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:28:54.0282 3896 audstub - ok
20:28:54.0344 3896 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
20:28:54.0501 3896 AVGIDSDriver - ok
20:28:54.0532 3896 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
20:28:54.0548 3896 AVGIDSEH - ok
20:28:54.0563 3896 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
20:28:54.0579 3896 AVGIDSFilter - ok
20:28:54.0610 3896 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
20:28:54.0626 3896 AVGIDSShim - ok
20:28:54.0673 3896 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
20:28:54.0704 3896 Avgldx86 - ok
20:28:54.0719 3896 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
20:28:54.0735 3896 Avgmfx86 - ok
20:28:54.0766 3896 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
20:28:54.0782 3896 Avgrkx86 - ok
20:28:54.0813 3896 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
20:28:54.0844 3896 Avgtdix - ok
20:28:54.0891 3896 b57w2k (d0692f7b8217e3b82d2bfac535816117) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
20:28:54.0954 3896 b57w2k - ok
20:28:54.0985 3896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:28:55.0188 3896 Beep - ok
20:28:55.0204 3896 catchme - ok
20:28:55.0235 3896 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:28:55.0407 3896 cbidf2k - ok
20:28:55.0423 3896 cd20xrnt - ok
20:28:55.0438 3896 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:28:55.0610 3896 Cdaudio - ok
20:28:55.0657 3896 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:28:55.0844 3896 Cdfs - ok
20:28:55.0891 3896 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:28:56.0063 3896 Cdrom - ok
20:28:56.0094 3896 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
20:28:56.0126 3896 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
20:28:56.0126 3896 cercsr6 - detected UnsignedFile.Multi.Generic (1)
20:28:56.0141 3896 Changer - ok
20:28:56.0173 3896 CmdIde - ok
20:28:56.0219 3896 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
20:28:56.0251 3896 COMMONFX - ok
20:28:56.0266 3896 COMMONFX.DLL - ok
20:28:56.0282 3896 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
20:28:56.0298 3896 COMMONFX.SYS - ok
20:28:56.0313 3896 Cpqarray - ok
20:28:56.0360 3896 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
20:28:56.0423 3896 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:56.0423 3896 CT20XUT.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:56.0485 3896 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
20:28:56.0532 3896 ctac32k - ok
20:28:56.0563 3896 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
20:28:56.0610 3896 ctaud2k - ok
20:28:56.0641 3896 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
20:28:56.0673 3896 CTAUDFX - ok
20:28:56.0688 3896 CTAUDFX.DLL - ok
20:28:56.0704 3896 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
20:28:56.0735 3896 CTAUDFX.SYS - ok
20:28:56.0798 3896 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
20:28:56.0844 3896 ctdvda2k - ok
20:28:56.0860 3896 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
20:28:56.0969 3896 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:56.0969 3896 CTEAPSFX.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:56.0985 3896 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
20:28:57.0048 3896 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0048 3896 CTEDSPFX.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:57.0079 3896 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
20:28:57.0141 3896 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0141 3896 CTEDSPIO.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:57.0173 3896 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
20:28:57.0251 3896 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0251 3896 CTEDSPSY.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:57.0282 3896 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
20:28:57.0313 3896 CTERFXFX - ok
20:28:57.0313 3896 CTERFXFX.DLL - ok
20:28:57.0344 3896 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
20:28:57.0376 3896 CTERFXFX.SYS - ok
20:28:57.0423 3896 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
20:28:57.0641 3896 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0641 3896 CTEXFIFX.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:57.0657 3896 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
20:28:57.0688 3896 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - warning
20:28:57.0688 3896 CTHWIUT.DLL - detected UnsignedFile.Multi.Generic (1)
20:28:57.0719 3896 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
20:28:57.0751 3896 ctprxy2k - ok
20:28:57.0798 3896 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
20:28:57.0844 3896 CTSBLFX - ok
20:28:57.0844 3896 CTSBLFX.DLL - ok
20:28:57.0876 3896 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
20:28:57.0907 3896 CTSBLFX.SYS - ok
20:28:57.0923 3896 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
20:28:57.0954 3896 ctsfm2k - ok
20:28:57.0969 3896 dac2w2k - ok
20:28:57.0969 3896 dac960nt - ok
20:28:58.0032 3896 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:28:58.0204 3896 Disk - ok
20:28:58.0251 3896 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:28:58.0454 3896 dmboot - ok
20:28:58.0469 3896 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:28:58.0657 3896 dmio - ok
20:28:58.0688 3896 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:28:58.0844 3896 dmload - ok
20:28:58.0891 3896 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:28:59.0048 3896 DMusic - ok
20:28:59.0079 3896 dpti2o - ok
20:28:59.0094 3896 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:28:59.0298 3896 drmkaud - ok
20:28:59.0344 3896 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
20:28:59.0391 3896 emupia - ok
20:28:59.0423 3896 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:28:59.0579 3896 Fastfat - ok
20:28:59.0626 3896 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:28:59.0782 3896 Fdc - ok
20:28:59.0813 3896 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:28:59.0985 3896 Fips - ok
20:28:59.0985 3896 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:29:00.0173 3896 Flpydisk - ok
20:29:00.0219 3896 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:00.0376 3896 FltMgr - ok
20:29:00.0407 3896 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:00.0641 3896 Fs_Rec - ok
20:29:00.0673 3896 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:00.0844 3896 Ftdisk - ok
20:29:00.0891 3896 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:29:01.0141 3896 gameenum - ok
20:29:01.0188 3896 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:29:01.0204 3896 GEARAspiWDM - ok
20:29:01.0266 3896 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:01.0501 3896 Gpc - ok
20:29:01.0563 3896 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
20:29:01.0610 3896 ha10kx2k - ok
20:29:01.0657 3896 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
20:29:01.0688 3896 hamachi - ok
20:29:01.0704 3896 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
20:29:01.0719 3896 hap16v2k - ok
20:29:01.0751 3896 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
20:29:01.0782 3896 hap17v2k - ok
20:29:01.0798 3896 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:01.0985 3896 HDAudBus - ok
20:29:02.0032 3896 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:02.0219 3896 HidUsb - ok
20:29:02.0251 3896 hpn - ok
20:29:02.0313 3896 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:02.0376 3896 HTTP - ok
20:29:02.0391 3896 i2omgmt - ok
20:29:02.0407 3896 i2omp - ok
20:29:02.0454 3896 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:02.0626 3896 i8042prt - ok
20:29:02.0672 3896 iastor (294110966cedd127629c5be48367c8cf) C:\WINDOWS\system32\DRIVERS\iaStor.sys
20:29:02.0719 3896 iastor - ok
20:29:02.0751 3896 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:02.0922 3896 Imapi - ok
20:29:02.0938 3896 ini910u - ok
20:29:02.0954 3896 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:29:03.0141 3896 IntelIde - ok
20:29:03.0157 3896 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:03.0344 3896 intelppm - ok
20:29:03.0376 3896 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:03.0563 3896 Ip6Fw - ok
20:29:03.0610 3896 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:03.0766 3896 IpFilterDriver - ok
20:29:03.0813 3896 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:03.0954 3896 IpInIp - ok
20:29:03.0985 3896 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:04.0126 3896 IpNat - ok
20:29:04.0172 3896 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:04.0329 3896 IPSec - ok
20:29:04.0360 3896 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:04.0501 3896 IRENUM - ok
20:29:04.0532 3896 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:04.0688 3896 isapnp - ok
20:29:04.0704 3896 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:04.0891 3896 Kbdclass - ok
20:29:04.0954 3896 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:29:05.0188 3896 kbdhid - ok
20:29:05.0235 3896 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:05.0485 3896 kmixer - ok
20:29:05.0532 3896 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:05.0641 3896 KSecDD - ok
20:29:05.0657 3896 lbrtfdc - ok
20:29:05.0735 3896 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:29:05.0766 3896 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:29:05.0766 3896 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:29:05.0813 3896 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:06.0079 3896 mnmdd - ok
20:29:06.0126 3896 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:29:06.0360 3896 Modem - ok
20:29:06.0407 3896 motccgp (201bfc4ef8b33d02d133fbf6535e515b) C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:29:06.0485 3896 motccgp - ok
20:29:06.0501 3896 motccgpfl (d0242a3832eb7c97801bb25889561e23) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:29:06.0547 3896 motccgpfl - ok
20:29:06.0579 3896 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:29:06.0672 3896 motmodem - ok
20:29:06.0704 3896 motport (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motport.sys
20:29:06.0735 3896 motport - ok
20:29:06.0782 3896 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:06.0969 3896 Mouclass - ok
20:29:07.0016 3896 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:29:07.0172 3896 mouhid - ok
20:29:07.0219 3896 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:07.0329 3896 MountMgr - ok
20:29:07.0344 3896 mraid35x - ok
20:29:07.0391 3896 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:07.0516 3896 MRxDAV - ok
20:29:07.0579 3896 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:07.0688 3896 MRxSmb - ok
20:29:07.0719 3896 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:07.0969 3896 Msfs - ok
20:29:08.0032 3896 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:29:08.0313 3896 MSKSSRV - ok
20:29:08.0360 3896 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:29:08.0547 3896 MSPCLOCK - ok
20:29:08.0563 3896 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:29:08.0688 3896 MSPQM - ok
20:29:08.0719 3896 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:08.0829 3896 mssmbios - ok
20:29:08.0860 3896 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:29:08.0907 3896 Mup - ok
20:29:08.0954 3896 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:09.0079 3896 NDIS - ok
20:29:09.0126 3896 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:09.0157 3896 NdisTapi - ok
20:29:09.0188 3896 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:09.0391 3896 Ndisuio - ok
20:29:09.0422 3896 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:09.0594 3896 NdisWan - ok
20:29:09.0641 3896 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:09.0704 3896 NDProxy - ok
20:29:09.0735 3896 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:09.0907 3896 NetBIOS - ok
20:29:09.0938 3896 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:10.0094 3896 NetBT - ok
20:29:10.0157 3896 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:29:10.0391 3896 NIC1394 - ok
20:29:10.0407 3896 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:10.0610 3896 Npfs - ok
20:29:10.0657 3896 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:10.0844 3896 Ntfs - ok
20:29:10.0907 3896 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:11.0079 3896 Null - ok
20:29:11.0344 3896 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:29:11.0860 3896 nv - ok
20:29:11.0922 3896 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys
20:29:11.0954 3896 NVHDA - ok
20:29:11.0985 3896 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:29:12.0141 3896 NwlnkFlt - ok
20:29:12.0157 3896 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:29:12.0282 3896 NwlnkFwd - ok
20:29:12.0329 3896 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:29:12.0485 3896 ohci1394 - ok
20:29:12.0547 3896 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys
20:29:12.0579 3896 oreans32 ( UnsignedFile.Multi.Generic ) - warning
20:29:12.0579 3896 oreans32 - detected UnsignedFile.Multi.Generic (1)
20:29:12.0625 3896 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
20:29:12.0657 3896 ossrv - ok
20:29:12.0688 3896 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:29:12.0844 3896 Parport - ok
20:29:12.0860 3896 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:13.0032 3896 PartMgr - ok
20:29:13.0079 3896 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:13.0219 3896 ParVdm - ok
20:29:13.0250 3896 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:13.0422 3896 PCI - ok
20:29:13.0469 3896 PCIDump - ok
20:29:13.0500 3896 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:29:13.0719 3896 PCIIde - ok
20:29:13.0750 3896 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:29:13.0891 3896 Pcmcia - ok
20:29:13.0907 3896 PDCOMP - ok
20:29:13.0922 3896 PDFRAME - ok
20:29:13.0938 3896 PDRELI - ok
20:29:13.0954 3896 PDRFRAME - ok
20:29:13.0969 3896 perc2 - ok
20:29:13.0985 3896 perc2hib - ok
20:29:14.0063 3896 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:14.0188 3896 PptpMiniport - ok
20:29:14.0204 3896 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:29:14.0329 3896 PSched - ok
20:29:14.0360 3896 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:14.0500 3896 Ptilink - ok
20:29:14.0532 3896 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:29:14.0547 3896 PxHelp20 - ok
20:29:14.0563 3896 ql1080 - ok
20:29:14.0579 3896 Ql10wnt - ok
20:29:14.0594 3896 ql12160 - ok
20:29:14.0610 3896 ql1240 - ok
20:29:14.0625 3896 ql1280 - ok
20:29:14.0672 3896 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:14.0797 3896 RasAcd - ok
20:29:14.0844 3896 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:14.0969 3896 Rasl2tp - ok
20:29:14.0985 3896 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:15.0110 3896 RasPppoe - ok
20:29:15.0125 3896 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:15.0250 3896 Raspti - ok
20:29:15.0282 3896 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:15.0407 3896 Rdbss - ok
20:29:15.0438 3896 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:15.0594 3896 RDPCDD - ok
20:29:15.0625 3896 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:29:15.0766 3896 rdpdr - ok
20:29:15.0813 3896 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:29:15.0860 3896 RDPWD - ok
20:29:15.0907 3896 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:29:16.0110 3896 redbook - ok
20:29:16.0235 3896 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:29:16.0250 3896 SASDIFSV - ok
20:29:16.0266 3896 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:29:16.0282 3896 SASKUTIL - ok
20:29:16.0344 3896 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:16.0469 3896 Secdrv - ok
20:29:16.0547 3896 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:16.0672 3896 serenum - ok
20:29:16.0704 3896 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:16.0844 3896 Serial - ok
20:29:16.0891 3896 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:29:17.0016 3896 Sfloppy - ok
20:29:17.0032 3896 Simbad - ok
20:29:17.0063 3896 Sparrow - ok
20:29:17.0110 3896 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:17.0235 3896 splitter - ok
20:29:17.0313 3896 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
20:29:17.0344 3896 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
20:29:17.0344 3896 sptd ( LockedFile.Multi.Generic ) - warning
20:29:17.0344 3896 sptd - detected LockedFile.Multi.Generic (1)
20:29:17.0360 3896 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:17.0547 3896 sr - ok
20:29:17.0594 3896 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:17.0704 3896 Srv - ok
20:29:17.0766 3896 SSMO3v2Filter (0c4fffa5653683da37d463c5507ca41d) C:\WINDOWS\system32\drivers\MO3v2Driver.sys
20:29:17.0813 3896 SSMO3v2Filter - ok
20:29:17.0860 3896 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:17.0985 3896 swenum - ok
20:29:18.0032 3896 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:18.0219 3896 swmidi - ok
20:29:18.0235 3896 symc810 - ok
20:29:18.0250 3896 symc8xx - ok
20:29:18.0266 3896 sym_hi - ok
20:29:18.0282 3896 sym_u3 - ok
20:29:18.0329 3896 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:18.0500 3896 sysaudio - ok
20:29:18.0547 3896 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:18.0657 3896 Tcpip - ok
20:29:18.0704 3896 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:18.0860 3896 TDPIPE - ok
20:29:18.0891 3896 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:19.0032 3896 TDTCP - ok
20:29:19.0063 3896 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:19.0235 3896 TermDD - ok
20:29:19.0266 3896 TosIde - ok
20:29:19.0329 3896 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:19.0469 3896 Udfs - ok
20:29:19.0485 3896 ultra - ok
20:29:19.0516 3896 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:19.0704 3896 Update - ok
20:29:19.0766 3896 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:29:19.0813 3896 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:29:19.0813 3896 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:29:19.0844 3896 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:19.0985 3896 usbccgp - ok
20:29:20.0000 3896 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:20.0141 3896 usbehci - ok
20:29:20.0219 3896 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:20.0454 3896 usbhub - ok
20:29:20.0485 3896 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:20.0704 3896 USBSTOR - ok
20:29:20.0750 3896 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:29:20.0954 3896 usbuhci - ok
20:29:21.0016 3896 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:21.0313 3896 VgaSave - ok
20:29:21.0344 3896 ViaIde - ok
20:29:21.0407 3896 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:21.0563 3896 VolSnap - ok
20:29:21.0594 3896 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:21.0797 3896 Wanarp - ok
20:29:21.0860 3896 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:29:21.0891 3896 Wdf01000 - ok
20:29:21.0907 3896 WDICA - ok
20:29:21.0953 3896 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:22.0219 3896 wdmaud - ok
20:29:22.0313 3896 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:29:22.0375 3896 WpdUsb - ok
20:29:22.0438 3896 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:22.0500 3896 WudfPf - ok
20:29:22.0547 3896 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:29:22.0594 3896 WudfRd - ok
20:29:22.0657 3896 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:22.0782 3896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:29:22.0782 3896 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:29:22.0797 3896 Boot (0x1200) (d8376b14f85d8fd079aef869caccb5a3) \Device\Harddisk0\DR0\Partition0
20:29:22.0797 3896 \Device\Harddisk0\DR0\Partition0 - ok
20:29:22.0797 3896 ============================================================
20:29:22.0797 3896 Scan finished
20:29:22.0797 3896 ============================================================
20:29:22.0907 5836 Detected object count: 13
20:29:22.0907 5836 Actual detected object count: 13
20:31:24.0218 5836 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0218 5836 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0218 5836 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0218 5836 CT20XUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0218 5836 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0218 5836 CTEAPSFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0233 5836 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0233 5836 CTEDSPFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0233 5836 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0233 5836 CTEDSPIO.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0233 5836 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0233 5836 CTEDSPSY.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0233 5836 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0233 5836 CTEXFIFX.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0249 5836 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0249 5836 CTHWIUT.DLL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0249 5836 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0249 5836 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0249 5836 oreans32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0249 5836 oreans32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0249 5836 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:31:24.0249 5836 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:31:24.0264 5836 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:31:24.0264 5836 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:31:24.0264 5836 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:31:24.0264 5836 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users