Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem to have Malware/Viruses. Help!


  • Please log in to reply
52 replies to this topic

#1 MrBear

MrBear

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 03:47 AM

Hello,
Today I have experienced a variety of problems and my searching the symptoms would seem to indicate I have something. I am running Windows XP Pro and am up to date. The strange/obnoxious behaviors I have encountered are...


1. Icons on desktop keep rearranging to a set order.
2. My folder settings will not stay.
3. System Restore is unable to complete.
4. Facebook rerouted me to an ad site.
5. Upon starting up, Microsoft Fix It gives me the error message "Troubleshooting cannot continue because an error has occurred."

AVG removed a number of Trojan files yesterday. Most were in Java under the subfolders Deployment\cache and two in WINDOWS\Installer and Local Settings\Application Data. These are now in the Virus Vault. This evening, Malwarebytes detected the files in Installer and App Data, as well in Google Talk and two registry entries for the former two.

Malwarebytes classifies the three Trojans as Trojan.Agent, Trojan.Zaccess, and Trojan.Sirefef.

Any help, especially considering the apparent danger of the Malware, would be greatly appreciated.

Edited by MrBear, 25 May 2012 - 05:39 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 25 May 2012 - 05:42 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 25 May 2012 - 05:43 AM.


#3 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 07:33 PM

TDSSKiller results

12:11:25.0937 0680 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
12:11:26.0218 0680 ============================================================
12:11:26.0218 0680 Current date / time: 2012/05/25 12:11:26.0218
12:11:26.0218 0680 SystemInfo:
12:11:26.0218 0680
12:11:26.0218 0680 OS Version: 5.1.2600 ServicePack: 3.0
12:11:26.0218 0680 Product type: Workstation
12:11:26.0218 0680 ComputerName: YUME
12:11:26.0218 0680 UserName: Michael
12:11:26.0218 0680 Windows directory: C:\WINDOWS
12:11:26.0218 0680 System windows directory: C:\WINDOWS
12:11:26.0218 0680 Processor architecture: Intel x86
12:11:26.0218 0680 Number of processors: 4
12:11:26.0218 0680 Page size: 0x1000
12:11:26.0218 0680 Boot type: Normal boot
12:11:26.0218 0680 ============================================================
12:11:27.0109 0680 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:11:27.0125 0680 ============================================================
12:11:27.0125 0680 \Device\Harddisk0\DR0:
12:11:27.0140 0680 MBR partitions:
12:11:27.0140 0680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x2540E0B9
12:11:27.0140 0680 ============================================================
12:11:27.0265 0680 C: <-> \Device\Harddisk0\DR0\Partition0
12:11:27.0265 0680 ============================================================
12:11:27.0265 0680 Initialize success
12:11:27.0265 0680 ============================================================
12:11:35.0343 1692 ============================================================
12:11:35.0343 1692 Scan started
12:11:35.0343 1692 Mode: Manual; TDLFS;
12:11:35.0343 1692 ============================================================
12:11:36.0593 1692 Abiosdsk - ok
12:11:36.0656 1692 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:11:36.0656 1692 abp480n5 - ok
12:11:36.0906 1692 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:11:36.0921 1692 ACPI - ok
12:11:36.0968 1692 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:11:36.0968 1692 ACPIEC - ok
12:11:37.0734 1692 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:11:37.0765 1692 AdobeFlashPlayerUpdateSvc - ok
12:11:37.0937 1692 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:11:37.0953 1692 adpu160m - ok
12:11:38.0468 1692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:11:38.0484 1692 aec - ok
12:11:38.0687 1692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:11:38.0703 1692 AFD - ok
12:11:38.0812 1692 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:11:38.0828 1692 agp440 - ok
12:11:38.0937 1692 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:11:38.0937 1692 agpCPQ - ok
12:11:39.0000 1692 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:11:39.0015 1692 Aha154x - ok
12:11:39.0125 1692 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:11:39.0140 1692 aic78u2 - ok
12:11:39.0265 1692 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:11:39.0281 1692 aic78xx - ok
12:11:39.0343 1692 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:11:39.0359 1692 Alerter - ok
12:11:39.0687 1692 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:11:39.0703 1692 ALG - ok
12:11:39.0734 1692 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:11:39.0750 1692 AliIde - ok
12:11:39.0828 1692 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:11:39.0828 1692 alim1541 - ok
12:11:39.0921 1692 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:11:39.0953 1692 amdagp - ok
12:11:40.0000 1692 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:11:40.0015 1692 amsint - ok
12:11:40.0203 1692 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:11:40.0234 1692 AppMgmt - ok
12:11:40.0265 1692 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:11:40.0281 1692 asc - ok
12:11:40.0343 1692 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:11:40.0343 1692 asc3350p - ok
12:11:40.0406 1692 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:11:40.0406 1692 asc3550 - ok
12:11:40.0484 1692 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
12:11:40.0484 1692 ASPI - ok
12:11:40.0500 1692 ASPI32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\ASPI32.sys
12:11:40.0500 1692 ASPI32 - ok
12:11:41.0140 1692 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:11:41.0234 1692 aspnet_state - ok
12:11:41.0343 1692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:11:41.0343 1692 AsyncMac - ok
12:11:41.0687 1692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:11:41.0687 1692 atapi - ok
12:11:41.0687 1692 Atdisk - ok
12:11:43.0187 1692 Ati HotKey Poller (944e535926628fb2fa33435eb848f94e) C:\WINDOWS\system32\Ati2evxx.exe
12:11:43.0421 1692 Ati HotKey Poller - ok
12:11:44.0578 1692 ATI Smart (e0a7a15798f0f09698de61acb6702656) C:\WINDOWS\system32\ati2sgag.exe
12:11:44.0687 1692 ATI Smart - ok
12:11:52.0390 1692 ati2mtag (0997918a56a6e09ddf7bdfc0ebe8a99d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:11:52.0437 1692 ati2mtag - ok
12:11:52.0656 1692 AtiHDAudioService (bd9ca8136738040d3257363ed12be693) C:\WINDOWS\system32\drivers\AtihdXP3.sys
12:11:52.0656 1692 AtiHDAudioService - ok
12:11:52.0687 1692 AtiHdmiService (d9bc8892b9440a2551b8148c57aa039e) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:11:52.0687 1692 AtiHdmiService - ok
12:11:52.0718 1692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:11:52.0718 1692 Atmarpc - ok
12:11:52.0750 1692 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:11:52.0750 1692 AudioSrv - ok
12:11:52.0765 1692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:11:52.0765 1692 audstub - ok
12:11:52.0812 1692 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:11:52.0812 1692 AVGIDSEH - ok
12:11:52.0875 1692 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:11:52.0875 1692 Avgldx86 - ok
12:11:52.0890 1692 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:11:52.0890 1692 Avgmfx86 - ok
12:11:52.0906 1692 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:11:52.0906 1692 Avgrkx86 - ok
12:11:52.0921 1692 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:11:52.0921 1692 Avgtdix - ok
12:11:53.0078 1692 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
12:11:53.0078 1692 avgwd - ok
12:11:53.0078 1692 axnrt0f2 - ok
12:11:53.0093 1692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:11:53.0093 1692 Beep - ok
12:11:53.0156 1692 Belkin700F (1d26e3a3ea0234d54d14d4e45e2a84e9) C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys
12:11:53.0156 1692 Belkin700F - ok
12:11:53.0218 1692 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:11:53.0312 1692 BITS - ok
12:11:53.0328 1692 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:11:53.0328 1692 Browser - ok
12:11:53.0359 1692 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:11:53.0359 1692 cbidf - ok
12:11:53.0359 1692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:11:53.0359 1692 cbidf2k - ok
12:11:53.0375 1692 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:11:53.0375 1692 cd20xrnt - ok
12:11:53.0375 1692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:11:53.0390 1692 Cdaudio - ok
12:11:53.0406 1692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:11:53.0406 1692 Cdfs - ok
12:11:53.0421 1692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:11:53.0421 1692 Cdrom - ok
12:11:53.0421 1692 Changer - ok
12:11:53.0468 1692 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:11:53.0468 1692 CiSvc - ok
12:11:53.0500 1692 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:11:53.0500 1692 ClipSrv - ok
12:11:53.0562 1692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:11:53.0625 1692 clr_optimization_v2.0.50727_32 - ok
12:11:53.0625 1692 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:11:53.0625 1692 CmdIde - ok
12:11:53.0625 1692 COMSysApp - ok
12:11:53.0640 1692 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:11:53.0640 1692 Cpqarray - ok
12:11:53.0734 1692 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
12:11:53.0734 1692 cpudrv - ok
12:11:53.0750 1692 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:11:53.0750 1692 CryptSvc - ok
12:11:53.0781 1692 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:11:53.0781 1692 dac2w2k - ok
12:11:53.0796 1692 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:11:53.0796 1692 dac960nt - ok
12:11:53.0843 1692 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:11:53.0859 1692 DcomLaunch - ok
12:11:53.0906 1692 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:11:53.0906 1692 Dhcp - ok
12:11:53.0953 1692 Diag69xp (a22d5a027f397e412cbb2d97e8661bff) C:\WINDOWS\system32\Drivers\Diag69xp.sys
12:11:53.0953 1692 Diag69xp - ok
12:11:53.0984 1692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:11:53.0984 1692 Disk - ok
12:11:54.0046 1692 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
12:11:54.0046 1692 DLABMFSM - ok
12:11:54.0046 1692 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
12:11:54.0046 1692 DLABOIOM - ok
12:11:54.0062 1692 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
12:11:54.0062 1692 DLACDBHM - ok
12:11:54.0062 1692 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
12:11:54.0062 1692 DLADResM - ok
12:11:54.0062 1692 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
12:11:54.0078 1692 DLAIFS_M - ok
12:11:54.0078 1692 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
12:11:54.0078 1692 DLAOPIOM - ok
12:11:54.0078 1692 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
12:11:54.0078 1692 DLAPoolM - ok
12:11:54.0093 1692 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
12:11:54.0093 1692 DLARTL_M - ok
12:11:54.0093 1692 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
12:11:54.0093 1692 DLAUDFAM - ok
12:11:54.0109 1692 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
12:11:54.0109 1692 DLAUDF_M - ok
12:11:54.0109 1692 dmadmin - ok
12:11:54.0187 1692 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:11:54.0203 1692 dmboot - ok
12:11:54.0218 1692 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:11:54.0218 1692 dmio - ok
12:11:54.0218 1692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:11:54.0250 1692 dmload - ok
12:11:54.0281 1692 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:11:54.0281 1692 dmserver - ok
12:11:54.0312 1692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:11:54.0328 1692 DMusic - ok
12:11:54.0375 1692 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:11:54.0375 1692 Dnscache - ok
12:11:54.0406 1692 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:11:54.0406 1692 Dot3svc - ok
12:11:54.0437 1692 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:11:54.0437 1692 dpti2o - ok
12:11:54.0468 1692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:11:54.0468 1692 drmkaud - ok
12:11:54.0484 1692 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
12:11:54.0484 1692 DRVMCDB - ok
12:11:54.0500 1692 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
12:11:54.0500 1692 DRVNDDM - ok
12:11:54.0515 1692 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:11:54.0515 1692 EapHost - ok
12:11:54.0531 1692 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:11:54.0531 1692 ERSvc - ok
12:11:54.0562 1692 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:11:54.0562 1692 Eventlog - ok
12:11:54.0625 1692 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:11:54.0640 1692 EventSystem - ok
12:11:54.0671 1692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:11:54.0671 1692 Fastfat - ok
12:11:54.0703 1692 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:11:54.0703 1692 FastUserSwitchingCompatibility - ok
12:11:54.0718 1692 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:11:54.0734 1692 Fax - ok
12:11:54.0734 1692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:11:54.0734 1692 Fdc - ok
12:11:54.0750 1692 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:11:54.0750 1692 Fips - ok
12:11:54.0750 1692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:11:54.0750 1692 Flpydisk - ok
12:11:54.0765 1692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:11:54.0765 1692 FltMgr - ok
12:11:54.0921 1692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:11:54.0921 1692 FontCache3.0.0.0 - ok
12:11:54.0937 1692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:11:54.0937 1692 Fs_Rec - ok
12:11:54.0984 1692 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:11:54.0984 1692 Ftdisk - ok
12:11:55.0031 1692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:11:55.0031 1692 GEARAspiWDM - ok
12:11:55.0046 1692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:11:55.0046 1692 Gpc - ok
12:11:55.0203 1692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:55.0218 1692 gupdate - ok
12:11:55.0218 1692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:11:55.0218 1692 gupdatem - ok
12:11:55.0234 1692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:11:55.0234 1692 HDAudBus - ok
12:11:55.0281 1692 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:11:55.0281 1692 helpsvc - ok
12:11:55.0296 1692 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:11:55.0296 1692 HidServ - ok
12:11:55.0296 1692 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:11:55.0296 1692 hidusb - ok
12:11:55.0328 1692 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:11:55.0328 1692 hkmsvc - ok
12:11:55.0328 1692 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:11:55.0328 1692 hpn - ok
12:11:55.0359 1692 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:11:55.0359 1692 HPZius12 - ok
12:11:55.0406 1692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:11:55.0406 1692 HTTP - ok
12:11:55.0468 1692 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:11:55.0468 1692 HTTPFilter - ok
12:11:55.0468 1692 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:11:55.0484 1692 i2omgmt - ok
12:11:55.0515 1692 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:11:55.0515 1692 i2omp - ok
12:11:55.0625 1692 IAANTMON (f79525634b192f5a18de503568f94ef3) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:11:55.0625 1692 IAANTMON - ok
12:11:55.0687 1692 iaStor (baabb0301949774a66b955c65319635a) C:\WINDOWS\system32\drivers\iaStor.sys
12:11:55.0703 1692 iaStor - ok
12:11:55.0890 1692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:11:55.0906 1692 idsvc - ok
12:11:55.0937 1692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:11:55.0937 1692 Imapi - ok
12:11:55.0984 1692 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:11:55.0984 1692 ImapiService - ok
12:11:56.0015 1692 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:11:56.0015 1692 ini910u - ok
12:11:56.0281 1692 IntcAzAudAddService (5c8f36cdcb489111b24003af4dfe1fdc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:11:56.0296 1692 IntcAzAudAddService - ok
12:11:56.0468 1692 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:11:56.0468 1692 IntelIde - ok
12:11:56.0468 1692 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:11:56.0468 1692 intelppm - ok
12:11:56.0484 1692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:11:56.0484 1692 Ip6Fw - ok
12:11:56.0500 1692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:11:56.0500 1692 IpFilterDriver - ok
12:11:56.0515 1692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:11:56.0515 1692 IpInIp - ok
12:11:56.0546 1692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:11:56.0546 1692 IpNat - ok
12:11:56.0640 1692 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
12:11:56.0656 1692 iPod Service - ok
12:11:56.0656 1692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:11:56.0656 1692 IPSec - ok
12:11:56.0687 1692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:11:56.0687 1692 IRENUM - ok
12:11:56.0734 1692 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:11:56.0734 1692 isapnp - ok
12:11:56.0843 1692 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:11:56.0843 1692 JavaQuickStarterService - ok
12:11:56.0843 1692 JRAID (b07084095f8c03aadb9811c9df14b5e4) C:\WINDOWS\system32\DRIVERS\jraid.sys
12:11:56.0843 1692 JRAID - ok
12:11:56.0890 1692 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:11:56.0890 1692 Kbdclass - ok
12:11:56.0906 1692 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:11:56.0906 1692 kbdhid - ok
12:11:56.0921 1692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:11:56.0921 1692 kmixer - ok
12:11:56.0984 1692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:11:56.0984 1692 KSecDD - ok
12:11:57.0031 1692 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:11:57.0031 1692 LanmanServer - ok
12:11:57.0062 1692 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:11:57.0062 1692 lanmanworkstation - ok
12:11:57.0109 1692 LANPkt (8f5795b166cbb50966e29982f8cdb310) C:\WINDOWS\system32\DRIVERS\LANPkt.sys
12:11:57.0125 1692 LANPkt - ok
12:11:57.0125 1692 Lbd - ok
12:11:57.0125 1692 lbrtfdc - ok
12:11:57.0171 1692 libusb0 (34d6730e198a5b0fce0790a6b4769ef2) C:\WINDOWS\system32\drivers\libusb0.sys
12:11:57.0171 1692 libusb0 - ok
12:11:57.0203 1692 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:11:57.0218 1692 LmHosts - ok
12:11:57.0218 1692 MCSTRM - ok
12:11:57.0250 1692 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:11:57.0250 1692 Messenger - ok
12:11:57.0265 1692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:11:57.0265 1692 mnmdd - ok
12:11:57.0281 1692 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:11:57.0296 1692 mnmsrvc - ok
12:11:57.0312 1692 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:11:57.0312 1692 Modem - ok
12:11:57.0328 1692 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:11:57.0328 1692 Mouclass - ok
12:11:57.0359 1692 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:11:57.0359 1692 mouhid - ok
12:11:57.0359 1692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:11:57.0359 1692 MountMgr - ok
12:11:57.0390 1692 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:11:57.0390 1692 mraid35x - ok
12:11:57.0421 1692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:11:57.0437 1692 MRxDAV - ok
12:11:57.0500 1692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:11:57.0500 1692 MRxSmb - ok
12:11:57.0500 1692 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:11:57.0515 1692 MSDTC - ok
12:11:57.0515 1692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:11:57.0515 1692 Msfs - ok
12:11:57.0515 1692 MSIServer - ok
12:11:57.0562 1692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:11:57.0562 1692 MSKSSRV - ok
12:11:57.0578 1692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:11:57.0578 1692 MSPCLOCK - ok
12:11:57.0578 1692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:11:57.0578 1692 MSPQM - ok
12:11:57.0609 1692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:11:57.0609 1692 mssmbios - ok
12:11:57.0640 1692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:11:57.0640 1692 Mup - ok
12:11:57.0656 1692 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:11:57.0671 1692 napagent - ok
12:11:57.0703 1692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:11:57.0703 1692 NDIS - ok
12:11:57.0750 1692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:11:57.0750 1692 NdisTapi - ok
12:11:57.0765 1692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:11:57.0765 1692 Ndisuio - ok
12:11:57.0781 1692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:11:57.0781 1692 NdisWan - ok
12:11:57.0796 1692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:11:57.0796 1692 NDProxy - ok
12:11:57.0828 1692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:11:57.0828 1692 NetBIOS - ok
12:11:57.0843 1692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:11:57.0843 1692 NetBT - ok
12:11:57.0890 1692 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:11:57.0890 1692 NetDDE - ok
12:11:57.0890 1692 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:11:57.0890 1692 NetDDEdsdm - ok
12:11:57.0921 1692 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:11:57.0921 1692 Netlogon - ok
12:11:57.0968 1692 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:11:57.0968 1692 Netman - ok
12:11:58.0109 1692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:11:58.0109 1692 NetTcpPortSharing - ok
12:11:58.0156 1692 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:11:58.0156 1692 Nla - ok
12:11:58.0171 1692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:11:58.0171 1692 Npfs - ok
12:11:58.0234 1692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:11:58.0234 1692 Ntfs - ok
12:11:58.0234 1692 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:11:58.0250 1692 NtLmSsp - ok
12:11:58.0281 1692 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:11:58.0296 1692 NtmsSvc - ok
12:11:58.0328 1692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:11:58.0328 1692 Null - ok
12:11:58.0359 1692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:11:58.0359 1692 NwlnkFlt - ok
12:11:58.0359 1692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:11:58.0359 1692 NwlnkFwd - ok
12:11:58.0453 1692 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:11:58.0468 1692 ose - ok
12:11:58.0484 1692 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:11:58.0500 1692 Parport - ok
12:11:58.0500 1692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:11:58.0500 1692 PartMgr - ok
12:11:58.0515 1692 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:11:58.0515 1692 ParVdm - ok
12:11:58.0531 1692 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:11:58.0531 1692 PCI - ok
12:11:58.0531 1692 PCIDump - ok
12:11:58.0546 1692 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:11:58.0546 1692 PCIIde - ok
12:11:58.0562 1692 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:11:58.0562 1692 Pcmcia - ok
12:11:58.0609 1692 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
12:11:58.0609 1692 pcouffin - ok
12:11:58.0609 1692 PDCOMP - ok
12:11:58.0609 1692 PDFRAME - ok
12:11:58.0625 1692 PDRELI - ok
12:11:58.0625 1692 PDRFRAME - ok
12:11:58.0640 1692 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:11:58.0640 1692 perc2 - ok
12:11:58.0640 1692 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:11:58.0656 1692 perc2hib - ok
12:11:58.0687 1692 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:11:58.0687 1692 PlugPlay - ok
12:11:58.0734 1692 Pml Driver HPZ12 (d31f88c5f19eefa366a415d6bc5f2abc) C:\WINDOWS\system32\HPZipm12.exe
12:11:58.0734 1692 Pml Driver HPZ12 - ok
12:11:58.0734 1692 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:11:58.0734 1692 PolicyAgent - ok
12:11:58.0765 1692 PPJoyBus (89045b00bd36cfe3910e3cb6762c2db0) C:\WINDOWS\system32\drivers\PPJoyBus.sys
12:11:58.0765 1692 PPJoyBus - ok
12:11:58.0796 1692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:11:58.0796 1692 PptpMiniport - ok
12:11:58.0796 1692 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:11:58.0796 1692 ProtectedStorage - ok
12:11:58.0812 1692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:11:58.0812 1692 PSched - ok
12:11:58.0812 1692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:11:58.0812 1692 Ptilink - ok
12:11:58.0843 1692 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:11:58.0843 1692 PxHelp20 - ok
12:11:58.0859 1692 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:11:58.0859 1692 ql1080 - ok
12:11:58.0875 1692 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:11:58.0875 1692 Ql10wnt - ok
12:11:58.0890 1692 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:11:58.0890 1692 ql12160 - ok
12:11:58.0906 1692 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:11:58.0906 1692 ql1240 - ok
12:11:58.0906 1692 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:11:58.0906 1692 ql1280 - ok
12:11:58.0937 1692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:11:58.0937 1692 RasAcd - ok
12:11:58.0984 1692 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:11:58.0984 1692 RasAuto - ok
12:11:58.0984 1692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:11:58.0984 1692 Rasl2tp - ok
12:11:59.0015 1692 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:11:59.0015 1692 RasMan - ok
12:11:59.0046 1692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:11:59.0046 1692 RasPppoe - ok
12:11:59.0062 1692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:11:59.0062 1692 Raspti - ok
12:11:59.0109 1692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:11:59.0109 1692 Rdbss - ok
12:11:59.0109 1692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:11:59.0109 1692 RDPCDD - ok
12:11:59.0125 1692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:11:59.0125 1692 rdpdr - ok
12:11:59.0171 1692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
12:11:59.0171 1692 RDPWD - ok
12:11:59.0203 1692 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:11:59.0203 1692 RDSessMgr - ok
12:11:59.0218 1692 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:11:59.0218 1692 redbook - ok
12:11:59.0265 1692 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:11:59.0265 1692 RemoteAccess - ok
12:11:59.0281 1692 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:11:59.0281 1692 RemoteRegistry - ok
12:11:59.0312 1692 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:11:59.0328 1692 RpcLocator - ok
12:11:59.0390 1692 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:11:59.0390 1692 RpcSs - ok
12:11:59.0390 1692 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:11:59.0406 1692 RSVP - ok
12:11:59.0453 1692 RTLE8023xp (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:11:59.0453 1692 RTLE8023xp - ok
12:11:59.0500 1692 RTLTEAMING (9f6b9f66223b1265ed66d005d93e539d) C:\WINDOWS\system32\DRIVERS\RTLTEAMING.SYS
12:11:59.0500 1692 RTLTEAMING - ok
12:11:59.0531 1692 RTLVLAN (b9ca69921379ea2931c4450fe975bce7) C:\WINDOWS\system32\DRIVERS\RTLVLAN.SYS
12:11:59.0531 1692 RTLVLAN - ok
12:11:59.0562 1692 RtNdPt5x (5ffd2aaf467b80fab34929afb7702060) C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys
12:11:59.0562 1692 RtNdPt5x - ok
12:11:59.0578 1692 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:11:59.0578 1692 SamSs - ok
12:11:59.0578 1692 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:11:59.0593 1692 SCardSvr - ok
12:11:59.0625 1692 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:11:59.0625 1692 Schedule - ok
12:11:59.0671 1692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:11:59.0671 1692 Secdrv - ok
12:11:59.0687 1692 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:11:59.0687 1692 seclogon - ok
12:11:59.0703 1692 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:11:59.0703 1692 SENS - ok
12:11:59.0703 1692 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:11:59.0703 1692 Serenum - ok
12:11:59.0703 1692 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:11:59.0734 1692 Serial - ok
12:11:59.0765 1692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:11:59.0765 1692 Sfloppy - ok
12:11:59.0828 1692 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:11:59.0828 1692 ShellHWDetection - ok
12:11:59.0828 1692 Simbad - ok
12:11:59.0859 1692 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:11:59.0859 1692 sisagp - ok
12:12:00.0218 1692 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:12:00.0265 1692 Skype C2C Service - ok
12:12:00.0390 1692 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
12:12:00.0390 1692 SkypeUpdate - ok
12:12:00.0562 1692 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:12:00.0562 1692 Sparrow - ok
12:12:00.0593 1692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:12:00.0593 1692 splitter - ok
12:12:00.0656 1692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:12:00.0656 1692 Spooler - ok
12:12:00.0765 1692 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
12:12:00.0765 1692 sprtsvc_ddoctorv2 - ok
12:12:00.0843 1692 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:12:00.0843 1692 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:12:00.0859 1692 sptd ( LockedFile.Multi.Generic ) - warning
12:12:00.0859 1692 sptd - detected LockedFile.Multi.Generic (1)
12:12:00.0875 1692 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:12:00.0875 1692 sr - ok
12:12:00.0921 1692 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:12:00.0921 1692 srservice - ok
12:12:00.0968 1692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:12:00.0968 1692 Srv - ok
12:12:01.0000 1692 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:12:01.0000 1692 SSDPSRV - ok
12:12:01.0031 1692 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:12:01.0031 1692 stisvc - ok
12:12:01.0078 1692 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
12:12:01.0078 1692 stllssvr - ok
12:12:01.0109 1692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:12:01.0109 1692 swenum - ok
12:12:01.0171 1692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:12:01.0171 1692 swmidi - ok
12:12:01.0171 1692 SwPrv - ok
12:12:01.0203 1692 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:12:01.0203 1692 symc810 - ok
12:12:01.0218 1692 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:12:01.0218 1692 symc8xx - ok
12:12:01.0234 1692 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:12:01.0234 1692 sym_hi - ok
12:12:01.0234 1692 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:12:01.0234 1692 sym_u3 - ok
12:12:01.0265 1692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:12:01.0265 1692 sysaudio - ok
12:12:01.0312 1692 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:12:01.0312 1692 SysmonLog - ok
12:12:01.0359 1692 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:12:01.0359 1692 TapiSrv - ok
12:12:01.0421 1692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:12:01.0421 1692 Tcpip - ok
12:12:01.0453 1692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:12:01.0453 1692 TDPIPE - ok
12:12:01.0453 1692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:12:01.0453 1692 TDTCP - ok
12:12:01.0484 1692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:12:01.0484 1692 TermDD - ok
12:12:01.0531 1692 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:12:01.0531 1692 TermService - ok
12:12:01.0562 1692 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:12:01.0578 1692 Themes - ok
12:12:01.0593 1692 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:12:01.0609 1692 TlntSvr - ok
12:12:01.0625 1692 tmcomm (eb2283c0a4dfbd2e53d14f2c4d5a1e89) C:\WINDOWS\system32\drivers\tmcomm.sys
12:12:01.0625 1692 tmcomm - ok
12:12:01.0640 1692 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:12:01.0640 1692 TosIde - ok
12:12:01.0656 1692 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:12:01.0656 1692 TrkWks - ok
12:12:01.0671 1692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:12:01.0671 1692 Udfs - ok
12:12:01.0703 1692 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:12:01.0703 1692 ultra - ok
12:12:01.0828 1692 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys
12:12:01.0828 1692 UnlockerDriver5 - ok
12:12:01.0875 1692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:12:01.0875 1692 Update - ok
12:12:01.0890 1692 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:12:01.0906 1692 upnphost - ok
12:12:01.0906 1692 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:12:01.0906 1692 UPS - ok
12:12:01.0937 1692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:12:01.0937 1692 usbccgp - ok
12:12:01.0968 1692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:12:01.0968 1692 usbehci - ok
12:12:02.0000 1692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:12:02.0000 1692 usbhub - ok
12:12:02.0015 1692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:12:02.0015 1692 usbprint - ok
12:12:02.0031 1692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:12:02.0031 1692 usbscan - ok
12:12:02.0046 1692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:12:02.0046 1692 USBSTOR - ok
12:12:02.0078 1692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:12:02.0078 1692 usbuhci - ok
12:12:02.0093 1692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:12:02.0093 1692 VgaSave - ok
12:12:02.0125 1692 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:12:02.0125 1692 viaagp - ok
12:12:02.0125 1692 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:12:02.0125 1692 ViaIde - ok
12:12:02.0171 1692 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:12:02.0171 1692 Viewpoint Manager Service - ok
12:12:02.0187 1692 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:12:02.0187 1692 VolSnap - ok
12:12:02.0250 1692 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:12:02.0265 1692 VSS - ok
12:12:02.0281 1692 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:12:02.0281 1692 w32time - ok
12:12:02.0296 1692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:12:02.0296 1692 Wanarp - ok
12:12:02.0312 1692 WDICA - ok
12:12:02.0328 1692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:12:02.0328 1692 wdmaud - ok
12:12:02.0343 1692 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:12:02.0343 1692 WebClient - ok
12:12:02.0437 1692 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:12:02.0437 1692 winmgmt - ok
12:12:02.0453 1692 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
12:12:02.0453 1692 WmdmPmSN - ok
12:12:02.0515 1692 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:12:02.0515 1692 Wmi - ok
12:12:02.0546 1692 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:12:02.0546 1692 WmiApSrv - ok
12:12:02.0734 1692 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:12:02.0750 1692 WMPNetworkSvc - ok
12:12:02.0843 1692 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:12:02.0859 1692 WpdUsb - ok
12:12:02.0859 1692 WSearch - ok
12:12:02.0875 1692 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:12:02.0890 1692 wuauserv - ok
12:12:02.0937 1692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:12:02.0937 1692 WudfPf - ok
12:12:02.0968 1692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:12:02.0968 1692 WudfRd - ok
12:12:03.0015 1692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:12:03.0015 1692 WudfSvc - ok
12:12:03.0031 1692 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:12:03.0046 1692 WZCSVC - ok
12:12:03.0078 1692 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:12:03.0078 1692 xmlprov - ok
12:12:03.0109 1692 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:12:03.0562 1692 \Device\Harddisk0\DR0 - ok
12:12:03.0562 1692 Boot (0x1200) (0221587a3b07f96a569f427528d11e13) \Device\Harddisk0\DR0\Partition0
12:12:03.0562 1692 \Device\Harddisk0\DR0\Partition0 - ok
12:12:03.0562 1692 ============================================================
12:12:03.0562 1692 Scan finished
12:12:03.0562 1692 ============================================================
12:12:03.0578 1236 Detected object count: 1
12:12:03.0578 1236 Actual detected object count: 1
12:12:36.0687 1236 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:12:36.0687 1236 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:12:38.0421 0664 Deinitialize success

Edited by MrBear, 25 May 2012 - 07:35 PM.


#4 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 07:36 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-25 14:33:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AC0
Running: 4rouvzbu.exe; Driver: C:\DOCUME~1\Michael\LOCALS~1\Temp\fxtdrpow.sys


---- System - GMER 1.0.15 ----

SSDT spns.sys ZwCreateKey [0xB9EB50E0]
SSDT spns.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spns.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spns.sys ZwOpenKey [0xB9EB50C0]
SSDT spns.sys ZwQueryKey [0xB9ECE20A]
SSDT spns.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spns.sys ZwSetValueKey [0xB9ECE29C]

INT 0x63 ? 8ACC1BF8
INT 0x63 ? 89EE8F00
INT 0x63 ? 8ACC1BF8
INT 0x73 ? 89EE8F00
INT 0x73 ? 89EE8F00
INT 0x73 ? 89EE8F00
INT 0x73 ? 89EE8F00
INT 0x84 ? 89EE8F00
INT 0x84 ? 89EE8F00
INT 0x84 ? 89EE8F00
INT 0xA4 ? 89EE8F00
INT 0xB4 ? 8ACBEBF8

---- Kernel code sections - GMER 1.0.15 ----

? spns.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8B1D000, 0x2C3BC6, 0xE8000020]
.text USBPORT.SYS!DllUnload B49BA8AC 5 Bytes JMP 89EE84E0
.text ae0t3kwb.SYS B4824386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ae0t3kwb.SYS B48243AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ae0t3kwb.SYS B48243C4 3 Bytes [00, 80, 02]
.text ae0t3kwb.SYS B48243C9 1 Byte [30]
.text ae0t3kwb.SYS B48243C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3060] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EB6042] spns.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EB613E] spns.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EB60C0] spns.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EB6800] spns.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EB66D6] spns.sys
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\ae0t3kwb.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC601F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2399944D-F690-4C30-962C-32653AA8A4B1} 897FE1F8
Device \Driver\usbuhci \Device\USBPDO-0 89EE7500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACBF1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACBF1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACBF1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACBF1F8
Device \Driver\usbuhci \Device\USBPDO-1 89EE7500
Device \Driver\PCI_PNP0084 \Device\00000052 spns.sys
Device \Driver\usbuhci \Device\USBPDO-2 89EE7500
Device \Driver\usbehci \Device\USBPDO-3 89EE5500
Device \Driver\usbuhci \Device\USBPDO-4 89EE7500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 89EE7500
Device \Driver\usbuhci \Device\USBPDO-6 89EE7500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC631F8
Device \Driver\usbehci \Device\USBPDO-7 89EE5500
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC631F8
Device \Driver\Cdrom \Device\CdRom0 89EEB368
Device \Driver\Cdrom \Device\CdRom1 89EEB368
Device \Driver\iaStor \Device\Ide\iaStor0 [B9D6FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B9D6FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [B9D6FD10] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{0035AE74-5431-44B5-A86D-726E8B2B8BC7} 897FE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 897FE1F8
Device \Driver\sptd \Device\2153510084 spns.sys
Device \Driver\NetBT \Device\NetbiosSmb 897FE1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 89EE7500
Device \Driver\usbuhci \Device\USBFDO-1 89EE7500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F28500
Device \Driver\usbuhci \Device\USBFDO-2 89EE7500
Device 89F28500
Device \Driver\usbehci \Device\USBFDO-3 89EE5500
Device \Driver\usbuhci \Device\USBFDO-4 89EE7500
Device \Driver\Ftdisk \Device\FtControl 8AC631F8
Device \Driver\usbuhci \Device\USBFDO-5 89EE7500
Device \Driver\usbuhci \Device\USBFDO-6 89EE7500
Device \Driver\usbehci \Device\USBFDO-7 89EE5500
Device \Driver\ae0t3kwb \Device\Scsi\ae0t3kwb1Port2Path0Target0Lun0 89EE2500
Device \Driver\ae0t3kwb \Device\Scsi\ae0t3kwb1 89EE2500
Device \Driver\JRAID \Device\Scsi\JRAID1 8AC611F8
Device 89808500
Device 9CC72297

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 897FD480
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x34 0x06 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x35 0xAD 0xFA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x60 0x8A 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x89 0x37 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0xDC 0x6D 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7E 0x6C 0x0C 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9D 0x17 0xA7 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9F 0x34 0x06 0xC2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x81 0x35 0xAD 0xFA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x26 0x60 0x8A 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4F 0x89 0x37 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x76 0xDC 0x6D 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7E 0x6C 0x0C 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x9D 0x17 0xA7 0xE6 ...

---- EOF - GMER 1.0.15 ----

ESET Results

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0HIKFD19\index2[1].htm HTML/Iframe.B.Gen virus
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y6O3RMWY\firstload_com[1].txt HTML/Hoax.FastDownload.C.Gen application
C:\Documents and Settings\Michael\Application Data\Sun\Java\Deployment\cache\6.0\45\62d5adad-7cf3a4d7 a variant of Java/TrojanDownloader.Agent.NDN trojan
C:\Documents and Settings\Michael\Local Settings\Application Data\{907f608c-6a94-736b-86c1-2a2e04274b7d}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan
C:\WINDOWS\Installer\{907f608c-6a94-736b-86c1-2a2e04274b7d}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 25 May 2012 - 08:23 PM

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#6 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 09:51 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 21:35:29
-----------------------------
21:35:29.781 OS Version: Windows 5.1.2600 Service Pack 3
21:35:29.781 Number of processors: 4 586 0x170A
21:35:29.781 ComputerName: YUME UserName:
21:35:30.531 Initialze error C000010E - driver not loaded
21:35:30.640 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
21:35:37.796 AVAST engine defs: 12052501
21:35:46.250 Service scanning
21:35:56.218 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
21:35:58.890 Modules scanning
21:35:58.890 Disk 0 trace - called modules:
21:35:58.890
21:35:59.562 AVAST engine scan C:\WINDOWS
21:36:10.265 AVAST engine scan C:\WINDOWS\system32
21:37:54.625 AVAST engine scan C:\WINDOWS\system32\drivers
21:38:02.562 AVAST engine scan C:\Documents and Settings\Michael
21:40:40.296 File: C:\Documents and Settings\Michael\Local Settings\Application Data\{907f608c-6a94-736b-86c1-2a2e04274b7d}\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
21:47:06.921 AVAST engine scan C:\Documents and Settings\All Users
21:48:37.703 Scan finished successfully
21:48:46.765 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

Would a full C scan have been better?
Going to try Malwarebytes now

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 25 May 2012 - 09:58 PM

We have some more work to do after this :thumbup2:

DOwnload

systemlook

Launch it,Copy this script and paste in the BOX

:folderfind
907f608c-6a94-736b-86c1-2a2e04274b7d


Click on LOOK and post the generated log here

Edited by narenxp, 25 May 2012 - 10:15 PM.


#8 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 10:43 PM

Despite the indication of the virus in Local Settings, Malwarebytes returned no positives. The sptd that was locked was Daemon Tools so nothing innocuous there. I will move on to the next step.

#9 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 10:50 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 22:45 on 25/05/2012 by Michael
Administrator - Elevation successful

========== folderfind ==========

Searching for "907f608c-6a94-736b-86c1-2a2e04274b7d"
No folders found.

-= EOF =-

Is it possible that aswMBR removed it? Also, I noticed in Application Data, there is a file called IconCache. Is it possible that is the file that is infected? Since removing viruses via AVG and MWBS the other day, the only symptom I have had is my desktop icons rearranging.

#10 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 25 May 2012 - 11:47 PM

I rand aswMBR again and the found the file still there in addition to what looks like more issues.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-25 22:51:10
-----------------------------
22:51:10.437 OS Version: Windows 5.1.2600 Service Pack 3
22:51:10.437 Number of processors: 4 586 0x170A
22:51:10.437 ComputerName: YUME UserName:
22:51:11.343 Initialize success
22:51:18.453 AVAST engine defs: 12052501
22:51:22.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:51:22.171 Disk 0 Vendor: SAMSUNG_ 1AC0 Size: 305245MB BusType: 3
22:51:22.218 Disk 0 MBR read successfully
22:51:22.218 Disk 0 MBR scan
22:51:22.234 Disk 0 Windows VISTA default MBR code
22:51:22.250 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 62 MB offset 63
22:51:22.281 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305180 MB offset 128520
22:51:22.296 Disk 0 scanning sectors +625137345
22:51:22.500 Disk 0 scanning C:\WINDOWS\system32\drivers
22:51:52.359 Service scanning
22:52:03.593 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:52:06.875 Modules scanning
22:52:43.218 Disk 0 trace - called modules:
22:52:43.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spns.sys hal.dll >>UNKNOWN [0x8ac82938]<<
22:52:43.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac9f8d8]
22:52:43.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8ac0f028]
22:52:44.656 AVAST engine scan C:\WINDOWS
22:54:06.890 AVAST engine scan C:\WINDOWS\system32
23:03:20.515 AVAST engine scan C:\WINDOWS\system32\drivers
23:04:35.312 AVAST engine scan C:\Documents and Settings\Michael
23:15:19.859 File: C:\Documents and Settings\Michael\Local Settings\Application Data\{907f608c-6a94-736b-86c1-2a2e04274b7d}\U\800000cb.@ **INFECTED** Win32:Sirefef-AO [Rtk]
23:37:16.890 AVAST engine scan C:\Documents and Settings\All Users
23:42:37.140 Scan finished successfully
23:44:08.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
23:44:08.750 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR2.txt"

Edited by MrBear, 25 May 2012 - 11:48 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 26 May 2012 - 12:21 AM

EDIT:

There was a minor mistake in the code

DOwnload

systemlook

Launch it,Copy this script and paste in the BOX

:folderfind
{907f608c-6a94-736b-86c1-2a2e04274b7d}


Click on LOOK and post the generated log here

Edited by narenxp, 26 May 2012 - 12:25 AM.


#12 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 26 May 2012 - 12:31 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 00:29 on 26/05/2012 by Michael
Administrator - Elevation successful

========== folderfind ==========

Searching for "{907f608c-6a94-736b-86c1-2a2e04274b7d}"
C:\Documents and Settings\Michael\Local Settings\Application Data\{907f608c-6a94-736b-86c1-2a2e04274b7d} d--hs-- [16:16 25/04/2008]
C:\WINDOWS\Installer\{907f608c-6a94-736b-86c1-2a2e04274b7d} d--hs-- [16:16 25/04/2008]

-= EOF =-

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 26 May 2012 - 12:47 AM

Launch GMER

It should perform a startup scan.After the scan,expand Rootkit /Malware tab on the top

Click on FILES tab.On left side expand the folders and browse to

C:\WINDOWS\Installer\{907f608c-6a94-736b-86c1-2a2e04274b7d}

You should find two files called @ & n on right side.Select them and click DELETE option

Similarly navigate to

C:\Documents and Settings\Michael\Local Settings\Application Data\{907f608c-6a94-736b-86c1-2a2e04274b7d}

You should find two files called @ & n.Select them and click DELETE on right side

Restart the PC.

Open you C drive

On top ,click on TOOLS-FOLDER OPTIONS

Click on view tab,scroll down

Check mark SHOW HIDDEN FILES
uncheck HIDE OPERATING SYSTEM FILES

Click ok

Now go to

C:\Documents and Settings\Michael\Local Settings\Application Data &
C:\WINDOWS\Installer

and delete this folder {907f608c-6a94-736b-86c1-2a2e04274b7d}

Re run system look and post the new log

good luck

Edited by narenxp, 26 May 2012 - 12:56 AM.


#14 MrBear

MrBear
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:IL
  • Local time:01:41 PM

Posted 26 May 2012 - 12:59 AM

Both the locations have the @, which I have now deleted, but not n. Both also have two subfolders titled L and U. U contains two files called 00000001.@ and 800000cb.@, again in both locations. Should I finish your directions or is the lack of n an issue?

Edited by MrBear, 26 May 2012 - 12:59 AM.


#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:41 PM

Posted 26 May 2012 - 01:16 AM

yes :thumbup2: skip if n is not there

Edited by narenxp, 26 May 2012 - 01:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users