Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email virus


  • Please log in to reply
19 replies to this topic

#1 donbai

donbai

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 June 2012 - 07:03 AM

Used the wifes computer to check my webmail the other day and this morning I received an email from myself with a mystorius link in it and I notice a bunch of other email address from the address book that this was sent to as well. I have already informed those not to click the link or open the email but to just delete the email. Now I need to clean the wifes computer of any virus.

Thanks,

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:28 PM

Posted 16 June 2012 - 08:22 AM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 3

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.


Step 4

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 June 2012 - 12:00 PM

Results of screen317's Security Check version 0.99.41
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
A
V
G
ECHO is off.
A
n
t
i
V
i
r
u
s
ECHO is off.
F
r
e
ECHO is off.
E
d
i
t
i
o
n
ECHO is off.
2
0
1
2
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.12) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgtray.exe
AVG avgrsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

#4 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 June 2012 - 12:01 PM

Farbar Service Scanner Version: 09-06-2012
Ran by Becky (administrator) on 16-06-2012 at 13:01:13
Running from "C:\Documents and Settings\Becky\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Disabled. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\System32\wuauserv.dll".


Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit


**** End of log ****

#5 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 June 2012 - 12:17 PM

MiniToolBox locks up on getting devices. Tried it twice.

Here is part of the log file...


MiniToolBox by Farbar Version: 09-06-2012
Ran by Becky (administrator) on 16-06-2012 at 13:13:08
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

1394 Net Adapter = 1394 Connection (Connected)
1394 Net Adapter = 1394 Connection 2 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : becky-6aefap2gv

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : nc.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : nc.rr.com

Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

Physical Address. . . . . . . . . : 00-11-11-3D-43-24

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.106

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Saturday, June 16, 2012 1:06:34 PM

Lease Expires . . . . . . . . . . : Sunday, June 17, 2012 1:06:34 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 173.194.37.65, 173.194.37.66, 173.194.37.67, 173.194.37.68
173.194.37.69, 173.194.37.70, 173.194.37.71, 173.194.37.72, 173.194.37.73
173.194.37.78, 173.194.37.64



Pinging google.com [74.125.130.102] with 32 bytes of data:



Reply from 74.125.130.102: bytes=32 time=27ms TTL=48

Reply from 74.125.130.102: bytes=32 time=28ms TTL=48



Ping statistics for 74.125.130.102:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 28ms, Average = 27ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=46ms TTL=53

Reply from 209.191.122.70: bytes=32 time=46ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 46ms, Maximum = 46ms, Average = 46ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 3d 43 24 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.106 20
85.17.138.140 255.255.255.255 192.168.1.1 192.168.1.106 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.106 192.168.1.106 20
192.168.1.106 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.106 192.168.1.106 20
217.164.104.233 255.255.255.255 192.168.1.1 192.168.1.106 20
224.0.0.0 240.0.0.0 192.168.1.106 192.168.1.106 20
255.255.255.255 255.255.255.255 192.168.1.106 192.168.1.106 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/16/2012 01:12:47 PM) (Source: Application Hang) (User: )
Description: Hanging application MiniToolBox.exe, version 3.3.6.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/15/2012 05:30:10 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x05dd9290.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/09/2012 09:31:23 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x057df000.
Processing media-specific event for [explorer.exe!ws!]

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant) (User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)


System errors:
=============
Error: (06/16/2012 00:57:07 PM) (Source: DCOM) (User: Becky)
Description: DCOM got error "%%1058" attempting to start the service gupdatem with arguments "/comsvc"
in order to run the server:
{E225E692-4B47-4777-9BED-4FD7FE257F0E}

Error: (06/16/2012 00:57:06 PM) (Source: DCOM) (User: Becky)
Description: DCOM got error "%%1058" attempting to start the service gusvc with arguments ""
in order to run the server:
{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}

Error: (06/16/2012 08:21:00 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/16/2012 03:21:00 AM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/15/2012 10:21:00 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/15/2012 05:21:00 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1058" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (06/15/2012 01:27:45 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{98B695CE-C7E5-4780-AABF-616CD88903BD}.
The backup browser is stopping.

Error: (06/15/2012 01:14:03 PM) (Source: DCOM) (User: Becky)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/15/2012 01:13:47 PM) (Source: DCOM) (User: Becky)
Description: DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (06/15/2012 01:05:13 PM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0


Microsoft Office Sessions:
=========================
Error: (06/16/2012 01:12:47 PM) (Source: Application Hang)(User: )
Description: MiniToolBox.exe3.3.6.1hungapp0.0.0.000000000

Error: (06/15/2012 05:30:10 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.005dd9290

Error: (06/09/2012 09:31:23 AM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.0057df000

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:49 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:49 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)

Error: (06/04/2012 07:52:48 PM) (Source: USPS Shipping Assistant)(User: )
Description: Timestamp: 6/4/2012 11:52:48 PM
Message: Object reference not set to an instance of an object.
Severity: Error
Process Id: 548
Win32 Thread Id: 1376

Extended Properties:
Exception - System.NullReferenceException: Object reference not set to an instance of an object.
at USPS.SmartClient.Presentation.Shell.UI.SAUtilities.SetToolTips(ControlCollection controls, ToolTip toolTip, ResourceManager rm)


=========================== Installed Programs ============================

Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS5 (Version: 12.0)
Adobe Reader 8.2.0 (Version: 8.2.0)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2411)
AVG 2012 (Version: 2012.0.1913)
Bonjour (Version: 3.0.0.10)
Broadcom Gigabit Integrated Controller (Version: 7.53.02)
Click-N-Ship® for Business (Version: 4.0.54.0)
Coupon Printer for Windows (Version: 5.0.0.1)
Creative Audio Console (Version: 1.33)
Curse Client (Version: 4.0.1.260)
Dell AIO Printer 948
Diablo II Shareware
Diablo III (Version: 1.0.1.9558)
DivX Setup (Version: 2.5.0.11)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
H&R Block Deluxe + Efile + State 2010 (Version: 10.04.6402)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.6203)
H&R Block North Carolina 2010 (Version: 1.10.3701)
H&R Block North Carolina 2011 (Version: 1.11.4001)
iTunes (Version: 10.6.1.7)
Malwarebytes' Anti-Malware version 1.51.0.1200 (Version: 1.51.0.1200)
Microsoft .NET Framework (English) (Version: 1.0.3705)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mozilla Firefox (3.6.12) (Version: 3.6.12 (en-US))
Nero Suite
NVIDIA Drivers
PDF Settings CS5 (Version: 10.0)
QuickTime (Version: 7.69.80.9)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
Skype™ 5.0 (Version: 5.0.152)
Turbo Lister 2 (Version: 2.00.0000)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Vuze (Version: 4.6)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 beta 3 (32-bit) (Version: 4.00.3)
Wondershare Video Converter Ultimate(Build 5.7.1.1)
World of Warcraft (Version: 5.0.1.15662)
World of Warcraft Beta (Version: )

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 76%
Total physical RAM: 3070.09 MB
Available physical RAM: 733.02 MB
Total Pagefile: 4959.4 MB
Available Pagefile: 2310.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.28 MB

========================= Partitions: =====================================

Edited by donbai, 16 June 2012 - 12:25 PM.


#6 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 16 June 2012 - 12:25 PM

13:17:35.0734 1428 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
13:17:36.0031 1428 ============================================================
13:17:36.0031 1428 Current date / time: 2012/06/16 13:17:36.0031
13:17:36.0031 1428 SystemInfo:
13:17:36.0031 1428
13:17:36.0031 1428 OS Version: 5.1.2600 ServicePack: 3.0
13:17:36.0031 1428 Product type: Workstation
13:17:36.0031 1428 ComputerName: BECKY-6AEFAP2GV
13:17:36.0031 1428 UserName: Becky
13:17:36.0031 1428 Windows directory: C:\WINDOWS
13:17:36.0031 1428 System windows directory: C:\WINDOWS
13:17:36.0031 1428 Processor architecture: Intel x86
13:17:36.0031 1428 Number of processors: 1
13:17:36.0031 1428 Page size: 0x1000
13:17:36.0031 1428 Boot type: Normal boot
13:17:36.0031 1428 ============================================================
13:17:36.0828 1428 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:17:36.0828 1428 ============================================================
13:17:36.0828 1428 \Device\Harddisk0\DR0:
13:17:36.0828 1428 MBR partitions:
13:17:36.0828 1428 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE8E035C1
13:17:36.0828 1428 ============================================================
13:17:36.0875 1428 C: <-> \Device\Harddisk0\DR0\Partition0
13:17:36.0890 1428 ============================================================
13:17:36.0890 1428 Initialize success
13:17:36.0890 1428 ============================================================
13:19:06.0328 1956 ============================================================
13:19:06.0328 1956 Scan started
13:19:06.0328 1956 Mode: Manual; SigCheck; TDLFS;
13:19:06.0328 1956 ============================================================
13:19:07.0281 1956 Abiosdsk - ok
13:19:07.0281 1956 abp480n5 - ok
13:19:07.0437 1956 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:19:08.0265 1956 ACPI - ok
13:19:08.0312 1956 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:19:08.0437 1956 ACPIEC - ok
13:19:08.0453 1956 adpu160m - ok
13:19:08.0484 1956 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:19:08.0609 1956 aec - ok
13:19:08.0671 1956 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:19:08.0718 1956 AFD - ok
13:19:08.0734 1956 Aha154x - ok
13:19:08.0734 1956 aic78u2 - ok
13:19:08.0734 1956 aic78xx - ok
13:19:08.0796 1956 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:19:08.0921 1956 Alerter - ok
13:19:08.0968 1956 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:19:09.0078 1956 ALG - ok
13:19:09.0078 1956 AliIde - ok
13:19:09.0078 1956 amsint - ok
13:19:09.0187 1956 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:19:09.0203 1956 Apple Mobile Device - ok
13:19:09.0234 1956 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:19:09.0359 1956 AppMgmt - ok
13:19:09.0375 1956 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:19:09.0484 1956 Arp1394 - ok
13:19:09.0484 1956 asc - ok
13:19:09.0500 1956 asc3350p - ok
13:19:09.0500 1956 asc3550 - ok
13:19:09.0593 1956 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:19:09.0609 1956 aspnet_state - ok
13:19:09.0625 1956 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:19:09.0734 1956 AsyncMac - ok
13:19:09.0765 1956 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:19:09.0875 1956 atapi - ok
13:19:09.0875 1956 Atdisk - ok
13:19:09.0921 1956 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:19:10.0031 1956 Atmarpc - ok
13:19:10.0046 1956 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:19:10.0156 1956 AudioSrv - ok
13:19:10.0156 1956 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:19:10.0265 1956 audstub - ok
13:19:10.0531 1956 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
13:19:10.0812 1956 AVGIDSAgent - ok
13:19:10.0890 1956 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
13:19:10.0937 1956 AVGIDSDriver - ok
13:19:10.0953 1956 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
13:19:10.0953 1956 AVGIDSEH - ok
13:19:10.0984 1956 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
13:19:11.0000 1956 AVGIDSFilter - ok
13:19:11.0000 1956 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
13:19:11.0015 1956 AVGIDSShim - ok
13:19:11.0031 1956 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
13:19:11.0093 1956 Avgldx86 - ok
13:19:11.0109 1956 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
13:19:11.0109 1956 Avgmfx86 - ok
13:19:11.0125 1956 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
13:19:11.0125 1956 Avgrkx86 - ok
13:19:11.0171 1956 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
13:19:11.0187 1956 Avgtdix - ok
13:19:11.0234 1956 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
13:19:11.0265 1956 avgwd - ok
13:19:11.0328 1956 b57w2k (2acf06176b9d011567d7f25b83ddd066) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:19:11.0531 1956 b57w2k - ok
13:19:11.0531 1956 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:19:11.0718 1956 Beep - ok
13:19:11.0765 1956 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:19:11.0890 1956 BITS - ok
13:19:11.0953 1956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:19:11.0984 1956 Bonjour Service - ok
13:19:12.0015 1956 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:19:12.0187 1956 Browser - ok
13:19:12.0218 1956 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:19:12.0343 1956 cbidf2k - ok
13:19:12.0343 1956 cd20xrnt - ok
13:19:12.0359 1956 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:19:12.0500 1956 Cdaudio - ok
13:19:12.0578 1956 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:19:12.0750 1956 Cdfs - ok
13:19:12.0765 1956 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:19:12.0875 1956 Cdrom - ok
13:19:12.0875 1956 Changer - ok
13:19:12.0921 1956 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:19:13.0031 1956 CiSvc - ok
13:19:13.0078 1956 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:19:13.0171 1956 ClipSrv - ok
13:19:13.0250 1956 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:19:13.0265 1956 clr_optimization_v2.0.50727_32 - ok
13:19:13.0265 1956 CmdIde - ok
13:19:13.0281 1956 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
13:19:13.0328 1956 COMMONFX - ok
13:19:13.0343 1956 COMMONFX.SYS (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\System32\drivers\COMMONFX.SYS
13:19:13.0343 1956 COMMONFX.SYS - ok
13:19:13.0359 1956 COMSysApp - ok
13:19:13.0375 1956 Cpqarray - ok
13:19:13.0390 1956 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
13:19:13.0390 1956 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:19:13.0390 1956 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:19:13.0437 1956 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:19:13.0546 1956 CryptSvc - ok
13:19:13.0625 1956 ctac32k (357c534b38019b597f51c8bf7186c118) C:\WINDOWS\system32\drivers\ctac32k.sys
13:19:13.0656 1956 ctac32k - ok
13:19:13.0765 1956 ctaud2k (691f8259a1f9c983356d8db2cde8043c) C:\WINDOWS\system32\drivers\ctaud2k.sys
13:19:13.0828 1956 ctaud2k - ok
13:19:13.0859 1956 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
13:19:13.0890 1956 CTAUDFX - ok
13:19:13.0890 1956 CTAUDFX.SYS (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\System32\drivers\CTAUDFX.SYS
13:19:13.0921 1956 CTAUDFX.SYS - ok
13:19:13.0968 1956 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
13:19:13.0984 1956 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
13:19:13.0984 1956 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
13:19:14.0062 1956 ctdvda2k (8545d70b0335a05498f34e7e3f8ca9a2) C:\WINDOWS\system32\drivers\ctdvda2k.sys
13:19:14.0078 1956 ctdvda2k - ok
13:19:14.0125 1956 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
13:19:14.0140 1956 CTERFXFX - ok
13:19:14.0140 1956 CTERFXFX.SYS (16f448354067914e7deaea709011bd60) C:\WINDOWS\System32\drivers\CTERFXFX.SYS
13:19:14.0156 1956 CTERFXFX.SYS - ok
13:19:14.0171 1956 ctprxy2k (4d71541283aea28fb839007be90b5fc7) C:\WINDOWS\system32\drivers\ctprxy2k.sys
13:19:14.0171 1956 ctprxy2k - ok
13:19:14.0203 1956 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
13:19:14.0218 1956 CTSBLFX - ok
13:19:14.0234 1956 CTSBLFX.SYS (64c83684661be137023f5186a612cf34) C:\WINDOWS\System32\drivers\CTSBLFX.SYS
13:19:14.0250 1956 CTSBLFX.SYS - ok
13:19:14.0265 1956 ctsfm2k (632194572ebde8d461728cf382a7e964) C:\WINDOWS\system32\drivers\ctsfm2k.sys
13:19:14.0359 1956 ctsfm2k - ok
13:19:14.0359 1956 dac2w2k - ok
13:19:14.0359 1956 dac960nt - ok
13:19:14.0421 1956 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:19:14.0484 1956 DcomLaunch - ok
13:19:14.0515 1956 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:19:14.0625 1956 Dhcp - ok
13:19:14.0640 1956 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:19:14.0750 1956 Disk - ok
13:19:14.0875 1956 dldfCATSCustConnectService (37b339fbac80633cea47d58a643a7c67) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe
13:19:14.0875 1956 dldfCATSCustConnectService - ok
13:19:14.0890 1956 dldf_device - ok
13:19:14.0890 1956 dmadmin - ok
13:19:14.0984 1956 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:19:15.0156 1956 dmboot - ok
13:19:15.0171 1956 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:19:15.0296 1956 dmio - ok
13:19:15.0296 1956 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:19:15.0421 1956 dmload - ok
13:19:15.0468 1956 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:19:15.0656 1956 dmserver - ok
13:19:15.0781 1956 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:19:15.0890 1956 DMusic - ok
13:19:16.0078 1956 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
13:19:16.0187 1956 Dnscache - ok
13:19:16.0250 1956 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:19:16.0406 1956 Dot3svc - ok
13:19:16.0421 1956 dpti2o - ok
13:19:16.0437 1956 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:19:16.0531 1956 drmkaud - ok
13:19:16.0562 1956 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:19:16.0671 1956 EapHost - ok
13:19:16.0750 1956 emupia (bacd9cc06d7a787e529e7ebf56b671aa) C:\WINDOWS\system32\drivers\emupia2k.sys
13:19:16.0765 1956 emupia - ok
13:19:16.0781 1956 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:19:16.0968 1956 ERSvc - ok
13:19:17.0046 1956 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:19:17.0093 1956 Eventlog - ok
13:19:17.0187 1956 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
13:19:17.0218 1956 EventSystem - ok
13:19:17.0296 1956 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:19:17.0421 1956 Fastfat - ok
13:19:17.0531 1956 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:19:17.0703 1956 FastUserSwitchingCompatibility - ok
13:19:17.0750 1956 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:19:17.0843 1956 Fdc - ok
13:19:17.0906 1956 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:19:18.0078 1956 Fips - ok
13:19:18.0812 1956 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:19:18.0937 1956 Flpydisk - ok
13:19:19.0000 1956 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:19:19.0125 1956 FltMgr - ok
13:19:19.0906 1956 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:19:19.0921 1956 FontCache3.0.0.0 - ok
13:19:19.0953 1956 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:19:20.0093 1956 Fs_Rec - ok
13:19:20.0109 1956 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:19:20.0265 1956 Ftdisk - ok
13:19:20.0296 1956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:19:20.0312 1956 GEARAspiWDM - ok
13:19:20.0343 1956 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:19:20.0468 1956 Gpc - ok
13:19:20.0562 1956 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:20.0578 1956 gupdate - ok
13:19:20.0593 1956 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:19:20.0593 1956 gupdatem - ok
13:19:20.0640 1956 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:19:20.0671 1956 gusvc - ok
13:19:20.0765 1956 ha10kx2k (70606233f3ed0e53cb3ea17f846d6a4f) C:\WINDOWS\system32\drivers\ha10kx2k.sys
13:19:20.0875 1956 ha10kx2k - ok
13:19:20.0906 1956 hap16v2k (a0c69ad2a61e576b0207acdd9626e167) C:\WINDOWS\system32\drivers\hap16v2k.sys
13:19:20.0921 1956 hap16v2k - ok
13:19:21.0015 1956 hap17v2k (2ee89452c574d259ada4fc9fc1c07243) C:\WINDOWS\system32\drivers\hap17v2k.sys
13:19:21.0031 1956 hap17v2k - ok
13:19:21.0093 1956 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:19:21.0203 1956 helpsvc - ok
13:19:21.0234 1956 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:19:21.0343 1956 HidServ - ok
13:19:21.0359 1956 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:19:21.0453 1956 hidusb - ok
13:19:21.0531 1956 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:19:21.0640 1956 hkmsvc - ok
13:19:21.0656 1956 hpn - ok
13:19:21.0703 1956 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:19:21.0734 1956 HTTP - ok
13:19:21.0796 1956 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:19:21.0921 1956 HTTPFilter - ok
13:19:21.0921 1956 i2omgmt - ok
13:19:21.0921 1956 i2omp - ok
13:19:21.0968 1956 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:19:22.0078 1956 i8042prt - ok
13:19:22.0109 1956 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:19:22.0125 1956 iaStor - ok
13:19:22.0234 1956 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:19:22.0312 1956 idsvc - ok
13:19:22.0328 1956 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:19:22.0484 1956 Imapi - ok
13:19:22.0515 1956 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
13:19:22.0625 1956 ImapiService - ok
13:19:22.0640 1956 ini910u - ok
13:19:22.0640 1956 IntelIde - ok
13:19:22.0703 1956 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:19:22.0812 1956 intelppm - ok
13:19:22.0843 1956 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:19:22.0953 1956 ip6fw - ok
13:19:22.0984 1956 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:19:23.0093 1956 IpFilterDriver - ok
13:19:23.0125 1956 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:19:23.0234 1956 IpInIp - ok
13:19:23.0281 1956 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:19:23.0546 1956 IpNat - ok
13:19:23.0640 1956 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
13:19:23.0687 1956 iPod Service - ok
13:19:23.0687 1956 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:19:23.0828 1956 IPSec - ok
13:19:23.0859 1956 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:19:23.0953 1956 IRENUM - ok
13:19:23.0968 1956 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:19:24.0093 1956 isapnp - ok
13:19:24.0156 1956 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:19:24.0265 1956 Kbdclass - ok
13:19:24.0281 1956 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:19:24.0390 1956 kbdhid - ok
13:19:24.0437 1956 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:19:24.0546 1956 kmixer - ok
13:19:24.0593 1956 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:19:24.0640 1956 KSecDD - ok
13:19:24.0687 1956 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:19:24.0734 1956 lanmanserver - ok
13:19:24.0781 1956 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:19:24.0812 1956 lanmanworkstation - ok
13:19:24.0812 1956 lbrtfdc - ok
13:19:24.0875 1956 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:19:24.0968 1956 LmHosts - ok
13:19:25.0046 1956 LPDSVC (32933b07fc16d9f778bee12545fa1b1a) C:\WINDOWS\System32\tcpsvcs.exe
13:19:25.0171 1956 LPDSVC - ok
13:19:25.0218 1956 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
13:19:25.0234 1956 MBAMSwissArmy - ok
13:19:25.0265 1956 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:19:25.0375 1956 Messenger - ok
13:19:25.0375 1956 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:19:25.0484 1956 mnmdd - ok
13:19:25.0531 1956 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
13:19:25.0703 1956 mnmsrvc - ok
13:19:25.0750 1956 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:19:25.0859 1956 Modem - ok
13:19:25.0875 1956 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:19:25.0968 1956 Mouclass - ok
13:19:25.0984 1956 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:19:26.0109 1956 mouhid - ok
13:19:26.0140 1956 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:19:26.0250 1956 MountMgr - ok
13:19:26.0250 1956 mraid35x - ok
13:19:26.0265 1956 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:19:26.0375 1956 MRxDAV - ok
13:19:26.0421 1956 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:19:26.0484 1956 MRxSmb - ok
13:19:26.0515 1956 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
13:19:26.0687 1956 MSDTC - ok
13:19:26.0718 1956 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:19:26.0843 1956 Msfs - ok
13:19:26.0843 1956 MSIServer - ok
13:19:26.0859 1956 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:19:26.0968 1956 MSKSSRV - ok
13:19:27.0015 1956 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:19:27.0125 1956 MSPCLOCK - ok
13:19:27.0125 1956 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:19:27.0234 1956 MSPQM - ok
13:19:27.0281 1956 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:19:27.0375 1956 mssmbios - ok
13:19:27.0390 1956 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:19:27.0500 1956 Mup - ok
13:19:27.0562 1956 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:19:27.0671 1956 napagent - ok
13:19:27.0734 1956 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:19:27.0875 1956 NDIS - ok
13:19:27.0890 1956 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:19:28.0046 1956 NdisTapi - ok
13:19:28.0093 1956 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:19:28.0281 1956 Ndisuio - ok
13:19:28.0328 1956 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:19:28.0453 1956 NdisWan - ok
13:19:28.0468 1956 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:19:28.0531 1956 NDProxy - ok
13:19:28.0546 1956 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:19:28.0656 1956 NetBIOS - ok
13:19:28.0687 1956 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:19:28.0796 1956 NetBT - ok
13:19:28.0828 1956 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:19:28.0937 1956 NetDDE - ok
13:19:28.0937 1956 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:19:29.0046 1956 NetDDEdsdm - ok
13:19:29.0093 1956 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
13:19:29.0203 1956 Netlogon - ok
13:19:29.0250 1956 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:19:29.0359 1956 Netman - ok
13:19:29.0484 1956 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:19:29.0500 1956 NetTcpPortSharing - ok
13:19:29.0531 1956 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:19:29.0625 1956 NIC1394 - ok
13:19:29.0656 1956 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
13:19:29.0687 1956 Nla - ok
13:19:29.0718 1956 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:19:29.0828 1956 Npfs - ok
13:19:29.0843 1956 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:19:29.0968 1956 Ntfs - ok
13:19:29.0968 1956 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
13:19:30.0078 1956 NtLmSsp - ok
13:19:30.0171 1956 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:19:30.0296 1956 NtmsSvc - ok
13:19:30.0312 1956 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:19:30.0437 1956 Null - ok
13:19:30.0625 1956 nv (be10db9ad60d5814aeff31d976b99448) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:19:30.0828 1956 nv - ok
13:19:30.0906 1956 NVSvc (a3b67aa9f60533557fd9141bca9fa4a9) C:\WINDOWS\System32\nvsvc32.exe
13:19:30.0937 1956 NVSvc - ok
13:19:30.0953 1956 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:19:31.0078 1956 NwlnkFlt - ok
13:19:31.0078 1956 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:19:31.0187 1956 NwlnkFwd - ok
13:19:31.0203 1956 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:19:31.0343 1956 ohci1394 - ok
13:19:31.0437 1956 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:19:31.0484 1956 ose - ok
13:19:31.0500 1956 ossrv (ae896073e1bbf98fefc2ec52f62c0fba) C:\WINDOWS\system32\drivers\ctoss2k.sys
13:19:31.0562 1956 ossrv - ok
13:19:31.0578 1956 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:19:31.0687 1956 Parport - ok
13:19:31.0687 1956 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:19:31.0796 1956 PartMgr - ok
13:19:31.0828 1956 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:19:31.0953 1956 ParVdm - ok
13:19:31.0968 1956 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:19:32.0078 1956 PCI - ok
13:19:32.0078 1956 PCIDump - ok
13:19:32.0125 1956 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:19:32.0234 1956 PCIIde - ok
13:19:32.0281 1956 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:19:32.0390 1956 Pcmcia - ok
13:19:32.0406 1956 PDCOMP - ok
13:19:32.0406 1956 PDFRAME - ok
13:19:32.0406 1956 PDRELI - ok
13:19:32.0421 1956 PDRFRAME - ok
13:19:32.0421 1956 perc2 - ok
13:19:32.0437 1956 perc2hib - ok
13:19:32.0484 1956 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:19:32.0500 1956 PlugPlay - ok
13:19:32.0546 1956 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
13:19:32.0640 1956 PolicyAgent - ok
13:19:32.0671 1956 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:19:32.0796 1956 PptpMiniport - ok
13:19:32.0812 1956 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
13:19:32.0906 1956 Processor - ok
13:19:32.0921 1956 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:19:33.0031 1956 ProtectedStorage - ok
13:19:33.0031 1956 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:19:33.0156 1956 PSched - ok
13:19:33.0187 1956 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:19:33.0343 1956 Ptilink - ok
13:19:33.0343 1956 ql1080 - ok
13:19:33.0359 1956 Ql10wnt - ok
13:19:33.0359 1956 ql12160 - ok
13:19:33.0375 1956 ql1240 - ok
13:19:33.0375 1956 ql1280 - ok
13:19:33.0375 1956 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:19:33.0484 1956 RasAcd - ok
13:19:33.0546 1956 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:19:33.0656 1956 RasAuto - ok
13:19:33.0671 1956 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:19:33.0781 1956 Rasl2tp - ok
13:19:33.0828 1956 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:19:33.0937 1956 RasMan - ok
13:19:33.0953 1956 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:19:34.0062 1956 RasPppoe - ok
13:19:34.0125 1956 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:19:34.0234 1956 Raspti - ok
13:19:34.0281 1956 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:19:34.0390 1956 Rdbss - ok
13:19:34.0390 1956 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:19:34.0500 1956 RDPCDD - ok
13:19:34.0515 1956 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:19:34.0625 1956 rdpdr - ok
13:19:34.0656 1956 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:19:34.0765 1956 RDPWD - ok
13:19:34.0796 1956 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:19:34.0906 1956 RDSessMgr - ok
13:19:34.0906 1956 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:19:35.0062 1956 redbook - ok
13:19:35.0109 1956 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:19:35.0218 1956 RemoteAccess - ok
13:19:35.0250 1956 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:19:35.0359 1956 RemoteRegistry - ok
13:19:35.0406 1956 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
13:19:35.0515 1956 RpcLocator - ok
13:19:35.0546 1956 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:19:35.0578 1956 RpcSs - ok
13:19:35.0625 1956 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
13:19:35.0734 1956 RSVP - ok
13:19:35.0750 1956 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:19:35.0859 1956 SamSs - ok
13:19:35.0875 1956 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:19:36.0000 1956 SCardSvr - ok
13:19:36.0031 1956 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:19:36.0140 1956 Schedule - ok
13:19:36.0187 1956 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:19:36.0312 1956 Secdrv - ok
13:19:36.0328 1956 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:19:36.0437 1956 seclogon - ok
13:19:36.0453 1956 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:19:36.0562 1956 SENS - ok
13:19:36.0578 1956 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:19:36.0687 1956 serenum - ok
13:19:36.0703 1956 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:19:36.0796 1956 Serial - ok
13:19:36.0812 1956 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:19:36.0953 1956 Sfloppy - ok
13:19:36.0984 1956 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:19:37.0093 1956 SharedAccess - ok
13:19:37.0156 1956 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:19:37.0265 1956 ShellHWDetection - ok
13:19:37.0265 1956 Simbad - ok
13:19:37.0281 1956 Sparrow - ok
13:19:37.0312 1956 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:19:37.0421 1956 splitter - ok
13:19:37.0437 1956 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:19:37.0484 1956 Spooler - ok
13:19:37.0562 1956 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
13:19:37.0562 1956 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
13:19:37.0562 1956 sptd ( LockedFile.Multi.Generic ) - warning
13:19:37.0562 1956 sptd - detected LockedFile.Multi.Generic (1)
13:19:37.0578 1956 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:19:37.0687 1956 sr - ok
13:19:37.0703 1956 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
13:19:37.0812 1956 srservice - ok
13:19:37.0843 1956 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
13:19:37.0875 1956 Srv - ok
13:19:37.0953 1956 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
13:19:37.0984 1956 sscdbus - ok
13:19:38.0031 1956 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
13:19:38.0062 1956 sscdmdfl - ok
13:19:38.0406 1956 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
13:19:38.0453 1956 sscdmdm - ok
13:19:38.0515 1956 sscdserd (9fa66e361a99f8920c7609bae6814a0e) C:\WINDOWS\system32\DRIVERS\sscdserd.sys
13:19:38.0531 1956 sscdserd - ok
13:19:38.0546 1956 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:19:38.0656 1956 SSDPSRV - ok
13:19:38.0781 1956 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
13:19:38.0812 1956 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
13:19:38.0812 1956 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
13:19:38.0828 1956 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:19:38.0968 1956 stisvc - ok
13:19:38.0968 1956 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:19:39.0078 1956 swenum - ok
13:19:39.0234 1956 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:19:39.0296 1956 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:19:39.0296 1956 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:19:39.0343 1956 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:19:39.0453 1956 swmidi - ok
13:19:39.0468 1956 SwPrv - ok
13:19:39.0468 1956 symc810 - ok
13:19:39.0484 1956 symc8xx - ok
13:19:39.0484 1956 sym_hi - ok
13:19:39.0500 1956 sym_u3 - ok
13:19:39.0515 1956 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:19:39.0640 1956 sysaudio - ok
13:19:39.0671 1956 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:19:39.0796 1956 SysmonLog - ok
13:19:39.0843 1956 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:19:39.0984 1956 TapiSrv - ok
13:19:40.0046 1956 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:19:40.0078 1956 Tcpip - ok
13:19:40.0109 1956 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:19:40.0234 1956 TDPIPE - ok
13:19:40.0250 1956 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:19:40.0359 1956 TDTCP - ok
13:19:40.0390 1956 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:19:40.0484 1956 TermDD - ok
13:19:40.0515 1956 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:19:40.0625 1956 TermService - ok
13:19:40.0671 1956 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
13:19:40.0781 1956 Themes - ok
13:19:40.0843 1956 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
13:19:40.0953 1956 TlntSvr - ok
13:19:40.0968 1956 TosIde - ok
13:19:40.0984 1956 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:19:41.0109 1956 TrkWks - ok
13:19:41.0125 1956 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:19:41.0234 1956 Udfs - ok
13:19:41.0234 1956 ultra - ok
13:19:41.0265 1956 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:19:41.0375 1956 Update - ok
13:19:41.0406 1956 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:19:41.0515 1956 upnphost - ok
13:19:41.0546 1956 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:19:41.0656 1956 UPS - ok
13:19:41.0734 1956 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:19:41.0765 1956 USBAAPL - ok
13:19:41.0781 1956 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:19:41.0953 1956 usbccgp - ok
13:19:41.0984 1956 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:19:42.0093 1956 usbehci - ok
13:19:42.0093 1956 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:19:42.0203 1956 usbhub - ok
13:19:42.0250 1956 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:19:42.0375 1956 usbprint - ok
13:19:42.0406 1956 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:19:42.0531 1956 usbscan - ok
13:19:42.0578 1956 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:19:42.0703 1956 USBSTOR - ok
13:19:42.0718 1956 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:19:42.0843 1956 usbuhci - ok
13:19:42.0843 1956 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:19:43.0000 1956 VgaSave - ok
13:19:43.0015 1956 ViaIde - ok
13:19:43.0031 1956 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:19:43.0156 1956 VolSnap - ok
13:19:43.0187 1956 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:19:43.0312 1956 VSS - ok
13:19:43.0328 1956 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
13:19:43.0437 1956 W32Time - ok
13:19:43.0453 1956 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:19:43.0562 1956 Wanarp - ok
13:19:43.0562 1956 WDICA - ok
13:19:43.0593 1956 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:19:43.0718 1956 wdmaud - ok
13:19:43.0750 1956 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:19:43.0859 1956 WebClient - ok
13:19:43.0906 1956 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:19:44.0015 1956 winmgmt - ok
13:19:44.0046 1956 WmdmPmSN (c7e39ea41233e9f5b86c8da3a9f1e4a8) C:\WINDOWS\system32\mspmsnsv.dll
13:19:44.0156 1956 WmdmPmSN - ok
13:19:44.0218 1956 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:19:44.0312 1956 Wmi - ok
13:19:44.0359 1956 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
13:19:44.0468 1956 WmiApSrv - ok
13:19:44.0531 1956 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:19:44.0640 1956 wscsvc - ok
13:19:44.0656 1956 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\System32\wuauserv.dll
13:19:44.0781 1956 wuauserv - ok
13:19:44.0812 1956 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:19:44.0968 1956 WZCSVC - ok
13:19:45.0031 1956 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:19:45.0156 1956 xmlprov - ok
13:19:45.0203 1956 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:19:45.0718 1956 \Device\Harddisk0\DR0 - ok
13:19:45.0718 1956 Boot (0x1200) (b47c2086dbce282de874c2434220d780) \Device\Harddisk0\DR0\Partition0
13:19:45.0718 1956 \Device\Harddisk0\DR0\Partition0 - ok
13:19:45.0718 1956 ============================================================
13:19:45.0718 1956 Scan finished
13:19:45.0718 1956 ============================================================
13:19:45.0828 3972 Detected object count: 5
13:19:45.0828 3972 Actual detected object count: 5
13:22:23.0359 3972 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:23.0359 3972 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:23.0359 3972 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:23.0359 3972 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:23.0359 3972 sptd ( LockedFile.Multi.Generic ) - skipped by user
13:22:23.0359 3972 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:22:23.0359 3972 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:23.0359 3972 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:22:23.0359 3972 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:23.0359 3972 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:28 PM

Posted 16 June 2012 - 03:06 PM

Hi

Please follow step 8 only of the preparation guide here.
Post the log in your next reply.

If GMER crashes please give details along with any error message if applicable.

Edited by dev00790, 16 June 2012 - 03:07 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 17 June 2012 - 07:23 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-17 08:23:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD20 rev.51.0
Running: 8rh35ou9.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\fxndypob.sys


---- System - GMER 1.0.15 ----

SSDT spkh.sys ZwCreateKey [0xF74D70E0]
SSDT spkh.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spkh.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spkh.sys ZwOpenKey [0xF74D70C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA92E2F3C]
SSDT spkh.sys ZwQueryKey [0xF74F6108]
SSDT spkh.sys ZwQueryValueKey [0xF74F5F88]
SSDT spkh.sys ZwSetValueKey [0xF74F619A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA92E2FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA92E3080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA92E311C]

INT 0x62 ? 8ADDCBF8
INT 0x74 ? 8A37BBF8
INT 0x84 ? 8A37BBF8
INT 0x94 ? 8A37BBF8
INT 0xA4 ? 8AE48BF8

---- Kernel code sections - GMER 1.0.15 ----

? spkh.sys The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB907A360, 0x20598D, 0xE8000020]
.text USBPORT.SYS!DllUnload B8EB58AC 5 Bytes JMP 8A37B1D8
.text ajjk6w7o.SYS B8BF0386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text ajjk6w7o.SYS B8BF03AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ajjk6w7o.SYS B8BF03C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text ajjk6w7o.SYS B8BF03C9 1 Byte [2E]
.text ajjk6w7o.SYS B8BF03C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1724] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2152] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3100] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AE471F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom 897B7500
Device \Driver\NetBT \Device\NetBT_Tcpip_{98B695CE-C7E5-4780-AABF-616CD88903BD} 89514500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\679965734 spkh.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A37A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A37A1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE491F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AE491F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AE491F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AE491F8
Device \Driver\usbuhci \Device\USBPDO-2 8A37A1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A37A1F8
Device \Driver\usbehci \Device\USBPDO-4 8A34D1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8ADDD1F8
Device \Driver\Cdrom \Device\CdRom0 8A3341F8
Device \Driver\iaStor \Device\Ide\iaStor0 [F7B5ED30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F7B5ED30] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A3341F8
Device \Driver\USBSTOR \Device\00000074 89841368
Device \Driver\NetBT \Device\NetBt_Wins_Export 89514500
Device \Driver\NetBT \Device\NetbiosSmb 89514500
Device \Driver\PCI_PNP6984 \Device\0000004d spkh.sys
Device \Driver\PCI_PNP6984 \Device\0000004d spkh.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A37A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A37A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A4F1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A37A1F8
Device \Driver\USBSTOR \Device\0000007c 89841368
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A4F1F8
Device \Driver\usbuhci \Device\USBFDO-3 8A37A1F8
Device \Driver\usbehci \Device\USBFDO-4 8A34D1F8
Device \Driver\Ftdisk \Device\FtControl 8ADDD1F8
Device \Driver\ajjk6w7o \Device\Scsi\ajjk6w7o1 8A32D1F8
Device \FileSystem\Fastfat \Fat 897B7500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs 89728500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x22 0xD8 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x22 0xD8 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:28 PM

Posted 17 June 2012 - 08:03 AM

Hi

Sorry I made a mistake, please do the following next:

1)
Step 6 only of the preparation guide here

2)
Then Step 8 only of the preparation guide here (no need to redownload GMER)
If GMER crashes please give details along with any error message if applicable.

Edited by dev00790, 17 June 2012 - 08:03 AM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 17 June 2012 - 06:52 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-17 19:51:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD20 rev.51.0
Running: 8rh35ou9.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\fxndypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA850EF3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA850EFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA850F080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA850F11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB90BC360, 0x20598D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x22 0xD8 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE9 0x22 0xD8 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:28 PM

Posted 18 June 2012 - 07:18 PM

Hi

Please do the following next:

Step 1


Please uninstall Alcohol Soft - it is interfering with the GMER scan.


Step 2

Then Step 8 only of the preparation guide here (no need to redownload GMER)
If GMER crashes please give details along with any error message if applicable.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 19 June 2012 - 07:04 PM

Alcohol would not unistall on it own so I had to manually delete. I cannot get rid of the sptd service for Alcohol that keeps showing up in the GMER scan. I have referenced the Alcohol forums as to what it suggests and it suggested I run the SPTD uninstaller. I ran it but seems that it did not get rid of the issue since it is still showing up in the scan.

Any ideas!!

#13 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 19 June 2012 - 07:24 PM

Alright I was able to figure out how to get rid of the SPTD issue and GMER is now scanning. It has gone past the point that it was picking up the SPTD service. I'll post results soon as its done.

#14 donbai

donbai
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:10:28 AM

Posted 19 June 2012 - 09:08 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-19 22:07:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD20 rev.51.0
Running: 8rh35ou9.exe; Driver: C:\DOCUME~1\Becky\LOCALS~1\Temp\fxndypob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA7729F3C]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA7729FE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA772A080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA772A11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB8C96360, 0x20598D, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:28 PM

Posted 21 June 2012 - 04:36 PM

Hi

That looks better.

Please rerun TDSSkiller as per step 4 of my earlier post
Post the log in your next reply.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users