Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Probable rootkit infection - dubious registry entries


  • This topic is locked This topic is locked
21 replies to this topic

#1 edgardresmen

edgardresmen

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 17 March 2012 - 02:33 PM

Hello there,

My antivirus software (Avira) started warning me of late that Trojans seemed to have infected my computer. I used HiJackThis and tried 2-3 things, but to no avail... Seems I'm clearly out of my depth here. I can't seem to remove registry keys that load malware located in Temp directories and I feel some services are malware masquerading as legitimate services - but I can't seem to find a way to get rid of them. Could you please help ?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Gerard at 20:02:21 on 2012-03-17
Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.2046.762 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
D:\Program Files\Avira\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Gerard\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
D:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
D:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\ProgramData\E39547DC.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Users\Gerard\Downloads\yswuz9br.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer fourni par LDLC.Com
mDefault_Page_URL = hxxp://www.ldlc.com
uInternet Settings,ProxyOverride = *.local
uWindows: Load=c:\users\gerard\locals~1\temp\msalmleix.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Knowmore K-Now Plug-In v2.00: {b27cd912-8cd0-420a-85b9-607b44294d24} - c:\program files\knowmore\know plug-in\res\knowmore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTZDetec.exe] d:\program files\creative\creative media lite\CTZDetec.exe
uRun: [googletalk] c:\users\gerard\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\users\gerard\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Microsoft Windows Application] c:\programdata\E39547DC.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
mRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Plugin Install] c:\program files\quicktime\plugins\DeleteMe1.exe
mRun: [pdfw] c:\program files\amic utilities\pdf writer pro\pdfwload.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "d:\program files\avira\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mExplorerRun: [22287] c:\progra~2\locals~1\temp\mszdoz.cmd
StartupFolder: c:\users\gerard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pdfcre~1.lnk - d:\program files\pdfcreator\PDFCreator.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{20765187-9F8F-4ABA-A1C6-4A3D08E38AFF} : DhcpNameServer = 212.27.54.252 212.27.53.252
TCP: Interfaces\{2AFB9CBC-21E2-42F1-AEB1-7129822C49C5} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gerard\appdata\roaming\mozilla\firefox\profiles\efx1604q.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - search
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gerard\appdata\roaming\electronic arts\game face\1.0.0.18\npGameFacePlugin.dll
FF - plugin: c:\users\gerard\program files\dna\plugins\npbtdna.dll
FF - plugin: d:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx content uploader\npUpload.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-30 36000]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R2 AntiVirSchedulerService;Avira Planificateur;d:\program files\avira\avira\antivir desktop\sched.exe [2011-12-30 86224]
R2 AntiVirService;Avira Protection temps réel;d:\program files\avira\avira\antivir desktop\avguard.exe [2011-12-30 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-30 74640]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
R3 PhilCap;Pinnacle PCTV service;c:\windows\system32\drivers\PhilCap.sys [2007-7-17 908832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-28 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-28 8456]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [2002-12-11 18953]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\drivers\Ph6xIB32.sys [2007-1-26 1074560]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2008-12-13 289280]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-17 18:22:18 109056 --sha-w- c:\programdata\E39547DC.exe
2012-03-17 16:56:37 -------- d-----w- c:\programdata\SecTaskMan
2012-03-17 16:50:52 388096 ----a-r- c:\users\gerard\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-17 00:01:56 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{baa4f46e-9176-4013-b916-0d0b643b6820}\mpengine.dll
2012-03-16 07:23:54 966656 ----a-w- c:\users\gerard\appdata\roaming\yksatb.exe
2012-03-16 01:10:16 -------- d-----w- c:\users\gerard\appdata\roaming\Windir
2012-03-16 01:10:06 556544 ----a-w- c:\users\gerard\appdata\roaming\oslxds.exe
2012-03-16 01:07:24 732160 ----a-w- c:\users\gerard\appdata\roaming\cunuez.exe
2012-03-16 00:55:02 925696 ----a-w- c:\users\gerard\appdata\roaming\xmpmxb.exe
2012-03-16 00:18:25 356352 ----a-w- c:\users\gerard\appdata\roaming\virwhl.exe
2012-03-16 00:08:15 356352 ----a-w- c:\users\gerard\appdata\roaming\apenji.exe
2012-03-16 00:00:05 358400 ---h--w- c:\programdata\sjfcmurt.exe
2012-03-14 06:54:20 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:54:19 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 06:54:19 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 06:54:19 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 06:54:19 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 06:54:19 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 06:54:19 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:54:13 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 06:54:13 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-11 21:30:22 -------- d-----w- c:\users\gerard\appdata\local\{588F379F-7754-449D-80BA-EDE5F73E8F32}
2012-03-08 19:56:42 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2012-03-06 06:59:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-12-21 00:02:26 4448256 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 20:02:39,35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 17 March 2012 - 03:03 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 02:43 AM

Thanks for the quick reply ! Here is the log you requested. Thanks again for your help.

ComboFix 12-03-17.01 - Gerard 18/03/2012 8:30.1.2 - x86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6002.2.1252.33.1036.18.2046.766 [GMT 1:00]
Lancé depuis: d:\users\Gerard\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\E39547DC.exe
c:\programdata\sjfcmurt.exe
c:\users\Gerard\AppData\Roaming\cunuez.exe
c:\users\Gerard\AppData\Roaming\Gerardlog.dat
c:\users\Gerard\AppData\Roaming\Microsoft\1
c:\users\Gerard\AppData\Roaming\Microsoft\Windows\69ehTns3B.cfg
c:\users\Gerard\AppData\Roaming\oslxds.exe
c:\users\Gerard\AppData\Roaming\Windir
c:\users\Gerard\AppData\Roaming\xmpmxb.exe
c:\users\Gerard\AppData\Roaming\yksatb.exe
c:\windows\My.ini
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-18 au 2012-03-18 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-17 16:56 . 2012-03-17 16:57 -------- d-----w- c:\programdata\SecTaskMan
2012-03-17 16:50 . 2012-03-17 16:50 388096 ----a-r- c:\users\Gerard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-17 16:35 . 2012-03-17 16:35 -------- d-----w- c:\programdata\Local Settings
2012-03-17 14:55 . 2012-03-17 14:55 -------- d-----w- c:\users\Soumaya\AppData\Roaming\Malwarebytes
2012-03-17 00:01 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAA4F46E-9176-4013-B916-0D0B643B6820}\mpengine.dll
2012-03-16 00:18 . 2012-03-16 00:18 356352 ----a-w- c:\users\Gerard\AppData\Roaming\virwhl.exe
2012-03-16 00:08 . 2012-03-16 00:08 356352 ----a-w- c:\users\Gerard\AppData\Roaming\apenji.exe
2012-03-14 06:54 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:54 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 06:54 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 06:54 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 06:54 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 06:54 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:54 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 06:54 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 06:54 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-08 19:56 . 2012-03-08 19:56 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 06:59 . 2011-05-16 06:36 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-08 05:28 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 13:23 . 2011-12-29 23:00 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-12-21 00:02 . 2011-12-21 00:02 4448256 ----a-w- c:\windows\system32\GPhotos.scr
2012-02-17 23:44 . 2011-03-24 20:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B27CD912-8CD0-420a-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B27CD912-8CD0-420A-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CTZDetec.exe"="d:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"googletalk"="c:\users\Gerard\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BitTorrent DNA"="c:\users\Gerard\Program Files\DNA\btdna.exe" [2009-11-12 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2010-02-05 86016]
"pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="d:\program files\Avira\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - d:\program files\PDFCreator\PDFCreator.exe [2008-3-26 2641920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\efx1604q.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Microsoft Windows Application - c:\programdata\E39547DC.exe
HKLM-Explorer_Run-22287 - c:\progra~2\LOCALS~1\Temp\mszdoz.cmd
AddRemove-Ston3D Web Player - c:\program files\StoneTrip\Player\Ston3D Web Player-uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - d:\program files\DivX\DivXCodecUninstall.exe
AddRemove-Hex Online - c:\windows\system32\javaws.exe
AddRemove-{29BAD36F-F421-40F8-A128-E03382E59C70} - c:\users\Gerard\AppData\Local\{5553977E-AF8B-4870-AEB6-53B6C1BC822D}\Sins_of_a_Solar_Empire_setup.exe
AddRemove-{3E4B349F-10B5-4586-9D99-489A90A8B228} - c:\users\Gerard\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe
AddRemove-{7353BAE6-5E49-46C4-A9B5-8A269A313789} - c:\users\Gerard\AppData\Local\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 08:37
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-241302529-3911017751-1903801010-1006\Software\SecuROM\License information*]
"datasecu"=hex:9c,59,ea,e1,78,34,b0,7c,82,46,51,c7,17,15,93,1b,c3,76,4e,b1,17,
23,e4,6b,f6,84,2b,af,8a,3b,30,21,bf,6f,da,48,d1,04,39,2e,f0,ba,99,b0,80,69,\
"rkeysecu"=hex:5d,ba,e6,c8,61,8b,1a,7a,9f,14,f5,c7,65,fb,d8,94
.
Heure de fin: 2012-03-18 08:40:38
ComboFix-quarantined-files.txt 2012-03-18 07:40
.
Avant-CF: 87 986 393 088 octets libres
Après-CF: 89 652 756 480 octets libres
.
- - End Of File - - 0C4D8AC457CB5F6F0916E09DFC174A9D

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 09:25 AM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic446607.html/page__pid__2635089#entry2635089

Collect::
c:\users\Gerard\AppData\Roaming\virwhl.exe
c:\users\Gerard\AppData\Roaming\apenji.exe

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 11:13 AM

Thanks for the follow-up. TDSKiller found 1 threat (qualified as "suspicious") and I chose to delete the file. Here is the ComboFix log

ComboFix 12-03-17.01 - Gerard 18/03/2012  16:43:11.1.2 - x86
Microsoft® Windows Vista™ Édition Intégrale   6.0.6002.2.1252.33.1036.18.2046.1140 [GMT 1:00]
Lancé depuis: d:\users\Gerard\Desktop\ComboFix.exe
Commutateurs utilisés :: d:\users\Gerard\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
file zipped: c:\users\Gerard\AppData\Roaming\apenji.exe
file zipped: c:\users\Gerard\AppData\Roaming\virwhl.exe
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gerard\AppData\Roaming\apenji.exe
c:\users\Gerard\AppData\Roaming\virwhl.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-02-18 au 2012-03-18  ))))))))))))))))))))))))))))))))))))
.
.
2012-03-18 15:49 . 2012-03-18 15:49	--------	d-----w-	c:\users\Soumaya\AppData\Local\temp
2012-03-17 16:56 . 2012-03-17 16:57	--------	d-----w-	c:\programdata\SecTaskMan
2012-03-17 16:50 . 2012-03-17 16:50	388096	----a-r-	c:\users\Gerard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-17 16:35 . 2012-03-17 16:35	--------	d-----w-	c:\programdata\Local Settings
2012-03-17 14:55 . 2012-03-17 14:55	--------	d-----w-	c:\users\Soumaya\AppData\Roaming\Malwarebytes
2012-03-17 00:01 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAA4F46E-9176-4013-B916-0D0B643B6820}\mpengine.dll
2012-03-14 06:54 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 06:54 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 06:54 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 06:54 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 06:54 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 06:54 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 06:54 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 06:54 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 06:54 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-08 19:56 . 2012-03-08 19:56	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-06 06:59 . 2011-05-16 06:36	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-08 05:28	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 13:23 . 2011-12-29 23:00	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-12-21 00:02 . 2011-12-21 00:02	4448256	----a-w-	c:\windows\system32\GPhotos.scr
2012-02-17 23:44 . 2011-03-24 20:25	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B27CD912-8CD0-420a-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B27CD912-8CD0-420A-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CTZDetec.exe"="d:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"googletalk"="c:\users\Gerard\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"BitTorrent DNA"="c:\users\Gerard\Program Files\DNA\btdna.exe" [2009-11-12 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2010-02-05 86016]
"pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="d:\program files\Avira\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"22287"="c:\progra~2\LOCALS~1\Temp\mszdoz.cmd" [BU]
.
c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - d:\program files\PDFCreator\PDFCreator.exe [2008-3-26 2641920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23	38400	----a-w-	c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50	30720	----a-w-	c:\windows\System32\soundschemes2.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\efx1604q.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 17:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-241302529-3911017751-1903801010-1006\Software\SecuROM\License information*]
"datasecu"=hex:9c,59,ea,e1,78,34,b0,7c,82,46,51,c7,17,15,93,1b,c3,76,4e,b1,17,
   23,e4,6b,f6,84,2b,af,8a,3b,30,21,bf,6f,da,48,d1,04,39,2e,f0,ba,99,b0,80,69,\
"rkeysecu"=hex:5d,ba,e6,c8,61,8b,1a,7a,9f,14,f5,c7,65,fb,d8,94
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Avira\Avira\AntiVir Desktop\avguard.exe
d:\program files\Avira\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
d:\program files\Avira\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2012-03-18  17:03:34 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-03-18 16:03
ComboFix2.txt  2012-03-18 10:02
ComboFix3.txt  2012-03-18 08:00
ComboFix4.txt  2012-03-18 07:40
.
Avant-CF: 89 683 992 576 octets libres
Après-CF: 89 718 091 776 octets libres
.
- - End Of File - - 532647908615A769D6F53504D9D50B3D
L'envoi a r‚ussi


#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 11:28 AM

please post the TDSSKiller log, it will be on your C:\ drive

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 11:58 AM

Sorry, I only thought about the CF log. Here is the lof from TDSKKiller :

17:06:22.0539 3744	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
17:06:22.0633 3744	============================================================
17:06:22.0633 3744	Current date / time: 2012/03/18 17:06:22.0633
17:06:22.0633 3744	SystemInfo:
17:06:22.0633 3744	
17:06:22.0633 3744	OS Version: 6.0.6002 ServicePack: 2.0
17:06:22.0633 3744	Product type: Workstation
17:06:22.0633 3744	ComputerName: PC-GMENDES
17:06:22.0633 3744	UserName: Gerard
17:06:22.0633 3744	Windows directory: C:\Windows
17:06:22.0633 3744	System windows directory: C:\Windows
17:06:22.0633 3744	Processor architecture: Intel x86
17:06:22.0633 3744	Number of processors: 2
17:06:22.0633 3744	Page size: 0x1000
17:06:22.0633 3744	Boot type: Normal boot
17:06:22.0633 3744	============================================================
17:06:23.0023 3744	Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:06:23.0023 3744	\Device\Harddisk0\DR0:
17:06:23.0023 3744	MBR used
17:06:23.0023 3744	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFFABD30
17:06:23.0023 3744	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFFAC530, BlocksNum 0x1E98B791
17:06:23.0069 3744	Initialize success
17:06:23.0069 3744	============================================================
17:06:40.0261 2632	============================================================
17:06:40.0261 2632	Scan started
17:06:40.0261 2632	Mode: Manual; TDLFS; 
17:06:40.0261 2632	============================================================
17:06:40.0588 2632	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:06:40.0588 2632	ACPI - ok
17:06:40.0760 2632	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:06:40.0994 2632	adp94xx - ok
17:06:41.0212 2632	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:06:41.0228 2632	adpahci - ok
17:06:41.0275 2632	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:06:41.0306 2632	adpu160m - ok
17:06:41.0524 2632	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:06:41.0524 2632	adpu320 - ok
17:06:41.0618 2632	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:06:41.0618 2632	AFD - ok
17:06:41.0649 2632	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:06:41.0649 2632	agp440 - ok
17:06:41.0680 2632	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:06:41.0680 2632	aic78xx - ok
17:06:41.0711 2632	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:06:41.0711 2632	aliide - ok
17:06:41.0758 2632	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:06:41.0758 2632	amdagp - ok
17:06:41.0805 2632	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:06:41.0805 2632	amdide - ok
17:06:41.0852 2632	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:06:41.0852 2632	AmdK7 - ok
17:06:41.0883 2632	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:06:41.0883 2632	AmdK8 - ok
17:06:42.0414 2632	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:06:42.0414 2632	arc - ok
17:06:42.0446 2632	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:06:42.0446 2632	arcsas - ok
17:06:42.0492 2632	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:06:42.0492 2632	AsyncMac - ok
17:06:42.0539 2632	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:06:42.0539 2632	atapi - ok
17:06:42.0586 2632	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
17:06:42.0586 2632	avgntflt - ok
17:06:42.0617 2632	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
17:06:42.0617 2632	avipbb - ok
17:06:42.0648 2632	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:06:42.0648 2632	avkmgr - ok
17:06:42.0726 2632	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:06:42.0726 2632	Beep - ok
17:06:42.0773 2632	blbdrive - ok
17:06:42.0882 2632	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:06:42.0882 2632	bowser - ok
17:06:42.0945 2632	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:06:42.0945 2632	BrFiltLo - ok
17:06:42.0976 2632	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:06:42.0976 2632	BrFiltUp - ok
17:06:43.0023 2632	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:06:43.0023 2632	Brserid - ok
17:06:43.0054 2632	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:06:43.0054 2632	BrSerWdm - ok
17:06:43.0085 2632	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:06:43.0085 2632	BrUsbMdm - ok
17:06:43.0116 2632	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:06:43.0132 2632	BrUsbSer - ok
17:06:43.0163 2632	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:06:43.0163 2632	BTHMODEM - ok
17:06:43.0163 2632	catchme - ok
17:06:43.0210 2632	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:06:43.0210 2632	cdfs - ok
17:06:43.0241 2632	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:06:43.0241 2632	cdrom - ok
17:06:43.0288 2632	CFcatchme - ok
17:06:43.0319 2632	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:06:43.0319 2632	circlass - ok
17:06:43.0350 2632	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:06:43.0350 2632	CLFS - ok
17:06:43.0382 2632	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:06:43.0382 2632	cmdide - ok
17:06:43.0397 2632	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:06:43.0413 2632	Compbatt - ok
17:06:43.0428 2632	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:06:43.0428 2632	crcdisk - ok
17:06:43.0444 2632	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:06:43.0460 2632	Crusoe - ok
17:06:43.0491 2632	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
17:06:43.0491 2632	CSC - ok
17:06:43.0538 2632	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:06:43.0538 2632	DfsC - ok
17:06:43.0584 2632	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:06:43.0600 2632	disk - ok
17:06:43.0631 2632	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:06:43.0631 2632	drmkaud - ok
17:06:43.0678 2632	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:06:43.0709 2632	DXGKrnl - ok
17:06:43.0740 2632	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:06:43.0756 2632	E1G60 - ok
17:06:43.0850 2632	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:06:43.0865 2632	Ecache - ok
17:06:43.0896 2632	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:06:43.0912 2632	elxstor - ok
17:06:43.0959 2632	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
17:06:43.0959 2632	epmntdrv - ok
17:06:44.0146 2632	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
17:06:44.0146 2632	EuGdiDrv - ok
17:06:44.0208 2632	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:06:44.0208 2632	exfat - ok
17:06:44.0240 2632	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:06:44.0240 2632	fastfat - ok
17:06:44.0302 2632	fasttx2k        (e3e2a2b156cfe5520db2fc793be0194d) C:\Windows\system32\drivers\fasttx2k.sys
17:06:44.0302 2632	fasttx2k - ok
17:06:44.0333 2632	fbxusb          (3cab16755639fa012d3e6bfe7ae005cd) C:\Windows\system32\DRIVERS\fbxusb.sys
17:06:44.0333 2632	fbxusb - ok
17:06:44.0364 2632	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:06:44.0364 2632	fdc - ok
17:06:44.0411 2632	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:06:44.0411 2632	FileInfo - ok
17:06:44.0442 2632	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:06:44.0442 2632	Filetrace - ok
17:06:44.0474 2632	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:06:44.0474 2632	flpydisk - ok
17:06:44.0505 2632	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:06:44.0505 2632	FltMgr - ok
17:06:44.0661 2632	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
17:06:44.0676 2632	fssfltr - ok
17:06:44.0723 2632	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:06:44.0754 2632	Fs_Rec - ok
17:06:44.0801 2632	fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
17:06:44.0801 2632	fvevol - ok
17:06:44.0895 2632	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:06:44.0910 2632	gagp30kx - ok
17:06:44.0988 2632	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:06:44.0988 2632	GEARAspiWDM - ok
17:06:45.0082 2632	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:06:45.0082 2632	HdAudAddService - ok
17:06:45.0160 2632	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:06:45.0472 2632	HDAudBus - ok
17:06:45.0706 2632	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:06:45.0706 2632	HidBth - ok
17:06:45.0753 2632	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:06:45.0753 2632	HidIr - ok
17:06:45.0784 2632	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:06:45.0784 2632	HidUsb - ok
17:06:45.0815 2632	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:06:45.0815 2632	HpCISSs - ok
17:06:45.0862 2632	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:06:45.0862 2632	HTTP - ok
17:06:45.0893 2632	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:06:45.0893 2632	i2omp - ok
17:06:45.0940 2632	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:06:45.0940 2632	i8042prt - ok
17:06:45.0956 2632	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:06:45.0971 2632	iaStorV - ok
17:06:46.0002 2632	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:06:46.0002 2632	iirsp - ok
17:06:46.0096 2632	IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
17:06:46.0143 2632	IntcAzAudAddService - ok
17:06:46.0158 2632	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:06:46.0158 2632	intelide - ok
17:06:46.0190 2632	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:06:46.0190 2632	intelppm - ok
17:06:46.0252 2632	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:06:46.0252 2632	IpFilterDriver - ok
17:06:46.0252 2632	IpInIp - ok
17:06:46.0283 2632	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:06:46.0283 2632	IPMIDRV - ok
17:06:46.0314 2632	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:06:46.0314 2632	IPNAT - ok
17:06:46.0361 2632	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:06:46.0361 2632	IRENUM - ok
17:06:46.0377 2632	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:06:46.0392 2632	isapnp - ok
17:06:46.0439 2632	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:06:46.0439 2632	iScsiPrt - ok
17:06:46.0455 2632	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:06:46.0455 2632	iteatapi - ok
17:06:46.0470 2632	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:06:46.0470 2632	iteraid - ok
17:06:46.0502 2632	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:06:46.0502 2632	kbdclass - ok
17:06:46.0533 2632	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:06:46.0533 2632	kbdhid - ok
17:06:46.0564 2632	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:06:46.0564 2632	KSecDD - ok
17:06:46.0611 2632	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:06:46.0611 2632	lltdio - ok
17:06:46.0642 2632	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:06:46.0642 2632	LSI_FC - ok
17:06:46.0658 2632	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:06:46.0658 2632	LSI_SAS - ok
17:06:46.0689 2632	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:06:46.0689 2632	LSI_SCSI - ok
17:06:46.0720 2632	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:06:46.0720 2632	luafv - ok
17:06:46.0751 2632	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:06:46.0751 2632	megasas - ok
17:06:46.0798 2632	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:06:46.0798 2632	Modem - ok
17:06:46.0829 2632	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:06:46.0829 2632	monitor - ok
17:06:46.0860 2632	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:06:46.0860 2632	mouclass - ok
17:06:46.0892 2632	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:06:46.0892 2632	mouhid - ok
17:06:46.0923 2632	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:06:46.0923 2632	MountMgr - ok
17:06:46.0954 2632	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:06:46.0954 2632	mpio - ok
17:06:46.0985 2632	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:06:46.0985 2632	mpsdrv - ok
17:06:47.0016 2632	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:06:47.0016 2632	Mraid35x - ok
17:06:47.0063 2632	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:06:47.0063 2632	MRxDAV - ok
17:06:47.0094 2632	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:06:47.0110 2632	mrxsmb - ok
17:06:47.0141 2632	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:06:47.0141 2632	mrxsmb10 - ok
17:06:47.0157 2632	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:06:47.0172 2632	mrxsmb20 - ok
17:06:47.0204 2632	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:06:47.0204 2632	msahci - ok
17:06:47.0235 2632	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:06:47.0235 2632	msdsm - ok
17:06:47.0266 2632	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:06:47.0266 2632	Msfs - ok
17:06:47.0282 2632	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:06:47.0282 2632	msisadrv - ok
17:06:47.0313 2632	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:06:47.0313 2632	MSKSSRV - ok
17:06:47.0344 2632	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:06:47.0344 2632	MSPCLOCK - ok
17:06:47.0375 2632	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:06:47.0375 2632	MSPQM - ok
17:06:47.0406 2632	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:06:47.0406 2632	MsRPC - ok
17:06:47.0438 2632	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:06:47.0438 2632	mssmbios - ok
17:06:47.0453 2632	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:06:47.0469 2632	MSTEE - ok
17:06:47.0484 2632	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
17:06:47.0484 2632	MTsensor - ok
17:06:47.0500 2632	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:06:47.0500 2632	Mup - ok
17:06:47.0547 2632	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:06:47.0547 2632	NativeWifiP - ok
17:06:47.0609 2632	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:06:47.0609 2632	NDIS - ok
17:06:47.0640 2632	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:06:47.0656 2632	NdisTapi - ok
17:06:47.0687 2632	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:06:47.0687 2632	Ndisuio - ok
17:06:47.0718 2632	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:06:47.0718 2632	NdisWan - ok
17:06:47.0750 2632	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:06:47.0750 2632	NDProxy - ok
17:06:47.0781 2632	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:06:47.0781 2632	NetBIOS - ok
17:06:47.0828 2632	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:06:47.0828 2632	netbt - ok
17:06:47.0859 2632	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:06:47.0859 2632	nfrd960 - ok
17:06:47.0890 2632	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:06:47.0890 2632	Npfs - ok
17:06:47.0906 2632	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:06:47.0906 2632	nsiproxy - ok
17:06:47.0968 2632	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:06:47.0984 2632	Ntfs - ok
17:06:48.0015 2632	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:06:48.0015 2632	ntrigdigi - ok
17:06:48.0046 2632	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:06:48.0046 2632	Null - ok
17:06:48.0108 2632	NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:06:48.0233 2632	NVENETFD - ok
17:06:48.0764 2632	nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:06:49.0216 2632	nvlddmkm - ok
17:06:49.0310 2632	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:06:49.0310 2632	nvraid - ok
17:06:49.0419 2632	nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
17:06:49.0419 2632	nvstor - ok
17:06:49.0466 2632	nvstor32        (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
17:06:49.0466 2632	nvstor32 - ok
17:06:49.0512 2632	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:06:49.0512 2632	nv_agp - ok
17:06:49.0544 2632	NwlnkFlt - ok
17:06:49.0559 2632	NwlnkFwd - ok
17:06:49.0606 2632	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:06:49.0622 2632	ohci1394 - ok
17:06:49.0700 2632	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
17:06:49.0700 2632	Parport - ok
17:06:49.0746 2632	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:06:49.0746 2632	partmgr - ok
17:06:49.0778 2632	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
17:06:49.0778 2632	Parvdm - ok
17:06:49.0824 2632	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:06:49.0840 2632	pci - ok
17:06:50.0214 2632	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:06:50.0214 2632	pciide - ok
17:06:50.0807 2632	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:06:51.0197 2632	pcmcia - ok
17:06:51.0806 2632	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:06:51.0821 2632	PEAUTH - ok
17:06:51.0899 2632	Ph6xIB32        (951fdd94149b50fabd0a0815700cbc88) C:\Windows\system32\DRIVERS\Ph6xIB32.sys
17:06:51.0946 2632	Ph6xIB32 - ok
17:06:52.0024 2632	PhilCap         (95c48b0fdb5aa04bfcb70d774f512a71) C:\Windows\system32\DRIVERS\PhilCap.sys
17:06:52.0055 2632	PhilCap - ok
17:06:52.0102 2632	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:06:52.0102 2632	PptpMiniport - ok
17:06:52.0133 2632	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:06:52.0133 2632	Processor - ok
17:06:52.0196 2632	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:06:52.0196 2632	PSched - ok
17:06:52.0242 2632	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
17:06:52.0242 2632	PxHelp20 - ok
17:06:52.0274 2632	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:06:52.0320 2632	ql2300 - ok
17:06:52.0352 2632	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:06:52.0352 2632	ql40xx - ok
17:06:52.0383 2632	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:06:52.0383 2632	QWAVEdrv - ok
17:06:52.0414 2632	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:06:52.0414 2632	RasAcd - ok
17:06:52.0445 2632	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:06:52.0445 2632	Rasl2tp - ok
17:06:52.0492 2632	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:06:52.0492 2632	RasPppoe - ok
17:06:52.0508 2632	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:06:52.0508 2632	RasSstp - ok
17:06:52.0539 2632	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:06:52.0539 2632	rdbss - ok
17:06:52.0554 2632	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:06:52.0554 2632	RDPCDD - ok
17:06:52.0617 2632	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
17:06:52.0617 2632	rdpdr - ok
17:06:52.0632 2632	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:06:52.0632 2632	RDPENCDD - ok
17:06:52.0664 2632	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:06:52.0664 2632	RDPWD - ok
17:06:52.0710 2632	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:06:52.0710 2632	rspndr - ok
17:06:52.0742 2632	RTL8187B        (318f4f327190b2aee7aae9cafd19bb19) C:\Windows\system32\DRIVERS\wg111v3.sys
17:06:52.0742 2632	RTL8187B - ok
17:06:52.0788 2632	RtlProt         (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
17:06:52.0788 2632	RtlProt - ok
17:06:52.0820 2632	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:06:52.0820 2632	sbp2port - ok
17:06:52.0835 2632	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:06:52.0835 2632	secdrv - ok
17:06:52.0882 2632	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:06:52.0882 2632	Serenum - ok
17:06:52.0913 2632	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:06:52.0913 2632	Serial - ok
17:06:52.0944 2632	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:06:52.0944 2632	sermouse - ok
17:06:52.0960 2632	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:06:52.0960 2632	sffdisk - ok
17:06:52.0991 2632	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:06:52.0991 2632	sffp_mmc - ok
17:06:53.0007 2632	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:06:53.0007 2632	sffp_sd - ok
17:06:53.0038 2632	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:06:53.0038 2632	sfloppy - ok
17:06:53.0054 2632	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:06:53.0054 2632	sisagp - ok
17:06:53.0085 2632	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:06:53.0085 2632	SiSRaid2 - ok
17:06:53.0116 2632	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:06:53.0116 2632	SiSRaid4 - ok
17:06:53.0147 2632	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:06:53.0147 2632	Smb - ok
17:06:53.0194 2632	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:06:53.0194 2632	spldr - ok
17:06:53.0241 2632	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
17:06:53.0241 2632	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:06:53.0241 2632	sptd ( LockedFile.Multi.Generic ) - warning
17:06:53.0241 2632	sptd - detected LockedFile.Multi.Generic (1)
17:06:53.0288 2632	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:06:53.0288 2632	srv - ok
17:06:53.0319 2632	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:06:53.0319 2632	srv2 - ok
17:06:53.0350 2632	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:06:53.0350 2632	srvnet - ok
17:06:53.0381 2632	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:06:53.0381 2632	ssmdrv - ok
17:06:53.0412 2632	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:06:53.0412 2632	swenum - ok
17:06:53.0444 2632	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:06:53.0444 2632	Symc8xx - ok
17:06:53.0459 2632	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:06:53.0459 2632	Sym_hi - ok
17:06:53.0490 2632	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:06:53.0490 2632	Sym_u3 - ok
17:06:53.0553 2632	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:06:53.0553 2632	Tcpip - ok
17:06:53.0584 2632	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:06:53.0600 2632	Tcpip6 - ok
17:06:53.0631 2632	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:06:53.0631 2632	tcpipreg - ok
17:06:53.0662 2632	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:06:53.0662 2632	TDPIPE - ok
17:06:53.0678 2632	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:06:53.0678 2632	TDTCP - ok
17:06:53.0709 2632	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:06:53.0709 2632	tdx - ok
17:06:53.0740 2632	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:06:53.0740 2632	TermDD - ok
17:06:53.0771 2632	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:06:53.0771 2632	tssecsrv - ok
17:06:53.0802 2632	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:06:53.0818 2632	tunmp - ok
17:06:53.0849 2632	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:06:53.0849 2632	tunnel - ok
17:06:53.0880 2632	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:06:53.0896 2632	uagp35 - ok
17:06:53.0927 2632	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:06:53.0927 2632	udfs - ok
17:06:53.0958 2632	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:06:53.0958 2632	uliagpkx - ok
17:06:53.0990 2632	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:06:53.0990 2632	uliahci - ok
17:06:54.0005 2632	UlSata          (b37c465ec8029d732cd572b347dacc2e) C:\Windows\system32\drivers\ulsata.sys
17:06:54.0005 2632	UlSata - ok
17:06:54.0036 2632	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:06:54.0036 2632	ulsata2 - ok
17:06:54.0068 2632	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:06:54.0068 2632	umbus - ok
17:06:54.0114 2632	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:06:54.0114 2632	USBAAPL - ok
17:06:54.0130 2632	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:06:54.0130 2632	usbccgp - ok
17:06:54.0146 2632	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:06:54.0146 2632	usbcir - ok
17:06:54.0177 2632	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:06:54.0192 2632	usbehci - ok
17:06:54.0224 2632	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:06:54.0224 2632	usbhub - ok
17:06:54.0239 2632	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:06:54.0239 2632	usbohci - ok
17:06:54.0255 2632	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:06:54.0270 2632	usbprint - ok
17:06:54.0286 2632	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:06:54.0286 2632	usbscan - ok
17:06:54.0317 2632	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:06:54.0317 2632	USBSTOR - ok
17:06:54.0348 2632	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:06:54.0348 2632	usbuhci - ok
17:06:54.0380 2632	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:06:54.0380 2632	vga - ok
17:06:54.0411 2632	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:06:54.0411 2632	VgaSave - ok
17:06:54.0426 2632	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:06:54.0442 2632	viaagp - ok
17:06:54.0458 2632	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:06:54.0458 2632	ViaC7 - ok
17:06:54.0473 2632	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:06:54.0473 2632	viaide - ok
17:06:54.0504 2632	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:06:54.0504 2632	volmgr - ok
17:06:54.0551 2632	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:06:54.0551 2632	volmgrx - ok
17:06:54.0598 2632	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:06:54.0598 2632	volsnap - ok
17:06:54.0614 2632	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:06:54.0629 2632	vsmraid - ok
17:06:54.0645 2632	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:06:54.0645 2632	WacomPen - ok
17:06:54.0692 2632	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:06:54.0692 2632	Wanarp - ok
17:06:54.0692 2632	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:06:54.0707 2632	Wanarpv6 - ok
17:06:54.0723 2632	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:06:54.0723 2632	Wd - ok
17:06:54.0770 2632	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:06:54.0770 2632	Wdf01000 - ok
17:06:54.0848 2632	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:06:54.0848 2632	WmiAcpi - ok
17:06:54.0879 2632	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:06:54.0879 2632	WpdUsb - ok
17:06:54.0926 2632	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:06:54.0926 2632	ws2ifsl - ok
17:06:54.0972 2632	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:06:54.0972 2632	WUDFRd - ok
17:06:55.0019 2632	ZSMC301b        (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
17:06:55.0019 2632	ZSMC301b - ok
17:06:55.0050 2632	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:06:55.0144 2632	\Device\Harddisk0\DR0 - ok
17:06:55.0160 2632	Boot (0x1200)   (20a55206a316be56be5d52b91ccbd245) \Device\Harddisk0\DR0\Partition0
17:06:55.0160 2632	\Device\Harddisk0\DR0\Partition0 - ok
17:06:55.0175 2632	Boot (0x1200)   (2992bc6af874e1c8c60b457cdc9321db) \Device\Harddisk0\DR0\Partition1
17:06:55.0175 2632	\Device\Harddisk0\DR0\Partition1 - ok
17:06:55.0175 2632	============================================================
17:06:55.0175 2632	Scan finished
17:06:55.0175 2632	============================================================
17:06:55.0175 3056	Detected object count: 1
17:06:55.0175 3056	Actual detected object count: 1
17:07:25.0564 3056	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
17:07:25.0564 3056	sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 
17:07:32.0256 3216	============================================================
17:07:32.0256 3216	Scan started
17:07:32.0256 3216	Mode: Manual; TDLFS; 
17:07:32.0256 3216	============================================================
17:07:32.0412 3216	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
17:07:32.0428 3216	ACPI - ok
17:07:32.0475 3216	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
17:07:32.0475 3216	adp94xx - ok
17:07:32.0522 3216	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
17:07:32.0522 3216	adpahci - ok
17:07:32.0553 3216	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
17:07:32.0553 3216	adpu160m - ok
17:07:32.0600 3216	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
17:07:32.0600 3216	adpu320 - ok
17:07:32.0646 3216	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
17:07:32.0662 3216	AFD - ok
17:07:32.0662 3216	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
17:07:32.0662 3216	agp440 - ok
17:07:32.0693 3216	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
17:07:32.0693 3216	aic78xx - ok
17:07:32.0756 3216	aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
17:07:32.0756 3216	aliide - ok
17:07:32.0787 3216	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
17:07:32.0787 3216	amdagp - ok
17:07:32.0802 3216	amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
17:07:32.0802 3216	amdide - ok
17:07:32.0818 3216	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
17:07:32.0818 3216	AmdK7 - ok
17:07:32.0849 3216	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
17:07:32.0849 3216	AmdK8 - ok
17:07:32.0865 3216	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
17:07:32.0865 3216	arc - ok
17:07:32.0880 3216	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
17:07:32.0880 3216	arcsas - ok
17:07:32.0912 3216	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
17:07:32.0912 3216	AsyncMac - ok
17:07:32.0943 3216	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
17:07:32.0943 3216	atapi - ok
17:07:32.0974 3216	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
17:07:32.0974 3216	avgntflt - ok
17:07:33.0005 3216	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
17:07:33.0005 3216	avipbb - ok
17:07:33.0021 3216	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
17:07:33.0021 3216	avkmgr - ok
17:07:33.0052 3216	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
17:07:33.0068 3216	Beep - ok
17:07:33.0068 3216	blbdrive - ok
17:07:33.0114 3216	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
17:07:33.0114 3216	bowser - ok
17:07:33.0146 3216	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
17:07:33.0146 3216	BrFiltLo - ok
17:07:33.0208 3216	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
17:07:33.0208 3216	BrFiltUp - ok
17:07:33.0255 3216	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
17:07:33.0255 3216	Brserid - ok
17:07:33.0333 3216	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
17:07:33.0333 3216	BrSerWdm - ok
17:07:33.0380 3216	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
17:07:33.0380 3216	BrUsbMdm - ok
17:07:33.0426 3216	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
17:07:33.0426 3216	BrUsbSer - ok
17:07:33.0458 3216	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
17:07:33.0473 3216	BTHMODEM - ok
17:07:33.0473 3216	catchme - ok
17:07:33.0551 3216	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
17:07:33.0551 3216	cdfs - ok
17:07:33.0598 3216	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
17:07:33.0598 3216	cdrom - ok
17:07:33.0660 3216	CFcatchme - ok
17:07:33.0707 3216	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
17:07:33.0707 3216	circlass - ok
17:07:33.0738 3216	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
17:07:33.0738 3216	CLFS - ok
17:07:33.0754 3216	cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
17:07:33.0754 3216	cmdide - ok
17:07:33.0785 3216	Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
17:07:33.0785 3216	Compbatt - ok
17:07:33.0816 3216	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
17:07:33.0816 3216	crcdisk - ok
17:07:33.0832 3216	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
17:07:33.0832 3216	Crusoe - ok
17:07:33.0863 3216	CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
17:07:33.0863 3216	CSC - ok
17:07:33.0910 3216	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
17:07:33.0910 3216	DfsC - ok
17:07:33.0941 3216	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
17:07:33.0941 3216	disk - ok
17:07:33.0988 3216	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
17:07:33.0988 3216	drmkaud - ok
17:07:34.0035 3216	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
17:07:34.0035 3216	DXGKrnl - ok
17:07:34.0066 3216	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
17:07:34.0066 3216	E1G60 - ok
17:07:34.0082 3216	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
17:07:34.0082 3216	Ecache - ok
17:07:34.0128 3216	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
17:07:34.0128 3216	elxstor - ok
17:07:34.0175 3216	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
17:07:34.0175 3216	epmntdrv - ok
17:07:34.0206 3216	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
17:07:34.0206 3216	EuGdiDrv - ok
17:07:34.0238 3216	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
17:07:34.0238 3216	exfat - ok
17:07:34.0269 3216	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
17:07:34.0269 3216	fastfat - ok
17:07:34.0300 3216	fasttx2k        (e3e2a2b156cfe5520db2fc793be0194d) C:\Windows\system32\drivers\fasttx2k.sys
17:07:34.0300 3216	fasttx2k - ok
17:07:34.0331 3216	fbxusb          (3cab16755639fa012d3e6bfe7ae005cd) C:\Windows\system32\DRIVERS\fbxusb.sys
17:07:34.0331 3216	fbxusb - ok
17:07:34.0362 3216	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
17:07:34.0362 3216	fdc - ok
17:07:34.0394 3216	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
17:07:34.0394 3216	FileInfo - ok
17:07:34.0425 3216	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
17:07:34.0440 3216	Filetrace - ok
17:07:34.0456 3216	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
17:07:34.0456 3216	flpydisk - ok
17:07:34.0487 3216	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
17:07:34.0487 3216	FltMgr - ok
17:07:34.0518 3216	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
17:07:34.0518 3216	fssfltr - ok
17:07:34.0534 3216	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
17:07:34.0534 3216	Fs_Rec - ok
17:07:34.0550 3216	fvevol          (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
17:07:34.0550 3216	fvevol - ok
17:07:34.0565 3216	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
17:07:34.0565 3216	gagp30kx - ok
17:07:34.0596 3216	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:07:34.0596 3216	GEARAspiWDM - ok
17:07:34.0643 3216	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
17:07:34.0643 3216	HdAudAddService - ok
17:07:34.0674 3216	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:07:34.0690 3216	HDAudBus - ok
17:07:34.0706 3216	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
17:07:34.0706 3216	HidBth - ok
17:07:34.0721 3216	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
17:07:34.0721 3216	HidIr - ok
17:07:34.0752 3216	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
17:07:34.0752 3216	HidUsb - ok
17:07:34.0784 3216	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
17:07:34.0784 3216	HpCISSs - ok
17:07:34.0815 3216	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
17:07:34.0815 3216	HTTP - ok
17:07:34.0846 3216	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
17:07:34.0846 3216	i2omp - ok
17:07:34.0877 3216	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
17:07:34.0877 3216	i8042prt - ok
17:07:34.0908 3216	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
17:07:34.0908 3216	iaStorV - ok
17:07:34.0924 3216	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
17:07:34.0924 3216	iirsp - ok
17:07:35.0002 3216	IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
17:07:35.0002 3216	IntcAzAudAddService - ok
17:07:35.0018 3216	intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
17:07:35.0018 3216	intelide - ok
17:07:35.0049 3216	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
17:07:35.0049 3216	intelppm - ok
17:07:35.0096 3216	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:07:35.0096 3216	IpFilterDriver - ok
17:07:35.0111 3216	IpInIp - ok
17:07:35.0127 3216	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
17:07:35.0127 3216	IPMIDRV - ok
17:07:35.0158 3216	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
17:07:35.0158 3216	IPNAT - ok
17:07:35.0189 3216	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
17:07:35.0189 3216	IRENUM - ok
17:07:35.0220 3216	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
17:07:35.0220 3216	isapnp - ok
17:07:35.0252 3216	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
17:07:35.0252 3216	iScsiPrt - ok
17:07:35.0267 3216	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
17:07:35.0267 3216	iteatapi - ok
17:07:35.0298 3216	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
17:07:35.0298 3216	iteraid - ok
17:07:35.0314 3216	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:07:35.0314 3216	kbdclass - ok
17:07:35.0345 3216	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:07:35.0345 3216	kbdhid - ok
17:07:35.0376 3216	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
17:07:35.0376 3216	KSecDD - ok
17:07:35.0423 3216	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
17:07:35.0423 3216	lltdio - ok
17:07:35.0454 3216	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
17:07:35.0454 3216	LSI_FC - ok
17:07:35.0532 3216	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
17:07:35.0532 3216	LSI_SAS - ok
17:07:35.0564 3216	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
17:07:35.0564 3216	LSI_SCSI - ok
17:07:35.0610 3216	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
17:07:35.0610 3216	luafv - ok
17:07:35.0657 3216	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
17:07:35.0657 3216	megasas - ok
17:07:35.0688 3216	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
17:07:35.0688 3216	Modem - ok
17:07:35.0735 3216	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
17:07:35.0735 3216	monitor - ok
17:07:35.0782 3216	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
17:07:35.0782 3216	mouclass - ok
17:07:35.0813 3216	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
17:07:35.0813 3216	mouhid - ok
17:07:35.0844 3216	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
17:07:35.0844 3216	MountMgr - ok
17:07:35.0891 3216	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
17:07:35.0891 3216	mpio - ok
17:07:35.0922 3216	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
17:07:35.0922 3216	mpsdrv - ok
17:07:35.0969 3216	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
17:07:35.0969 3216	Mraid35x - ok
17:07:36.0016 3216	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
17:07:36.0016 3216	MRxDAV - ok
17:07:36.0063 3216	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:07:36.0063 3216	mrxsmb - ok
17:07:36.0094 3216	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:07:36.0094 3216	mrxsmb10 - ok
17:07:36.0141 3216	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:07:36.0141 3216	mrxsmb20 - ok
17:07:36.0172 3216	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
17:07:36.0172 3216	msahci - ok
17:07:36.0219 3216	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
17:07:36.0219 3216	msdsm - ok
17:07:36.0250 3216	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
17:07:36.0250 3216	Msfs - ok
17:07:36.0266 3216	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
17:07:36.0266 3216	msisadrv - ok
17:07:36.0328 3216	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
17:07:36.0328 3216	MSKSSRV - ok
17:07:36.0359 3216	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
17:07:36.0359 3216	MSPCLOCK - ok
17:07:36.0390 3216	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
17:07:36.0390 3216	MSPQM - ok
17:07:36.0437 3216	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
17:07:36.0437 3216	MsRPC - ok
17:07:36.0468 3216	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
17:07:36.0468 3216	mssmbios - ok
17:07:36.0515 3216	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
17:07:36.0515 3216	MSTEE - ok
17:07:36.0546 3216	MTsensor        (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
17:07:36.0546 3216	MTsensor - ok
17:07:36.0562 3216	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
17:07:36.0562 3216	Mup - ok
17:07:36.0593 3216	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
17:07:36.0593 3216	NativeWifiP - ok
17:07:36.0640 3216	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
17:07:36.0640 3216	NDIS - ok
17:07:36.0671 3216	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
17:07:36.0671 3216	NdisTapi - ok
17:07:36.0718 3216	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
17:07:36.0718 3216	Ndisuio - ok
17:07:36.0749 3216	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:07:36.0749 3216	NdisWan - ok
17:07:36.0780 3216	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
17:07:36.0780 3216	NDProxy - ok
17:07:36.0796 3216	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
17:07:36.0796 3216	NetBIOS - ok
17:07:36.0827 3216	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
17:07:36.0827 3216	netbt - ok
17:07:36.0874 3216	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
17:07:36.0874 3216	nfrd960 - ok
17:07:36.0905 3216	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
17:07:36.0905 3216	Npfs - ok
17:07:36.0936 3216	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
17:07:36.0936 3216	nsiproxy - ok
17:07:36.0999 3216	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
17:07:37.0014 3216	Ntfs - ok
17:07:37.0030 3216	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
17:07:37.0030 3216	ntrigdigi - ok
17:07:37.0061 3216	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
17:07:37.0061 3216	Null - ok
17:07:37.0124 3216	NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
17:07:37.0124 3216	NVENETFD - ok
17:07:37.0420 3216	nvlddmkm        (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:07:37.0482 3216	nvlddmkm - ok
17:07:37.0529 3216	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
17:07:37.0529 3216	nvraid - ok
17:07:37.0576 3216	nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
17:07:37.0576 3216	nvstor - ok
17:07:37.0607 3216	nvstor32        (dc5f166422beebf195e3e4bb8ab4ee22) C:\Windows\system32\DRIVERS\nvstor32.sys
17:07:37.0607 3216	nvstor32 - ok
17:07:37.0638 3216	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
17:07:37.0638 3216	nv_agp - ok
17:07:37.0654 3216	NwlnkFlt - ok
17:07:37.0670 3216	NwlnkFwd - ok
17:07:37.0716 3216	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
17:07:37.0716 3216	ohci1394 - ok
17:07:37.0748 3216	Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
17:07:37.0748 3216	Parport - ok
17:07:37.0779 3216	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
17:07:37.0779 3216	partmgr - ok
17:07:37.0810 3216	Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
17:07:37.0810 3216	Parvdm - ok
17:07:37.0841 3216	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
17:07:37.0841 3216	pci - ok
17:07:37.0857 3216	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
17:07:37.0857 3216	pciide - ok
17:07:37.0919 3216	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
17:07:37.0919 3216	pcmcia - ok
17:07:38.0060 3216	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
17:07:38.0060 3216	PEAUTH - ok
17:07:38.0138 3216	Ph6xIB32        (951fdd94149b50fabd0a0815700cbc88) C:\Windows\system32\DRIVERS\Ph6xIB32.sys
17:07:38.0138 3216	Ph6xIB32 - ok
17:07:38.0200 3216	PhilCap         (95c48b0fdb5aa04bfcb70d774f512a71) C:\Windows\system32\DRIVERS\PhilCap.sys
17:07:38.0200 3216	PhilCap - ok
17:07:38.0262 3216	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
17:07:38.0262 3216	PptpMiniport - ok
17:07:38.0294 3216	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
17:07:38.0294 3216	Processor - ok
17:07:38.0325 3216	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
17:07:38.0325 3216	PSched - ok
17:07:38.0356 3216	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
17:07:38.0356 3216	PxHelp20 - ok
17:07:38.0387 3216	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
17:07:38.0403 3216	ql2300 - ok
17:07:38.0434 3216	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
17:07:38.0434 3216	ql40xx - ok
17:07:38.0465 3216	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
17:07:38.0465 3216	QWAVEdrv - ok
17:07:38.0496 3216	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
17:07:38.0496 3216	RasAcd - ok
17:07:38.0528 3216	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:07:38.0528 3216	Rasl2tp - ok
17:07:38.0559 3216	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
17:07:38.0574 3216	RasPppoe - ok
17:07:38.0590 3216	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
17:07:38.0590 3216	RasSstp - ok
17:07:38.0621 3216	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
17:07:38.0621 3216	rdbss - ok
17:07:38.0652 3216	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:07:38.0652 3216	RDPCDD - ok
17:07:38.0684 3216	rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
17:07:38.0684 3216	rdpdr - ok
17:07:38.0715 3216	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
17:07:38.0715 3216	RDPENCDD - ok
17:07:38.0762 3216	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
17:07:38.0762 3216	RDPWD - ok
17:07:38.0793 3216	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
17:07:38.0793 3216	rspndr - ok
17:07:38.0824 3216	RTL8187B        (318f4f327190b2aee7aae9cafd19bb19) C:\Windows\system32\DRIVERS\wg111v3.sys
17:07:38.0824 3216	RTL8187B - ok
17:07:38.0840 3216	RtlProt         (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
17:07:38.0840 3216	RtlProt - ok
17:07:38.0871 3216	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
17:07:38.0871 3216	sbp2port - ok
17:07:38.0918 3216	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:07:38.0918 3216	secdrv - ok
17:07:38.0949 3216	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
17:07:38.0949 3216	Serenum - ok
17:07:38.0980 3216	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
17:07:38.0980 3216	Serial - ok
17:07:39.0011 3216	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
17:07:39.0011 3216	sermouse - ok
17:07:39.0027 3216	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
17:07:39.0027 3216	sffdisk - ok
17:07:39.0058 3216	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
17:07:39.0058 3216	sffp_mmc - ok
17:07:39.0074 3216	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
17:07:39.0074 3216	sffp_sd - ok
17:07:39.0105 3216	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
17:07:39.0105 3216	sfloppy - ok
17:07:39.0120 3216	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
17:07:39.0120 3216	sisagp - ok
17:07:39.0152 3216	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
17:07:39.0152 3216	SiSRaid2 - ok
17:07:39.0183 3216	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
17:07:39.0183 3216	SiSRaid4 - ok
17:07:39.0214 3216	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
17:07:39.0214 3216	Smb - ok
17:07:39.0245 3216	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
17:07:39.0245 3216	spldr - ok
17:07:39.0292 3216	sptd            (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
17:07:39.0292 3216	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
17:07:39.0292 3216	sptd ( LockedFile.Multi.Generic ) - warning
17:07:39.0292 3216	sptd - detected LockedFile.Multi.Generic (1)
17:07:39.0323 3216	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
17:07:39.0339 3216	srv - ok
17:07:39.0370 3216	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
17:07:39.0370 3216	srv2 - ok
17:07:39.0386 3216	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
17:07:39.0386 3216	srvnet - ok
17:07:39.0417 3216	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
17:07:39.0417 3216	ssmdrv - ok
17:07:39.0464 3216	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
17:07:39.0464 3216	swenum - ok
17:07:39.0495 3216	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
17:07:39.0495 3216	Symc8xx - ok
17:07:39.0510 3216	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
17:07:39.0510 3216	Sym_hi - ok
17:07:39.0526 3216	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
17:07:39.0526 3216	Sym_u3 - ok
17:07:39.0588 3216	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
17:07:39.0588 3216	Tcpip - ok
17:07:39.0635 3216	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
17:07:39.0635 3216	Tcpip6 - ok
17:07:39.0666 3216	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
17:07:39.0666 3216	tcpipreg - ok
17:07:39.0698 3216	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
17:07:39.0698 3216	TDPIPE - ok
17:07:39.0729 3216	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
17:07:39.0729 3216	TDTCP - ok
17:07:39.0760 3216	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
17:07:39.0776 3216	tdx - ok
17:07:39.0807 3216	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
17:07:39.0807 3216	TermDD - ok
17:07:39.0822 3216	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:07:39.0822 3216	tssecsrv - ok
17:07:39.0854 3216	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
17:07:39.0854 3216	tunmp - ok
17:07:39.0885 3216	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
17:07:39.0885 3216	tunnel - ok
17:07:39.0932 3216	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
17:07:39.0932 3216	uagp35 - ok
17:07:39.0963 3216	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
17:07:39.0963 3216	udfs - ok
17:07:39.0994 3216	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
17:07:39.0994 3216	uliagpkx - ok
17:07:40.0025 3216	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
17:07:40.0025 3216	uliahci - ok
17:07:40.0041 3216	UlSata          (b37c465ec8029d732cd572b347dacc2e) C:\Windows\system32\drivers\ulsata.sys
17:07:40.0041 3216	UlSata - ok
17:07:40.0072 3216	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
17:07:40.0072 3216	ulsata2 - ok
17:07:40.0103 3216	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
17:07:40.0103 3216	umbus - ok
17:07:40.0228 3216	USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:07:40.0228 3216	USBAAPL - ok
17:07:40.0322 3216	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
17:07:40.0322 3216	usbccgp - ok
17:07:40.0415 3216	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
17:07:40.0415 3216	usbcir - ok
17:07:40.0446 3216	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
17:07:40.0446 3216	usbehci - ok
17:07:40.0478 3216	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
17:07:40.0478 3216	usbhub - ok
17:07:40.0509 3216	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
17:07:40.0509 3216	usbohci - ok
17:07:40.0524 3216	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
17:07:40.0524 3216	usbprint - ok
17:07:40.0540 3216	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
17:07:40.0540 3216	usbscan - ok
17:07:40.0571 3216	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:07:40.0571 3216	USBSTOR - ok
17:07:40.0602 3216	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
17:07:40.0602 3216	usbuhci - ok
17:07:40.0618 3216	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
17:07:40.0618 3216	vga - ok
17:07:40.0649 3216	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
17:07:40.0649 3216	VgaSave - ok
17:07:40.0680 3216	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
17:07:40.0680 3216	viaagp - ok
17:07:40.0696 3216	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
17:07:40.0696 3216	ViaC7 - ok
17:07:40.0712 3216	viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
17:07:40.0712 3216	viaide - ok
17:07:40.0743 3216	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
17:07:40.0743 3216	volmgr - ok
17:07:40.0774 3216	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
17:07:40.0774 3216	volmgrx - ok
17:07:40.0821 3216	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
17:07:40.0821 3216	volsnap - ok
17:07:40.0836 3216	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
17:07:40.0836 3216	vsmraid - ok
17:07:40.0868 3216	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
17:07:40.0868 3216	WacomPen - ok
17:07:40.0899 3216	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:07:40.0899 3216	Wanarp - ok
17:07:40.0899 3216	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
17:07:40.0899 3216	Wanarpv6 - ok
17:07:40.0930 3216	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
17:07:40.0930 3216	Wd - ok
17:07:40.0977 3216	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
17:07:40.0977 3216	Wdf01000 - ok
17:07:41.0024 3216	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
17:07:41.0024 3216	WmiAcpi - ok
17:07:41.0055 3216	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
17:07:41.0055 3216	WpdUsb - ok
17:07:41.0086 3216	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
17:07:41.0086 3216	ws2ifsl - ok
17:07:41.0133 3216	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:07:41.0133 3216	WUDFRd - ok
17:07:41.0180 3216	ZSMC301b        (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
17:07:41.0180 3216	ZSMC301b - ok
17:07:41.0195 3216	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:07:41.0289 3216	\Device\Harddisk0\DR0 - ok
17:07:41.0289 3216	Boot (0x1200)   (20a55206a316be56be5d52b91ccbd245) \Device\Harddisk0\DR0\Partition0
17:07:41.0289 3216	\Device\Harddisk0\DR0\Partition0 - ok
17:07:41.0304 3216	Boot (0x1200)   (2992bc6af874e1c8c60b457cdc9321db) \Device\Harddisk0\DR0\Partition1
17:07:41.0304 3216	\Device\Harddisk0\DR0\Partition1 - ok
17:07:41.0304 3216	============================================================
17:07:41.0304 3216	Scan finished
17:07:41.0304 3216	============================================================
17:07:41.0320 1396	Detected object count: 1
17:07:41.0320 1396	Actual detected object count: 1
17:07:49.0479 1396	C:\Windows\system32\Drivers\sptd.sys - copied to quarantine
17:07:49.0479 1396	HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
17:07:49.0510 1396	HKLM\SYSTEM\ControlSet003\services\sptd - will be deleted on reboot
17:07:49.0510 1396	C:\Windows\system32\Drivers\sptd.sys - will be deleted on reboot
17:07:49.0510 1396	sptd ( LockedFile.Multi.Generic ) - User select action: Delete 
17:07:53.0504 2904	Deinitialize success


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 12:48 PM

Hi,

you need this file, so we need to get it out of quarantine

C:\Windows\system32\Drivers\sptd.sys

Please download TDSSQLook to your desktop. Double-click TDSSQlook.exe to run the program and select option A. This option will just scan and create a log called TDSSQ.txt on your desktop. Please open the log in Notepad and copy and paste the contents here.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 12:57 PM

Thanks again. Here is the logfile.
[b]TDSSKiller Quarantine Information log[/b] 
Version 1.0.0.4 
***** START SCAN 18/03/2012 18:56:42,62 ***** 
 
---------- [B]TDSSKiller logs[/B] ---------- 
 
TDSSKiller.2.7.20.0_18.03.2012_17.06.22_log.txt 
 
---------- [B]TDSSStarter logs[/B] ---------- 
 
 
---------- [B]DIR LIST[/B] ---------- 
 
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\object.ini
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\object.ini
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000\tsk0000.ini
 
---------- [B]INI FILES[/B] ---------- 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\object.ini[/b] 
 
[InfectedObject]
Verdict: LockedFile.Multi.Generic
 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\object.ini[/b] 
 
[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file; 
 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\tsk0000.ini[/b] 
 
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 71e276f6d189413266ea22171806597b
 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\object.ini[/b] 
 
[InfectedObject]
Verdict: LockedFile.Multi.Generic
 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000\object.ini[/b] 
 
[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file; 
 
 
=== [b]C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0001\svc0000\tsk0000.ini[/b] 
 
[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\Drivers\sptd.sys
md5: 71e276f6d189413266ea22171806597b


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 01:17 PM

Run TDSSQLook again and this time selection Option B. It will open up a blank Notepad window. Copy and paste the following text (everything in the code box) into that Window and then close it using the file saving option. This will automatically run the script and should restore the file from quarantine back to it's proper locations.

REN "C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\tsk0000.dta" sptd.sys
COPY "C:\TDSSKiller_Quarantine\18.03.2012_17.06.22\susp0000\svc0000\sptd.sys" C:\Windows\System32\Drivers\



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

NEXT

Please advise how the computer is running and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 04:06 PM

I really appreciate your help. Hope I'm not ruining your weekend. Here are the MBAM & ESET logs.

MBAM
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.18.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Gerard :: PC-GMENDES [administrateur]

18/03/2012 19:23:10
mbam-log-2012-03-18 (19-23-10).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 234421
Temps écoulé: 4 minute(s), 47 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|22287 (Trojan.Agent) -> Données: C:\PROGRA~2\LOCALS~1\Temp\mszdoz.cmd -> Suppression au redémarrage.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)


ESET
C:\Qoobox\Quarantine\[4]-Submit_2012-03-18_16.41.35.zip	a variant of Win32/Injector.PCN trojan
C:\Qoobox\Quarantine\C\ProgramData\E39547DC.exe.vir	a variant of Win32/Kryptik.ACSS trojan
C:\Qoobox\Quarantine\C\ProgramData\sjfcmurt.exe.vir	a variant of MSIL/Injector.WO trojan
C:\Qoobox\Quarantine\C\Users\Gerard\AppData\Roaming\cunuez.exe.vir	a variant of MSIL/Injector.WO trojan
C:\Qoobox\Quarantine\C\Users\Gerard\AppData\Roaming\yksatb.exe.vir	Win32/Delf.PYI trojan
C:\Qoobox\Quarantine\C\Users\Gerard\AppData\Roaming\Microsoft\1.vir	a variant of Win32/Kryptik.ACSS trojan
D:\Users\Gerard\Downloads\FreeVideoFlipAndRotate.exe	Win32/OpenCandy application
D:\Users\Gerard\Downloads\SoftonicDownloader_for_easeus-partition-master.exe	a variant of Win32/SoftonicDownloader.A application


#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 04:26 PM

Hi,

Navigate to and delete the following files,

the other detections are in quarantine which we will be cleaning up shortlu

D:\Users\Gerard\Downloads\FreeVideoFlipAndRotate.exe
D:\Users\Gerard\Downloads\SoftonicDownloader_for_easeus-partition-master.exe


NEXT

Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.

NEXT

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
  • Scroll down to where it says Java SE 6 Update 31
  • Click the Download button under JRE to the right.
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x86 Offline and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.



NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 04:48 PM

Thanks ! Seems to me this ordeal is close to an end. Here is the DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_31
Run by Gerard at 22:45:56 on 2012-03-18
Microsoft® Windows Vista™ Édition Intégrale   6.0.6002.2.1252.33.1036.18.2046.812 [GMT 1:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
D:\Program Files\Avira\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\Program Files\Avira\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
D:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Gerard\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
D:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\JGsoft\EditPadLite\EditPadLite.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
TB: Knowmore K-Now Plug-In v2.00: {b27cd912-8cd0-420a-85b9-607b44294d24} - c:\program files\knowmore\know plug-in\res\knowmore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [CTZDetec.exe] d:\program files\creative\creative media lite\CTZDetec.exe
uRun: [googletalk] c:\users\gerard\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [BitTorrent DNA] "c:\users\gerard\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
mRun: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
mRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [QuickTime Plugin Install] c:\program files\quicktime\plugins\DeleteMe1.exe
mRun: [pdfw] c:\program files\amic utilities\pdf writer pro\pdfwload.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "d:\program files\avira\avira\antivir desktop\avgnt.exe" /min
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\gerard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pdfcre~1.lnk - d:\program files\pdfcreator\PDFCreator.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
TCP: Interfaces\{20765187-9F8F-4ABA-A1C6-4A3D08E38AFF} : DhcpNameServer = 212.27.54.252 212.27.53.252
TCP: Interfaces\{2AFB9CBC-21E2-42F1-AEB1-7129822C49C5} : DhcpNameServer = 212.27.40.241 212.27.40.240
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\gerard\appdata\roaming\mozilla\firefox\profiles\efx1604q.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npSton3D.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\gerard\appdata\roaming\electronic arts\game face\1.0.0.18\npGameFacePlugin.dll
FF - plugin: c:\users\gerard\program files\dna\plugins\npbtdna.dll
FF - plugin: d:\program files\adobe\reader 8.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\divx\divx content uploader\npUpload.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\videolan\vlc\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-12-30 36000]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896]
R2 AntiVirSchedulerService;Avira Planificateur;d:\program files\avira\avira\antivir desktop\sched.exe [2011-12-30 86224]
R2 AntiVirService;Avira Protection temps réel;d:\program files\avira\avira\antivir desktop\avguard.exe [2011-12-30 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-12-30 74640]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-10 21504]
R3 PhilCap;Pinnacle PCTV service;c:\windows\system32\drivers\PhilCap.sys [2007-7-17 908832]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-10-28 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-10-28 8456]
S3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\drivers\fbxusb.sys [2002-12-11 18953]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 Ph6xIB32;NXP 716x PCIe TV Card;c:\windows\system32\drivers\Ph6xIB32.sys [2007-1-26 1074560]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2008-12-13 289280]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-18 18:36:34	--------	d-----w-	c:\program files\ESET
2012-03-18 18:19:03	717296	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-03-18 16:07:25	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-18 16:03:05	--------	d-sh--w-	C:\$RECYCLE.BIN
2012-03-18 07:26:50	98816	----a-w-	c:\windows\sed.exe
2012-03-18 07:26:50	518144	----a-w-	c:\windows\SWREG.exe
2012-03-18 07:26:50	256000	----a-w-	c:\windows\PEV.exe
2012-03-18 07:26:50	208896	----a-w-	c:\windows\MBR.exe
2012-03-17 16:56:37	--------	d-----w-	c:\programdata\SecTaskMan
2012-03-17 16:50:52	388096	----a-r-	c:\users\gerard\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-17 00:01:56	6552120	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{baa4f46e-9176-4013-b916-0d0b643b6820}\mpengine.dll
2012-03-14 06:54:20	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 06:54:19	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 06:54:19	2409784	----a-w-	c:\program files\windows mail\OESpamFilter.dat
2012-03-14 06:54:19	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 06:54:19	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 06:54:19	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 06:54:19	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 06:54:13	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 06:54:13	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-11 21:30:22	--------	d-----w-	c:\users\gerard\appdata\local\{588F379F-7754-449D-80BA-EDE5F73E8F32}
2012-03-08 19:56:42	--------	d-----w-	c:\program files\iPod
.
==================== Find3M  ====================
.
2012-03-18 21:43:48	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-06 06:59:14	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 10:01:50	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01:50	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-12-21 00:02:26	4448256	----a-w-	c:\windows\system32\GPhotos.scr
.
============= FINISH: 22:46:34,72 ===============


#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:29 AM

Posted 18 March 2012 - 05:47 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DirLook::
c:\users\gerard\appdata\local\{588F379F-7754-449D-80BA-EDE5F73E8F32}

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 edgardresmen

edgardresmen
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 18 March 2012 - 06:01 PM

And here's the fresh CF log

ComboFix 12-03-17.01 - Gerard 18/03/2012  23:52:03.1.2 - x86
Microsoft® Windows Vista™ Édition Intégrale   6.0.6002.2.1252.33.1036.18.2046.1113 [GMT 1:00]
Lancé depuis: d:\users\Gerard\Desktop\ComboFix.exe
Commutateurs utilisés :: d:\users\Gerard\Desktop\cfscript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-02-18 au 2012-03-18  ))))))))))))))))))))))))))))))))))))
.
.
2012-03-18 22:58 . 2012-03-18 22:58	--------	d-----w-	c:\users\Soumaya\AppData\Local\temp
2012-03-18 22:58 . 2012-03-18 22:58	--------	d-----w-	c:\users\Invité\AppData\Local\temp
2012-03-18 22:58 . 2012-03-18 22:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-18 22:36 . 2012-03-18 22:36	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 22:36 . 2012-03-18 22:36	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-18 21:44 . 2012-03-18 21:44	--------	d-----w-	c:\program files\Common Files\Java
2012-03-18 18:36 . 2012-03-18 18:36	--------	d-----w-	c:\program files\ESET
2012-03-18 18:19 . 2012-03-18 16:07	717296	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-03-18 16:07 . 2012-03-18 16:07	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-03-17 16:56 . 2012-03-17 16:57	--------	d-----w-	c:\programdata\SecTaskMan
2012-03-17 16:50 . 2012-03-17 16:50	388096	----a-r-	c:\users\Gerard\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-17 16:35 . 2012-03-17 16:35	--------	d-----w-	c:\programdata\Local Settings
2012-03-17 14:55 . 2012-03-17 14:55	--------	d-----w-	c:\users\Soumaya\AppData\Roaming\Malwarebytes
2012-03-17 00:01 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BAA4F46E-9176-4013-B916-0D0B643B6820}\mpengine.dll
2012-03-14 06:54 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 06:54 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 06:54 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 06:54 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 06:54 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 06:54 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 06:54 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 06:54 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-14 06:54 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-08 19:56 . 2012-03-08 19:56	--------	d-----w-	c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 21:43 . 2010-05-24 10:13	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-06 06:59 . 2011-05-16 06:36	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-10-08 05:28	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 13:23 . 2011-12-29 23:00	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-15 10:01 . 2012-02-15 10:01	4547944	----a-w-	c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01	43520	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-12-21 00:02 . 2011-12-21 00:02	4448256	----a-w-	c:\windows\system32\GPhotos.scr
2012-03-18 22:36 . 2011-03-24 20:25	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\gerard\appdata\local\{588F379F-7754-449D-80BA-EDE5F73E8F32} ----
.
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B27CD912-8CD0-420a-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B27CD912-8CD0-420A-85B9-607B44294D24}"= "c:\program files\Knowmore\Know Plug-in\res\knowmore.dll" [2007-10-18 229376]
.
[HKEY_CLASSES_ROOT\clsid\{b27cd912-8cd0-420a-85b9-607b44294d24}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{43ECCE75-54E3-4ba9-8FE9-C13A6C648C3D}]
[HKEY_CLASSES_ROOT\KmLib.KmLibObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"CTZDetec.exe"="d:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 401408]
"googletalk"="c:\users\Gerard\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"BitTorrent DNA"="c:\users\Gerard\Program Files\DNA\btdna.exe" [2009-11-12 323392]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2010-02-05 86016]
"pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="d:\program files\Avira\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Gerard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - d:\program files\PDFCreator\PDFCreator.exe [2008-3-26 2641920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 15:23	38400	----a-w-	c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 08:50	30720	----a-w-	c:\windows\System32\soundschemes2.exe
.
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Ajouter au fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 212.27.40.241 212.27.40.240
FF - ProfilePath - c:\users\Gerard\AppData\Roaming\Mozilla\Firefox\Profiles\efx1604q.default\
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - ORPHELINS SUPPRIMES - - - -
.
SafeBoot-65830762.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 23:58
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-241302529-3911017751-1903801010-1006\Software\SecuROM\License information*]
"datasecu"=hex:9c,59,ea,e1,78,34,b0,7c,82,46,51,c7,17,15,93,1b,c3,76,4e,b1,17,
   23,e4,6b,f6,84,2b,af,8a,3b,30,21,bf,6f,da,48,d1,04,39,2e,f0,ba,99,b0,80,69,\
"rkeysecu"=hex:5d,ba,e6,c8,61,8b,1a,7a,9f,14,f5,c7,65,fb,d8,94
.
Heure de fin: 2012-03-18  23:59:32
ComboFix-quarantined-files.txt  2012-03-18 22:59
ComboFix2.txt  2012-03-18 16:04
ComboFix3.txt  2012-03-18 10:02
ComboFix4.txt  2012-03-18 08:00
ComboFix5.txt  2012-03-18 22:50
.
Avant-CF: 89 298 644 992 octets libres
Après-CF: 89 270 267 904 octets libres
.
- - End Of File - - BDF3B3E6FB399FB344BC6B414F6D41E9





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users