Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

task manager disabling virus or trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 the_real_Skiller

the_real_Skiller

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 November 2012 - 10:04 PM

DDS log:


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by Owner at 21:53:32 on 2012-11-19
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.639.176 [GMT -5:00]
.
.
============== Running Processes ================
.
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\taskswitch.exe
D:\Program Files\Logitech\Gaming Software\LWEMon.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\system32\netdde.exe
C:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\UPHClean\uphclean.exe
C:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\DOCUME~1\Owner\LOCALS~1\Temp\uwgb.exe
C:\Programs\Spybot - Search & Destroy 2\SDTray.exe
D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.search.yahoo.com?type=386496&fr=spigot-yhp-ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {1E14060A-21ED-024B-7AB5-38D721F613D1} - d:\windows\system32\iccwphbk.dll
BHO: Java™ Plug-In 2 SSV Helper: {41625EAF-7E19-1E9A-4691-552F53581A87} - d:\windows\system32\pxdrvv.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Pro Agent] "d:\program files\daemon tools pro\DTProAgent.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "d:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] d:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "d:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] d:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] d:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CoolSwitch] d:\windows\system32\taskswitch.exe
mRun: [NeroFilterCheck] d:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Start WingMan Profiler] d:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Smapp] d:\program files\analog devices\soundmax\SMTray.exe
mRun: [DrvLsnr] d:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"
mRun: [InstaLAN] "d:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [RRT-Auto] c:\downloads\2 - softwares\RRT.exe auto
mRun: [SDTray] "c:\programs\spybot - search & destroy 2\SDTray.exe"
dRun: [CTFMON.EXE] d:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-System: DisableRegistryTools = dword:1
uPolicies-System: DISABLETASKMGR = dword:1
mPolicies-Explorer: MaxRecentDocs = dword:18
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoRecentDocsNetHood = dword:1
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E50EB55E-6597-4EE5-96BB-38AECEB6CE15} : DHCPNameServer = 192.168.2.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\owner\application data\mozilla\firefox\profiles\07s9pykb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - prefs.js: network.proxy.type - 0
FF - component: d:\documents and settings\owner\application data\mozilla\firefox\profiles\07s9pykb.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: d:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: d:\windows\system32\npdeployJava1.dll
FF - plugin: d:\windows\system32\npptools.dll
FF - ExtSQL: 2012-10-17 11:09; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-07-24 23:02; {20a82645-c095-46ed-80e3-08825760534b}; d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-22 655944]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programs\spybot - search & destroy 2\SDFSSvc.exe [2012-11-19 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programs\spybot - search & destroy 2\SDUpdSvc.exe [2012-11-19 1369624]
R3 amsint32;amsint32;\??\d:\windows\system32\drivers\mkplno.sys --> d:\windows\system32\drivers\mkplno.sys [?]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-6-22 22344]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [2010-7-1 34896]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);d:\windows\system32\drivers\vcsvad.sys [2010-10-25 17792]
S1 DumpDrv;Crash Dump Driver;d:\windows\system32\drivers\dumpdrv.sys [2009-10-19 9472]
S1 pljdqjaq;pljdqjaq;\??\d:\windows\system32\drivers\pljdqjaq.sys --> d:\windows\system32\drivers\pljdqjaq.sys [?]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programs\spybot - search & destroy 2\SDWSCSvc.exe [2012-11-19 168384]
S3 anvsnddrv;AnvSoft Virtual Sound Device;d:\windows\system32\drivers\anvsnddrv.sys --> d:\windows\system32\drivers\anvsnddrv.sys [?]
S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [2012-9-11 13192]
S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [2012-9-11 8456]
S3 HP8207_8307;HP-HP8207_8307;d:\windows\system32\drivers\hp8207_8307.sys --> d:\windows\system32\drivers\HP8207_8307.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2012-11-14 40776]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="d:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1"
ShellExec: Foxit Reader.exe: printto="d:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4"
.
=============== Created Last 30 ================
.
2012-11-20 00:28:42 -------- d-----w- d:\documents and settings\owner\application data\SUPERAntiSpyware.com
2012-11-20 00:28:10 -------- d-----w- d:\program files\SUPERAntiSpyware
2012-11-20 00:28:10 -------- d-----w- d:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-11-19 21:46:55 -------- d-----w- d:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-11-19 21:46:02 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-11-18 14:32:40 -------- d-----w- d:\documents and settings\all users\application data\Sony Corporation
2012-11-17 20:09:32 -------- d-----w- d:\windows\SxsCaPendDel
2012-11-15 16:06:14 -------- d-----w- d:\documents and settings\owner\application data\TuneUp Software
2012-11-15 16:04:59 -------- d-----w- d:\documents and settings\all users\application data\TuneUp Software
2012-11-15 16:04:01 -------- d-sh--w- d:\documents and settings\all users\application data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-15 16:04:01 -------- d--h--w- d:\documents and settings\all users\application data\Common Files
2012-11-14 22:49:25 -------- d-----w- d:\windows\system32\MpEngineStore
2012-11-14 16:40:57 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2012-11-14 02:16:49 58368 ------w- d:\windows\system32\dllcache\synceng.dll
2012-11-10 21:19:12 -------- d-----w- d:\documents and settings\owner\application data\island_tribe_4_realore_en
2012-11-07 01:03:57 -------- d-----w- d:\documents and settings\owner\application data\Realore_Whiterra Roads Of Rome 3
2012-11-06 23:05:31 -------- d-----w- d:\documents and settings\owner\application data\Realore_Whiterra Roads Of Rome 2
2012-11-06 17:34:22 -------- d-----w- d:\documents and settings\owner\application data\realore_whiterra_adelantado
2012-11-05 21:17:47 -------- d-----w- d:\documents and settings\owner\application data\Boolat Games
2012-11-05 21:02:33 -------- d-----w- d:\documents and settings\owner\application data\northern_tale_realore_en
2012-11-05 20:58:03 -------- d-----w- d:\documents and settings\owner\application data\Realore_Whiterra Roads Of Rome
2012-11-05 20:23:30 -------- d-----w- d:\windows\The Promised Land
2012-10-27 20:42:36 971768 ----a-w- d:\program files\mozilla firefox\uninstall\helper.exe
2012-10-26 00:40:48 -------- d-----w- d:\documents and settings\owner\application data\BlooBuzz
2012-10-25 18:30:39 -------- d-----w- d:\program files\BHOK IT Consulting
2012-10-23 17:18:15 -------- d-----w- d:\documents and settings\owner\application data\Foxit Software
2012-10-23 16:47:08 -------- d-----w- d:\documents and settings\owner\application data\Lionhead Studios
2012-10-23 16:39:52 -------- d-sh--w- d:\windows\ftpcache
.
==================== Find3M ====================
.
2012-10-22 08:43:24 1875328 ----a-w- d:\windows\system32\win32k.sys
2012-10-09 14:09:19 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 14:09:19 696760 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- d:\windows\system32\synceng.dll
2012-09-24 19:32:24 477168 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-09-24 19:32:20 473072 ----a-w- d:\windows\system32\deployJava1.dll
2012-09-24 17:51:47 73728 ----a-w- d:\windows\system32\javacpl.cpl
2012-08-28 15:13:45 920064 ----a-w- d:\windows\system32\wininet.dll
2012-08-28 15:13:44 43520 -c--a-w- d:\windows\system32\licmgr10.dll
2012-08-28 15:13:44 1469440 -c--a-w- d:\windows\system32\inetcpl.cpl
2012-08-28 12:07:41 385024 -c--a-w- d:\windows\system32\html.iec
2012-08-24 13:52:39 178176 ----a-w- d:\windows\system32\wintrust.dll
2012-08-22 06:05:26 4779592 ----a-w- d:\windows\system32\SpoonUninstall.exe
.
============= FINISH: 22:00:14,20 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 November 2012 - 11:36 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 the_real_Skiller

the_real_Skiller
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 November 2012 - 07:32 AM

Hi Gringo,

i ran all three programs successfully heres the logs :

Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 37
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive D:: 38% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````






# AdwCleaner v2.008 - Logfile created 11/20/2012 at 07:19:48
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - WARNER-6Q428LRL
# Boot Mode : Normal
# Running from : D:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : D:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Deleted : D:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : D:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : D:\Documents and Settings\Owner\Application Data\PriceGong
Folder Deleted : D:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : D:\Documents and Settings\Owner\Local Settings\Application Data\Ilivid Player
Folder Deleted : D:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A87B991-A31F-4130-AE72-6D0C294BF082}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E908B145-C847-4E85-B315-07E2E70DECF8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\07s9pykb.default\prefs.js

Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 12);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "CA");
Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "A46276BAE12D9C5A5E66A489471BA50A");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "26");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 12);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.1.5");
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");

*************************

AdwCleaner[S1].txt - [3533 octets] - [20/11/2012 07:19:48]

########## EOF - D:\AdwCleaner[S1].txt - [3593 octets] ##########






RogueKiller V8.3.0 [Nov 19 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 20/11/2012 07:26:53

Bad processes : 0

Registry Entries : 14
[HJPOL] HKCU\[...]\System : DISABLETASKMGR (1) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Security Center : ANTIVIRUSDISABLENOTIFY (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FIREWALLDISABLENOTIFY (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UPDATESDISABLENOTIFY (1) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

Particular Files / Folders:

Driver : [LOADED]
SSDT[257] : NtTerminateProcess @ 0x805857B9 -> HOOKED (\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS @ 0xF4A09640)

HOSTS File:
--> D:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: WDC WD1600JB-00GVC0 +++++
--- User ---
[MBR] 4af5b0ebb435985ff677307019d3c96d
[BSP] 13aa8690a68549bd8b37e34c6eb0aa24 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 15120 | Size: 19992 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 132622 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_20112012_072653.txt >>
RKreport[1]_S_20112012_072653.txt



Thanks

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 20 November 2012 - 05:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 the_real_Skiller

the_real_Skiller
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 November 2012 - 05:56 PM

i ran combofix and got an error message...:

alert! it is not safe to continue!
the contents of the combofix package has been compromised.
Please download a fresh copy.

Note: you may be infected with a file patching virus 'Virut'

i restarted and tried again, got the same message...

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 20 November 2012 - 08:38 PM

go ahead and redownload it and try again


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 the_real_Skiller

the_real_Skiller
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 November 2012 - 09:31 PM

Hello

yeah i re-downloaded combo and it went well this time, it had to update recovery ware too.

here's the log from combofix:


ComboFix 12-11-20.02 - Owner 2012-11-20 21:01:49.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.639.327 [GMT -5:00]
Running from: D:\Documents and Settings\Owner\Desktop\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\autorun.inf
C:\hjcgd.pif
D:\autorun.inf
D:\DOCUME~1\Owner\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
D:\Documents and Settings\All Users\Application Data\TEMP
D:\Documents and Settings\Owner\Application Data\.#
D:\Documents and Settings\Owner\Local Settings\Temp\1.tmp\F_IN_BOX.dll
D:\Documents and Settings\Owner\WINDOWS
D:\kwxj.pif
D:\WINDOWS\system32\PowerToyReadme.htm
D:\WINDOWS\system32\pthreadVC.dll
D:\WINDOWS\system32\URTTemp
D:\WINDOWS\system32\URTTemp\fusion.dll
D:\WINDOWS\system32\URTTemp\mscoree.dll
D:\WINDOWS\system32\URTTemp\mscoree.dll.local
D:\WINDOWS\system32\URTTemp\mscorsn.dll
D:\WINDOWS\system32\URTTemp\mscorwks.dll
D:\WINDOWS\system32\URTTemp\msvcr71.dll
D:\WINDOWS\system32\URTTemp\msvcr71.dll.001
D:\WINDOWS\system32\URTTemp\msvcr71.dll.002
D:\WINDOWS\system32\URTTemp\msvcr71.dll.003
D:\WINDOWS\system32\URTTemp\msvcr71.dll.int

D:\WINDOWS\system32\drivers\usbehci.sys . . . is missing!!


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AMSINT32
-------\Legacy_NPF
-------\Service_amsint32


((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))


2012-11-21 02:20:14 . 2012-11-21 02:20:14 -------- d-----w- D:\WINDOWS\system32\wbem\snmp
2012-11-21 02:20:13 . 2012-11-21 02:20:13 -------- d-----w- D:\WINDOWS\system32\xircom
2012-11-21 02:20:13 . 2012-11-21 02:20:13 -------- d-----w- D:\WINDOWS\system32\oobe
2012-11-21 02:20:11 . 2012-11-21 02:20:11 -------- d-----w- D:\Program Files\microsoft frontpage
2012-11-20 00:28:10 . 2012-11-20 22:40:48 -------- d-----w- D:\Program Files\SUPERAntiSpyware
2012-11-19 21:46:55 . 2012-11-19 21:47:40 -------- d-----w- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2012-11-18 14:32:40 . 2012-11-18 14:32:40 -------- d-----w- D:\Documents and Settings\All Users\Application Data\Sony Corporation
2012-11-17 20:09:32 . 2012-11-17 20:09:32 -------- d-----w- D:\WINDOWS\SxsCaPendDel
2012-11-15 16:06:14 . 2012-11-15 16:06:14 -------- d-----w- D:\Documents and Settings\Owner\Application Data\TuneUp Software
2012-11-15 16:04:59 . 2012-11-15 16:07:05 -------- d-----w- D:\Documents and Settings\All Users\Application Data\TuneUp Software
2012-11-15 16:04:01 . 2012-11-15 16:04:01 -------- d-sh--w- D:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-11-15 16:04:01 . 2012-11-15 16:04:01 -------- d--h--w- D:\Documents and Settings\All Users\Application Data\Common Files
2012-11-14 22:49:25 . 2012-11-14 22:49:25 -------- d-----w- D:\WINDOWS\system32\MpEngineStore
2012-11-14 16:40:57 . 2012-11-14 18:12:13 40776 ----a-w- D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2012-11-14 02:16:49 . 2012-10-02 18:04:21 58368 ------w- D:\WINDOWS\system32\dllcache\synceng.dll
2012-11-10 21:19:12 . 2012-11-10 21:20:07 -------- d-----w- D:\Documents and Settings\Owner\Application Data\island_tribe_4_realore_en
2012-11-07 01:03:57 . 2012-11-07 03:35:52 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Realore_Whiterra Roads Of Rome 3
2012-11-06 23:05:31 . 2012-11-08 00:22:45 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Realore_Whiterra Roads Of Rome 2
2012-11-06 17:34:22 . 2012-11-06 17:58:23 -------- d-----w- D:\Documents and Settings\Owner\Application Data\realore_whiterra_adelantado
2012-11-05 21:17:47 . 2012-11-05 21:17:47 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Boolat Games
2012-11-05 21:02:33 . 2012-11-05 21:03:32 -------- d-----w- D:\Documents and Settings\Owner\Application Data\northern_tale_realore_en
2012-11-05 20:58:03 . 2012-11-05 20:59:44 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Realore_Whiterra Roads Of Rome
2012-11-05 20:23:30 . 2012-11-05 20:23:30 -------- d-----w- D:\WINDOWS\The Promised Land
2012-10-26 00:40:48 . 2012-10-26 00:40:48 -------- d-----w- D:\Documents and Settings\Owner\Application Data\BlooBuzz
2012-10-23 17:18:15 . 2012-10-23 17:18:15 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Foxit Software
2012-10-23 16:47:08 . 2012-10-23 17:03:12 -------- d-----w- D:\Documents and Settings\Owner\Application Data\Lionhead Studios
2012-10-23 16:39:52 . 2012-10-23 16:39:52 -------- d-sh--w- D:\WINDOWS\ftpcache
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-11-21 02:21:37 . 2012-11-21 02:21:37 103140 --sh--r- D:\gkhmf.pif
2012-10-22 08:43:24 . 2009-10-19 08:27:26 1875328 ----a-w- D:\WINDOWS\system32\win32k.sys
2012-10-09 14:09:19 . 2012-04-05 14:31:37 696760 ----a-w- D:\WINDOWS\system32\FlashPlayerApp.exe
2012-10-09 14:09:19 . 2011-05-20 00:18:54 73656 ----a-w- D:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04:21 . 2008-04-14 12:00:00 58368 ----a-w- D:\WINDOWS\system32\synceng.dll
2012-09-24 19:32:24 . 2012-05-15 22:19:48 477168 ----a-w- D:\WINDOWS\system32\npdeployJava1.dll
2012-09-24 19:32:20 . 2010-07-28 18:52:18 473072 ----a-w- D:\WINDOWS\system32\deployJava1.dll
2012-09-24 17:51:47 . 2012-05-15 22:19:48 73728 ----a-w- D:\WINDOWS\system32\javacpl.cpl
2012-08-28 15:13:45 . 2009-10-19 08:27:29 920064 ----a-w- D:\WINDOWS\system32\wininet.dll
2012-08-28 15:13:44 . 2009-10-19 08:26:03 43520 -c--a-w- D:\WINDOWS\system32\licmgr10.dll
2012-08-28 15:13:44 . 2009-10-19 08:25:54 1469440 -c--a-w- D:\WINDOWS\system32\inetcpl.cpl
2012-08-28 12:07:41 . 2009-10-19 08:25:48 385024 -c--a-w- D:\WINDOWS\system32\html.iec
2012-08-24 13:52:39 . 2009-10-19 08:27:30 178176 ----a-w- D:\WINDOWS\system32\wintrust.dll
2012-10-27 20:43:06 . 2012-10-27 20:43:06 261600 ----a-w- D:\Program Files\mozilla firefox\components\browsercomps.dll


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2009-10-19 08:35:08 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649 (xpsp_sp3_qfe.080728-1259)] . . D:\WINDOWS\system32\drivers\tcpip.sys
[7] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . D:\WINDOWS\system32\dllcache\tcpip.sys

[-] 2008-04-14 12:00:00 . 5C917CDF01F8AA1B369D68078AC62198 . 220160 . . [5.1.2600.5512 (xpsp.080413-2111)] . . D:\WINDOWS\regedit.exe


D:\WINDOWS\System32\wscntfy.exe ... is missing !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E14060A-21ED-024B-7AB5-38D721F613D1}]
2008-04-14 12:00:00 73728 ----a-w- D:\WINDOWS\system32\iccwphbk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41625EAF-7E19-1E9A-4691-552F53581A87}]
2006-10-18 04:02:00 221184 ----a-w- D:\WINDOWS\system32\pxdrvv.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="D:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 13:08:02 213960]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 00:03:40 222504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 12:00:00 278584]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 524800]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 12:00:00 524800]
"CoolSwitch"="D:\WINDOWS\system32\taskswitch.exe" [2002-03-19 22:30:00 115264]
"NeroFilterCheck"="D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 20:57:24 222768]
"Start WingMan Profiler"="D:\Program Files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 20:10:32 153672]
"Smapp"="D:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 12:57:30 221184]
"DrvLsnr"="D:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 15:34:32 139264]
"type32"="D:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 08:51:27 253952]
"IntelliPoint"="D:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 08:50:07 204800]
"InstaLAN"="D:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 21:33:58 1554840]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 11:20:01 116696]
"Adobe ARM"="D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 19:00:46 919008]
"Malwarebytes' Anti-Malware"="D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 17:46:44 462920]
"SunJavaUpdateSched"="D:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 16:41:54 254896]
"RRT-Auto"="C:\Downloads\2 - Softwares\RRT.exe" [2012-11-17 19:27:07 5140480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2009-10-19 08:25:30 128512]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0\0sdnclean.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"D:\\Program Files\\SoulseekNS\\slsk.exe"=
"D:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"D:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE"=
"D:\\Program Files\\DAEMON Tools Pro\\DTProAgent.exe"=
"D:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"D:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"=
"D:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"D:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinRouterMonitor.exe"=
"D:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"D:\\Program Files\\Logitech\\Gaming Software\\LWEMon.exe"=
"C:\\Educative Programming\\Mama\\jre\\bin\\javaw.exe"=
"D:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"D:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe"=
"D:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\winhfkyeo.exe"=
"D:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\winptipcf.exe"=
"D:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\acqn.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58910:TCP"= 58910:TCP:Pando Media Booster
"58910:UDP"= 58910:UDP:Pando Media Booster

R0 sptd;sptd;D:\WINDOWS\system32\drivers\sptd.sys [2010-07-24 21:28:58 685816]
R2 MBAMService;MBAMService;D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-06-22 20:43:44 655944]
R3 MBAMProtector;MBAMProtector;D:\WINDOWS\system32\drivers\mbam.sys [2012-06-22 20:43:43 22344]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;D:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2010-07-01 13:21:14 34896]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);D:\WINDOWS\system32\drivers\vcsvad.sys [2010-10-25 13:41:54 17792]
S1 DumpDrv;Crash Dump Driver;D:\WINDOWS\system32\drivers\dumpdrv.sys [2009-10-19 03:29:36 9472]
S1 pljdqjaq;pljdqjaq;\??\D:\WINDOWS\system32\drivers\pljdqjaq.sys --> D:\WINDOWS\system32\drivers\pljdqjaq.sys [?]
S3 anvsnddrv;AnvSoft Virtual Sound Device;D:\WINDOWS\system32\drivers\anvsnddrv.sys --> D:\WINDOWS\system32\drivers\anvsnddrv.sys [?]
S3 epmntdrv;epmntdrv;D:\WINDOWS\system32\epmntdrv.sys [2012-09-11 15:22:11 13192]
S3 EuGdiDrv;EuGdiDrv;D:\WINDOWS\system32\EuGdiDrv.sys [2012-09-11 15:22:11 8456]
S3 HP8207_8307;HP-HP8207_8307;D:\WINDOWS\system32\DRIVERS\HP8207_8307.sys --> D:\WINDOWS\system32\DRIVERS\HP8207_8307.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;D:\WINDOWS\system32\drivers\mbamswissarmy.sys [2012-11-14 11:40:57 40776]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - AMSINT32
*Deregistered* - uphcleanhlp

Contents of the 'Scheduled Tasks' folder

2012-11-21 D:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:31:37 . 2012-10-09 14:09:20]

2012-11-18 D:\WINDOWS\Tasks\At2.job
- D:\WINDOWS\system32\shmgrrate.exe [2008-04-14 12:00:00 . 2008-04-14 12:00:00]

2012-11-21 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- D:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 19:22:29 . 2012-08-06 19:22:27]

2012-11-21 D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- D:\Program Files\Google\Update\GoogleUpdate.exe [2012-08-06 19:22:29 . 2012-08-06 19:22:27]

2012-11-21 D:\WINDOWS\Tasks\User_Feed_Synchronization-{0EB2F466-1FDB-41C6-B771-85D418F9E4A0}.job
- D:\WINDOWS\system32\msfeedssync.exe [2009-10-19 08:30:57 . 2009-10-19 08:30:57]


------- Supplementary Scan -------

uStart Page = hxxp://ca.search.yahoo.com?type=386496&fr=spigot-yhp-ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - D:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\07s9pykb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-10-17 11:09; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: !HIDDEN! 2010-07-24 23:02; {20a82645-c095-46ed-80e3-08825760534b}; D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- - - - ORPHANS REMOVED - - - -

AddRemove-6000 Sound Effects - c:\6000\DeIsL1.isu
AddRemove-Morpheus Photo Morpher Update Trial to Full_is1 - D:\Program Files\Morpheus Photo Morpher\unins001.exe

Edited by the_real_Skiller, 20 November 2012 - 09:32 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 20 November 2012 - 09:41 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 the_real_Skiller

the_real_Skiller
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 November 2012 - 11:07 PM

Hi Gringo,

I ran both programs successfully, only thing is I could not dl tdss from your link so i found it elsewhere...

here's both logs:

22:17:44.0734 2924 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
22:17:46.0750 2924 ============================================================
22:17:46.0750 2924 Current date / time: 2012/11/20 22:17:46.0750
22:17:46.0750 2924 SystemInfo:
22:17:46.0750 2924
22:17:46.0750 2924 OS Version: 5.1.2600 ServicePack: 3.0
22:17:46.0750 2924 Product type: Workstation
22:17:46.0750 2924 ComputerName: WARNER-6Q428LRL
22:17:46.0750 2924 UserName: Owner
22:17:46.0750 2924 Windows directory: D:\WINDOWS
22:17:46.0750 2924 System windows directory: D:\WINDOWS
22:17:46.0750 2924 Processor architecture: Intel x86
22:17:46.0750 2924 Number of processors: 1
22:17:46.0750 2924 Page size: 0x1000
22:17:46.0750 2924 Boot type: Normal boot
22:17:46.0750 2924 ============================================================
22:17:48.0687 2924 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
22:17:48.0703 2924 ============================================================
22:17:48.0703 2924 \Device\Harddisk0\DR0:
22:17:48.0703 2924 MBR partitions:
22:17:48.0703 2924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3B4F, BlocksNum 0x270C501
22:17:48.0703 2924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x1030744B
22:17:48.0703 2924 ============================================================
22:17:48.0734 2924 C: <-> \Device\Harddisk0\DR0\Partition2
22:17:48.0765 2924 D: <-> \Device\Harddisk0\DR0\Partition1
22:17:48.0765 2924 ============================================================
22:17:48.0765 2924 Initialize success
22:17:48.0765 2924 ============================================================
22:17:57.0281 3624 ============================================================
22:17:57.0281 3624 Scan started
22:17:57.0281 3624 Mode: Manual;
22:17:57.0281 3624 ============================================================
22:17:59.0125 3624 ================ Scan system memory ========================
22:17:59.0125 3624 System memory - ok
22:17:59.0156 3624 ================ Scan services =============================
22:18:00.0609 3624 Abiosdsk - ok
22:18:00.0640 3624 abp480n5 - ok
22:18:00.0671 3624 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc D:\WINDOWS\system32\drivers\ac97intc.sys
22:18:00.0671 3624 ac97intc - ok
22:18:00.0718 3624 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI D:\WINDOWS\system32\DRIVERS\ACPI.sys
22:18:00.0734 3624 ACPI - ok
22:18:00.0765 3624 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC D:\WINDOWS\system32\drivers\ACPIEC.sys
22:18:00.0765 3624 ACPIEC - ok
22:18:00.0906 3624 [ E2B3F6EFD03DFA9C256689FF1E71D49D ] Adobe LM Service D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
22:18:00.0921 3624 Adobe LM Service - ok
22:18:01.0000 3624 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:18:01.0015 3624 AdobeFlashPlayerUpdateSvc - ok
22:18:01.0031 3624 adpu160m - ok
22:18:01.0078 3624 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio D:\WINDOWS\system32\drivers\aeaudio.sys
22:18:01.0093 3624 aeaudio - ok
22:18:01.0140 3624 [ 8BED39E3C35D6A489438B8141717A557 ] aec D:\WINDOWS\system32\drivers\aec.sys
22:18:01.0140 3624 aec - ok
22:18:01.0171 3624 [ 38D7B715504DA4741DF35E3594FE2099 ] AFD D:\WINDOWS\System32\drivers\afd.sys
22:18:01.0171 3624 AFD - ok
22:18:01.0265 3624 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService D:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
22:18:01.0281 3624 AffinegyService - ok
22:18:01.0296 3624 AFGMp50 - ok
22:18:01.0328 3624 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] AFGSp50 D:\WINDOWS\system32\Drivers\AFGSp50.sys
22:18:01.0328 3624 AFGSp50 - ok
22:18:01.0375 3624 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 D:\WINDOWS\system32\DRIVERS\agp440.sys
22:18:01.0375 3624 agp440 - ok
22:18:01.0390 3624 Aha154x - ok
22:18:01.0406 3624 aic78u2 - ok
22:18:01.0437 3624 aic78xx - ok
22:18:01.0468 3624 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter D:\WINDOWS\system32\alrsvc.dll
22:18:01.0468 3624 Alerter - ok
22:18:01.0484 3624 [ 8C515081584A38AA007909CD02020B3D ] ALG D:\WINDOWS\System32\alg.exe
22:18:01.0484 3624 ALG - ok
22:18:01.0515 3624 AliIde - ok
22:18:01.0531 3624 amsint - ok
22:18:01.0562 3624 anvsnddrv - ok
22:18:01.0593 3624 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt D:\WINDOWS\System32\appmgmts.dll
22:18:01.0593 3624 AppMgmt - ok
22:18:01.0625 3624 asc - ok
22:18:01.0640 3624 asc3350p - ok
22:18:01.0656 3624 asc3550 - ok
22:18:01.0843 3624 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:18:01.0859 3624 aspnet_state - ok
22:18:01.0890 3624 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac D:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:18:01.0890 3624 AsyncMac - ok
22:18:01.0921 3624 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi D:\WINDOWS\system32\DRIVERS\atapi.sys
22:18:01.0921 3624 atapi - ok
22:18:01.0937 3624 Atdisk - ok
22:18:02.0015 3624 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc D:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:18:02.0015 3624 Atmarpc - ok
22:18:02.0046 3624 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv D:\WINDOWS\System32\audiosrv.dll
22:18:02.0046 3624 AudioSrv - ok
22:18:02.0078 3624 [ D9F724AA26C010A217C97606B160ED68 ] audstub D:\WINDOWS\system32\DRIVERS\audstub.sys
22:18:02.0078 3624 audstub - ok
22:18:02.0125 3624 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep D:\WINDOWS\system32\drivers\Beep.sys
22:18:02.0125 3624 Beep - ok
22:18:02.0187 3624 [ F13D1AA04F1F02399EB87F011584B7C0 ] BITS D:\WINDOWS\system32\qmgr.dll
22:18:02.0218 3624 BITS - ok
22:18:02.0250 3624 [ FC6D1D80588D371F0321E15A75B2F8F2 ] Browser D:\WINDOWS\System32\browser.dll
22:18:02.0250 3624 Browser - ok
22:18:02.0984 3624 catchme - ok
22:18:03.0015 3624 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k D:\WINDOWS\system32\drivers\cbidf2k.sys
22:18:03.0015 3624 cbidf2k - ok
22:18:03.0031 3624 cd20xrnt - ok
22:18:03.0062 3624 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio D:\WINDOWS\system32\drivers\Cdaudio.sys
22:18:03.0062 3624 Cdaudio - ok
22:18:03.0109 3624 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs D:\WINDOWS\system32\drivers\Cdfs.sys
22:18:03.0109 3624 Cdfs - ok
22:18:03.0125 3624 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom D:\WINDOWS\system32\DRIVERS\cdrom.sys
22:18:03.0140 3624 Cdrom - ok
22:18:03.0156 3624 Changer - ok
22:18:03.0171 3624 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] cisvc D:\WINDOWS\system32\cisvc.exe
22:18:03.0171 3624 cisvc - ok
22:18:03.0203 3624 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv D:\WINDOWS\system32\clipsrv.exe
22:18:03.0203 3624 ClipSrv - ok
22:18:03.0234 3624 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:03.0250 3624 clr_optimization_v2.0.50727_32 - ok
22:18:03.0265 3624 CmdIde - ok
22:18:03.0296 3624 COMSysApp - ok
22:18:03.0343 3624 Cpqarray - ok
22:18:03.0375 3624 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc D:\WINDOWS\System32\cryptsvc.dll
22:18:03.0375 3624 CryptSvc - ok
22:18:03.0390 3624 dac2w2k - ok
22:18:03.0406 3624 dac960nt - ok
22:18:03.0468 3624 [ 9222562D44021B988B9F9F62207FB6F2 ] DcomLaunch D:\WINDOWS\system32\rpcss.dll
22:18:03.0484 3624 DcomLaunch - ok
22:18:03.0500 3624 [ C51DE19619D50CBD03708647ACA10E70 ] Dhcp D:\WINDOWS\System32\dhcpcsvc.dll
22:18:03.0515 3624 Dhcp - ok
22:18:03.0546 3624 [ 47B6AAEC570F2C11D8BAD80A064D8ED1 ] Disk D:\WINDOWS\system32\DRIVERS\disk.sys
22:18:03.0546 3624 Disk - ok
22:18:03.0562 3624 dmadmin - ok
22:18:03.0640 3624 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot D:\WINDOWS\system32\drivers\dmboot.sys
22:18:03.0671 3624 dmboot - ok
22:18:03.0703 3624 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio D:\WINDOWS\system32\DRIVERS\dmio.sys
22:18:03.0703 3624 dmio - ok
22:18:03.0734 3624 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload D:\WINDOWS\system32\drivers\dmload.sys
22:18:03.0734 3624 dmload - ok
22:18:03.0765 3624 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver D:\WINDOWS\System32\dmserver.dll
22:18:03.0765 3624 dmserver - ok
22:18:03.0796 3624 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic D:\WINDOWS\system32\drivers\DMusic.sys
22:18:03.0812 3624 DMusic - ok
22:18:03.0828 3624 [ FE120AC2244572B2FA4023B7270E956E ] Dnscache D:\WINDOWS\System32\dnsrslvr.dll
22:18:03.0828 3624 Dnscache - ok
22:18:03.0859 3624 [ B4109C8C3D54C83246997A777724F318 ] Dot3svc D:\WINDOWS\System32\dot3svc.dll
22:18:03.0875 3624 Dot3svc - ok
22:18:03.0890 3624 dpti2o - ok
22:18:03.0921 3624 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud D:\WINDOWS\system32\drivers\drmkaud.sys
22:18:03.0921 3624 drmkaud - ok
22:18:04.0000 3624 [ B327281012B48BD73F587799F9F29BE2 ] DumpDrv D:\WINDOWS\system32\drivers\DumpDrv.sys
22:18:04.0000 3624 DumpDrv - ok
22:18:04.0046 3624 [ AC9CF17EE2AE003C98EB4F5336C38058 ] E100B D:\WINDOWS\system32\DRIVERS\e100b325.sys
22:18:04.0046 3624 E100B - ok
22:18:04.0078 3624 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost D:\WINDOWS\System32\eapsvc.dll
22:18:04.0078 3624 EapHost - ok
22:18:04.0109 3624 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv D:\WINDOWS\system32\epmntdrv.sys
22:18:04.0125 3624 epmntdrv - ok
22:18:04.0140 3624 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc D:\WINDOWS\System32\ersvc.dll
22:18:04.0156 3624 ERSvc - ok
22:18:04.0171 3624 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv D:\WINDOWS\system32\EuGdiDrv.sys
22:18:04.0187 3624 EuGdiDrv - ok
22:18:04.0218 3624 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] Eventlog D:\WINDOWS\system32\services.exe
22:18:04.0234 3624 Eventlog - ok
22:18:04.0250 3624 [ F17F6226BDC0CD5F0BEF0DAF84D29BEC ] EventSystem D:\WINDOWS\system32\es.dll
22:18:04.0265 3624 EventSystem - ok
22:18:04.0312 3624 [ 4D893323DAE445E34A4C9038B0551BC9 ] exFat D:\WINDOWS\system32\drivers\exFat.sys
22:18:04.0312 3624 exFat - ok
22:18:04.0359 3624 [ 38D332A6D56AF32635675F132548343E ] Fastfat D:\WINDOWS\system32\drivers\Fastfat.sys
22:18:04.0375 3624 Fastfat - ok
22:18:04.0421 3624 [ 888CD7B39C37E13A2419BECFAAF0A28C ] FastUserSwitchingCompatibility D:\WINDOWS\System32\shsvcs.dll
22:18:04.0421 3624 FastUserSwitchingCompatibility - ok
22:18:04.0453 3624 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc D:\WINDOWS\system32\DRIVERS\fdc.sys
22:18:04.0453 3624 Fdc - ok
22:18:04.0484 3624 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips D:\WINDOWS\system32\drivers\Fips.sys
22:18:04.0484 3624 Fips - ok
22:18:04.0515 3624 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk D:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:18:04.0515 3624 Flpydisk - ok
22:18:04.0578 3624 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr D:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:18:04.0578 3624 FltMgr - ok
22:18:04.0625 3624 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:18:04.0625 3624 FontCache3.0.0.0 - ok
22:18:04.0671 3624 [ 30D42943A54704EF13E2562911DBFCEA ] Fs_Rec D:\WINDOWS\system32\drivers\Fs_Rec.sys
22:18:04.0671 3624 Fs_Rec - ok
22:18:04.0734 3624 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk D:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:18:04.0750 3624 Ftdisk - ok
22:18:04.0765 3624 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc D:\WINDOWS\system32\DRIVERS\msgpc.sys
22:18:04.0765 3624 Gpc - ok
22:18:04.0859 3624 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate D:\Program Files\Google\Update\GoogleUpdate.exe
22:18:04.0859 3624 gupdate - ok
22:18:04.0875 3624 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem D:\Program Files\Google\Update\GoogleUpdate.exe
22:18:04.0890 3624 gupdatem - ok
22:18:04.0953 3624 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc D:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:18:04.0984 3624 helpsvc - ok
22:18:05.0062 3624 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ D:\WINDOWS\System32\hidserv.dll
22:18:05.0062 3624 HidServ - ok
22:18:05.0109 3624 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb D:\WINDOWS\system32\DRIVERS\hidusb.sys
22:18:05.0109 3624 HidUsb - ok
22:18:05.0140 3624 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc D:\WINDOWS\System32\kmsvc.dll
22:18:05.0140 3624 hkmsvc - ok
22:18:05.0156 3624 HP8207_8307 - ok
22:18:05.0171 3624 hpn - ok
22:18:05.0234 3624 [ F6AACF5BCE2893E0C1754AFEB672E5C9 ] HTTP D:\WINDOWS\system32\Drivers\HTTP.sys
22:18:05.0250 3624 HTTP - ok
22:18:05.0281 3624 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter D:\WINDOWS\System32\w3ssl.dll
22:18:05.0296 3624 HTTPFilter - ok
22:18:05.0296 3624 i2omgmt - ok
22:18:05.0328 3624 i2omp - ok
22:18:05.0375 3624 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt D:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:18:05.0375 3624 i8042prt - ok
22:18:05.0453 3624 [ 37D4EC42393E1C518EAF2FFCD74EC00D ] IDriverT D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:18:05.0500 3624 IDriverT - ok
22:18:05.0625 3624 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:18:05.0671 3624 idsvc - ok
22:18:05.0703 3624 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi D:\WINDOWS\system32\DRIVERS\imapi.sys
22:18:05.0718 3624 Imapi - ok
22:18:05.0734 3624 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService D:\WINDOWS\system32\imapi.exe
22:18:05.0750 3624 ImapiService - ok
22:18:05.0765 3624 ini910u - ok
22:18:05.0812 3624 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde D:\WINDOWS\system32\DRIVERS\intelide.sys
22:18:05.0812 3624 IntelIde - ok
22:18:05.0843 3624 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw D:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:18:05.0843 3624 Ip6Fw - ok
22:18:05.0875 3624 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver D:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:18:05.0875 3624 IpFilterDriver - ok
22:18:05.0890 3624 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp D:\WINDOWS\system32\DRIVERS\ipinip.sys
22:18:05.0906 3624 IpInIp - ok
22:18:05.0937 3624 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat D:\WINDOWS\system32\DRIVERS\ipnat.sys
22:18:05.0984 3624 IpNat - ok
22:18:06.0015 3624 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec D:\WINDOWS\system32\DRIVERS\ipsec.sys
22:18:06.0015 3624 IPSec - ok
22:18:06.0046 3624 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM D:\WINDOWS\system32\DRIVERS\irenum.sys
22:18:06.0062 3624 IRENUM - ok
22:18:06.0093 3624 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp D:\WINDOWS\system32\DRIVERS\isapnp.sys
22:18:06.0093 3624 isapnp - ok
22:18:06.0187 3624 [ 691B9B7C0CC1653732717D292D6B305D ] JavaQuickStarterService D:\Program Files\Java\jre6\bin\jqs.exe
22:18:06.0203 3624 JavaQuickStarterService - ok
22:18:06.0218 3624 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass D:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:18:06.0218 3624 Kbdclass - ok
22:18:06.0250 3624 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid D:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:18:06.0250 3624 kbdhid - ok
22:18:06.0281 3624 [ 692BCF44383D056AED41B045A323D378 ] kmixer D:\WINDOWS\system32\drivers\kmixer.sys
22:18:06.0296 3624 kmixer - ok
22:18:06.0312 3624 [ C6EBF1D6AD71DF30DB49B8D3287E1368 ] KSecDD D:\WINDOWS\system32\drivers\KSecDD.sys
22:18:06.0328 3624 KSecDD - ok
22:18:06.0359 3624 [ F385F4B02C535BFFE1D70CAB80838123 ] LanmanServer D:\WINDOWS\System32\srvsvc.dll
22:18:06.0375 3624 LanmanServer - ok
22:18:06.0421 3624 [ 3B9324D60DD321BAB7BF6F77931D3FD1 ] lanmanworkstation D:\WINDOWS\System32\wkssvc.dll
22:18:06.0421 3624 lanmanworkstation - ok
22:18:06.0437 3624 lbrtfdc - ok
22:18:06.0500 3624 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts D:\WINDOWS\System32\lmhsvc.dll
22:18:06.0500 3624 LmHosts - ok
22:18:06.0531 3624 [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector D:\WINDOWS\system32\drivers\mbam.sys
22:18:06.0531 3624 MBAMProtector - ok
22:18:06.0609 3624 [ 43683E970F008C93C9429EF428147A54 ] MBAMService D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:18:06.0625 3624 MBAMService - ok
22:18:06.0656 3624 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy D:\WINDOWS\system32\drivers\mbamswissarmy.sys
22:18:06.0656 3624 MBAMSwissArmy - ok
22:18:06.0687 3624 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger D:\WINDOWS\System32\msgsvc.dll
22:18:06.0687 3624 Messenger - ok
22:18:06.0718 3624 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem D:\WINDOWS\system32\drivers\Modem.sys
22:18:06.0718 3624 Modem - ok
22:18:06.0750 3624 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass D:\WINDOWS\system32\DRIVERS\mouclass.sys
22:18:06.0750 3624 Mouclass - ok
22:18:06.0781 3624 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid D:\WINDOWS\system32\DRIVERS\mouhid.sys
22:18:06.0796 3624 mouhid - ok
22:18:06.0828 3624 [ 1A1FAA5102466F418494E94FF9B0B091 ] MountMgr D:\WINDOWS\system32\drivers\MountMgr.sys
22:18:06.0828 3624 MountMgr - ok
22:18:06.0875 3624 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:18:06.0875 3624 MozillaMaintenance - ok
22:18:06.0890 3624 mraid35x - ok
22:18:06.0921 3624 [ 6A7C4AC5B52155115DEE97995C1CF157 ] MRxDAV D:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:18:06.0937 3624 MRxDAV - ok
22:18:07.0203 3624 [ FB7DFD15D760AD339837A470F0E780D3 ] MRxSmb D:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:18:07.0218 3624 MRxSmb - ok
22:18:07.0281 3624 [ 22193257F69FF48BE98520F32D4A35BA ] MSCSPTISRV D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
22:18:07.0296 3624 MSCSPTISRV - ok
22:18:07.0328 3624 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC D:\WINDOWS\system32\msdtc.exe
22:18:07.0328 3624 MSDTC - ok
22:18:07.0359 3624 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs D:\WINDOWS\system32\drivers\Msfs.sys
22:18:07.0359 3624 Msfs - ok
22:18:07.0375 3624 MSIServer - ok
22:18:07.0421 3624 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV D:\WINDOWS\system32\drivers\MSKSSRV.sys
22:18:07.0421 3624 MSKSSRV - ok
22:18:07.0453 3624 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK D:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:18:07.0453 3624 MSPCLOCK - ok
22:18:07.0468 3624 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM D:\WINDOWS\system32\drivers\MSPQM.sys
22:18:07.0468 3624 MSPQM - ok
22:18:07.0500 3624 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios D:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:18:07.0500 3624 mssmbios - ok
22:18:07.0546 3624 [ 6546FE6639499FA4BEF180BDF08266A1 ] Mup D:\WINDOWS\system32\drivers\Mup.sys
22:18:07.0546 3624 Mup - ok
22:18:07.0593 3624 [ 0102140028FAD045756796E1C685D695 ] napagent D:\WINDOWS\System32\qagentrt.dll
22:18:07.0609 3624 napagent - ok
22:18:07.0640 3624 [ B5B1080D35974C0E718D64280761BCD5 ] NDIS D:\WINDOWS\system32\drivers\NDIS.sys
22:18:07.0640 3624 NDIS - ok
22:18:07.0656 3624 [ 1AB3D00C991AB086E69DB84B6C0ED78F ] NdisTapi D:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:18:07.0656 3624 NdisTapi - ok
22:18:07.0687 3624 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio D:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:18:07.0687 3624 Ndisuio - ok
22:18:07.0718 3624 [ B053A8411045FD0664B389A090CB2BBC ] NdisWan D:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:18:07.0718 3624 NdisWan - ok
22:18:07.0750 3624 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy D:\WINDOWS\system32\drivers\NDProxy.sys
22:18:07.0750 3624 NDProxy - ok
22:18:07.0781 3624 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS D:\WINDOWS\system32\DRIVERS\netbios.sys
22:18:07.0781 3624 NetBIOS - ok
22:18:07.0812 3624 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT D:\WINDOWS\system32\DRIVERS\netbt.sys
22:18:07.0812 3624 NetBT - ok
22:18:07.0843 3624 [ B857BA82860D7FF85AE29B095645563B ] NetDDE D:\WINDOWS\system32\netdde.exe
22:18:07.0859 3624 NetDDE - ok
22:18:07.0875 3624 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm D:\WINDOWS\system32\netdde.exe
22:18:07.0875 3624 NetDDEdsdm - ok
22:18:07.0906 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon D:\WINDOWS\system32\lsass.exe
22:18:07.0906 3624 Netlogon - ok
22:18:07.0953 3624 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman D:\WINDOWS\System32\netman.dll
22:18:08.0046 3624 Netman - ok
22:18:08.0093 3624 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:18:08.0093 3624 NetTcpPortSharing - ok
22:18:08.0140 3624 [ 290C1A30DEFC723BBE10910AC2D6F6D0 ] Nla D:\WINDOWS\System32\mswsock.dll
22:18:08.0156 3624 Nla - ok
22:18:08.0265 3624 [ A328A46D87BB92CE4D8A4528E9D84787 ] NMIndexingService D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:18:08.0296 3624 NMIndexingService - ok
22:18:08.0328 3624 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs D:\WINDOWS\system32\drivers\Npfs.sys
22:18:08.0343 3624 Npfs - ok
22:18:08.0406 3624 [ AE8CAD8F28DB13B515A68510A539B0B8 ] Ntfs D:\WINDOWS\system32\drivers\Ntfs.sys
22:18:08.0437 3624 Ntfs - ok
22:18:08.0453 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp D:\WINDOWS\system32\lsass.exe
22:18:08.0453 3624 NtLmSsp - ok
22:18:08.0500 3624 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc D:\WINDOWS\system32\ntmssvc.dll
22:18:08.0531 3624 NtmsSvc - ok
22:18:08.0546 3624 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null D:\WINDOWS\system32\drivers\Null.sys
22:18:08.0562 3624 Null - ok
22:18:08.0671 3624 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv D:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:18:08.0750 3624 nv - ok
22:18:08.0781 3624 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt D:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:18:08.0781 3624 NwlnkFlt - ok
22:18:08.0796 3624 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd D:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:18:08.0796 3624 NwlnkFwd - ok
22:18:08.0906 3624 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:18:08.0921 3624 odserv - ok
22:18:09.0093 3624 [ 5A432A042DAE460ABE7199B758E8606C ] ose D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:09.0109 3624 ose - ok
22:18:09.0140 3624 [ 9BFA1DD89380E0BF6CA0FD2471A59107 ] PACSPTISVR D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
22:18:09.0171 3624 PACSPTISVR - ok
22:18:09.0218 3624 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport D:\WINDOWS\system32\DRIVERS\parport.sys
22:18:09.0218 3624 Parport - ok
22:18:09.0234 3624 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr D:\WINDOWS\system32\drivers\PartMgr.sys
22:18:09.0234 3624 PartMgr - ok
22:18:09.0265 3624 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm D:\WINDOWS\system32\drivers\ParVdm.sys
22:18:09.0265 3624 ParVdm - ok
22:18:09.0296 3624 [ A219903CCF74233761D92BEF471A07B1 ] PCI D:\WINDOWS\system32\DRIVERS\pci.sys
22:18:09.0296 3624 PCI - ok
22:18:09.0312 3624 PCIDump - ok
22:18:09.0343 3624 PCIIde - ok
22:18:09.0375 3624 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia D:\WINDOWS\system32\drivers\Pcmcia.sys
22:18:09.0375 3624 Pcmcia - ok
22:18:09.0406 3624 PDCOMP - ok
22:18:09.0437 3624 PDFRAME - ok
22:18:09.0453 3624 PDRELI - ok
22:18:09.0468 3624 PDRFRAME - ok
22:18:09.0500 3624 perc2 - ok
22:18:09.0515 3624 perc2hib - ok
22:18:09.0609 3624 [ 444F122E68DB44C0589227781F3C8B3F ] pfc D:\WINDOWS\system32\drivers\pfc.sys
22:18:09.0609 3624 pfc - ok
22:18:09.0625 3624 pljdqjaq - ok
22:18:09.0671 3624 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] PlugPlay D:\WINDOWS\system32\services.exe
22:18:09.0671 3624 PlugPlay - ok
22:18:09.0703 3624 [ 3B6973D60BDE757C53BB76842D31318E ] Point32 D:\WINDOWS\system32\DRIVERS\point32.sys
22:18:09.0718 3624 Point32 - ok
22:18:09.0734 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent D:\WINDOWS\system32\lsass.exe
22:18:09.0765 3624 PolicyAgent - ok
22:18:09.0796 3624 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport D:\WINDOWS\system32\DRIVERS\raspptp.sys
22:18:09.0796 3624 PptpMiniport - ok
22:18:09.0828 3624 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor D:\WINDOWS\system32\DRIVERS\processr.sys
22:18:09.0843 3624 Processor - ok
22:18:09.0859 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage D:\WINDOWS\system32\lsass.exe
22:18:09.0859 3624 ProtectedStorage - ok
22:18:09.0890 3624 [ D8E11D311785F89F1D70A28B0E879127 ] PSched D:\WINDOWS\system32\DRIVERS\psched.sys
22:18:09.0906 3624 PSched - ok
22:18:09.0937 3624 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink D:\WINDOWS\system32\DRIVERS\ptilink.sys
22:18:09.0937 3624 Ptilink - ok
22:18:10.0062 3624 [ 1962166E0CEB740704F30FA55AD3D509 ] PxHelp20 D:\WINDOWS\system32\Drivers\PxHelp20.sys
22:18:10.0062 3624 PxHelp20 - ok
22:18:10.0078 3624 ql1080 - ok
22:18:10.0109 3624 Ql10wnt - ok
22:18:10.0125 3624 ql12160 - ok
22:18:10.0156 3624 ql1240 - ok
22:18:10.0171 3624 ql1280 - ok
22:18:10.0218 3624 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd D:\WINDOWS\system32\DRIVERS\rasacd.sys
22:18:10.0218 3624 RasAcd - ok
22:18:10.0250 3624 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto D:\WINDOWS\System32\rasauto.dll
22:18:10.0250 3624 RasAuto - ok
22:18:10.0281 3624 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp D:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:18:10.0281 3624 Rasl2tp - ok
22:18:10.0312 3624 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan D:\WINDOWS\System32\rasmans.dll
22:18:10.0328 3624 RasMan - ok
22:18:10.0359 3624 [ 2C9D4620A0FD35DE1828370B392F6E2D ] RasPppoe D:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:18:10.0359 3624 RasPppoe - ok
22:18:10.0375 3624 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti D:\WINDOWS\system32\DRIVERS\raspti.sys
22:18:10.0390 3624 Raspti - ok
22:18:10.0421 3624 [ 77050C6615F6EB5402F832B27FD695E0 ] Rdbss D:\WINDOWS\system32\DRIVERS\rdbss.sys
22:18:10.0421 3624 Rdbss - ok
22:18:10.0437 3624 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD D:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:18:10.0437 3624 RDPCDD - ok
22:18:10.0500 3624 [ 47EA20320E3D6FDC7B7BB22B2B881CA6 ] rdpdr D:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:18:10.0500 3624 rdpdr - ok
22:18:10.0562 3624 [ C7D9BC54354B8C706ABF172D48313F1B ] RDPWD D:\WINDOWS\system32\drivers\RDPWD.sys
22:18:10.0562 3624 RDPWD - ok
22:18:10.0609 3624 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr D:\WINDOWS\system32\sessmgr.exe
22:18:10.0609 3624 RDSessMgr - ok
22:18:10.0640 3624 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook D:\WINDOWS\system32\DRIVERS\redbook.sys
22:18:10.0640 3624 redbook - ok
22:18:10.0687 3624 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess D:\WINDOWS\System32\mprdim.dll
22:18:10.0687 3624 RemoteAccess - ok
22:18:10.0718 3624 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry D:\WINDOWS\system32\regsvc.dll
22:18:10.0718 3624 RemoteRegistry - ok
22:18:10.0750 3624 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator D:\WINDOWS\system32\locator.exe
22:18:10.0750 3624 RpcLocator - ok
22:18:10.0796 3624 [ 9222562D44021B988B9F9F62207FB6F2 ] RpcSs D:\WINDOWS\System32\rpcss.dll
22:18:10.0812 3624 RpcSs - ok
22:18:10.0843 3624 [ 743D7D59767073A617B1DCC6C546F234 ] rspndr D:\WINDOWS\system32\DRIVERS\rspndr.sys
22:18:10.0843 3624 rspndr - ok
22:18:10.0890 3624 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP D:\WINDOWS\system32\rsvp.exe
22:18:10.0890 3624 RSVP - ok
22:18:10.0921 3624 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs D:\WINDOWS\system32\lsass.exe
22:18:10.0921 3624 SamSs - ok
22:18:11.0046 3624 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr D:\WINDOWS\System32\SCardSvr.exe
22:18:11.0046 3624 SCardSvr - ok
22:18:11.0109 3624 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule D:\WINDOWS\system32\schedsvc.dll
22:18:11.0109 3624 Schedule - ok
22:18:11.0140 3624 [ A689D522EEDF89401E1DA2FE883AA7EC ] SCREAMINGBDRIVER D:\WINDOWS\system32\drivers\ScreamingBAudio.sys
22:18:11.0156 3624 SCREAMINGBDRIVER - ok
22:18:11.0203 3624 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv D:\WINDOWS\system32\DRIVERS\secdrv.sys
22:18:11.0203 3624 Secdrv - ok
22:18:11.0218 3624 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon D:\WINDOWS\System32\seclogon.dll
22:18:11.0218 3624 seclogon - ok
22:18:11.0250 3624 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS D:\WINDOWS\system32\sens.dll
22:18:11.0250 3624 SENS - ok
22:18:11.0265 3624 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum D:\WINDOWS\system32\DRIVERS\serenum.sys
22:18:11.0265 3624 serenum - ok
22:18:11.0296 3624 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial D:\WINDOWS\system32\DRIVERS\serial.sys
22:18:11.0312 3624 Serial - ok
22:18:11.0359 3624 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy D:\WINDOWS\system32\drivers\Sfloppy.sys
22:18:11.0359 3624 Sfloppy - ok
22:18:11.0390 3624 [ 4F10A2FA76B5BD54CD68AFA94E8ADB39 ] SharedAccess D:\WINDOWS\System32\ipnathlp.dll
22:18:11.0468 3624 SharedAccess - ok
22:18:11.0515 3624 [ 888CD7B39C37E13A2419BECFAAF0A28C ] ShellHWDetection D:\WINDOWS\System32\shsvcs.dll
22:18:11.0515 3624 ShellHWDetection - ok
22:18:11.0531 3624 Simbad - ok
22:18:11.0609 3624 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm D:\WINDOWS\system32\drivers\smwdm.sys
22:18:11.0625 3624 smwdm - ok
22:18:11.0703 3624 [ 3CBDF5C4AF50A5D5DB07A5C31AEEB12A ] SonicStage Back-End Service D:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
22:18:11.0718 3624 SonicStage Back-End Service - ok
22:18:11.0781 3624 [ 3978F082274F723AD5A0A8058C2417DD ] SoundMAX Agent Service (default) D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
22:18:11.0781 3624 SoundMAX Agent Service (default) - ok
22:18:11.0812 3624 Sparrow - ok
22:18:11.0843 3624 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter D:\WINDOWS\system32\drivers\splitter.sys
22:18:11.0859 3624 splitter - ok
22:18:11.0890 3624 [ 60784F891563FB1B767F70117FC2428F ] Spooler D:\WINDOWS\system32\spoolsv.exe
22:18:11.0906 3624 Spooler - ok
22:18:12.0093 3624 [ D390675B8CE45E5FB359338E5E649329 ] sptd D:\WINDOWS\system32\Drivers\sptd.sys
22:18:12.0093 3624 Suspicious file (NoAccess): D:\WINDOWS\system32\Drivers\sptd.sys. md5: D390675B8CE45E5FB359338E5E649329
22:18:12.0093 3624 sptd ( LockedFile.Multi.Generic ) - warning
22:18:12.0093 3624 sptd - detected LockedFile.Multi.Generic (1)
22:18:12.0140 3624 [ BC9C1A82E97AF285FD34ED03E4021552 ] SPTISRV D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
22:18:12.0140 3624 SPTISRV - ok
22:18:12.0187 3624 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] SR D:\WINDOWS\system32\DRIVERS\sr.sys
22:18:12.0187 3624 SR - ok
22:18:12.0250 3624 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice D:\WINDOWS\system32\srsvc.dll
22:18:12.0250 3624 srservice - ok
22:18:12.0312 3624 [ 9B390283569EA58D43D2586032B892F5 ] Srv D:\WINDOWS\system32\DRIVERS\srv.sys
22:18:12.0328 3624 Srv - ok
22:18:12.0375 3624 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV D:\WINDOWS\System32\ssdpsrv.dll
22:18:12.0375 3624 SSDPSRV - ok
22:18:12.0421 3624 [ 110FB8F7DBFF62448FB4BB84E1527261 ] SSScsiSV D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
22:18:12.0421 3624 SSScsiSV - ok
22:18:12.0484 3624 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc D:\WINDOWS\system32\wiaservc.dll
22:18:12.0500 3624 stisvc - ok
22:18:12.0531 3624 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum D:\WINDOWS\system32\DRIVERS\swenum.sys
22:18:12.0531 3624 swenum - ok
22:18:12.0546 3624 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi D:\WINDOWS\system32\drivers\swmidi.sys
22:18:12.0562 3624 swmidi - ok
22:18:12.0578 3624 SwPrv - ok
22:18:12.0609 3624 symc810 - ok
22:18:12.0625 3624 symc8xx - ok
22:18:12.0656 3624 sym_hi - ok
22:18:12.0734 3624 sym_u3 - ok
22:18:12.0765 3624 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio D:\WINDOWS\system32\drivers\sysaudio.sys
22:18:12.0765 3624 sysaudio - ok
22:18:12.0796 3624 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog D:\WINDOWS\system32\smlogsvc.exe
22:18:12.0812 3624 SysmonLog - ok
22:18:12.0859 3624 [ E2B32B10ACC5D97623275AAFB67E5F03 ] TapiSrv D:\WINDOWS\System32\tapisrv.dll
22:18:12.0859 3624 TapiSrv - ok
22:18:12.0906 3624 [ BA8C046D98345129723E6BCAA1E8AB99 ] Tcpip D:\WINDOWS\system32\DRIVERS\tcpip.sys
22:18:12.0921 3624 Tcpip - ok
22:18:12.0953 3624 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE D:\WINDOWS\system32\drivers\TDPIPE.sys
22:18:13.0031 3624 TDPIPE - ok
22:18:13.0093 3624 [ C0578456F29E5F26285F81B7B71FE57D ] TDTCP D:\WINDOWS\system32\drivers\TDTCP.sys
22:18:13.0093 3624 TDTCP - ok
22:18:13.0125 3624 [ 88155247177638048422893737429D9E ] TermDD D:\WINDOWS\system32\DRIVERS\termdd.sys
22:18:13.0125 3624 TermDD - ok
22:18:13.0203 3624 [ 5128852A18AE46C387F87BF27DA4C9DD ] TermService D:\WINDOWS\System32\termsrv.dll
22:18:13.0218 3624 TermService - ok
22:18:13.0250 3624 [ 888CD7B39C37E13A2419BECFAAF0A28C ] Themes D:\WINDOWS\System32\shsvcs.dll
22:18:13.0265 3624 Themes - ok
22:18:13.0281 3624 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr D:\WINDOWS\system32\tlntsvr.exe
22:18:13.0296 3624 TlntSvr - ok
22:18:13.0312 3624 TosIde - ok
22:18:13.0343 3624 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks D:\WINDOWS\system32\trkwks.dll
22:18:13.0343 3624 TrkWks - ok
22:18:13.0390 3624 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs D:\WINDOWS\system32\drivers\Udfs.sys
22:18:13.0390 3624 Udfs - ok
22:18:13.0406 3624 ultra - ok
22:18:13.0921 3624 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update D:\WINDOWS\system32\DRIVERS\update.sys
22:18:13.0937 3624 Update - ok
22:18:14.0031 3624 [ 3F9A3232E5F942874488981F3242C989 ] UPHClean D:\Program Files\UPHClean\uphclean.exe
22:18:14.0046 3624 UPHClean - ok
22:18:14.0125 3624 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost D:\WINDOWS\System32\upnphost.dll
22:18:14.0140 3624 upnphost - ok
22:18:14.0187 3624 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS D:\WINDOWS\System32\ups.exe
22:18:14.0187 3624 UPS - ok
22:18:14.0250 3624 [ E919708DB44ED8543A7C017953148330 ] usbaudio D:\WINDOWS\system32\drivers\usbaudio.sys
22:18:14.0265 3624 usbaudio - ok
22:18:14.0312 3624 [ C18D6C74953621346DF6B0A11F80C1CC ] usbccgp D:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:18:14.0328 3624 usbccgp - ok
22:18:14.0359 3624 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub D:\WINDOWS\system32\DRIVERS\usbhub.sys
22:18:14.0375 3624 usbhub - ok
22:18:14.0406 3624 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan D:\WINDOWS\system32\DRIVERS\usbscan.sys
22:18:14.0421 3624 usbscan - ok
22:18:14.0484 3624 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:18:14.0484 3624 USBSTOR - ok
22:18:14.0546 3624 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci D:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:18:14.0546 3624 usbuhci - ok
22:18:14.0625 3624 [ B2ABAB4CA46BAD182E27763DC19C780F ] VCSVADHWSer D:\WINDOWS\system32\DRIVERS\vcsvad.sys
22:18:14.0625 3624 VCSVADHWSer - ok
22:18:14.0671 3624 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave D:\WINDOWS\System32\drivers\vga.sys
22:18:14.0671 3624 VgaSave - ok
22:18:14.0703 3624 ViaIde - ok
22:18:14.0734 3624 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap D:\WINDOWS\system32\drivers\VolSnap.sys
22:18:14.0750 3624 VolSnap - ok
22:18:14.0796 3624 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS D:\WINDOWS\System32\vssvc.exe
22:18:14.0812 3624 VSS - ok
22:18:14.0828 3624 [ 9F8A0D0CBB2FA265A754516128C00E22 ] W32Time D:\WINDOWS\system32\w32time.dll
22:18:14.0843 3624 W32Time - ok
22:18:14.0890 3624 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp D:\WINDOWS\system32\DRIVERS\wanarp.sys
22:18:14.0890 3624 Wanarp - ok
22:18:15.0171 3624 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 D:\WINDOWS\system32\Drivers\wdf01000.sys
22:18:15.0187 3624 Wdf01000 - ok
22:18:15.0234 3624 WDICA - ok
22:18:15.0281 3624 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud D:\WINDOWS\system32\drivers\wdmaud.sys
22:18:15.0281 3624 wdmaud - ok
22:18:15.0312 3624 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient D:\WINDOWS\System32\webclnt.dll
22:18:15.0328 3624 WebClient - ok
22:18:15.0484 3624 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt D:\WINDOWS\system32\wbem\WMIsvc.dll
22:18:15.0500 3624 winmgmt - ok
22:18:15.0593 3624 [ 5D410936831F7FB58EFF941EAC3F6D3D ] WmBEnum D:\WINDOWS\system32\drivers\WmBEnum.sys
22:18:15.0609 3624 WmBEnum - ok
22:18:15.0656 3624 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN D:\WINDOWS\system32\MsPMSNSv.dll
22:18:15.0671 3624 WmdmPmSN - ok
22:18:15.0718 3624 [ 7A13CFDE92956CA61A0927D766C5AD4F ] WmFilter D:\WINDOWS\system32\drivers\WmFilter.sys
22:18:15.0718 3624 WmFilter - ok
22:18:15.0812 3624 [ DA1BF58EE904C814E748C9FC90B37DA2 ] Wmi D:\WINDOWS\System32\advapi32.dll
22:18:15.0828 3624 Wmi - ok
22:18:15.0921 3624 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv D:\WINDOWS\system32\wbem\wmiapsrv.exe
22:18:15.0937 3624 WmiApSrv - ok
22:18:16.0093 3624 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc D:\Program Files\Windows Media Player\WMPNetwk.exe
22:18:16.0125 3624 WMPNetworkSvc - ok
22:18:16.0203 3624 [ 6F04646BC690F8BBFC344BE32A60796D ] WmVirHid D:\WINDOWS\system32\drivers\WmVirHid.sys
22:18:16.0203 3624 WmVirHid - ok
22:18:16.0250 3624 [ 1D6CA43D562333F4DFB40BCEF2453F3A ] WmXlCore D:\WINDOWS\system32\drivers\WmXlCore.sys
22:18:16.0250 3624 WmXlCore - ok
22:18:16.0312 3624 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb D:\WINDOWS\system32\DRIVERS\wpdusb.sys
22:18:16.0328 3624 WpdUsb - ok
22:18:16.0390 3624 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL D:\WINDOWS\System32\drivers\ws2ifsl.sys
22:18:16.0390 3624 WS2IFSL - ok
22:18:16.0421 3624 wscsvc - ok
22:18:16.0500 3624 [ 02E4055488047729B333F99D93877038 ] wuauserv D:\WINDOWS\system32\wuauserv.dll
22:18:16.0500 3624 wuauserv - ok
22:18:16.0562 3624 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf D:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:18:16.0562 3624 WudfPf - ok
22:18:16.0609 3624 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd D:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:18:16.0609 3624 WudfRd - ok
22:18:16.0656 3624 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc D:\WINDOWS\System32\WUDFSvc.dll
22:18:16.0656 3624 WudfSvc - ok
22:18:16.0734 3624 [ 349B8D2BB755E8C3B0E3E82A87663E55 ] WZCSVC D:\WINDOWS\System32\wzcsvc.dll
22:18:16.0765 3624 WZCSVC - ok
22:18:16.0796 3624 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov D:\WINDOWS\System32\xmlprov.dll
22:18:16.0828 3624 xmlprov - ok
22:18:16.0859 3624 ================ Scan global ===============================
22:18:16.0890 3624 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] D:\WINDOWS\system32\basesrv.dll
22:18:17.0062 3624 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47 ] D:\WINDOWS\system32\winsrv.dll
22:18:17.0156 3624 [ 6DC05976FB5B8E1358EAC8BEDFD1FA47 ] D:\WINDOWS\system32\winsrv.dll
22:18:17.0187 3624 [ 020CEAAEDC8EB655B6506B8C70D53BB6 ] D:\WINDOWS\system32\services.exe
22:18:17.0187 3624 [Global] - ok
22:18:17.0187 3624 ================ Scan MBR ==================================
22:18:17.0218 3624 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:18:17.0375 3624 \Device\Harddisk0\DR0 - ok
22:18:17.0390 3624 ================ Scan VBR ==================================
22:18:17.0406 3624 [ 43EBBC562776524D4EB9F03596989A7C ] \Device\Harddisk0\DR0\Partition1
22:18:17.0406 3624 \Device\Harddisk0\DR0\Partition1 - ok
22:18:17.0406 3624 [ BF37ED4288B887ED9D4F0E9F64E728E1 ] \Device\Harddisk0\DR0\Partition2
22:18:17.0421 3624 \Device\Harddisk0\DR0\Partition2 - ok
22:18:17.0437 3624 ============================================================
22:18:17.0437 3624 Scan finished
22:18:17.0437 3624 ============================================================
22:18:17.0484 3584 Detected object count: 1
22:18:17.0484 3584 Actual detected object count: 1
22:18:29.0218 3584 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:18:29.0218 3584 sptd ( LockedFile.Multi.Generic ) - User select action: Skip




-----------------------------------------------




aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 22:19:20
-----------------------------
22:19:20.703 OS Version: Windows 5.1.2600 Service Pack 3
22:19:20.703 Number of processors: 1 586 0x103
22:19:20.703 ComputerName: WARNER-6Q428LRL UserName: Owner
22:19:21.265 Initialize success
22:25:13.015 AVAST engine defs: 12112000
22:27:08.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:27:08.218 Disk 0 Vendor: WDC_WD1600JB-00GVC0 08.02D08 Size: 152627MB BusType: 3
22:27:08.296 Disk 0 MBR read successfully
22:27:08.375 Disk 0 MBR scan
22:27:08.640 Disk 0 Windows XP default MBR code
22:27:08.734 Disk 0 Partition - 00 0F Extended LBA 19992 MB offset 15120
22:27:08.828 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 132622 MB offset 40965750
22:27:09.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 19992 MB offset 15183
22:27:09.156 Disk 0 scanning sectors +312576705
22:27:09.484 Disk 0 scanning D:\WINDOWS\system32\drivers
22:28:00.328 Service scanning
22:28:02.875 Service Adobe LM Service D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe **INFECTED** Win32:Kukacka
22:28:26.609 Service IDriverT D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe **INFECTED** Win32:Kukacka
22:28:36.656 Service MSCSPTISRV D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe **INFECTED** Win32:Kukacka
22:28:47.015 Service PACSPTISVR D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe **INFECTED** Win32:Kukacka
22:29:02.437 Service SonicStage Back-End Service D:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe **INFECTED** Win32:Kukacka
22:29:04.187 Service sptd D:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
22:29:04.718 Service SPTISRV D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe **INFECTED** Win32:Kukacka
22:29:06.812 Service SSScsiSV D:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe **INFECTED** Win32:Kukacka
22:29:24.531 Modules scanning
22:29:54.531 Disk 0 trace - called modules:
22:29:54.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x82b8a8ac]<<
22:29:54.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82bcfab8]
22:29:55.171 3 CLASSPNP.SYS[f8bf0fd7] -> nt!IofCallDriver -> \Device\00000063[0x82b39f18]
22:29:55.375 5 ACPI.sys[f8a65620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82a72940]
22:29:56.296 AVAST engine scan D:\WINDOWS
22:30:02.687 File: D:\WINDOWS\IsUninst.exe **INFECTED** Win32:Kukacka
22:30:08.093 File: D:\WINDOWS\regedit.exe **INFECTED** Win32:Kukacka
22:30:10.734 File: D:\WINDOWS\SynCor.exe **INFECTED** Win32:Kukacka
22:30:15.875 AVAST engine scan D:\WINDOWS\system32
22:30:34.468 File: D:\WINDOWS\system32\avifill32.dll **INFECTED** Win32:Malware-gen
22:30:44.015 File: D:\WINDOWS\system32\calc.exe **INFECTED** Win32:Kukacka
22:30:56.375 File: D:\WINDOWS\system32\cleanmgr.exe **INFECTED** Win32:Kukacka
22:30:59.015 File: D:\WINDOWS\system32\cmd.exe **INFECTED** Win32:Kukacka
22:32:39.984 File: D:\WINDOWS\system32\dxdiag.exe **INFECTED** Win32:Kukacka
22:33:19.031 File: D:\WINDOWS\system32\iccwphbk.dll **INFECTED** Win32:Malware-gen
22:34:02.890 File: D:\WINDOWS\system32\kbddfi1.dll **INFECTED** Win32:Malware-gen
22:36:23.109 File: D:\WINDOWS\system32\notepad.exe **INFECTED** Win32:Kukacka
22:36:32.515 File: D:\WINDOWS\system32\ntvdm.exe **INFECTED** Win32:Kukacka
22:37:07.562 File: D:\WINDOWS\system32\pxdrvv.dll **INFECTED** Win32:Malware-gen
22:37:26.406 File: D:\WINDOWS\system32\reg.exe **INFECTED** Win32:Kukacka
22:37:27.984 File: D:\WINDOWS\system32\regsvr32.exe **INFECTED** Win32:Kukacka
22:37:41.453 File: D:\WINDOWS\system32\rundll32.exe **INFECTED** Win32:Kukacka
22:38:03.359 File: D:\WINDOWS\system32\shmgrrate.exe **INFECTED** Win32:Malware-gen
22:38:10.578 File: D:\WINDOWS\system32\sndvol32.exe **INFECTED** Win32:Kukacka
22:38:28.328 File: D:\WINDOWS\system32\sysocmgr.exe **INFECTED** Win32:SaliCode
22:38:33.421 File: D:\WINDOWS\system32\taskmgr.exe **INFECTED** Win32:Kukacka
22:38:34.156 File: D:\WINDOWS\system32\TaskSwitch.exe **INFECTED** Win32:Kukacka
22:39:21.671 File: D:\WINDOWS\system32\wiaacmgr.exe **INFECTED** Win32:Kukacka
22:43:55.796 AVAST engine scan D:\WINDOWS\system32\drivers
22:45:07.453 AVAST engine scan D:\Documents and Settings\Owner
22:47:59.781 File: D:\Documents and Settings\Owner\Desktop\adwcleaner.exe **INFECTED** Win32:SaliCode
22:48:02.109 File: D:\Documents and Settings\Owner\Desktop\MSPAINT.EXE **INFECTED** Win32:Kukacka
22:48:05.984 File: D:\Documents and Settings\Owner\Desktop\SecurityCheck.exe **INFECTED** Win32:Kukacka
23:02:00.671 File: D:\Documents and Settings\Owner\Local Settings\Temp\winhfkyeo.exe **INFECTED** Win32:Sality-GR
23:02:28.625 AVAST engine scan D:\Documents and Settings\All Users
23:03:13.000 Scan finished successfully
23:03:27.203 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\Owner\Desktop\MBR.dat"
23:03:27.390 The log file has been saved successfully to "D:\Documents and Settings\Owner\Desktop\aswMBR.txt"





Thanks!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 20 November 2012 - 11:21 PM

I'm afraid I have very bad news. The system is infected with a nasty variant of Win32/Sality. This family of malware is a polymorphic file infector which infects .exe, .scr files, downloads more malicious files to your computer, steals sensitive system information/passwords and sends it back to the attacker.

Please see Kaspersky's Threat Encyclopaedia of Win32.Sality.NAO.

With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

As with many other malware, Sality disables antivirus software and prevents access to certain antivirus and security websites. Sality can also prevent booting into Safe Mode and may delete security-related files found on infected systems. To spread via the autorun component, Sality generally drops a .cmd, .pif, and .exe to the root of discoverable drives, along with an autorun.inf file which contains instructions to load the dropped file(s) when the drive is accessed.

About Sality Virus

If the computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified immediately of the possible security breach.Because your computer was compromised please read:Since Win32.Sality is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files cannot be deleted and anti-malware scanners cannot disinfect them properly. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 the_real_Skiller

the_real_Skiller
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 November 2012 - 11:32 PM

ok i guess im screwed...

is it possible to transfer files i wanna keep on my hdd or is it risky ? (will it keep the infection)

is spybot s&d reliable ?

and any idea where one catches that kind of nasty virus ??

i will transfer (if you say i can) my important stuff on my hdd and reformat/reinstall win XP

thanks for your help again Gringo, i'll make sure to donate once more for your valuable services !

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 21 November 2012 - 12:26 AM

you have to be carefull what you backup with this thing - it is very dangerous -


things like pictures and homemade videos should be ok, but nothing with .exe .scr .com there is even some strains that can go after other files such as PDF and others - so only backup what cannot be replaced and then scan it before you pass it to the good computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 25 November 2012 - 07:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users