Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HARD TO DETECT ROOTKIT


  • This topic is locked This topic is locked
21 replies to this topic

#1 TNT2

TNT2

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 01 February 2012 - 09:23 PM

EDIT:Moved to proper forum...Virus, Trojan, Spyware, and Malware Removal Logs
I BELIEVE I AM THE VICTIM OF A NASTY BACKDOOR OR ROOTKIT......SCANS APPEAR CLEAN BUT A FEW DAYS AGO I BELIEVE I WAS HIT WITH A JAVA FISH.
AVIRA SCAN LOGS SHOW THIS TO BE TRUE ALONG WITH SOME OTHER TROJANS THAT WERE DETECTED...I'VE RUN A NUMBER OF SCANNERS AND UTILITIES TO TELL ME THERE ARE SOME PROBLEMS JUST CANT SEM TO GET THIS ONE ON MY OWN. THE COMPUTER IS FUNCTIONING DECENT BUT SOMETHING IS GOING ON. FOR EXAMPLE WHEN I TYPE IN THE RUN BOX...LETTERS COME IN AT A CRAWL. CAN SOMEONE PLEASE HELP ME ROLL THRU THIS ONE. SYSINTERNALS IS SHOWING A FEW STRANGE DRIVERS LIKE \??\C:\DOCUME~1\tom\LOCALS~1\Temp\axlyipog.sys AND \??\C:\DOCUME~1\tom\LOCALS~1\Temp\catchme.sys AND System32\Drivers\sptd.sys

Attached Files


Edited by boopme, 01 February 2012 - 09:26 PM.


BC AdBot (Login to Remove)

 


#2 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 04 February 2012 - 10:15 AM

DDS.TXT

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by tom at 22:05:12 on 2012-02-04
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2065 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\V0410Mon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Autodesk DWF: {f03966d3-8ea0-47b4-bbe0-85bfe6cbc8ac} - c:\program files\autodesk\autodesk dwf writer\dwf addin\DWFIEAddin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} -
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [c:\windows\system32\v0410ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0410Ext.ax
mRun: [V0410Mon.exe] c:\windows\V0410Mon.exe
uPolicies-system: phdvqajjvglqkvigcdmiTaskMgr = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{45D33398-47F1-4ED2-8C3F-A535FB63C8D5} : DhcpNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tom\application data\mozilla\firefox\profiles\i0a2uuqz.test\
FF - plugin: c:\documents and settings\tom\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npEModelPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin9.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin9.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-1-17 16024]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-16 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-16 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-16 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-16 44768]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
R3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2012-2-4 142656]
R3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2012-2-4 94720]
S1 vmibtpsm;vmibtpsm;c:\windows\system32\drivers\vmibtpsm.sys [2009-9-30 28320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HardlockFilter;HardlockFilter;\??\c:\documents and settings\tom\desktop\lmd --> c:\documents and settings\tom\desktop\lmd [?]
S3 I97DRIVER;I97DRIVER;c:\program files\avanquest\fix-it\dgs.sys [2007-8-31 6600]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 TFilter;TFilter;\??\c:\progra~1\avanqu~1\system~1\tfilter.sys --> c:\progra~1\avanqu~1\system~1\TFilter.sys [?]
S3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2012-2-4 244704]
S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2012-2-4 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-1-17 220824]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-02-05 01:39:40 -------- d-----w- c:\program files\Creative
2012-02-05 01:32:17 -------- d-----w- c:\documents and settings\all users\application data\UAB
2012-02-05 01:32:14 -------- d-----w- c:\documents and settings\tom\local settings\application data\PC_Drivers_Headquarters
2012-02-05 01:32:07 -------- d-----w- c:\documents and settings\all users\application data\Driver Manager
2012-02-05 01:31:22 -------- d-----w- c:\program files\Driver Manager
2012-02-04 22:26:04 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2012-02-04 22:26:04 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2012-02-04 22:26:04 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2012-02-04 22:26:04 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
2012-02-02 05:02:56 -------- d-----w- c:\program files\ESET
2012-02-02 04:18:10 -------- d-----w- c:\program files\3GPplayer2011
2012-02-02 00:24:20 -------- d-----w- c:\program files\Panda Security
2012-02-01 05:54:27 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-02-01 05:42:07 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information
2012-02-01 05:41:55 -------- d--h--w- C:\CanonMF
2012-01-31 23:40:22 -------- d-----w- C:\_Backup
2012-01-31 23:23:28 -------- d-----w- c:\program files\PC-Kitchen
2012-01-31 19:53:44 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-31 19:53:41 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-31 19:53:40 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-31 19:53:36 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-31 19:53:33 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-31 19:53:01 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-31 19:52:55 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-31 19:52:53 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-31 19:52:46 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-31 19:52:43 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-31 19:52:12 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-31 19:52:02 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-31 19:50:58 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-01-31 19:50:54 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2012-01-31 19:50:14 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-01-31 19:50:09 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-01-31 19:50:05 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-31 19:50:02 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-31 19:48:55 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-01-31 19:48:51 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2012-01-31 19:48:48 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-01-31 19:48:45 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-01-31 19:48:41 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-01-31 19:48:38 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-01-31 19:48:34 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-01-31 19:48:30 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-01-31 19:48:26 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-01-31 19:48:22 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-31 19:48:18 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-01-31 19:48:13 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-01-31 19:48:02 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-01-31 19:45:31 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-01-31 19:45:27 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-01-31 19:45:26 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-31 19:45:20 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-31 19:45:18 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-01-31 19:45:08 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-31 19:45:03 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-01-31 19:43:44 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-31 19:43:40 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-31 19:43:30 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-31 19:43:25 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-31 19:43:22 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-31 19:43:19 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-31 19:43:15 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-31 19:43:12 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-31 19:43:09 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-31 19:43:06 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-31 19:43:05 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-31 19:42:57 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-31 19:42:41 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-31 19:42:30 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-31 19:42:27 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-31 19:42:23 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-31 19:42:20 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2012-01-31 19:42:17 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2012-01-31 19:42:16 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-31 19:42:15 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-01-31 19:42:11 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2012-01-31 19:42:08 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2012-01-31 19:42:04 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2012-01-31 19:41:53 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2012-01-31 19:41:26 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-01-31 19:41:23 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-01-31 19:41:20 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-01-31 19:41:17 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-01-31 19:41:14 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-01-31 19:41:13 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-01-31 19:41:10 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-01-31 19:41:07 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-01-31 19:41:04 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-01-31 19:41:01 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-01-31 19:40:58 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-01-31 19:40:55 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-01-31 19:40:31 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-01-31 19:40:28 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-01-31 19:40:25 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-01-31 19:40:22 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-01-31 19:40:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-01-31 19:40:13 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-31 19:40:11 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-01-31 19:40:02 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-01-31 19:40:00 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-01-31 19:38:56 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2012-01-31 19:38:53 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2012-01-31 19:38:44 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-01-31 19:38:43 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-01-31 19:38:35 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-01-31 19:38:31 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-01-31 19:38:28 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-01-31 19:37:59 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-01-31 19:37:50 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-01-31 19:37:46 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-01-31 19:37:41 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-01-31 19:37:32 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-01-31 19:36:37 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-01-31 19:36:26 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-01-31 19:36:00 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-01-31 19:35:57 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-01-31 19:35:54 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-01-31 19:35:20 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-01-31 19:35:18 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-01-31 19:34:53 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-01-31 19:34:48 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-01-31 19:34:45 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2012-01-31 19:34:44 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-01-31 19:34:23 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-01-31 19:34:19 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-01-31 19:34:16 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-31 19:34:15 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-31 19:34:11 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-01-31 19:34:07 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-01-31 19:33:48 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-01-31 19:33:21 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-01-31 19:33:18 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2012-01-31 19:33:17 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-01-31 19:32:43 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-01-31 19:32:24 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-01-31 19:32:11 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-01-31 19:32:09 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-01-31 19:30:42 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-01-31 19:29:58 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-01-31 19:29:46 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-01-31 19:29:44 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-01-31 19:29:35 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-01-31 19:29:28 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-31 19:29:26 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-01-31 19:29:24 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-01-31 19:29:19 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-01-31 19:29:17 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-01-31 19:29:13 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-01-31 19:29:10 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-01-31 19:29:04 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-01-31 19:29:00 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-01-31 19:27:55 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-01-31 19:27:47 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-01-31 19:27:44 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-01-31 19:27:15 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-01-31 19:27:12 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-01-31 19:26:56 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-01-31 19:26:44 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-01-31 19:26:36 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-01-31 19:26:16 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-01-31 19:26:13 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-01-31 19:26:07 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-01-31 19:26:05 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-01-31 19:26:02 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-01-31 19:24:58 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-01-31 19:24:57 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-01-31 19:24:55 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-01-31 19:24:52 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-01-31 19:24:45 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-01-31 19:24:34 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-01-31 19:24:33 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-01-31 19:22:47 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-01-31 19:22:45 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-01-31 19:22:44 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-01-31 19:22:41 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-01-31 19:22:41 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-01-31 19:22:40 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-01-31 19:22:33 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-01-31 19:22:31 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-01-31 19:22:28 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-01-31 19:22:25 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-01-31 19:22:23 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-01-31 19:19:31 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-01-31 19:19:29 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-01-31 19:19:26 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2012-01-31 19:19:24 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2012-01-31 19:19:22 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2012-01-31 19:19:20 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2012-01-31 19:19:17 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-01-31 19:19:15 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-01-31 19:19:13 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-01-31 19:19:10 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-01-31 19:19:08 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-01-31 19:19:06 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-01-31 19:19:03 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-01-31 19:17:43 28288 -c--a-w- c:\windows\system32\dllcache\grserial.sys
2012-01-31 19:17:41 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-01-31 19:17:38 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2012-01-31 19:17:32 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2012-01-31 19:17:31 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2012-01-31 19:17:29 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2012-01-31 19:17:26 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2012-01-31 19:17:24 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-01-31 19:17:22 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2012-01-31 19:17:20 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2012-01-31 19:17:05 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-01-31 19:17:03 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-01-31 19:17:02 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-01-31 19:16:44 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-01-31 19:16:42 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-01-31 19:16:40 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2012-01-31 19:16:38 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2012-01-31 19:16:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-01-31 19:16:14 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-01-31 19:16:09 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2012-01-31 19:16:03 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-01-31 19:16:01 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2012-01-31 19:14:58 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2012-01-31 19:13:53 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2012-01-31 19:12:59 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2012-01-31 19:11:58 10240 -c--a-w- c:\windows\system32\dllcache\compbatt.sys
2012-01-31 19:10:59 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2012-01-31 19:08:59 14208 -c--a-w- c:\windows\system32\dllcache\battc.sys
2012-01-31 19:07:52 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2012-01-31 19:06:47 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2012-01-30 19:37:42 -------- d-----w- c:\program files\Tracker Software
.
==================== Find3M ====================
.
2011-12-14 03:07:58 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 04:37:46 796672 ----a-w- c:\windows\GPInstall.exe
2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
.
============= FINISH: 22:05:49.64 ===============

Edited by TNT2, 05 February 2012 - 01:27 AM.


#3 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 05 February 2012 - 01:29 AM

Attached File  gmer.log   174.02KB   2 downloads

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 05 February 2012 - 05:14 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 10:30 AM

tdsrootkit and combo fix attached below....thanks for your help

09:39:20.0718 3412 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
09:39:21.0031 3412 ============================================================
09:39:21.0031 3412 Current date / time: 2012/02/06 09:39:21.0031
09:39:21.0031 3412 SystemInfo:[/b]09:39:21.0031 3412
09:39:21.0031 3412 OS Version: 5.1.2600 ServicePack: 3.0
09:39:21.0031 3412 Product type: Workstation
09:39:21.0031 3412 ComputerName: TNT-MAIN
09:39:21.0031 3412 UserName: tom
09:39:21.0031 3412 Windows directory: C:\WINDOWS
09:39:21.0031 3412 System windows directory: C:\WINDOWS
09:39:21.0031 3412 Processor architecture: Intel x86
09:39:21.0031 3412 Number of processors: 1
09:39:21.0031 3412 Page size: 0x1000
09:39:21.0031 3412 Boot type: Normal boot
09:39:21.0031 3412 ============================================================
09:39:21.0578 3412 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:39:21.0578 3412 \Device\Harddisk0\DR0:
09:39:21.0578 3412 MBR used
09:39:21.0578 3412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFEAC6
09:39:21.0609 3412 Initialize success
09:39:21.0609 3412 ============================================================
09:39:25.0437 3304 ============================================================
09:39:25.0437 3304 Scan started
09:39:25.0437 3304 Mode: Manual;
09:39:25.0437 3304 ============================================================
09:39:25.0656 3304 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
09:39:25.0656 3304 Aavmker4 - ok
09:39:25.0687 3304 Abiosdsk - ok
09:39:25.0703 3304 abp480n5 - ok
09:39:25.0781 3304 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:39:25.0796 3304 ACPI - ok
09:39:26.0031 3304 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:39:26.0031 3304 ACPIEC - ok
09:39:26.0062 3304 adpu160m - ok
09:39:26.0140 3304 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:39:26.0156 3304 aec - ok
09:39:26.0218 3304 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:39:26.0218 3304 AFD - ok
09:39:26.0234 3304 Aha154x - ok
09:39:26.0250 3304 aic78u2 - ok
09:39:26.0265 3304 aic78xx - ok
09:39:26.0343 3304 aksfridge (11f424d02aea63a3a53445087072fdd0) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
09:39:26.0343 3304 aksfridge - ok
09:39:26.0406 3304 akshasp (64fc197d24a2b240598f29ce0a6660c0) C:\WINDOWS\system32\DRIVERS\akshasp.sys
09:39:26.0406 3304 akshasp - ok
09:39:26.0484 3304 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
09:39:26.0484 3304 akshhl - ok
09:39:26.0546 3304 aksusb (cce6c56f18d214de8d66f3f2a774cd5b) C:\WINDOWS\system32\DRIVERS\aksusb.sys
09:39:26.0546 3304 aksusb - ok
09:39:26.0562 3304 AliIde - ok
09:39:26.0578 3304 amsint - ok
09:39:26.0640 3304 ASAPIW2K (875f9079cabee679d34b49e466b61701) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys
09:39:26.0640 3304 ASAPIW2K - ok
09:39:26.0656 3304 asc - ok
09:39:26.0656 3304 asc3350p - ok
09:39:26.0671 3304 asc3550 - ok
09:39:26.0750 3304 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
09:39:26.0750 3304 Aspi32 - ok
09:39:26.0796 3304 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys
09:39:26.0796 3304 aswFsBlk - ok
09:39:26.0828 3304 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
09:39:26.0828 3304 aswMon2 - ok
09:39:26.0890 3304 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
09:39:26.0890 3304 aswRdr - ok
09:39:26.0953 3304 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
09:39:26.0968 3304 aswSnx - ok
09:39:27.0031 3304 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
09:39:27.0031 3304 aswSP - ok
09:39:27.0171 3304 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
09:39:27.0171 3304 aswTdi - ok
09:39:27.0250 3304 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:39:27.0250 3304 AsyncMac - ok
09:39:27.0296 3304 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:39:27.0296 3304 atapi - ok
09:39:27.0312 3304 Atdisk - ok
09:39:27.0593 3304 ati2mtag (f27a0b0d1373d36d866f29b434b7aa92) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:39:27.0625 3304 ati2mtag - ok
09:39:27.0734 3304 AtiHdmiService (591a9eabb5ef5168e435c2f18b05dd76) C:\WINDOWS\system32\drivers\AtiHdmi.sys
09:39:27.0734 3304 AtiHdmiService - ok
09:39:27.0765 3304 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:39:27.0765 3304 Atmarpc - ok
09:39:27.0843 3304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:39:27.0843 3304 audstub - ok
09:39:27.0921 3304 b57w2k (4826fcf97c47b361a2e2f68cd487a19e) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:39:27.0921 3304 b57w2k - ok
09:39:27.0937 3304 Beep - ok
09:39:28.0140 3304 catchme - ok
09:39:28.0171 3304 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:39:28.0171 3304 cbidf2k - ok
09:39:28.0234 3304 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
09:39:28.0234 3304 CCDECODE - ok
09:39:28.0250 3304 cd20xrnt - ok
09:39:28.0265 3304 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:39:28.0265 3304 Cdaudio - ok
09:39:28.0296 3304 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:39:28.0296 3304 Cdfs - ok
09:39:28.0375 3304 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
09:39:28.0375 3304 cdrbsdrv - ok
09:39:28.0500 3304 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:39:28.0500 3304 Cdrom - ok
09:39:28.0562 3304 Changer - ok
09:39:28.0578 3304 CmdIde - ok
09:39:28.0609 3304 Cpqarray - ok
09:39:28.0718 3304 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
09:39:28.0718 3304 cpudrv - ok
09:39:28.0734 3304 dac2w2k - ok
09:39:28.0750 3304 dac960nt - ok
09:39:28.0765 3304 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:39:28.0765 3304 Disk - ok
09:39:28.0843 3304 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:39:28.0875 3304 dmboot - ok
09:39:28.0937 3304 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:39:28.0937 3304 dmio - ok
09:39:28.0953 3304 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:39:28.0953 3304 dmload - ok
09:39:29.0000 3304 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:39:29.0000 3304 DMusic - ok
09:39:29.0015 3304 dpti2o - ok
09:39:29.0078 3304 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:39:29.0078 3304 drmkaud - ok
09:39:29.0140 3304 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
09:39:29.0140 3304 drvmcdb - ok
09:39:29.0156 3304 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
09:39:29.0156 3304 drvnddm - ok
09:39:29.0234 3304 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
09:39:29.0234 3304 ElbyCDIO - ok
09:39:29.0250 3304 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:39:29.0250 3304 Fastfat - ok
09:39:29.0312 3304 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:39:29.0312 3304 Fdc - ok
09:39:29.0328 3304 FilterService - ok
09:39:29.0343 3304 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:39:29.0343 3304 Fips - ok
09:39:29.0375 3304 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:39:29.0375 3304 Flpydisk - ok
09:39:29.0437 3304 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:39:29.0453 3304 FltMgr - ok
09:39:29.0468 3304 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:39:29.0468 3304 Fs_Rec - ok
09:39:29.0484 3304 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:39:29.0484 3304 Ftdisk - ok
09:39:29.0562 3304 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:39:29.0562 3304 Gpc - ok
09:39:29.0578 3304 gqsq - ok
09:39:29.0640 3304 hardlock (995178a443b07fa9eeaea041d7b4b5ca) C:\WINDOWS\system32\drivers\hardlock.sys
09:39:29.0640 3304 hardlock - ok
09:39:29.0812 3304 HardlockFilter - ok
09:39:29.0968 3304 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:39:29.0968 3304 HDAudBus - ok
09:39:30.0109 3304 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:39:30.0125 3304 hidusb - ok
09:39:30.0187 3304 hpn - ok
09:39:30.0234 3304 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:39:30.0234 3304 HPZid412 - ok
09:39:30.0250 3304 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:39:30.0250 3304 HPZipr12 - ok
09:39:30.0281 3304 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:39:30.0281 3304 HPZius12 - ok
09:39:30.0328 3304 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:39:30.0343 3304 HTTP - ok
09:39:30.0359 3304 i2omgmt - ok
09:39:30.0359 3304 i2omp - ok
09:39:30.0515 3304 I97DRIVER (3a6dc17e34611afd3b87924349dd831a) C:\Program Files\Avanquest\Fix-It\dgs.sys
09:39:30.0515 3304 I97DRIVER - ok
09:39:30.0593 3304 iastor (f26bfd48b1c314e0f23bf77acfa75940) C:\WINDOWS\system32\DRIVERS\iaStor.sys
09:39:30.0593 3304 iastor - ok
09:39:30.0656 3304 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:39:30.0656 3304 Imapi - ok
09:39:30.0671 3304 ini910u - ok
09:39:30.0703 3304 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
09:39:30.0703 3304 IntelIde - ok
09:39:30.0765 3304 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:39:30.0765 3304 intelppm - ok
09:39:30.0796 3304 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:39:30.0796 3304 Ip6Fw - ok
09:39:30.0859 3304 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:39:30.0859 3304 IpFilterDriver - ok
09:39:30.0921 3304 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:39:30.0921 3304 IpInIp - ok
09:39:30.0984 3304 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:39:30.0984 3304 IpNat - ok
09:39:31.0015 3304 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:39:31.0015 3304 IPSec - ok
09:39:31.0140 3304 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:39:31.0140 3304 IRENUM - ok
09:39:31.0203 3304 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:39:31.0203 3304 isapnp - ok
09:39:31.0265 3304 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:39:31.0265 3304 Kbdclass - ok
09:39:31.0281 3304 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:39:31.0281 3304 kbdhid - ok
09:39:31.0359 3304 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:39:31.0359 3304 kmixer - ok
09:39:31.0406 3304 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:39:31.0406 3304 KSecDD - ok
09:39:31.0421 3304 lbrtfdc - ok
09:39:31.0453 3304 lvpopflt - ok
09:39:31.0468 3304 LVUSBSta - ok
09:39:31.0468 3304 LVUVC - ok
09:39:31.0515 3304 MailScan - ok
09:39:31.0578 3304 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:39:31.0578 3304 mnmdd - ok
09:39:31.0640 3304 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:39:31.0640 3304 Modem - ok
09:39:31.0671 3304 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:39:31.0671 3304 Mouclass - ok
09:39:31.0734 3304 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:39:31.0734 3304 mouhid - ok
09:39:31.0750 3304 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:39:31.0750 3304 MountMgr - ok
09:39:31.0781 3304 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
09:39:31.0781 3304 MPE - ok
09:39:31.0843 3304 mr7910 (6aa46f9896d3c9e5a00e01bb416c707b) C:\WINDOWS\system32\DRIVERS\mr7910.sys
09:39:31.0843 3304 mr7910 - ok
09:39:31.0859 3304 mraid35x - ok
09:39:31.0921 3304 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:39:31.0921 3304 MRxDAV - ok
09:39:31.0984 3304 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:39:31.0984 3304 Msfs - ok
09:39:32.0046 3304 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:39:32.0046 3304 MSKSSRV - ok
09:39:32.0062 3304 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:39:32.0062 3304 MSPCLOCK - ok
09:39:32.0078 3304 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:39:32.0078 3304 MSPQM - ok
09:39:32.0109 3304 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:39:32.0109 3304 mssmbios - ok
09:39:32.0125 3304 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
09:39:32.0125 3304 MSTEE - ok
09:39:32.0171 3304 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:39:32.0171 3304 Mup - ok
09:39:32.0203 3304 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
09:39:32.0203 3304 NABTSFEC - ok
09:39:32.0250 3304 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:39:32.0250 3304 NDIS - ok
09:39:32.0265 3304 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
09:39:32.0265 3304 NdisIP - ok
09:39:32.0328 3304 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:39:32.0343 3304 NdisTapi - ok
09:39:32.0421 3304 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:39:32.0421 3304 Ndisuio - ok
09:39:32.0468 3304 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:39:32.0468 3304 NdisWan - ok
09:39:32.0546 3304 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:39:32.0546 3304 NDProxy - ok
09:39:32.0625 3304 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:39:32.0625 3304 NetBIOS - ok
09:39:32.0640 3304 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:39:32.0656 3304 NetBT - ok
09:39:32.0718 3304 NetworkX (680f008e4ba451288bf16f4e4aa741f2) C:\WINDOWS\system32\ckldrv.sys
09:39:32.0734 3304 NetworkX - ok
09:39:32.0765 3304 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:39:32.0765 3304 Npfs - ok
09:39:32.0828 3304 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:39:32.0843 3304 Ntfs - ok
09:39:32.0875 3304 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:39:32.0875 3304 Null - ok
09:39:33.0109 3304 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:39:33.0281 3304 nv - ok
09:39:33.0343 3304 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:39:33.0343 3304 NwlnkFlt - ok
09:39:33.0375 3304 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:39:33.0375 3304 NwlnkFwd - ok
09:39:33.0437 3304 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
09:39:33.0437 3304 OMCI - ok
09:39:33.0453 3304 PalmUSBD - ok
09:39:33.0515 3304 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:39:33.0515 3304 Parport - ok
09:39:33.0531 3304 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:39:33.0531 3304 PartMgr - ok
09:39:33.0562 3304 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:39:33.0562 3304 ParVdm - ok
09:39:33.0671 3304 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:39:33.0671 3304 PCI - ok
09:39:33.0718 3304 PCIDump - ok
09:39:33.0734 3304 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:39:33.0734 3304 PCIIde - ok
09:39:33.0796 3304 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\WINDOWS\system32\drivers\pclepci.sys
09:39:33.0812 3304 PCLEPCI - ok
09:39:33.0859 3304 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:39:33.0859 3304 Pcmcia - ok
09:39:33.0890 3304 PDCOMP - ok
09:39:33.0890 3304 PDFRAME - ok
09:39:33.0906 3304 PDRELI - ok
09:39:33.0921 3304 PDRFRAME - ok
09:39:33.0937 3304 perc2 - ok
09:39:33.0953 3304 perc2hib - ok
09:39:34.0031 3304 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:39:34.0031 3304 PptpMiniport - ok
09:39:34.0046 3304 PROCEXP151 - ok
09:39:34.0062 3304 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:39:34.0062 3304 PSched - ok
09:39:34.0125 3304 pssnap (52e5e76c927a44957de7e7671e1f7e35) C:\WINDOWS\system32\DRIVERS\pssnap.sys
09:39:34.0125 3304 pssnap - ok
09:39:34.0140 3304 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:39:34.0140 3304 Ptilink - ok
09:39:34.0187 3304 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
09:39:34.0187 3304 PxHelp20 - ok
09:39:34.0203 3304 ql1080 - ok
09:39:34.0218 3304 Ql10wnt - ok
09:39:34.0234 3304 ql12160 - ok
09:39:34.0234 3304 ql1240 - ok
09:39:34.0250 3304 ql1280 - ok
09:39:34.0296 3304 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:39:34.0296 3304 RasAcd - ok
09:39:34.0312 3304 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:39:34.0312 3304 Rasl2tp - ok
09:39:34.0328 3304 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:39:34.0343 3304 RasPppoe - ok
09:39:34.0343 3304 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:39:34.0359 3304 Raspti - ok
09:39:34.0375 3304 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:39:34.0375 3304 Rdbss - ok
09:39:34.0406 3304 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:39:34.0406 3304 RDPCDD - ok
09:39:34.0468 3304 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:39:34.0468 3304 rdpdr - ok
09:39:34.0531 3304 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:39:34.0531 3304 RDPWD - ok
09:39:34.0546 3304 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:39:34.0546 3304 redbook - ok
09:39:34.0625 3304 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
09:39:34.0625 3304 RimUsb - ok
09:39:34.0687 3304 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:39:34.0687 3304 RimVSerPort - ok
09:39:34.0750 3304 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
09:39:34.0750 3304 ROOTMODEM - ok
09:39:34.0859 3304 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:39:34.0859 3304 SASDIFSV - ok
09:39:34.0906 3304 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
09:39:34.0921 3304 SASENUM - ok
09:39:34.0953 3304 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
09:39:34.0953 3304 SASKUTIL - ok
09:39:35.0046 3304 SBRE - ok
09:39:35.0125 3304 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\WINDOWS\system32\drivers\SCDEmu.sys
09:39:35.0125 3304 SCDEmu - ok
09:39:35.0187 3304 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:39:35.0187 3304 Secdrv - ok
09:39:35.0281 3304 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
09:39:35.0281 3304 senfilt - ok
09:39:35.0328 3304 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:39:35.0328 3304 serenum - ok
09:39:35.0343 3304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:39:35.0343 3304 Serial - ok
09:39:35.0406 3304 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:39:35.0406 3304 Sfloppy - ok
09:39:35.0421 3304 Simbad - ok
09:39:35.0468 3304 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
09:39:35.0468 3304 SLIP - ok
09:39:35.0562 3304 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
09:39:35.0562 3304 smwdm - ok
09:39:35.0609 3304 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
09:39:35.0609 3304 SONYPVU1 - ok
09:39:35.0625 3304 Sparrow - ok
09:39:35.0656 3304 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:39:35.0656 3304 splitter - ok
09:39:35.0734 3304 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\System32\Drivers\sptd.sys
09:39:35.0765 3304 sptd - ok
09:39:35.0812 3304 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:39:35.0812 3304 sr - ok
09:39:35.0875 3304 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:39:35.0875 3304 Srv - ok
09:39:35.0921 3304 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
09:39:35.0921 3304 sscdbhk5 - ok
09:39:36.0000 3304 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
09:39:36.0000 3304 ssrtln - ok
09:39:36.0062 3304 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
09:39:36.0062 3304 streamip - ok
09:39:36.0156 3304 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:39:36.0156 3304 swenum - ok
09:39:36.0171 3304 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:39:36.0171 3304 swmidi - ok
09:39:36.0203 3304 symc810 - ok
09:39:36.0203 3304 symc8xx - ok
09:39:36.0218 3304 sym_hi - ok
09:39:36.0234 3304 sym_u3 - ok
09:39:36.0296 3304 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:39:36.0312 3304 sysaudio - ok
09:39:36.0390 3304 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:39:36.0406 3304 Tcpip - ok
09:39:36.0421 3304 TCPZ - ok
09:39:36.0468 3304 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:39:36.0468 3304 TDPIPE - ok
09:39:36.0484 3304 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:39:36.0484 3304 TDTCP - ok
09:39:36.0531 3304 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:39:36.0531 3304 TermDD - ok
09:39:36.0640 3304 TFilter - ok
09:39:36.0718 3304 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
09:39:36.0718 3304 tfsnboio - ok
09:39:36.0734 3304 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
09:39:36.0734 3304 tfsncofs - ok
09:39:36.0765 3304 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
09:39:36.0765 3304 tfsndrct - ok
09:39:36.0796 3304 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
09:39:36.0796 3304 tfsndres - ok
09:39:36.0843 3304 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
09:39:36.0843 3304 tfsnifs - ok
09:39:36.0875 3304 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
09:39:36.0875 3304 tfsnopio - ok
09:39:36.0890 3304 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
09:39:36.0890 3304 tfsnpool - ok
09:39:36.0953 3304 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
09:39:36.0953 3304 tfsnudf - ok
09:39:36.0968 3304 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
09:39:36.0968 3304 tfsnudfa - ok
09:39:37.0000 3304 TosIde - ok
09:39:37.0046 3304 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:39:37.0046 3304 Udfs - ok
09:39:37.0062 3304 ultra - ok
09:39:37.0125 3304 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:39:37.0125 3304 Update - ok
09:39:37.0296 3304 USB28xxBGA (23e192f610e267b73cfee0004c07658d) C:\WINDOWS\system32\DRIVERS\emBDA.sys
09:39:37.0312 3304 USB28xxBGA - ok
09:39:37.0421 3304 USB28xxOEM (9066c185084f04d08b109df93d2a13cc) C:\WINDOWS\system32\DRIVERS\emOEM.sys
09:39:37.0421 3304 USB28xxOEM - ok
09:39:37.0468 3304 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
09:39:37.0484 3304 usbaudio - ok
09:39:37.0531 3304 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:39:37.0531 3304 usbccgp - ok
09:39:37.0593 3304 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:39:37.0593 3304 usbehci - ok
09:39:37.0625 3304 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:39:37.0625 3304 usbhub - ok
09:39:37.0687 3304 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:39:37.0687 3304 usbprint - ok
09:39:37.0750 3304 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:39:37.0750 3304 usbscan - ok
09:39:37.0781 3304 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:39:37.0781 3304 USBSTOR - ok
09:39:37.0843 3304 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:39:37.0843 3304 usbuhci - ok
09:39:37.0890 3304 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
09:39:37.0890 3304 usbvideo - ok
09:39:37.0921 3304 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
09:39:37.0921 3304 usb_rndisx - ok
09:39:37.0953 3304 V0410Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\DRIVERS\V0410Afx.sys
09:39:37.0968 3304 V0410Afx - ok
09:39:38.0031 3304 V0410Aud (c10127dcf95c0cbec23d458328e38596) C:\WINDOWS\system32\DRIVERS\V0410Aud.sys
09:39:38.0031 3304 V0410Aud - ok
09:39:38.0109 3304 V0410Dev (b8b487c584b4bc4ee86509e832deeca5) C:\WINDOWS\system32\DRIVERS\V0410Dev.sys
09:39:38.0109 3304 V0410Dev - ok
09:39:38.0140 3304 V0410Vfx (f1d25a8a6e84107cc0c22bc1623e8b0c) C:\WINDOWS\system32\DRIVERS\V0410Vfx.sys
09:39:38.0140 3304 V0410Vfx - ok
09:39:38.0171 3304 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:39:38.0171 3304 VgaSave - ok
09:39:38.0187 3304 ViaIde - ok
09:39:38.0234 3304 vmibtpsm (404543538d9dcaab6f5e0f6821318723) C:\WINDOWS\system32\drivers\vmibtpsm.sys
09:39:38.0234 3304 vmibtpsm - ok
09:39:38.0328 3304 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:39:38.0328 3304 VolSnap - ok
09:39:38.0359 3304 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:39:38.0359 3304 Wanarp - ok
09:39:38.0500 3304 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:39:38.0515 3304 Wdf01000 - ok
09:39:38.0515 3304 WDICA - ok
09:39:38.0546 3304 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:39:38.0546 3304 wdmaud - ok
09:39:38.0640 3304 WmBEnum (1abfd1399436e81c9d857f5fc76eaf98) C:\WINDOWS\system32\drivers\WmBEnum.sys
09:39:38.0640 3304 WmBEnum - ok
09:39:38.0687 3304 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\WINDOWS\system32\drivers\WmFilter.sys
09:39:38.0687 3304 WmFilter - ok
09:39:38.0718 3304 WmVirHid (a40d2dd0f019423ef6c363f1295eb38d) C:\WINDOWS\system32\drivers\WmVirHid.sys
09:39:38.0718 3304 WmVirHid - ok
09:39:38.0734 3304 WmXlCore (2bf505424f469155cd90d7b3301d7adc) C:\WINDOWS\system32\drivers\WmXlCore.sys
09:39:38.0734 3304 WmXlCore - ok
09:39:38.0781 3304 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:39:38.0796 3304 WpdUsb - ok
09:39:38.0890 3304 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:39:38.0890 3304 WS2IFSL - ok
09:39:38.0937 3304 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
09:39:38.0937 3304 WSTCODEC - ok
09:39:38.0953 3304 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:39:38.0953 3304 WudfPf - ok
09:39:39.0031 3304 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:39:39.0031 3304 WudfRd - ok
09:39:39.0125 3304 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:39:39.0265 3304 \Device\Harddisk0\DR0 - ok
09:39:39.0265 3304 Boot (0x1200) (f4af0daaf0e05c53fdb24e6d97c47258) \Device\Harddisk0\DR0\Partition0
09:39:39.0265 3304 \Device\Harddisk0\DR0\Partition0 - ok
09:39:39.0281 3304 ============================================================
09:39:39.0281 3304 Scan finished
09:39:39.0281 3304 ============================================================
09:39:39.0281 3548 Detected object count: 0
09:39:39.0281 3548 Actual detected object count: 0
09:40:48.0718 3392 Deinitialize success








ComboFix 12-02-06.01 - tom 02/06/2012 9:45.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2278 [GMT -5:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-05 17:29 . 2012-02-05 17:29 -------- d-----w- c:\program files\SystemRequirementsLab
2012-02-05 17:29 . 2012-02-05 17:29 -------- d-----w- c:\documents and settings\tom\Application Data\SystemRequirementsLab
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\Creative
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\tom\Local Settings\Application Data\PC_Drivers_Headquarters
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Manager
2012-02-05 01:31 . 2012-02-05 01:31 -------- d-----w- c:\program files\Driver Manager
2012-02-04 22:26 . 2012-02-04 22:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-04 22:26 . 2012-02-04 22:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-04 22:26 . 2012-02-04 22:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-04 22:26 . 2012-02-04 22:26 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-02 05:02 . 2012-02-02 05:02 -------- d-----w- c:\program files\ESET
2012-02-02 04:18 . 2012-02-02 04:18 -------- d-----w- c:\program files\3GPplayer2011
2012-02-01 05:54 . 2012-02-01 06:24 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-02-01 05:42 . 2012-02-01 05:42 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information
2012-02-01 05:41 . 2012-02-01 05:41 -------- d-----w- C:\CanonMF
2012-01-31 23:40 . 2012-01-31 23:49 -------- d-----w- C:\_Backup
2012-01-31 23:23 . 2012-01-31 23:23 -------- d-----w- c:\program files\PC-Kitchen
2012-01-31 19:53 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2012-01-31 19:53 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2012-01-31 19:53 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2012-01-31 19:53 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2012-01-31 19:53 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2012-01-31 19:53 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2012-01-31 19:52 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2012-01-31 19:52 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2012-01-31 19:52 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2012-01-31 19:52 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2012-01-31 19:52 . 2008-04-13 18:36 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2012-01-31 19:52 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2012-01-31 19:50 . 2001-08-17 17:13 19016 -c--a-w- c:\windows\system32\dllcache\w926nd.sys
2012-01-31 19:50 . 2001-08-17 17:13 19528 -c--a-w- c:\windows\system32\dllcache\w840nd.sys
2012-01-31 19:50 . 2001-08-17 18:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2012-01-31 19:50 . 2001-08-17 18:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2012-01-31 19:50 . 2001-08-17 18:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2012-01-31 19:50 . 2001-08-17 17:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2012-01-31 19:48 . 2001-08-18 03:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2012-01-31 19:48 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\umaxu40.dll
2012-01-31 19:48 . 2001-08-18 03:36 26624 -c--a-w- c:\windows\system32\dllcache\umaxu22.dll
2012-01-31 19:48 . 2001-08-18 03:36 69632 -c--a-w- c:\windows\system32\dllcache\umaxu12.dll
2012-01-31 19:48 . 2001-08-18 03:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2012-01-31 19:48 . 2001-08-17 18:58 22912 -c--a-w- c:\windows\system32\dllcache\umaxpcls.sys
2012-01-31 19:48 . 2001-08-18 03:36 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2012-01-31 19:48 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\umaxcam.dll
2012-01-31 19:48 . 2001-08-18 03:36 211968 -c--a-w- c:\windows\system32\dllcache\um54scan.dll
2012-01-31 19:48 . 2001-08-18 03:36 216064 -c--a-w- c:\windows\system32\dllcache\um34scan.dll
2012-01-31 19:48 . 2001-08-17 18:52 36736 -c--a-w- c:\windows\system32\dllcache\ultra.sys
2012-01-31 19:48 . 2001-08-17 18:48 11520 -c--a-w- c:\windows\system32\dllcache\twotrack.sys
2012-01-31 19:48 . 2001-08-17 17:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2012-01-31 19:45 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2012-01-31 19:45 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2012-01-31 19:45 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2012-01-31 19:45 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2012-01-31 19:45 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2012-01-31 19:45 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2012-01-31 19:45 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2012-01-31 19:43 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-01-31 19:43 . 2001-08-18 03:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2012-01-31 19:43 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-31 19:43 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-31 19:43 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-31 19:43 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-31 19:43 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-31 19:43 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-31 19:43 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-31 19:43 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-31 19:43 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-31 19:42 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-31 19:42 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-31 19:42 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-31 19:42 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-31 19:42 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-31 19:42 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2012-01-31 19:42 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2012-01-31 19:42 . 2008-04-13 18:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-31 19:42 . 2008-04-13 18:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-01-31 19:42 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2012-01-31 19:42 . 2001-08-18 03:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2012-01-31 19:42 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2012-01-31 19:41 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2012-01-31 19:41 . 2004-08-04 02:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-01-31 19:41 . 2001-08-17 17:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-01-31 19:41 . 2001-08-17 17:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-01-31 19:41 . 2001-08-17 19:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-01-31 19:41 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-01-31 19:41 . 2004-08-04 02:31 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-01-31 19:41 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-01-31 19:41 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-01-31 19:41 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-01-31 19:41 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-01-31 19:40 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-01-31 19:40 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-01-31 19:40 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-01-31 19:40 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-01-31 19:40 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-01-31 19:40 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-01-31 19:40 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-01-31 19:40 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-31 19:40 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-01-31 19:40 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-01-31 19:40 . 2008-04-13 18:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-01-31 19:38 . 2001-08-18 03:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2012-01-31 19:38 . 2001-08-18 03:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2012-01-31 19:38 . 2008-04-14 00:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-01-31 19:38 . 2008-04-14 00:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-01-31 19:38 . 2004-08-04 02:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-01-31 19:38 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-01-31 19:38 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-01-31 19:37 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-01-31 19:37 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-01-31 19:37 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-01-31 19:37 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-01-31 19:37 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-01-31 19:36 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-01-31 19:36 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-01-31 19:36 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-01-31 19:35 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-01-31 19:35 . 2001-08-17 18:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-01-31 19:35 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-01-31 19:35 . 2001-08-17 18:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-01-31 19:34 . 2001-08-17 18:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-01-31 19:34 . 2001-08-17 18:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-01-31 19:34 . 2001-08-17 18:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2012-01-31 19:34 . 2008-04-13 18:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-01-31 19:34 . 2001-08-17 18:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 03:07 . 2011-11-24 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-05-12 01:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 04:37 . 2011-12-04 04:37 796672 ----a-w- c:\windows\GPInstall.exe
2011-11-28 18:01 . 2011-05-16 19:16 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-05-16 19:16 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-16 19:16 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-05-16 19:16 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-05-16 19:16 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-05-16 19:16 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-05-16 19:16 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-05-16 19:16 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-05-16 19:16 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-05-16 19:16 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-12 13:33 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 13:33 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 13:25 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 13:33 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 13:27 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-04 22:26 . 2011-04-21 01:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0410Ext.ax"="c:\windows\system32\V0410Ext.ax" [X]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"V0410Mon.exe"="c:\windows\V0410Mon.exe" [2007-06-07 32768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"phdvqajjvglqkvigcdmiTaskMgr"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-11 01:47 136176 ----atw- c:\documents and settings\tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
2008-11-18 16:25 226576 ------w- c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-05 02:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\tom\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/17/2011 7:02 PM 16024]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/16/2011 2:16 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/16/2011 2:16 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/16/2011 2:16 PM 20568]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S1 vmibtpsm;vmibtpsm;c:\windows\system32\drivers\vmibtpsm.sys [9/30/2009 8:34 PM 28320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 HardlockFilter;HardlockFilter;\??\c:\documents and settings\tom\Desktop\lmd --> c:\documents and settings\tom\Desktop\lmd [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 I97DRIVER;I97DRIVER;c:\program files\Avanquest\Fix-It\dgs.sys [8/31/2007 11:18 AM 6600]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 TFilter;TFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [?]
S3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2/4/2012 8:38 PM 142656]
S3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2/4/2012 8:38 PM 94720]
S3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2/4/2012 8:38 PM 244704]
S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2/4/2012 8:38 PM 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/17/2011 7:02 PM 220824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/19/2009 12:42 PM 685816]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 67143752
*Deregistered* - 67143752
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vczbqsae
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\RegistryCleaner.job
- c:\program files\PC-Kitchen\RegistryCleaner\3.1.0.5\RegistryCleaner.exe [2012-01-31 23:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\i0a2uuqz.test\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 10:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HardlockFilter]
"ImagePath"="\??\c:\documents and settings\tom\Desktop\lmd"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,92,1c,af,88,b7,c6,d2,09,9e,81,31,42,70,69,5f,f5,7b,87,3a,9b,f0,1c,
f3,d1,d9,8c,3b,1d,02,a4,f0,d1,e9,9b,ba,7d,ef,80,71,1f,e2,93,fa,08,7e,b0,e4,\
"??"=hex:dd,7e,fc,d0,16,f3,84,c5,d2,2c,cd,4f,45,e2,bb,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-02-06 10:15:07
ComboFix-quarantined-files.txt 2012-02-06 15:15
ComboFix2.txt 2012-02-01 04:19
.
Pre-Run: 44,113,305,600 bytes free
Post-Run: 44,159,922,176 bytes free
.
- - End Of File - - 77A55B7D8DB72C005891C2DAB5F05B71

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 06 February 2012 - 10:59 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic440974.html/page__pid__2586665#entry2586665

DirLook::
c:\documents and settings\All Users\Application Data\UAB

Collect::
c:\windows\system32\drivers\vmibtpsm.sys

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"phdvqajjvglqkvigcdmiTaskMgr"=-

NetSvc::
vczbqsae

Driver::
vczbqsae
vmibtpsm

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 12:20 PM

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,92,1c,af,88,b7,c6,d2,09,9e,81,31,42,70,69,5f,f5,7b,87,3a,9b,f0,1c,
f3,d1,d9,8c,3b,1d,02,a4,f0,d1,e9,9b,ba,7d,ef,80,71,1f,e2,93,fa,08,7e,b0,e4,\
"??"=hex:dd,7e,fc,d0,16,f3,84,c5,d2,2c,cd,4f,45,e2,bb,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Completion time: 2012-02-06 12:09:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 17:09
ComboFix2.txt 2012-02-06 15:15
ComboFix3.txt 2012-02-01 04:19
.
Pre-Run: 44,605,120,512 bytes free
Post-Run: 44,583,120,896 bytes free
.
- - End Of File - - CFB0017767BF8105A11F496FE9271C03
Upload was successful

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 06 February 2012 - 12:30 PM

Hi,

Most of the log has been cut off, if you could please post it again, thanks

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 12:33 PM

ComboFix 12-02-06.01 - tom 02/06/2012 11:47:12.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2814.2185 [GMT -5:00]
Running from: c:\documents and settings\tom\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tom\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
file zipped: c:\windows\system32\drivers\vmibtpsm.sys
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VCZBQSAE
-------\Service_vmibtpsm
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-05 17:29 . 2012-02-05 17:29 -------- d-----w- c:\program files\SystemRequirementsLab
2012-02-05 17:29 . 2012-02-05 17:29 -------- d-----w- c:\documents and settings\tom\Application Data\SystemRequirementsLab
2012-02-05 01:39 . 2012-02-05 01:39 -------- d-----w- c:\program files\Creative
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\tom\Local Settings\Application Data\PC_Drivers_Headquarters
2012-02-05 01:32 . 2012-02-05 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Manager
2012-02-05 01:31 . 2012-02-05 01:31 -------- d-----w- c:\program files\Driver Manager
2012-02-04 22:26 . 2012-02-04 22:26 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-04 22:26 . 2012-02-04 22:26 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-04 22:26 . 2012-02-04 22:26 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-04 22:26 . 2012-02-04 22:26 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-02 05:02 . 2012-02-02 05:02 -------- d-----w- c:\program files\ESET
2012-02-02 04:18 . 2012-02-02 04:18 -------- d-----w- c:\program files\3GPplayer2011
2012-02-01 05:54 . 2012-02-01 06:24 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2012-02-01 05:42 . 2012-02-01 05:42 -------- d--h--w- c:\windows\system32\CanonMF Uninstaller Information
2012-02-01 05:41 . 2012-02-01 05:41 -------- d-----w- C:\CanonMF
2012-01-31 23:40 . 2012-01-31 23:49 -------- d-----w- C:\_Backup
2012-01-31 23:23 . 2012-01-31 23:23 -------- d-----w- c:\program files\PC-Kitchen
2012-01-31 19:43 . 2001-08-18 03:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2012-01-31 19:43 . 2001-08-17 18:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2012-01-31 19:43 . 2001-08-18 03:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2012-01-31 19:43 . 2001-08-17 19:07 19072 -c--a-w- c:\windows\system32\dllcache\sparrow.sys
2012-01-31 19:43 . 2001-08-17 17:51 37040 -c--a-w- c:\windows\system32\dllcache\sonypi.sys
2012-01-31 19:43 . 2001-08-18 03:36 114688 -c--a-w- c:\windows\system32\dllcache\sonypi.dll
2012-01-31 19:43 . 2001-08-17 17:51 20752 -c--a-w- c:\windows\system32\dllcache\sonync.sys
2012-01-31 19:43 . 2001-08-17 18:53 9600 -c--a-w- c:\windows\system32\dllcache\sonymc.sys
2012-01-31 19:43 . 2008-04-13 18:40 7552 -c--a-w- c:\windows\system32\dllcache\sonyait.sys
2012-01-31 19:42 . 2001-08-17 18:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2012-01-31 19:42 . 2001-08-17 17:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2012-01-31 19:42 . 2001-08-17 19:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2012-01-31 19:42 . 2001-08-17 17:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2012-01-31 19:42 . 2001-08-17 17:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2012-01-31 19:42 . 2001-08-17 17:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2012-01-31 19:42 . 2001-08-17 18:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2012-01-31 19:42 . 2008-04-13 18:36 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2012-01-31 19:42 . 2008-04-13 18:36 16000 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2012-01-31 19:42 . 2001-08-18 03:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2012-01-31 19:42 . 2001-08-18 03:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2012-01-31 19:42 . 2001-08-18 03:36 28672 -c--a-w- c:\windows\system32\dllcache\sma0w.dll
2012-01-31 19:41 . 2001-08-18 03:36 28160 -c--a-w- c:\windows\system32\dllcache\sm91w.dll
2012-01-31 19:41 . 2004-08-04 02:31 63547 -c--a-w- c:\windows\system32\dllcache\sla30nd5.sys
2012-01-31 19:41 . 2001-08-17 17:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2012-01-31 19:41 . 2001-08-17 17:12 94698 -c--a-w- c:\windows\system32\dllcache\sk98xwin.sys
2012-01-31 19:41 . 2001-08-17 19:56 157696 -c--a-w- c:\windows\system32\dllcache\sisv256.dll
2012-01-31 19:41 . 2001-08-17 17:50 50432 -c--a-w- c:\windows\system32\dllcache\sisv.sys
2012-01-31 19:41 . 2004-08-04 02:31 32768 -c--a-w- c:\windows\system32\dllcache\sisnic.sys
2012-01-31 19:41 . 2001-08-18 03:36 238592 -c--a-w- c:\windows\system32\dllcache\sisgrv.dll
2012-01-31 19:41 . 2001-08-17 17:50 104064 -c--a-w- c:\windows\system32\dllcache\sisgrp.sys
2012-01-31 19:41 . 2001-08-17 19:56 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2012-01-31 19:41 . 2001-08-17 17:50 68608 -c--a-w- c:\windows\system32\dllcache\sis6306p.sys
2012-01-31 19:40 . 2001-08-17 19:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2012-01-31 19:40 . 2001-08-17 17:50 101760 -c--a-w- c:\windows\system32\dllcache\sis300ip.sys
2012-01-31 19:40 . 2001-07-21 19:29 161568 -c--a-w- c:\windows\system32\dllcache\sgsmusb.sys
2012-01-31 19:40 . 2001-07-21 19:29 18400 -c--a-w- c:\windows\system32\dllcache\sgsmld.sys
2012-01-31 19:40 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2012-01-31 19:40 . 2001-08-18 03:36 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2012-01-31 19:40 . 2001-08-17 17:19 36480 -c--a-w- c:\windows\system32\dllcache\sfmanm.sys
2012-01-31 19:40 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2012-01-31 19:40 . 2001-08-17 18:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2012-01-31 19:40 . 2001-08-17 18:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2012-01-31 19:40 . 2008-04-13 18:45 11520 -c--a-w- c:\windows\system32\dllcache\scsiscan.sys
2012-01-31 19:38 . 2001-08-18 03:36 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2012-01-31 19:38 . 2001-08-18 03:36 79872 -c--a-w- c:\windows\system32\dllcache\rwia430.dll
2012-01-31 19:38 . 2008-04-14 00:12 29696 -c--a-w- c:\windows\system32\dllcache\rw450ext.dll
2012-01-31 19:38 . 2008-04-14 00:12 27648 -c--a-w- c:\windows\system32\dllcache\rw430ext.dll
2012-01-31 19:38 . 2004-08-04 02:31 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2012-01-31 19:38 . 2001-08-17 17:12 19017 -c--a-w- c:\windows\system32\dllcache\rtl8029.sys
2012-01-31 19:38 . 2001-08-17 17:19 30720 -c--a-w- c:\windows\system32\dllcache\rthwcls.sys
2012-01-31 19:37 . 2001-08-18 03:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2012-01-31 19:37 . 2001-08-17 17:19 3840 -c--a-w- c:\windows\system32\dllcache\rpfun.sys
2012-01-31 19:37 . 2008-04-13 18:40 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2012-01-31 19:37 . 2001-08-17 17:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2012-01-31 19:37 . 2001-08-18 03:36 86097 -c--a-w- c:\windows\system32\dllcache\reslog32.dll
2012-01-31 19:36 . 2001-08-17 18:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2012-01-31 19:36 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2012-01-31 19:36 . 2001-08-17 18:28 899146 -c--a-w- c:\windows\system32\dllcache\r2mdkxga.sys
2012-01-31 19:35 . 2001-08-18 03:36 41472 -c--a-w- c:\windows\system32\dllcache\qvusd.dll
2012-01-31 19:35 . 2001-08-17 18:53 3328 -c--a-w- c:\windows\system32\dllcache\qv2kux.sys
2012-01-31 19:35 . 2001-08-17 18:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2012-01-31 19:35 . 2001-08-17 18:52 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2012-01-31 19:34 . 2001-08-17 18:52 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2012-01-31 19:34 . 2001-08-17 18:52 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2012-01-31 19:34 . 2001-08-17 18:52 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2012-01-31 19:34 . 2008-04-13 18:40 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2012-01-31 19:34 . 2001-08-17 18:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2012-01-31 19:34 . 2001-08-17 18:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2012-01-31 19:34 . 2001-08-17 18:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2012-01-31 19:34 . 2008-04-14 00:12 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2012-01-31 19:34 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2012-01-31 19:34 . 2001-08-18 03:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2012-01-31 19:33 . 2001-08-17 18:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2012-01-31 19:33 . 2008-04-13 18:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2012-01-31 19:33 . 2001-08-17 18:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2012-01-31 19:33 . 2008-04-13 18:40 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2012-01-31 19:32 . 2001-08-17 18:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2012-01-31 19:32 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2012-01-31 19:32 . 2001-08-17 19:07 19840 -c--a-w- c:\windows\system32\dllcache\philtune.sys
2012-01-31 19:32 . 2001-08-17 19:04 92416 -c--a-w- c:\windows\system32\dllcache\phildec.sys
2012-01-31 19:30 . 2001-08-18 03:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2012-01-31 19:29 . 2008-04-13 18:46 61696 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2012-01-31 19:29 . 2001-08-17 17:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2012-01-31 19:29 . 2001-08-18 03:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2012-01-31 19:29 . 2001-08-17 17:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2012-01-31 19:29 . 2001-08-17 18:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2012-01-31 19:29 . 2001-08-17 18:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2012-01-31 19:29 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2012-01-31 19:29 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2012-01-31 19:29 . 2001-08-17 17:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2012-01-31 19:29 . 2001-08-17 17:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2012-01-31 19:29 . 2004-08-04 02:31 132695 -c--a-w- c:\windows\system32\dllcache\netwlan5.sys
2012-01-31 19:29 . 2001-08-17 17:11 65278 -c--a-w- c:\windows\system32\dllcache\netflx3.sys
2012-01-31 19:29 . 2001-08-17 17:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2012-01-31 19:27 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2012-01-31 19:27 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2012-01-31 19:27 . 2008-04-13 18:54 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2012-01-31 19:27 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2012-01-31 19:27 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2012-01-31 19:26 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2012-01-31 19:26 . 2001-08-17 18:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-01-31 19:26 . 2001-08-17 18:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2012-01-31 19:26 . 2001-08-17 17:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-01-31 19:26 . 2001-08-17 19:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-01-31 19:26 . 2008-04-13 18:41 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-01-31 19:26 . 2001-08-18 03:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-01-31 19:26 . 2001-08-17 18:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 03:07 . 2011-11-24 03:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 20:24 . 2009-05-12 01:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 04:37 . 2011-12-04 04:37 796672 ----a-w- c:\windows\GPInstall.exe
2011-11-28 18:01 . 2011-05-16 19:16 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2011-05-16 19:16 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-16 19:16 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2011-05-16 19:16 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2011-05-16 19:16 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2011-05-16 19:16 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2011-05-16 19:16 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2011-05-16 19:16 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2011-05-16 19:16 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2011-05-16 19:16 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-12 13:33 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-12 13:33 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-12 13:25 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-12 13:33 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-12 13:27 152064 ----a-w- c:\windows\system32\schannel.dll
2012-02-04 22:26 . 2011-04-21 01:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\UAB ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0410Ext.ax"="c:\windows\system32\V0410Ext.ax" [X]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"V0410Mon.exe"="c:\windows\V0410Mon.exe" [2007-06-07 32768]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-02-15 01:32 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-03-11 01:47 136176 ----atw- c:\documents and settings\tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
2004-03-11 06:26 406016 ----a-w- c:\windows\system32\PSDrvCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote]
2008-11-18 16:25 226576 ------w- c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-01-05 02:36 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 19:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\imapi.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\tom\\Desktop\\utorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [1/17/2011 7:02 PM 16024]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/16/2011 2:16 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/16/2011 2:16 PM 314456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 10:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 10:42 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/16/2011 2:16 PM 20568]
R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 HardlockFilter;HardlockFilter;\??\c:\documents and settings\tom\Desktop\lmd --> c:\documents and settings\tom\Desktop\lmd [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 10:08 AM 11336]
S3 I97DRIVER;I97DRIVER;c:\program files\Avanquest\Fix-It\dgs.sys [8/31/2007 11:18 AM 6600]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 10:42 AM 12872]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S3 TFilter;TFilter;\??\c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys --> c:\progra~1\AVANQU~1\SYSTEM~1\TFilter.sys [?]
S3 V0410Afx;Creative Camera VF0410 Audio Effects Driver;c:\windows\system32\drivers\V0410AFX.sys [2/4/2012 8:38 PM 142656]
S3 V0410Aud;Creative Camera VF0410 Noise Cancellation APO;c:\windows\system32\drivers\V0410Aud.sys [2/4/2012 8:38 PM 94720]
S3 V0410Dev;Creative Camera VF0410 Driver;c:\windows\system32\drivers\V0410Dev.sys [2/4/2012 8:38 PM 244704]
S3 V0410Vfx;Creative Camera VF0410 Video VFX Driver;c:\windows\system32\drivers\V0410Vfx.sys [2/4/2012 8:38 PM 7168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [1/17/2011 7:02 PM 220824]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/19/2009 12:42 PM 685816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\RegistryCleaner.job
- c:\program files\PC-Kitchen\RegistryCleaner\3.1.0.5\RegistryCleaner.exe [2012-01-31 23:23]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\tom\Application Data\Mozilla\Firefox\Profiles\i0a2uuqz.test\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-06 11:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\HardlockFilter]
"ImagePath"="\??\c:\documents and settings\tom\Desktop\lmd"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a6,7f,0b,49,52,75,21,4b,8d,65,bf,\
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-789336058-1500820517-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,92,1c,af,88,b7,c6,d2,09,9e,81,31,42,70,69,5f,f5,7b,87,3a,9b,f0,1c,
f3,d1,d9,8c,3b,1d,02,a4,f0,d1,e9,9b,ba,7d,ef,80,71,1f,e2,93,fa,08,7e,b0,e4,\
"??"=hex:dd,7e,fc,d0,16,f3,84,c5,d2,2c,cd,4f,45,e2,bb,95
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\crypserv.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\progra~1\AVANQU~1\Fix-It\mxtask.exe
c:\windows\system32\hasplms.exe
.
**************************************************************************
.
Completion time: 2012-02-06 12:09:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-06 17:09
ComboFix2.txt 2012-02-06 15:15
ComboFix3.txt 2012-02-01 04:19
.
Pre-Run: 44,605,120,512 bytes free
Post-Run: 44,583,120,896 bytes free
.
- - End Of File - - CFB0017767BF8105A11F496FE9271C03
Upload was successful

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 06 February 2012 - 12:40 PM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 01:53 PM

MBAM CAME BACK CLEAN....ESET IS TAKING FOREVER...WILL POST SOON ABOUT 50% COMPLETE


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
tom :: TNT-MAIN [administrator]

2/6/2012 12:46:07 PM
mbam-log-2012-02-06 (12-46-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233663
Time elapsed: 6 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 04:51 PM

eset scan

C:\Documents and Settings\tom\Application Data\Avanquest\SystemSuite\Quarantine\Keygen.exe.QUAR00 a variant of Win32/Keygen.AF application
C:\Documents and Settings\tom\My Documents\my movies\Windows XP Pro 32-Bit SP3 10-20-2008 Activated\XP DISK IMAGE.iso a variant of Win32/PSWTool.RAS.A application
C:\Program Files\Avanquest\Fix-It\W32Int13.dll a variant of Win32/Kryptik.FNT trojan
C:\Program Files\Common Files\Wise Installation Wizard\WIS5158974E2D28401893357694C2974746_8_0_2_2.MSI a variant of Win32/Kryptik.FNT trojan

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 06 February 2012 - 05:12 PM

Are you running a pirated OS?

C:\Documents and Settings\tom\My Documents\my movies\Windows XP Pro 32-Bit SP3 10-20-2008 Activated\XP DISK IMAGE.iso

If so, you need to contact Microsoft and purchase a legitimate licence.
Theft of software, not only is illegal, but comes with a higher price in that your machine will certainly be compromised and will likely become re-infected quickly also by connecting an infected machine to the internet, there is the possibility you will infect other innocent users.
Please think about the true consequences of using pirated software
Bleeping Computer does not condone the use of pirated software.
http://miekiemoes.blogspot.com/2008/06/neverending-story.html

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\Documents and Settings\tom\Application Data\Avanquest\SystemSuite\Quarantine\Keygen.exe.QUAR00 
C:\Documents and Settings\tom\My Documents\my movies\Windows XP Pro 32-Bit SP3 10-20-2008 Activated\XP DISK IMAGE.iso 
C:\Program Files\Avanquest\Fix-It\W32Int13.dll 
C:\Program Files\Common Files\Wise Installation Wizard\WIS5158974E2D28401893357694C2974746_8_0_2_2.MSI 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 TNT2

TNT2
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 06 February 2012 - 05:23 PM

fyi: i had trouble with my install disk so i had to do something...i own the software for sure....does this scripting delete the aforementioned items ...i dont need the m was just wondering what happens?

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:17 AM

Posted 06 February 2012 - 05:26 PM

yes, the script will remove them from your computer

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users