Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot sector/replicating virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 Feelingtrojanish?

Feelingtrojanish?

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 January 2012 - 08:40 PM

Dear Bleeping computer,

I have some virus that keeps making files. A few weeks ago whenever I ran the tempfile cleaner, many megabytes of files were erased.
3 days ago, the computer would no longer boot due to a missing file, so I reformatted my hard-drive. The computer now works since the re-format but when I ran the temp file cleaner again, 600 megabytes were erased. I ran it again after connecting to the internet for a few minutes and 30 megabytes were erased.

Malwarebytes, superantispyware and avira don't seem to find anything.

Can you please help?

Thanks very much!

Here are the logs:

Attached Files

  • Attached File  dds.txt   11.71KB   9 downloads

Edited by Feelingtrojanish?, 26 January 2012 - 08:44 PM.


BC AdBot (Login to Remove)

 


#2 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 January 2012 - 08:47 PM

Here is the attach log from dds.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/01/2012 10:05:49
System Uptime: 27/01/2012 10:42:36 (2 hours ago)
.
Motherboard: Hewlett-Packard | | 30A2
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U10 | 1662/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 66 GiB total, 52.788 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 2.769 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Modem Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&599DA60&0&0101
Manufacturer:
Name: Modem Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_02&VEN_11C1&DEV_1040&SUBSYS_103C1378&REV_1002\4&599DA60&0&0101
Service:
.
==== System Restore Points ===================
.
RP1: 24/01/2012 10:08:41 - System Checkpoint
RP2: 24/01/2012 10:14:50 - Installed Windows XP KB883667.
RP3: 24/01/2012 10:15:03 - Installed Windows XP KB884575.
RP4: 24/01/2012 10:15:09 - Installed Windows XP KB885464.
RP5: 24/01/2012 10:15:15 - Installed Windows XP KB885855.
RP6: 24/01/2012 10:15:21 - Installed Windows XP KB888239.
RP7: 24/01/2012 10:15:27 - Installed Windows XP KB888402.
RP8: 24/01/2012 10:15:33 - Installed Windows XP KB889673.
RP9: 24/01/2012 10:15:41 - Installed Windows XP KB892559.
RP10: 24/01/2012 10:15:48 - Installed Windows XP KB896256.
RP11: 24/01/2012 10:15:56 - Installed Windows XP KB909095.
RP12: 24/01/2012 10:16:03 - Installed Windows XP KB912436.
RP13: 24/01/2012 10:16:10 - Installed Windows XP KB915326.
RP14: 24/01/2012 10:16:50 - Installed Windows XP KB888111WXPSP2.
RP15: 24/01/2012 10:17:05 - Installed SoundMAX
RP16: 24/01/2012 10:17:08 - Installed SoundMAX
RP17: 24/01/2012 10:22:05 - Installed Combined Modem Driver Installer
RP18: 24/01/2012 10:26:22 - Installed Windows XP KB896243.
RP19: 24/01/2012 10:26:35 - Installed HP ProtectTools Security Manager
RP20: 24/01/2012 10:27:13 - Installed TIPCI
RP21: 24/01/2012 10:38:10 - Installed MultiWLAN DrvInstall
RP22: 24/01/2012 10:54:42 - Installed HP Help and Support
RP23: 24/01/2012 10:58:08 - Installed HP User Guides 0029
RP24: 24/01/2012 11:00:10 - Installed Fingerprint Sensor Minimum Install
RP25: 24/01/2012 11:00:56 - Installed HP BIOS Configuration for ProtectTools
RP26: 24/01/2012 11:04:45 - Installed HP Software Update
RP27: 24/01/2012 11:05:37 - Installed HP Notebook Accessories Product Tour
RP28: 24/01/2012 11:05:59 - Installed HP Wireless Assistant
RP29: 24/01/2012 11:06:27 - Installed Windows Media Format Runtime
RP30: 24/01/2012 11:07:17 - Installed Windows Media Player 10
RP31: 24/01/2012 11:11:47 - Installed MultiWLAN AppInstall
RP32: 24/01/2012 11:12:25 - Installed HP Quick Launch Buttons
RP33: 24/01/2012 11:17:27 - Installed Windows Installer KB893803v2.
RP34: 24/01/2012 11:44:48 - Norton Antivirus post configuration restore point
RP35: 24/01/2012 11:49:21 - Installed Windows XP KB883667.
RP36: 24/01/2012 11:49:26 - Installed Windows XP KB884575.
RP37: 24/01/2012 11:49:33 - Installed Windows XP KB885464.
RP38: 24/01/2012 11:49:38 - Installed Windows XP KB885855.
RP39: 24/01/2012 11:49:44 - Installed Windows XP KB888239.
RP40: 24/01/2012 11:49:51 - Installed Windows XP KB888402.
RP41: 24/01/2012 11:49:57 - Installed Windows XP KB889673.
RP42: 24/01/2012 11:50:07 - Installed Windows XP KB892559.
RP43: 24/01/2012 11:50:15 - Installed Windows XP KB896256.
RP44: 24/01/2012 11:50:21 - Installed Windows XP KB909095.
RP45: 24/01/2012 11:50:27 - Installed Windows XP KB912436.
RP46: 24/01/2012 11:50:34 - Installed Windows XP KB915326.
RP47: 24/01/2012 13:52:15 - Installed Windows XP KB943232.
RP48: 24/01/2012 13:58:43 - Installed Windows XP KB932823-v3.
RP49: 24/01/2012 14:03:14 - Software Distribution Service 3.0
RP50: 24/01/2012 14:10:27 - Software Distribution Service 3.0
RP51: 24/01/2012 14:20:37 - Installed Windows XP WgaNotify.
RP52: 24/01/2012 14:31:57 - Software Distribution Service 3.0
RP53: 24/01/2012 15:08:52 - Software Distribution Service 3.0
RP54: 25/01/2012 14:12:15 - Software Distribution Service 3.0
RP55: 26/01/2012 06:53:14 - Software Distribution Service 3.0
RP56: 26/01/2012 14:00:14 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Avira Free Antivirus
Broadcom 440x 10/100 Integrated Controller
Google Toolbar for Internet Explorer
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
HP BIOS Configuration for ProtectTools 2.00 C3
HP Credential Manager for ProtectTools
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 D2
HP Software Update
HP User Guides 0029
HP Wireless Assistant 2.00 E1
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
LightScribe 1.4.67.1
Malwarebytes Anti-Malware version 1.60.0.1800
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
mIWA
mLogView
mMHouse
Mozilla Firefox 9.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
mZConfig

Edited by Feelingtrojanish?, 26 January 2012 - 08:54 PM.


#3 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 26 January 2012 - 08:54 PM

Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Security
ZoneAlarm Security Toolbar
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
27/01/2012 09:59:30, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip Vsdatant
27/01/2012 09:59:30, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2012 09:59:30, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2012 09:59:30, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2012 09:59:30, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2012 09:59:30, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
27/01/2012 09:58:14, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
27/01/2012 09:58:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
27/01/2012 09:54:41, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
27/01/2012 09:54:41, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
27/01/2012 09:54:41, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
27/01/2012 09:54:41, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
27/01/2012 09:54:41, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
27/01/2012 09:54:41, error: Service Control Manager [7031] - The ZoneAlarm Toolbar IswSvc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
27/01/2012 09:54:41, error: Service Control Manager [7031] - The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
27/01/2012 09:54:41, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
25/01/2012 12:41:16, error: Dhcp [1002] - The IP address lease 10.1.1.2 for the Network Card with network address 0019D2119E40 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
25/01/2012 12:07:47, error: Tcpip [4199] - The system detected an address conflict for IP address 10.1.1.2 with the system having network hardware address 00:25:BC:94:DB:82. Network operations on this system may be disrupted as a result.
25/01/2012 12:04:46, error: Dhcp [1002] - The IP address lease 10.1.1.3 for the Network Card with network address 0019D2119E40 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent a DHCPNACK message).
24/01/2012 19:35:42, error: PSched [14103] - QoS [Adapter {DB6EE98E-C0DC-4E96-BFE9-A767069B01B4}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
24/01/2012 14:20:59, error: Service Control Manager [7022] - The hpqwmiex service hung on starting.
24/01/2012 13:53:34, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
24/01/2012 13:53:34, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll. Reference error message: The operation completed successfully. .
24/01/2012 13:53:34, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll. Reference error message: The operation completed successfully. .
24/01/2012 13:53:34, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
24/01/2012 13:53:26, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
24/01/2012 13:53:26, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Casey\LOCALS~1\Temp\schk.tmp. Reference error message: The operation completed successfully. .
24/01/2012 13:53:26, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Casey\LOCALS~1\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Clean_tool.exe. Reference error message: The operation completed successfully. .
24/01/2012 13:53:26, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
24/01/2012 11:36:35, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================

#4 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 29 January 2012 - 01:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Do you still need help? Please let me know either way.

:exclame: I strongly recommend you stop using the temp file cleaner. They can, despite what it may seem, be pretty dangerous and cause system errors - especially if there is an infection on board.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#5 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2012 - 04:09 AM

Thanks for the advice on the temp cleaner Casey,
and yes I would like a bit of help if you can assist. Do you need any more information?

Casey

#6 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 30 January 2012 - 06:27 AM

Yes, but let's try with a couple of other tools.

:step1:
  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
    • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

:step2: Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.com and re-run.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#7 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2012 - 05:30 PM

Cool thanks Casey,

I've run tdskiller as you said. I'll run combofix in a second.
It's funny my name is also Casey. Feel like I'm talking to myself.



09:20:05.0250 0168 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
09:20:06.0515 0168 ============================================================
09:20:06.0515 0168 Current date / time: 2012/01/31 09:20:06.0515
09:20:06.0515 0168 SystemInfo:
09:20:06.0515 0168
09:20:06.0515 0168 OS Version: 5.1.2600 ServicePack: 3.0
09:20:06.0515 0168 Product type: Workstation
09:20:06.0515 0168 ComputerName: A
09:20:06.0515 0168 UserName: Casey
09:20:06.0515 0168 Windows directory: C:\WINDOWS
09:20:06.0515 0168 System windows directory: C:\WINDOWS
09:20:06.0515 0168 Processor architecture: Intel x86
09:20:06.0515 0168 Number of processors: 2
09:20:06.0515 0168 Page size: 0x1000
09:20:06.0515 0168 Boot type: Normal boot
09:20:06.0515 0168 ============================================================
09:20:07.0515 0168 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:20:07.0515 0168 \Device\Harddisk0\DR0:
09:20:07.0515 0168 MBR used
09:20:07.0515 0168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8394111
09:20:07.0515 0168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x8394150, BlocksNum 0x1179FC0
09:20:07.0562 0168 Initialize success
09:20:07.0562 0168 ============================================================
09:21:07.0687 2952 ============================================================
09:21:07.0687 2952 Scan started
09:21:07.0687 2952 Mode: Manual; SigCheck; TDLFS;
09:21:07.0687 2952 ============================================================
09:21:08.0468 2952 Abiosdsk - ok
09:21:08.0484 2952 abp480n5 - ok
09:21:08.0546 2952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:21:08.0843 2952 ACPI - ok
09:21:08.0875 2952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:21:09.0000 2952 ACPIEC - ok
09:21:09.0046 2952 ADIHdAudAddService (761d5bbdb6a5867c9f8ebbb545af7b34) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:21:09.0109 2952 ADIHdAudAddService - ok
09:21:09.0171 2952 adpu160m - ok
09:21:09.0203 2952 AEAudioService (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
09:21:09.0218 2952 AEAudioService - ok
09:21:09.0265 2952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:21:09.0421 2952 aec - ok
09:21:09.0468 2952 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:21:09.0468 2952 AegisP ( UnsignedFile.Multi.Generic ) - warning
09:21:09.0468 2952 AegisP - detected UnsignedFile.Multi.Generic (1)
09:21:09.0531 2952 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:21:09.0593 2952 AFD - ok
09:21:09.0656 2952 Aha154x - ok
09:21:09.0671 2952 aic78u2 - ok
09:21:09.0687 2952 aic78xx - ok
09:21:09.0703 2952 AliIde - ok
09:21:09.0718 2952 amsint - ok
09:21:09.0781 2952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:21:09.0953 2952 Arp1394 - ok
09:21:09.0968 2952 asc - ok
09:21:09.0984 2952 asc3350p - ok
09:21:10.0000 2952 asc3550 - ok
09:21:10.0031 2952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:21:10.0156 2952 AsyncMac - ok
09:21:10.0187 2952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:21:10.0312 2952 atapi - ok
09:21:10.0328 2952 Atdisk - ok
09:21:10.0343 2952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:21:10.0484 2952 Atmarpc - ok
09:21:10.0546 2952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:21:10.0703 2952 audstub - ok
09:21:10.0781 2952 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:21:10.0859 2952 avgntflt - ok
09:21:10.0890 2952 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:21:10.0906 2952 avipbb - ok
09:21:10.0937 2952 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:21:10.0953 2952 avkmgr - ok
09:21:11.0015 2952 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:21:11.0062 2952 bcm4sbxp - ok
09:21:11.0109 2952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:21:11.0281 2952 Beep - ok
09:21:11.0453 2952 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:21:11.0546 2952 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
09:21:11.0546 2952 BTKRNL - detected UnsignedFile.Multi.Generic (1)
09:21:11.0609 2952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:21:11.0812 2952 cbidf2k - ok
09:21:11.0921 2952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:21:12.0046 2952 CCDECODE - ok
09:21:12.0062 2952 cd20xrnt - ok
09:21:12.0109 2952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:21:12.0234 2952 Cdaudio - ok
09:21:12.0281 2952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:21:12.0421 2952 Cdfs - ok
09:21:12.0468 2952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:21:12.0593 2952 Cdrom - ok
09:21:12.0656 2952 Changer - ok
09:21:12.0687 2952 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:21:12.0796 2952 CmBatt - ok
09:21:12.0796 2952 CmdIde - ok
09:21:12.0812 2952 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:21:12.0937 2952 Compbatt - ok
09:21:12.0953 2952 Cpqarray - ok
09:21:12.0968 2952 dac2w2k - ok
09:21:12.0984 2952 dac960nt - ok
09:21:13.0000 2952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:21:13.0125 2952 Disk - ok
09:21:13.0187 2952 DLABOIOM (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:21:13.0203 2952 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0203 2952 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
09:21:13.0218 2952 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:21:13.0250 2952 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0250 2952 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
09:21:13.0265 2952 DLADResN (33b2c320b886d4e6e7780796731e405b) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:21:13.0281 2952 DLADResN ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0281 2952 DLADResN - detected UnsignedFile.Multi.Generic (1)
09:21:13.0296 2952 DLAIFS_M (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:21:13.0328 2952 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0328 2952 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
09:21:13.0343 2952 DLAOPIOM (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:21:13.0359 2952 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0359 2952 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
09:21:13.0390 2952 DLAPoolM (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:21:13.0406 2952 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0406 2952 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
09:21:13.0421 2952 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:21:13.0437 2952 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0437 2952 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
09:21:13.0437 2952 DLAUDFAM (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:21:13.0453 2952 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0453 2952 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
09:21:13.0484 2952 DLAUDF_M (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:21:13.0500 2952 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
09:21:13.0500 2952 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
09:21:13.0578 2952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:21:13.0750 2952 dmboot - ok
09:21:13.0781 2952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:21:13.0906 2952 dmio - ok
09:21:14.0000 2952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:21:14.0140 2952 dmload - ok
09:21:14.0203 2952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:21:14.0312 2952 DMusic - ok
09:21:14.0343 2952 dpti2o - ok
09:21:14.0343 2952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:21:14.0468 2952 drmkaud - ok
09:21:14.0515 2952 DRVMCDB (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:21:14.0546 2952 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
09:21:14.0546 2952 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
09:21:14.0625 2952 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:21:14.0656 2952 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
09:21:14.0656 2952 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
09:21:14.0718 2952 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
09:21:14.0750 2952 eabfiltr - ok
09:21:14.0796 2952 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
09:21:14.0843 2952 eabusb - ok
09:21:14.0953 2952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:21:15.0078 2952 Fastfat - ok
09:21:15.0156 2952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:21:15.0281 2952 Fdc - ok
09:21:15.0296 2952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:21:15.0421 2952 Fips - ok
09:21:15.0437 2952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:21:15.0546 2952 Flpydisk - ok
09:21:15.0593 2952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:21:15.0718 2952 FltMgr - ok
09:21:15.0750 2952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:21:15.0859 2952 Fs_Rec - ok
09:21:15.0890 2952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:21:16.0031 2952 Ftdisk - ok
09:21:16.0140 2952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:21:16.0250 2952 Gpc - ok
09:21:16.0296 2952 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
09:21:16.0328 2952 HBtnKey - ok
09:21:16.0375 2952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:21:16.0500 2952 HDAudBus - ok
09:21:16.0531 2952 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:21:16.0656 2952 hidusb - ok
09:21:16.0734 2952 hpn - ok
09:21:16.0812 2952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:21:16.0890 2952 HTTP - ok
09:21:16.0906 2952 i2omgmt - ok
09:21:16.0921 2952 i2omp - ok
09:21:16.0968 2952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:21:17.0093 2952 i8042prt - ok
09:21:17.0203 2952 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:21:17.0343 2952 ialm - ok
09:21:17.0484 2952 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:21:17.0593 2952 iaStor - ok
09:21:17.0656 2952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:21:17.0781 2952 Imapi - ok
09:21:17.0859 2952 ini910u - ok
09:21:17.0875 2952 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:21:18.0000 2952 IntelIde - ok
09:21:18.0046 2952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:21:18.0156 2952 intelppm - ok
09:21:18.0171 2952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:21:18.0312 2952 Ip6Fw - ok
09:21:18.0343 2952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:21:18.0484 2952 IpFilterDriver - ok
09:21:18.0546 2952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:21:18.0656 2952 IpInIp - ok
09:21:18.0734 2952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:21:18.0859 2952 IpNat - ok
09:21:18.0890 2952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:21:19.0015 2952 IPSec - ok
09:21:19.0046 2952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:21:19.0156 2952 IRENUM - ok
09:21:19.0187 2952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:21:19.0312 2952 isapnp - ok
09:21:19.0421 2952 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:21:19.0437 2952 ISWKL - ok
09:21:19.0531 2952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:21:19.0656 2952 Kbdclass - ok
09:21:19.0687 2952 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:21:19.0796 2952 kbdhid - ok
09:21:19.0812 2952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:21:19.0937 2952 kmixer - ok
09:21:20.0000 2952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:21:20.0062 2952 KSecDD - ok
09:21:20.0140 2952 lbrtfdc - ok
09:21:20.0203 2952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:21:20.0328 2952 mnmdd - ok
09:21:20.0375 2952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:21:20.0515 2952 Modem - ok
09:21:20.0531 2952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:21:20.0656 2952 Mouclass - ok
09:21:20.0703 2952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:21:20.0812 2952 mouhid - ok
09:21:20.0906 2952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:21:21.0015 2952 MountMgr - ok
09:21:21.0031 2952 mraid35x - ok
09:21:21.0046 2952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:21:21.0156 2952 MRxDAV - ok
09:21:21.0234 2952 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:21:21.0312 2952 MRxSmb - ok
09:21:21.0343 2952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:21:21.0453 2952 Msfs - ok
09:21:21.0531 2952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:21:21.0656 2952 MSKSSRV - ok
09:21:21.0671 2952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:21:21.0812 2952 MSPCLOCK - ok
09:21:21.0812 2952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:21:21.0937 2952 MSPQM - ok
09:21:21.0953 2952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:21:22.0078 2952 mssmbios - ok
09:21:22.0109 2952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:21:22.0250 2952 MSTEE - ok
09:21:22.0296 2952 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:21:22.0328 2952 Mup - ok
09:21:22.0406 2952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:21:22.0546 2952 NABTSFEC - ok
09:21:22.0609 2952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:21:22.0750 2952 NDIS - ok
09:21:22.0796 2952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:21:22.0937 2952 NdisIP - ok
09:21:23.0000 2952 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:21:23.0031 2952 NdisTapi - ok
09:21:23.0109 2952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:21:23.0234 2952 Ndisuio - ok
09:21:23.0265 2952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:21:23.0390 2952 NdisWan - ok
09:21:23.0437 2952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:21:23.0468 2952 NDProxy - ok
09:21:23.0500 2952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:21:23.0625 2952 NetBIOS - ok
09:21:23.0718 2952 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:21:23.0843 2952 NetBT - ok
09:21:23.0906 2952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:21:24.0031 2952 NIC1394 - ok
09:21:24.0031 2952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:21:24.0140 2952 Npfs - ok
09:21:24.0187 2952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:21:24.0390 2952 Ntfs - ok
09:21:24.0500 2952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:21:24.0625 2952 Null - ok
09:21:24.0671 2952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:21:24.0812 2952 NwlnkFlt - ok
09:21:24.0812 2952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:21:24.0953 2952 NwlnkFwd - ok
09:21:25.0015 2952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:21:25.0140 2952 ohci1394 - ok
09:21:25.0187 2952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:21:25.0312 2952 Parport - ok
09:21:25.0375 2952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:21:25.0500 2952 PartMgr - ok
09:21:25.0546 2952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:21:25.0671 2952 ParVdm - ok
09:21:25.0687 2952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:21:25.0828 2952 PCI - ok
09:21:25.0843 2952 PCIDump - ok
09:21:25.0890 2952 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:21:26.0015 2952 PCIIde - ok
09:21:26.0046 2952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:21:26.0171 2952 Pcmcia - ok
09:21:26.0171 2952 PDCOMP - ok
09:21:26.0187 2952 PDFRAME - ok
09:21:26.0203 2952 PDRELI - ok
09:21:26.0218 2952 PDRFRAME - ok
09:21:26.0234 2952 perc2 - ok
09:21:26.0250 2952 perc2hib - ok
09:21:26.0296 2952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:21:26.0406 2952 PptpMiniport - ok
09:21:26.0468 2952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:21:26.0593 2952 PSched - ok
09:21:26.0609 2952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:21:26.0750 2952 Ptilink - ok
09:21:26.0765 2952 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:21:26.0796 2952 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:21:26.0796 2952 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:21:26.0812 2952 ql1080 - ok
09:21:26.0828 2952 Ql10wnt - ok
09:21:26.0843 2952 ql12160 - ok
09:21:26.0859 2952 ql1240 - ok
09:21:26.0875 2952 ql1280 - ok
09:21:26.0890 2952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:21:27.0015 2952 RasAcd - ok
09:21:27.0062 2952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:21:27.0187 2952 Rasl2tp - ok
09:21:27.0203 2952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:21:27.0312 2952 RasPppoe - ok
09:21:27.0359 2952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:21:27.0484 2952 Raspti - ok
09:21:27.0562 2952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:21:27.0687 2952 Rdbss - ok
09:21:27.0687 2952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:21:27.0812 2952 RDPCDD - ok
09:21:27.0843 2952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:21:27.0968 2952 rdpdr - ok
09:21:28.0031 2952 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:21:28.0078 2952 RDPWD - ok
09:21:28.0093 2952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:21:28.0218 2952 redbook - ok
09:21:28.0328 2952 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:21:28.0343 2952 s24trans ( UnsignedFile.Multi.Generic ) - warning
09:21:28.0343 2952 s24trans - detected UnsignedFile.Multi.Generic (1)
09:21:28.0453 2952 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:21:28.0468 2952 SASDIFSV - ok
09:21:28.0484 2952 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:21:28.0484 2952 SASKUTIL - ok
09:21:28.0562 2952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:21:28.0750 2952 Secdrv - ok
09:21:28.0828 2952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:21:28.0953 2952 Serial - ok
09:21:28.0968 2952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:21:29.0093 2952 Sfloppy - ok
09:21:29.0109 2952 Simbad - ok
09:21:29.0156 2952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:21:29.0281 2952 SLIP - ok
09:21:29.0296 2952 Sparrow - ok
09:21:29.0343 2952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:21:29.0468 2952 splitter - ok
09:21:29.0531 2952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:21:29.0656 2952 sr - ok
09:21:29.0718 2952 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:21:29.0796 2952 Srv - ok
09:21:29.0843 2952 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:21:29.0859 2952 ssmdrv - ok
09:21:29.0921 2952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:21:30.0078 2952 streamip - ok
09:21:30.0156 2952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:21:30.0312 2952 swenum - ok
09:21:30.0343 2952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:21:30.0515 2952 swmidi - ok
09:21:30.0531 2952 symc810 - ok
09:21:30.0546 2952 symc8xx - ok
09:21:30.0562 2952 sym_hi - ok
09:21:30.0578 2952 sym_u3 - ok
09:21:30.0640 2952 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:21:30.0671 2952 SynTP - ok
09:21:30.0750 2952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:21:30.0859 2952 sysaudio - ok
09:21:30.0953 2952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:21:31.0062 2952 Tcpip - ok
09:21:31.0093 2952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:21:31.0218 2952 TDPIPE - ok
09:21:31.0281 2952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:21:31.0421 2952 TDTCP - ok
09:21:31.0484 2952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:21:31.0593 2952 TermDD - ok
09:21:31.0609 2952 TosIde - ok
09:21:31.0640 2952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:21:31.0765 2952 Udfs - ok
09:21:31.0781 2952 ultra - ok
09:21:31.0843 2952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:21:31.0984 2952 Update - ok
09:21:32.0031 2952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:21:32.0171 2952 usbccgp - ok
09:21:32.0218 2952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:21:32.0328 2952 usbehci - ok
09:21:32.0421 2952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:21:32.0531 2952 usbhub - ok
09:21:32.0562 2952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:21:32.0703 2952 usbscan - ok
09:21:32.0750 2952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:21:32.0875 2952 usbuhci - ok
09:21:32.0937 2952 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:21:33.0062 2952 usbvideo - ok
09:21:33.0078 2952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:21:33.0187 2952 VgaSave - ok
09:21:33.0234 2952 ViaIde - ok
09:21:33.0265 2952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:21:33.0390 2952 VolSnap - ok
09:21:33.0453 2952 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
09:21:33.0515 2952 Vsdatant - ok
09:21:33.0640 2952 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
09:21:33.0765 2952 w39n51 - ok
09:21:33.0875 2952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:21:33.0984 2952 Wanarp - ok
09:21:34.0000 2952 WDICA - ok
09:21:34.0031 2952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:21:34.0140 2952 wdmaud - ok
09:21:34.0187 2952 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:21:34.0296 2952 WmiAcpi - ok
09:21:34.0328 2952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:21:34.0468 2952 WSTCODEC - ok
09:21:34.0500 2952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:21:34.0765 2952 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:21:34.0765 2952 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:21:34.0765 2952 Boot (0x1200) (472ab1c5959a2db03b96a471e008d118) \Device\Harddisk0\DR0\Partition0
09:21:34.0765 2952 \Device\Harddisk0\DR0\Partition0 - ok
09:21:34.0781 2952 Boot (0x1200) (01ed1855af3b9ccb35a72feccc14112e) \Device\Harddisk0\DR0\Partition1
09:21:34.0781 2952 \Device\Harddisk0\DR0\Partition1 - ok
09:21:34.0781 2952 ============================================================
09:21:34.0781 2952 Scan finished
09:21:34.0781 2952 ============================================================
09:21:34.0890 2580 Detected object count: 16
09:21:34.0890 2580 Actual detected object count: 16
09:22:29.0171 2580 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0171 2580 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0171 2580 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0171 2580 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0171 2580 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0171 2580 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0171 2580 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0171 2580 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0187 2580 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0187 2580 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0203 2580 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0203 2580 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0203 2580 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0203 2580 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0203 2580 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0203 2580 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0203 2580 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0203 2580 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0218 2580 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
09:22:29.0218 2580 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:22:29.0218 2580 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:22:29.0218 2580 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
09:23:50.0484 3992 ============================================================
09:23:50.0484 3992 Scan started
09:23:50.0484 3992 Mode: Manual; SigCheck; TDLFS;
09:23:50.0484 3992 ============================================================
09:23:50.0750 3992 Abiosdsk - ok
09:23:50.0765 3992 abp480n5 - ok
09:23:50.0828 3992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:23:51.0031 3992 ACPI - ok
09:23:51.0062 3992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:23:51.0203 3992 ACPIEC - ok
09:23:51.0250 3992 ADIHdAudAddService (761d5bbdb6a5867c9f8ebbb545af7b34) C:\WINDOWS\system32\drivers\ADIHdAud.sys
09:23:51.0281 3992 ADIHdAudAddService - ok
09:23:51.0312 3992 adpu160m - ok
09:23:51.0343 3992 AEAudioService (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
09:23:51.0375 3992 AEAudioService - ok
09:23:51.0453 3992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:23:51.0578 3992 aec - ok
09:23:51.0609 3992 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:23:51.0625 3992 AegisP ( UnsignedFile.Multi.Generic ) - warning
09:23:51.0625 3992 AegisP - detected UnsignedFile.Multi.Generic (1)
09:23:51.0687 3992 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:23:51.0718 3992 AFD - ok
09:23:51.0750 3992 Aha154x - ok
09:23:51.0765 3992 aic78u2 - ok
09:23:51.0781 3992 aic78xx - ok
09:23:51.0796 3992 AliIde - ok
09:23:51.0812 3992 amsint - ok
09:23:51.0859 3992 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:23:51.0984 3992 Arp1394 - ok
09:23:52.0031 3992 asc - ok
09:23:52.0031 3992 asc3350p - ok
09:23:52.0046 3992 asc3550 - ok
09:23:52.0109 3992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:23:52.0281 3992 AsyncMac - ok
09:23:52.0312 3992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:23:52.0437 3992 atapi - ok
09:23:52.0453 3992 Atdisk - ok
09:23:52.0484 3992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:23:52.0609 3992 Atmarpc - ok
09:23:52.0656 3992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:23:52.0781 3992 audstub - ok
09:23:52.0875 3992 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
09:23:52.0890 3992 avgntflt - ok
09:23:52.0921 3992 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
09:23:52.0937 3992 avipbb - ok
09:23:52.0953 3992 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
09:23:52.0968 3992 avkmgr - ok
09:23:53.0015 3992 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
09:23:53.0046 3992 bcm4sbxp - ok
09:23:53.0078 3992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:23:53.0203 3992 Beep - ok
09:23:53.0312 3992 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
09:23:53.0390 3992 BTKRNL ( UnsignedFile.Multi.Generic ) - warning
09:23:53.0390 3992 BTKRNL - detected UnsignedFile.Multi.Generic (1)
09:23:53.0484 3992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:23:53.0718 3992 cbidf2k - ok
09:23:53.0750 3992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:23:53.0875 3992 CCDECODE - ok
09:23:53.0890 3992 cd20xrnt - ok
09:23:53.0921 3992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:23:54.0046 3992 Cdaudio - ok
09:23:54.0093 3992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:23:54.0203 3992 Cdfs - ok
09:23:54.0281 3992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:23:54.0406 3992 Cdrom - ok
09:23:54.0421 3992 Changer - ok
09:23:54.0437 3992 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:23:54.0546 3992 CmBatt - ok
09:23:54.0562 3992 CmdIde - ok
09:23:54.0578 3992 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:23:54.0734 3992 Compbatt - ok
09:23:54.0750 3992 Cpqarray - ok
09:23:54.0765 3992 dac2w2k - ok
09:23:54.0781 3992 dac960nt - ok
09:23:54.0796 3992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:23:54.0906 3992 Disk - ok
09:23:54.0953 3992 DLABOIOM (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
09:23:54.0968 3992 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
09:23:54.0968 3992 DLABOIOM - detected UnsignedFile.Multi.Generic (1)
09:23:55.0000 3992 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
09:23:55.0015 3992 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0015 3992 DLACDBHM - detected UnsignedFile.Multi.Generic (1)
09:23:55.0062 3992 DLADResN (33b2c320b886d4e6e7780796731e405b) C:\WINDOWS\system32\DLA\DLADResN.SYS
09:23:55.0078 3992 DLADResN ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0078 3992 DLADResN - detected UnsignedFile.Multi.Generic (1)
09:23:55.0125 3992 DLAIFS_M (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
09:23:55.0140 3992 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0140 3992 DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
09:23:55.0156 3992 DLAOPIOM (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
09:23:55.0171 3992 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0171 3992 DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
09:23:55.0171 3992 DLAPoolM (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
09:23:55.0187 3992 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0187 3992 DLAPoolM - detected UnsignedFile.Multi.Generic (1)
09:23:55.0203 3992 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
09:23:55.0218 3992 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0218 3992 DLARTL_N - detected UnsignedFile.Multi.Generic (1)
09:23:55.0234 3992 DLAUDFAM (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
09:23:55.0234 3992 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0234 3992 DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
09:23:55.0265 3992 DLAUDF_M (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
09:23:55.0281 3992 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
09:23:55.0281 3992 DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
09:23:55.0359 3992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:23:55.0500 3992 dmboot - ok
09:23:55.0562 3992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:23:55.0765 3992 dmio - ok
09:23:55.0828 3992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:23:56.0015 3992 dmload - ok
09:23:56.0031 3992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:23:56.0156 3992 DMusic - ok
09:23:56.0171 3992 dpti2o - ok
09:23:56.0203 3992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:23:56.0328 3992 drmkaud - ok
09:23:56.0359 3992 DRVMCDB (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
09:23:56.0390 3992 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
09:23:56.0390 3992 DRVMCDB - detected UnsignedFile.Multi.Generic (1)
09:23:56.0437 3992 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
09:23:56.0453 3992 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
09:23:56.0453 3992 DRVNDDM - detected UnsignedFile.Multi.Generic (1)
09:23:56.0515 3992 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
09:23:56.0546 3992 eabfiltr - ok
09:23:56.0593 3992 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
09:23:56.0640 3992 eabusb - ok
09:23:56.0671 3992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:23:56.0781 3992 Fastfat - ok
09:23:56.0812 3992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:23:56.0984 3992 Fdc - ok
09:23:57.0000 3992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:23:57.0125 3992 Fips - ok
09:23:57.0156 3992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:23:57.0281 3992 Flpydisk - ok
09:23:57.0328 3992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:23:57.0437 3992 FltMgr - ok
09:23:57.0484 3992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:23:57.0640 3992 Fs_Rec - ok
09:23:57.0671 3992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:23:57.0796 3992 Ftdisk - ok
09:23:57.0843 3992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:23:58.0000 3992 Gpc - ok
09:23:58.0078 3992 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
09:23:58.0109 3992 HBtnKey - ok
09:23:58.0187 3992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:23:58.0343 3992 HDAudBus - ok
09:23:58.0359 3992 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:23:58.0515 3992 hidusb - ok
09:23:58.0531 3992 hpn - ok
09:23:58.0593 3992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:23:58.0625 3992 HTTP - ok
09:23:58.0671 3992 i2omgmt - ok
09:23:58.0687 3992 i2omp - ok
09:23:58.0734 3992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:23:58.0906 3992 i8042prt - ok
09:23:59.0031 3992 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
09:23:59.0125 3992 ialm - ok
09:23:59.0250 3992 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:23:59.0328 3992 iaStor - ok
09:23:59.0390 3992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:23:59.0546 3992 Imapi - ok
09:23:59.0562 3992 ini910u - ok
09:23:59.0578 3992 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:23:59.0781 3992 IntelIde - ok
09:23:59.0812 3992 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:23:59.0921 3992 intelppm - ok
09:24:00.0000 3992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:24:00.0125 3992 Ip6Fw - ok
09:24:00.0171 3992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:24:00.0296 3992 IpFilterDriver - ok
09:24:00.0359 3992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:24:00.0468 3992 IpInIp - ok
09:24:00.0515 3992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:24:00.0656 3992 IpNat - ok
09:24:00.0671 3992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:24:00.0828 3992 IPSec - ok
09:24:00.0906 3992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:24:01.0046 3992 IRENUM - ok
09:24:01.0078 3992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:24:01.0218 3992 isapnp - ok
09:24:01.0343 3992 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:24:01.0359 3992 ISWKL - ok
09:24:01.0421 3992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:24:01.0562 3992 Kbdclass - ok
09:24:01.0625 3992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:24:01.0750 3992 kbdhid - ok
09:24:01.0781 3992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:24:01.0953 3992 kmixer - ok
09:24:02.0015 3992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:24:02.0031 3992 KSecDD - ok
09:24:02.0046 3992 lbrtfdc - ok
09:24:02.0109 3992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:24:02.0234 3992 mnmdd - ok
09:24:02.0296 3992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:24:02.0421 3992 Modem - ok
09:24:02.0484 3992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:24:02.0609 3992 Mouclass - ok
09:24:02.0656 3992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:24:02.0812 3992 mouhid - ok
09:24:02.0843 3992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:24:02.0968 3992 MountMgr - ok
09:24:02.0984 3992 mraid35x - ok
09:24:03.0000 3992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:24:03.0109 3992 MRxDAV - ok
09:24:03.0187 3992 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:24:03.0234 3992 MRxSmb - ok
09:24:03.0312 3992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:24:03.0453 3992 Msfs - ok
09:24:03.0500 3992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:24:03.0625 3992 MSKSSRV - ok
09:24:03.0640 3992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:24:03.0765 3992 MSPCLOCK - ok
09:24:03.0796 3992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:24:03.0906 3992 MSPQM - ok
09:24:03.0921 3992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:24:04.0046 3992 mssmbios - ok
09:24:04.0093 3992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:24:04.0218 3992 MSTEE - ok
09:24:04.0265 3992 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:24:04.0296 3992 Mup - ok
09:24:04.0359 3992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:24:04.0484 3992 NABTSFEC - ok
09:24:04.0546 3992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:24:04.0687 3992 NDIS - ok
09:24:04.0718 3992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:24:04.0875 3992 NdisIP - ok
09:24:04.0937 3992 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:24:04.0968 3992 NdisTapi - ok
09:24:05.0031 3992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:24:05.0156 3992 Ndisuio - ok
09:24:05.0203 3992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:24:05.0312 3992 NdisWan - ok
09:24:05.0359 3992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:24:05.0375 3992 NDProxy - ok
09:24:05.0406 3992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:24:05.0546 3992 NetBIOS - ok
09:24:05.0578 3992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:24:05.0734 3992 NetBT - ok
09:24:05.0812 3992 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:24:05.0937 3992 NIC1394 - ok
09:24:05.0984 3992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:24:06.0093 3992 Npfs - ok
09:24:06.0140 3992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:24:06.0281 3992 Ntfs - ok
09:24:06.0328 3992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:24:06.0453 3992 Null - ok
09:24:06.0546 3992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:24:06.0671 3992 NwlnkFlt - ok
09:24:06.0703 3992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:24:06.0828 3992 NwlnkFwd - ok
09:24:06.0859 3992 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:24:07.0000 3992 ohci1394 - ok
09:24:07.0046 3992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:24:07.0156 3992 Parport - ok
09:24:07.0203 3992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:24:07.0312 3992 PartMgr - ok
09:24:07.0421 3992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:24:07.0546 3992 ParVdm - ok
09:24:07.0578 3992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:24:07.0703 3992 PCI - ok
09:24:07.0718 3992 PCIDump - ok
09:24:07.0734 3992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:24:07.0921 3992 PCIIde - ok
09:24:07.0937 3992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:24:08.0062 3992 Pcmcia - ok
09:24:08.0078 3992 PDCOMP - ok
09:24:08.0093 3992 PDFRAME - ok
09:24:08.0109 3992 PDRELI - ok
09:24:08.0125 3992 PDRFRAME - ok
09:24:08.0125 3992 perc2 - ok
09:24:08.0140 3992 perc2hib - ok
09:24:08.0218 3992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:24:08.0328 3992 PptpMiniport - ok
09:24:08.0343 3992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:24:08.0453 3992 PSched - ok
09:24:08.0468 3992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:24:08.0593 3992 Ptilink - ok
09:24:08.0640 3992 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:24:08.0656 3992 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
09:24:08.0656 3992 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
09:24:08.0718 3992 ql1080 - ok
09:24:08.0734 3992 Ql10wnt - ok
09:24:08.0750 3992 ql12160 - ok
09:24:08.0765 3992 ql1240 - ok
09:24:08.0781 3992 ql1280 - ok
09:24:08.0843 3992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:24:08.0968 3992 RasAcd - ok
09:24:09.0000 3992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:24:09.0125 3992 Rasl2tp - ok
09:24:09.0156 3992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:24:09.0296 3992 RasPppoe - ok
09:24:09.0328 3992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:24:09.0484 3992 Raspti - ok
09:24:09.0531 3992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:24:09.0671 3992 Rdbss - ok
09:24:09.0734 3992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:24:09.0890 3992 RDPCDD - ok
09:24:09.0937 3992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:24:10.0078 3992 rdpdr - ok
09:24:10.0140 3992 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:24:10.0156 3992 RDPWD - ok
09:24:10.0203 3992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:24:10.0312 3992 redbook - ok
09:24:10.0375 3992 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:24:10.0390 3992 s24trans ( UnsignedFile.Multi.Generic ) - warning
09:24:10.0390 3992 s24trans - detected UnsignedFile.Multi.Generic (1)
09:24:10.0500 3992 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:24:10.0515 3992 SASDIFSV - ok
09:24:10.0531 3992 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:24:10.0531 3992 SASKUTIL - ok
09:24:10.0625 3992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:24:10.0734 3992 Secdrv - ok
09:24:10.0796 3992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
09:24:10.0906 3992 Serial - ok
09:24:10.0921 3992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:24:11.0031 3992 Sfloppy - ok
09:24:11.0046 3992 Simbad - ok
09:24:11.0093 3992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:24:11.0203 3992 SLIP - ok
09:24:11.0218 3992 Sparrow - ok
09:24:11.0250 3992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:24:11.0359 3992 splitter - ok
09:24:11.0390 3992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:24:11.0500 3992 sr - ok
09:24:11.0562 3992 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:24:11.0578 3992 Srv - ok
09:24:11.0703 3992 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
09:24:11.0718 3992 ssmdrv - ok
09:24:11.0750 3992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:24:11.0859 3992 streamip - ok
09:24:11.0906 3992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:24:12.0015 3992 swenum - ok
09:24:12.0031 3992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:24:12.0140 3992 swmidi - ok
09:24:12.0156 3992 symc810 - ok
09:24:12.0171 3992 symc8xx - ok
09:24:12.0187 3992 sym_hi - ok
09:24:12.0187 3992 sym_u3 - ok
09:24:12.0250 3992 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
09:24:12.0265 3992 SynTP - ok
09:24:12.0296 3992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:24:12.0406 3992 sysaudio - ok
09:24:12.0515 3992 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:24:12.0546 3992 Tcpip - ok
09:24:12.0593 3992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:24:12.0703 3992 TDPIPE - ok
09:24:12.0734 3992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:24:12.0843 3992 TDTCP - ok
09:24:12.0875 3992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:24:12.0984 3992 TermDD - ok
09:24:13.0000 3992 TosIde - ok
09:24:13.0031 3992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:24:13.0140 3992 Udfs - ok
09:24:13.0156 3992 ultra - ok
09:24:13.0218 3992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:24:13.0343 3992 Update - ok
09:24:13.0390 3992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:24:13.0500 3992 usbccgp - ok
09:24:13.0546 3992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:24:13.0656 3992 usbehci - ok
09:24:13.0687 3992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:24:13.0796 3992 usbhub - ok
09:24:13.0843 3992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:24:13.0953 3992 usbscan - ok
09:24:14.0000 3992 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:24:14.0109 3992 usbuhci - ok
09:24:14.0156 3992 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:24:14.0265 3992 usbvideo - ok
09:24:14.0281 3992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:24:14.0390 3992 VgaSave - ok
09:24:14.0406 3992 ViaIde - ok
09:24:14.0437 3992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:24:14.0546 3992 VolSnap - ok
09:24:14.0625 3992 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
09:24:14.0656 3992 Vsdatant - ok
09:24:14.0812 3992 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
09:24:14.0875 3992 w39n51 - ok
09:24:14.0937 3992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:24:15.0046 3992 Wanarp - ok
09:24:15.0062 3992 WDICA - ok
09:24:15.0093 3992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:24:15.0203 3992 wdmaud - ok
09:24:15.0250 3992 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:24:15.0343 3992 WmiAcpi - ok
09:24:15.0421 3992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:24:15.0531 3992 WSTCODEC - ok
09:24:15.0578 3992 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:24:15.0828 3992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
09:24:15.0828 3992 \Device\Harddisk0\DR0 - detected TDSS File System (1)
09:24:15.0828 3992 Boot (0x1200) (472ab1c5959a2db03b96a471e008d118) \Device\Harddisk0\DR0\Partition0
09:24:15.0828 3992 \Device\Harddisk0\DR0\Partition0 - ok
09:24:15.0843 3992 Boot (0x1200) (01ed1855af3b9ccb35a72feccc14112e) \Device\Harddisk0\DR0\Partition1
09:24:15.0859 3992 \Device\Harddisk0\DR0\Partition1 - ok
09:24:15.0859 3992 ============================================================
09:24:15.0859 3992 Scan finished
09:24:15.0859 3992 ============================================================
09:24:15.0859 1844 Detected object count: 16
09:24:15.0859 1844 Actual detected object count: 16
09:24:24.0421 1844 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0421 1844 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0421 1844 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0421 1844 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0421 1844 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0421 1844 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0421 1844 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0421 1844 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0421 1844 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0421 1844 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
09:24:24.0437 1844 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:24:24.0437 1844 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
09:24:24.0437 1844 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#8 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 30 January 2012 - 05:39 PM

Hi,

Could you choose cure this time rather thank skip?

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#9 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2012 - 06:43 PM

Ok I'll do that now! Here is te comboix log:


ComboFix 12-01-30.02 - Casey 31/01/2012 9:55.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2053 [GMT 11:00]
Running from: c:\documents and settings\Casey\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2006-02-28 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-02-28 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-02-28 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-12-21 07:24 . 2012-01-25 05:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-21 40960]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-13 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2012-1-24 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/01/2012 14:56 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 03:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 08:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 10:38 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2012 14:56 86224]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 23:00 14336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [04/11/2011 01:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [04/11/2011 01:44 497280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Casey\Application Data\Mozilla\Firefox\Profiles\ym539zd5.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???PV??????(?@???????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(956)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\DllHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2012-01-31 10:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 23:07
.
Pre-Run: 56,016,535,552 bytes free
Post-Run: 56,413,380,608 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - DA1EBDB158044DCA445B101DBF68C425

#10 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 January 2012 - 06:48 PM

Hi Casey,

I ran tdskiller again but this time there was no threats discovered! Here is the report in case you need it. These are great tools, I wish I knew how to use them without risking messing things up! =)


10:44:34.0859 1900 TDSS rootkit removing tool 2.7.8.0 Jan 30 2012 16:39:36
10:44:35.0843 1900 ============================================================
10:44:35.0843 1900 Current date / time: 2012/01/31 10:44:35.0843
10:44:35.0843 1900 SystemInfo:
10:44:35.0843 1900
10:44:35.0843 1900 OS Version: 5.1.2600 ServicePack: 3.0
10:44:35.0843 1900 Product type: Workstation
10:44:35.0843 1900 ComputerName: A
10:44:35.0843 1900 UserName: Casey
10:44:35.0843 1900 Windows directory: C:\WINDOWS
10:44:35.0843 1900 System windows directory: C:\WINDOWS
10:44:35.0843 1900 Processor architecture: Intel x86
10:44:35.0843 1900 Number of processors: 2
10:44:35.0843 1900 Page size: 0x1000
10:44:35.0843 1900 Boot type: Normal boot
10:44:35.0843 1900 ============================================================
10:44:36.0484 1900 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:44:36.0484 1900 \Device\Harddisk0\DR0:
10:44:36.0484 1900 MBR used
10:44:36.0484 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8394111
10:44:36.0484 1900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x8394150, BlocksNum 0x1179FC0
10:44:36.0531 1900 Initialize success
10:44:36.0531 1900 ============================================================
10:44:41.0140 3388 ============================================================
10:44:41.0140 3388 Scan started
10:44:41.0140 3388 Mode: Manual;
10:44:41.0140 3388 ============================================================
10:44:41.0562 3388 Abiosdsk - ok
10:44:41.0578 3388 abp480n5 - ok
10:44:41.0640 3388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:44:41.0640 3388 ACPI - ok
10:44:41.0687 3388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:44:41.0687 3388 ACPIEC - ok
10:44:41.0734 3388 ADIHdAudAddService (761d5bbdb6a5867c9f8ebbb545af7b34) C:\WINDOWS\system32\drivers\ADIHdAud.sys
10:44:41.0734 3388 ADIHdAudAddService - ok
10:44:41.0750 3388 adpu160m - ok
10:44:41.0781 3388 AEAudioService (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
10:44:41.0781 3388 AEAudioService - ok
10:44:41.0812 3388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:44:41.0812 3388 aec - ok
10:44:41.0875 3388 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
10:44:41.0875 3388 AegisP - ok
10:44:41.0984 3388 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:44:42.0000 3388 AFD - ok
10:44:42.0000 3388 Aha154x - ok
10:44:42.0046 3388 aic78u2 - ok
10:44:42.0093 3388 aic78xx - ok
10:44:42.0125 3388 AliIde - ok
10:44:42.0140 3388 amsint - ok
10:44:42.0203 3388 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
10:44:42.0203 3388 Arp1394 - ok
10:44:42.0218 3388 asc - ok
10:44:42.0234 3388 asc3350p - ok
10:44:42.0250 3388 asc3550 - ok
10:44:42.0281 3388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:44:42.0281 3388 AsyncMac - ok
10:44:42.0312 3388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:44:42.0312 3388 atapi - ok
10:44:42.0328 3388 Atdisk - ok
10:44:42.0359 3388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:44:42.0359 3388 Atmarpc - ok
10:44:42.0421 3388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:44:42.0421 3388 audstub - ok
10:44:42.0453 3388 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
10:44:42.0453 3388 avgntflt - ok
10:44:42.0500 3388 avipbb (475fbb85956534720858ae72010c0a43) C:\WINDOWS\system32\DRIVERS\avipbb.sys
10:44:42.0500 3388 avipbb - ok
10:44:42.0546 3388 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
10:44:42.0546 3388 avkmgr - ok
10:44:42.0609 3388 bcm4sbxp (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:44:42.0609 3388 bcm4sbxp - ok
10:44:42.0656 3388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:44:42.0656 3388 Beep - ok
10:44:42.0765 3388 BTKRNL (6b6ad8cbf3984c3b39d4d06c38f52010) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:44:42.0781 3388 BTKRNL - ok
10:44:42.0781 3388 catchme - ok
10:44:42.0890 3388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:44:42.0890 3388 cbidf2k - ok
10:44:42.0921 3388 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:44:42.0921 3388 CCDECODE - ok
10:44:42.0937 3388 cd20xrnt - ok
10:44:43.0000 3388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:44:43.0000 3388 Cdaudio - ok
10:44:43.0046 3388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:44:43.0046 3388 Cdfs - ok
10:44:43.0078 3388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:44:43.0093 3388 Cdrom - ok
10:44:43.0093 3388 Changer - ok
10:44:43.0140 3388 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:44:43.0140 3388 CmBatt - ok
10:44:43.0156 3388 CmdIde - ok
10:44:43.0171 3388 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:44:43.0171 3388 Compbatt - ok
10:44:43.0187 3388 Cpqarray - ok
10:44:43.0203 3388 dac2w2k - ok
10:44:43.0218 3388 dac960nt - ok
10:44:43.0250 3388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:44:43.0250 3388 Disk - ok
10:44:43.0296 3388 DLABOIOM (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
10:44:43.0296 3388 DLABOIOM - ok
10:44:43.0359 3388 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
10:44:43.0375 3388 DLACDBHM - ok
10:44:43.0390 3388 DLADResN (33b2c320b886d4e6e7780796731e405b) C:\WINDOWS\system32\DLA\DLADResN.SYS
10:44:43.0390 3388 DLADResN - ok
10:44:43.0406 3388 DLAIFS_M (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
10:44:43.0406 3388 DLAIFS_M - ok
10:44:43.0421 3388 DLAOPIOM (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
10:44:43.0421 3388 DLAOPIOM - ok
10:44:43.0437 3388 DLAPoolM (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
10:44:43.0437 3388 DLAPoolM - ok
10:44:43.0453 3388 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
10:44:43.0453 3388 DLARTL_N - ok
10:44:43.0468 3388 DLAUDFAM (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
10:44:43.0484 3388 DLAUDFAM - ok
10:44:43.0484 3388 DLAUDF_M (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
10:44:43.0500 3388 DLAUDF_M - ok
10:44:43.0562 3388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:44:43.0562 3388 dmboot - ok
10:44:43.0625 3388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:44:43.0625 3388 dmio - ok
10:44:43.0656 3388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:44:43.0656 3388 dmload - ok
10:44:43.0703 3388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:44:43.0703 3388 DMusic - ok
10:44:43.0750 3388 dpti2o - ok
10:44:43.0750 3388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:44:43.0765 3388 drmkaud - ok
10:44:43.0796 3388 DRVMCDB (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
10:44:43.0796 3388 DRVMCDB - ok
10:44:43.0812 3388 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
10:44:43.0812 3388 DRVNDDM - ok
10:44:43.0859 3388 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
10:44:43.0859 3388 eabfiltr - ok
10:44:43.0890 3388 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
10:44:43.0890 3388 eabusb - ok
10:44:43.0921 3388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:44:43.0937 3388 Fastfat - ok
10:44:43.0984 3388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:44:44.0000 3388 Fdc - ok
10:44:44.0015 3388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:44:44.0015 3388 Fips - ok
10:44:44.0031 3388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:44:44.0031 3388 Flpydisk - ok
10:44:44.0078 3388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
10:44:44.0093 3388 FltMgr - ok
10:44:44.0156 3388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:44:44.0156 3388 Fs_Rec - ok
10:44:44.0187 3388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:44:44.0187 3388 Ftdisk - ok
10:44:44.0250 3388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:44:44.0250 3388 Gpc - ok
10:44:44.0296 3388 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
10:44:44.0296 3388 HBtnKey - ok
10:44:44.0328 3388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:44:44.0328 3388 HDAudBus - ok
10:44:44.0359 3388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:44:44.0359 3388 hidusb - ok
10:44:44.0375 3388 hpn - ok
10:44:44.0421 3388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:44:44.0437 3388 HTTP - ok
10:44:44.0437 3388 i2omgmt - ok
10:44:44.0453 3388 i2omp - ok
10:44:44.0484 3388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:44:44.0484 3388 i8042prt - ok
10:44:44.0593 3388 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:44:44.0593 3388 ialm - ok
10:44:44.0718 3388 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
10:44:44.0718 3388 iaStor - ok
10:44:44.0781 3388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:44:44.0781 3388 Imapi - ok
10:44:44.0796 3388 ini910u - ok
10:44:44.0828 3388 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:44:44.0828 3388 IntelIde - ok
10:44:44.0875 3388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:44:44.0875 3388 intelppm - ok
10:44:44.0906 3388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
10:44:44.0906 3388 Ip6Fw - ok
10:44:44.0953 3388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:44:44.0953 3388 IpFilterDriver - ok
10:44:45.0015 3388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:44:45.0015 3388 IpInIp - ok
10:44:45.0046 3388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:44:45.0046 3388 IpNat - ok
10:44:45.0078 3388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:44:45.0078 3388 IPSec - ok
10:44:45.0109 3388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:44:45.0109 3388 IRENUM - ok
10:44:45.0156 3388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:44:45.0156 3388 isapnp - ok
10:44:45.0265 3388 ISWKL (08a811bfd207dfdec588881c18bacbaa) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
10:44:45.0265 3388 ISWKL - ok
10:44:45.0328 3388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:44:45.0328 3388 Kbdclass - ok
10:44:45.0375 3388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:44:45.0375 3388 kbdhid - ok
10:44:45.0390 3388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:44:45.0406 3388 kmixer - ok
10:44:45.0437 3388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:44:45.0437 3388 KSecDD - ok
10:44:45.0453 3388 lbrtfdc - ok
10:44:45.0515 3388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:44:45.0515 3388 mnmdd - ok
10:44:45.0562 3388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:44:45.0562 3388 Modem - ok
10:44:45.0593 3388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:44:45.0593 3388 Mouclass - ok
10:44:45.0640 3388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:44:45.0640 3388 mouhid - ok
10:44:45.0671 3388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:44:45.0671 3388 MountMgr - ok
10:44:45.0703 3388 mraid35x - ok
10:44:45.0750 3388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:44:45.0750 3388 MRxDAV - ok
10:44:45.0843 3388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:44:45.0843 3388 MRxSmb - ok
10:44:45.0859 3388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:44:45.0859 3388 Msfs - ok
10:44:45.0890 3388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:44:45.0890 3388 MSKSSRV - ok
10:44:45.0906 3388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:44:45.0906 3388 MSPCLOCK - ok
10:44:45.0921 3388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:44:45.0921 3388 MSPQM - ok
10:44:45.0968 3388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:44:45.0968 3388 mssmbios - ok
10:44:46.0015 3388 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:44:46.0015 3388 MSTEE - ok
10:44:46.0046 3388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:44:46.0046 3388 Mup - ok
10:44:46.0093 3388 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:44:46.0093 3388 NABTSFEC - ok
10:44:46.0140 3388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:44:46.0156 3388 NDIS - ok
10:44:46.0203 3388 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:44:46.0203 3388 NdisIP - ok
10:44:46.0234 3388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:44:46.0234 3388 NdisTapi - ok
10:44:46.0265 3388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:44:46.0265 3388 Ndisuio - ok
10:44:46.0281 3388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:44:46.0281 3388 NdisWan - ok
10:44:46.0312 3388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:44:46.0312 3388 NDProxy - ok
10:44:46.0343 3388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:44:46.0343 3388 NetBIOS - ok
10:44:46.0375 3388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:44:46.0390 3388 NetBT - ok
10:44:46.0453 3388 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
10:44:46.0453 3388 NIC1394 - ok
10:44:46.0484 3388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:44:46.0484 3388 Npfs - ok
10:44:46.0546 3388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:44:46.0546 3388 Ntfs - ok
10:44:46.0625 3388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:44:46.0625 3388 Null - ok
10:44:46.0671 3388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:44:46.0671 3388 NwlnkFlt - ok
10:44:46.0687 3388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:44:46.0687 3388 NwlnkFwd - ok
10:44:46.0703 3388 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
10:44:46.0703 3388 ohci1394 - ok
10:44:46.0734 3388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
10:44:46.0734 3388 Parport - ok
10:44:46.0765 3388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:44:46.0781 3388 PartMgr - ok
10:44:46.0812 3388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:44:46.0812 3388 ParVdm - ok
10:44:46.0843 3388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:44:46.0843 3388 PCI - ok
10:44:46.0859 3388 PCIDump - ok
10:44:46.0890 3388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:44:46.0890 3388 PCIIde - ok
10:44:46.0921 3388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:44:46.0921 3388 Pcmcia - ok
10:44:46.0968 3388 PDCOMP - ok
10:44:46.0984 3388 PDFRAME - ok
10:44:47.0000 3388 PDRELI - ok
10:44:47.0015 3388 PDRFRAME - ok
10:44:47.0031 3388 perc2 - ok
10:44:47.0031 3388 perc2hib - ok
10:44:47.0093 3388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:44:47.0093 3388 PptpMiniport - ok
10:44:47.0109 3388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:44:47.0109 3388 PSched - ok
10:44:47.0125 3388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:44:47.0125 3388 Ptilink - ok
10:44:47.0156 3388 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
10:44:47.0156 3388 PxHelp20 - ok
10:44:47.0171 3388 ql1080 - ok
10:44:47.0187 3388 Ql10wnt - ok
10:44:47.0187 3388 ql12160 - ok
10:44:47.0203 3388 ql1240 - ok
10:44:47.0218 3388 ql1280 - ok
10:44:47.0265 3388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:44:47.0265 3388 RasAcd - ok
10:44:47.0281 3388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:44:47.0281 3388 Rasl2tp - ok
10:44:47.0312 3388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:44:47.0312 3388 RasPppoe - ok
10:44:47.0328 3388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:44:47.0328 3388 Raspti - ok
10:44:47.0375 3388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:44:47.0375 3388 Rdbss - ok
10:44:47.0390 3388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:44:47.0390 3388 RDPCDD - ok
10:44:47.0437 3388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:44:47.0437 3388 rdpdr - ok
10:44:47.0500 3388 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:44:47.0500 3388 RDPWD - ok
10:44:47.0546 3388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:44:47.0562 3388 redbook - ok
10:44:47.0640 3388 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
10:44:47.0640 3388 s24trans - ok
10:44:47.0750 3388 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:44:47.0765 3388 SASDIFSV - ok
10:44:47.0765 3388 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:44:47.0765 3388 SASKUTIL - ok
10:44:47.0843 3388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:44:47.0843 3388 Secdrv - ok
10:44:47.0875 3388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:44:47.0875 3388 Serial - ok
10:44:47.0921 3388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:44:47.0921 3388 Sfloppy - ok
10:44:47.0937 3388 Simbad - ok
10:44:47.0968 3388 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:44:47.0968 3388 SLIP - ok
10:44:47.0984 3388 Sparrow - ok
10:44:48.0031 3388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:44:48.0031 3388 splitter - ok
10:44:48.0078 3388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:44:48.0078 3388 sr - ok
10:44:48.0140 3388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:44:48.0140 3388 Srv - ok
10:44:48.0203 3388 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
10:44:48.0203 3388 ssmdrv - ok
10:44:48.0250 3388 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:44:48.0250 3388 streamip - ok
10:44:48.0296 3388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:44:48.0296 3388 swenum - ok
10:44:48.0359 3388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:44:48.0359 3388 swmidi - ok
10:44:48.0375 3388 symc810 - ok
10:44:48.0390 3388 symc8xx - ok
10:44:48.0406 3388 sym_hi - ok
10:44:48.0421 3388 sym_u3 - ok
10:44:48.0468 3388 SynTP (fd5010a627d2a7bbd1c44a488e3a8fe5) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:44:48.0468 3388 SynTP - ok
10:44:48.0500 3388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:44:48.0500 3388 sysaudio - ok
10:44:48.0562 3388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:44:48.0578 3388 Tcpip - ok
10:44:48.0625 3388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:44:48.0625 3388 TDPIPE - ok
10:44:48.0656 3388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:44:48.0656 3388 TDTCP - ok
10:44:48.0687 3388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:44:48.0687 3388 TermDD - ok
10:44:48.0750 3388 TosIde - ok
10:44:48.0781 3388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:44:48.0781 3388 Udfs - ok
10:44:48.0796 3388 ultra - ok
10:44:48.0859 3388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:44:48.0875 3388 Update - ok
10:44:48.0921 3388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:44:48.0921 3388 usbccgp - ok
10:44:48.0953 3388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:44:48.0953 3388 usbehci - ok
10:44:49.0015 3388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:44:49.0015 3388 usbhub - ok
10:44:49.0062 3388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:44:49.0062 3388 usbscan - ok
10:44:49.0109 3388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:44:49.0109 3388 usbuhci - ok
10:44:49.0156 3388 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:44:49.0156 3388 usbvideo - ok
10:44:49.0171 3388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:44:49.0171 3388 VgaSave - ok
10:44:49.0187 3388 ViaIde - ok
10:44:49.0218 3388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:44:49.0218 3388 VolSnap - ok
10:44:49.0281 3388 Vsdatant (b0d3c4497d1ed91628dc56f592aebef4) C:\WINDOWS\system32\vsdatant.sys
10:44:49.0296 3388 Vsdatant - ok
10:44:49.0421 3388 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
10:44:49.0437 3388 w39n51 - ok
10:44:49.0546 3388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:44:49.0546 3388 Wanarp - ok
10:44:49.0562 3388 WDICA - ok
10:44:49.0593 3388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:44:49.0593 3388 wdmaud - ok
10:44:49.0640 3388 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
10:44:49.0640 3388 WmiAcpi - ok
10:44:49.0687 3388 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:44:49.0687 3388 WS2IFSL - ok
10:44:49.0718 3388 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:44:49.0718 3388 WSTCODEC - ok
10:44:49.0750 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
10:44:49.0953 3388 \Device\Harddisk0\DR0 - ok
10:44:49.0968 3388 Boot (0x1200) (472ab1c5959a2db03b96a471e008d118) \Device\Harddisk0\DR0\Partition0
10:44:49.0968 3388 \Device\Harddisk0\DR0\Partition0 - ok
10:44:50.0000 3388 Boot (0x1200) (438d1177b070e4780cf1f9ccd3c48d48) \Device\Harddisk0\DR0\Partition1
10:44:50.0000 3388 \Device\Harddisk0\DR0\Partition1 - ok
10:44:50.0000 3388 ============================================================
10:44:50.0000 3388 Scan finished
10:44:50.0000 3388 ============================================================
10:44:50.0015 0464 Detected object count: 0
10:44:50.0015 0464 Actual detected object count: 0

#11 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 31 January 2012 - 07:06 AM

OK, let's just double check it's definitely no longer there:

Listparts
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.

Note: The tool should be used on English language operating systems.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#12 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 31 January 2012 - 09:49 AM

Thanks Casey,

That's pretty quick, here is result.txt.

Fingers crossed!



ListParts by Farbar
Ran by Casey on 01-02-2012 at 01:44:47
Windows XP (X86)
Running From: C:\Documents and Settings\Casey\Desktop
************************************************************

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 2551.36 MB
Available physical RAM: 1675.53 MB
Total Pagefile: 4439.32 MB
Available Pagefile: 3450.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.52 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:65.79 GB) (Free:50.64 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.72 GB) (Free:2.77 GB) FAT32 ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 66 GB 32 KB
Partition 2 Primary 9 GB 66 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 66 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D HP_RECOVERY FAT32 Partition 9 GB Healthy

'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


****** End Of Log ******

#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 31 January 2012 - 12:34 PM

Hi Casey,

That looks good :) how is the PC running?

Could you delete your current ComboFix file and then download a new version and run it for me?

Thanks,

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 Feelingtrojanish?

Feelingtrojanish?
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 01 February 2012 - 10:06 AM

Hi Casey,

Yeah the computer is running great. No more tds problems. :clapping: Hmmm, wonder where they came from.

Oh well, there was one problem where some of the other user profiles won't load. But I didn't check if they worked after the reformat. I'll take a look in a sec.
Hopefully this combofix log looks a bit better! :)

You've been so great Casey, thanks!




ComboFix 12-01-31.01 - Casey 02/02/2012 1:44.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2551.2060 [GMT 11:00]
Running from: c:\documents and settings\Casey\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2006-02-28 12:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-02-28 12:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 15:28 . 2006-02-28 12:00 386048 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2006-02-28 12:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2011-12-21 07:24 . 2012-01-25 05:09 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-30_23.03.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-02-28 12:00 . 2012-01-30 21:47 53166 c:\windows\system32\perfc009.dat
+ 2006-02-28 12:00 . 2012-02-01 09:04 53166 c:\windows\system32\perfc009.dat
+ 2004-01-07 00:21 . 2004-01-07 00:21 237936 c:\windows\system32\unicows.dll
+ 2006-02-28 12:00 . 2012-02-01 09:04 380918 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-30 21:47 380918 c:\windows\system32\perfh009.dat
+ 2012-01-31 13:40 . 2012-01-31 13:40 371272 c:\windows\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
+ 2012-01-31 13:40 . 2012-01-31 13:40 1527808 c:\windows\Installer\3228852.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-05-09 09:49 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-02-21 40960]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-13 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-02 131072]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-12-18 73360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2012-1-24 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24/01/2012 14:56 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/07/2011 03:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 08:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 10:38 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24/01/2012 14:56 86224]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 23:00 14336]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [04/11/2011 01:44 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [04/11/2011 01:44 497280]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 62517227
*Deregistered* - 62517227
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Casey\Application Data\Mozilla\Firefox\Profiles\ym539zd5.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-02 01:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ???????????(?@???????@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(948)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-02-02 01:51:31
ComboFix-quarantined-files.txt 2012-02-01 14:51
ComboFix2.txt 2012-01-30 23:07
.
Pre-Run: 55,882,293,248 bytes free
Post-Run: 56,227,016,704 bytes free
.
- - End Of File - - CA1E1D9A36AF4A6E3F7F89B27D9060BE

Edited by Feelingtrojanish?, 01 February 2012 - 10:07 AM.


#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:21 PM

Posted 01 February 2012 - 10:29 AM

That looks good :)

Question: do you actually use Norton Worm protection?

Let's get some supplimentary scans to see if there are any left-overs.

:step1: Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users