s&d constantlly removing viruses. they always come back

**Blade81** · 2010-05-25, 19:33

Ok. Shall wait for the results

**Anton_eric** · 2010-05-26, 03:45

Originally Posted by Blade81

Ok. Shall wait for the results

should this be taking a long time? so far its 2% done after 40 mins of scanning?

**Anton_eric** · 2010-05-26, 05:35

so the roxio thing is gone except it comes up when i reboot the computer is there anyway to get rid of this?

**Blade81** · 2010-05-26, 07:09

Hi,

should this be taking a long time? so far its 2% done after 40 mins of scanning?

Depends how badly hard drive is fragmented. Have antivirus protection disabled.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
Quit::

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log + fresh dds log. See if Roxio issue pops up.

**Anton_eric** · 2010-05-26, 16:47

ComboFix 10-05-25.05 - User 05/26/2010 8:39.8.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2796 [GMT -6:00]
Running from: c:\documents and settings\User\Desktop\ComboFix1.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\common files\installshield\updateservice\ISUSPM.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-24 20:12 . 2010-05-24 20:12 -------- d-----w- c:\program files\Common Files\Java
2010-05-24 01:36 . 2010-05-24 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-05-24 01:32 . 2010-05-24 01:32 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcp71.dll
2010-05-24 01:32 . 2010-05-24 01:32 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\jmc.dll
2010-05-24 01:32 . 2010-05-24 01:32 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-527a3805-n\msvcr71.dll
2010-05-24 01:32 . 2010-05-24 01:32 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-sse.dll
2010-05-24 01:32 . 2010-05-24 01:32 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5987508f-n\decora-d3d.dll
2010-05-24 01:32 . 2010-05-24 20:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-23 15:37 . 2010-05-23 15:40 -------- d-----w- c:\documents and settings\User\.SunDownloadManager
2010-05-23 15:32 . 2010-05-23 15:33 -------- d-----w- c:\program files\COMODO
2010-05-23 15:32 . 2010-05-23 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-05-23 00:49 . 2010-05-25 14:35 -------- d-----w- c:\program files\MSECACHE
2010-05-22 17:16 . 2010-05-22 17:16 -------- d-----w- C:\rsit
2010-05-21 21:47 . 2010-05-22 15:05 -------- d-----w- C:\ComboFix
2010-05-12 01:33 . 2010-05-12 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-30 07:36 . 2010-05-21 05:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-30 07:36 . 2010-04-30 07:36 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-30 07:36 . 2010-05-11 08:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-29 22:25 . 2010-04-29 22:25 47292 ---ha-w- c:\windows\system32\mlfcache.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 14:22 . 2010-03-02 02:54 -------- d-----w- c:\program files\Diablo II
2010-05-24 22:45 . 2008-09-27 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-23 03:52 . 2008-09-27 17:15 -------- d-----w- c:\program files\AVG
2010-05-23 03:51 . 2008-09-27 17:15 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-22 19:02 . 2009-09-02 13:29 75 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2010-05-22 18:27 . 2008-09-27 17:07 69 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2010-05-22 02:09 . 2009-10-29 03:29 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-05-21 03:40 . 2008-04-14 12:00 4224 ----a-w- c:\windows\system32\drivers\rdpcdd.sys
2010-05-15 23:02 . 2009-12-04 22:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-15 18:29 . 2010-03-25 00:40 54657 ----a-w- c:\windows\DIIUnin.dat
2010-05-04 03:10 . 2010-03-17 05:58 256 ----a-w- c:\windows\system32\pool.bin
2010-04-09 07:26 . 2010-04-09 07:26 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-09 07:25 . 2010-04-09 07:25 86800 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-04-09 07:25 . 2010-04-09 07:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-04-09 07:25 . 2010-04-09 07:25 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-04-09 07:25 . 2010-04-09 07:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-03-25 00:52 . 2009-02-11 14:15 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-03-25 00:52 . 2009-02-11 14:15 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-03-25 00:52 . 2009-02-11 14:15 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-03-25 00:40 . 2010-03-25 00:40 2829 ----a-w- c:\windows\DIIUnin.pif
2010-03-25 00:40 . 2010-03-25 00:40 94208 ----a-w- c:\windows\DIIUnin.exe
2010-03-25 00:10 . 2010-03-25 00:10 0 ----a-w- c:\documents and settings\User\jagex__preferences3.dat
2010-03-17 06:07 . 2008-09-26 17:19 58608 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-15 02:39 . 2010-03-15 02:39 15 ----a-w- C:\resetlog.exe
2010-03-13 01:29 . 2010-03-13 01:29 1956808 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-03-11 12:38 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2008-04-14 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-22_15.31.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-26 14:38 . 2010-05-26 14:38 16384 c:\windows\temp\Perflib_Perfdata_4c0.dat
- 2008-04-14 12:00 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 12:00 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2009-01-07 03:30 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-01-07 03:30 . 2009-05-26 09:01 17272 c:\windows\system32\spmsg.dll
+ 2009-12-22 02:09 . 2009-12-22 02:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 07:57 . 2009-12-22 07:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-22 02:02 . 2009-12-22 02:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 05:21 . 2009-12-22 05:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-22 05:37 . 2009-12-22 05:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-22 00:39 . 2009-12-22 00:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-22 00:27 . 2009-12-22 00:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-22 00:27 . 2009-12-22 00:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-22 18:26 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-05-19 14:15 . 2010-05-22 18:26 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-05-19 14:15 . 2010-05-21 23:25 86016 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
+ 2010-05-24 20:12 . 2010-05-24 20:11 153376 c:\windows\system32\javaws.exe
- 2009-08-12 13:45 . 2009-07-25 11:23 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 20:12 . 2010-05-24 20:11 145184 c:\windows\system32\javaw.exe
+ 2010-05-24 20:12 . 2010-05-24 20:11 145184 c:\windows\system32\java.exe
- 2009-08-12 13:45 . 2009-07-25 11:23 145184 c:\windows\system32\java.exe
+ 2010-05-24 20:12 . 2010-05-24 20:12 180224 c:\windows\Installer\76b39.msi
+ 2010-05-24 20:11 . 2010-05-24 20:11 576000 c:\windows\Installer\76b33.msi
+ 2009-12-11 21:57 . 2009-12-11 21:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-22 00:35 . 2009-12-22 00:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-22 02:05 . 2009-12-22 02:05 116168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlrShim.exe
+ 2009-12-22 00:34 . 2009-12-22 00:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-10 01:18 . 2009-11-10 01:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-22 02:02 . 2009-12-22 02:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-22 00:43 . 2009-12-22 00:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 07:57 . 2009-12-22 07:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-22 00:15 . 2009-12-22 00:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-22 01:32 . 2009-12-22 01:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 21:57 . 2009-12-11 21:57 326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-22 01:15 . 2009-12-22 01:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
- 2010-02-08 22:25 . 2010-05-21 23:25 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
+ 2010-02-08 22:25 . 2010-05-22 18:26 831488 c:\windows\.jagex_cache_32\runescape\sw3d.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jagdx.dll
- 2010-05-13 13:56 . 2010-05-21 23:25 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-13 13:56 . 2010-05-22 18:26 102400 c:\windows\.jagex_cache_32\runescape\jaclib.dll
+ 2010-05-23 15:34 . 2010-05-23 15:34 3651072 c:\windows\Installer\b2c00.msi
+ 2010-05-23 15:32 . 2010-05-23 15:32 1516544 c:\windows\Installer\b2bfc.msi
+ 2009-12-22 00:29 . 2009-12-22 00:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-28 02:34 . 2009-10-28 02:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-22 05:31 . 2009-12-22 05:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-05-23 15:30 . 2010-05-23 15:30 11850240 c:\windows\Installer\b2bf6.msp
+ 2009-12-22 05:21 . 2009-12-22 05:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-16 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-16 13680640]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 1501064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-11-20 04:29 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 11:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 22:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\ae_anton\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\StarCraft II Beta\\StarCraft II.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14133\\SC2.exe"=
"e:\\Program Files\\StarCraft II Beta\\Versions\\Base14093\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5720:TCP"= 5720:TCP:Jumi Controller
"5720:UDP"= 5720:UDP:Jumi Controller

R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [1/22/2009 7:06 PM 9344]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [11/3/2009 5:51 PM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [11/3/2009 5:51 PM 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/27/2008 11:15 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/27/2008 11:15 AM 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/27/2008 11:15 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/27/2008 11:15 AM 297752]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
S3 HTUGX;HTUGX;c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe --> c:\docume~1\User\LOCALS~1\Temp\HTUGX.exe [?]
S4 BsUDF;B.H.A UDF Filesystem;c:\windows\system32\drivers\BsUDF.sys [1/22/2009 7:06 PM 394496]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 6:28 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/10/2008 10:55 AM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 6:28 PM 369688]
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3u4ipr5s.default\
FF - plugin: c:\documents and settings\User\Application Data\Move Networks\plugins\npqmp071502000008.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 08:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AA833B0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f59cb8
\Driver\atapi -> 0x8aa833b0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-05-26 08:45:57
ComboFix-quarantined-files.txt 2010-05-26 14:45
ComboFix2.txt 2010-05-24 20:03
ComboFix3.txt 2010-05-23 15:27
ComboFix4.txt 2010-05-22 17:14
ComboFix5.txt 2010-05-26 14:34

Pre-Run: 50,344,202,240 bytes free
Post-Run: 50,426,474,496 bytes free

- - End Of File - - 7B1C6DEB2F9826475E793DBA13173E3D

Wednesday, May 26, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, May 25, 2010 18:12:12
Records in database: 4171113
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
H:\
Scan statistics
Objects scanned 89631
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:17:29

No threats found. Scanned area is clean.
Selected area has been scanned.

**Anton_eric** · 2010-05-26, 16:48

oh yeah i forgot to add combofix says there is rootkit activity and needs to restart still everytime it is being ran.

**Blade81** · 2010-05-26, 17:15

Hi,

Please see if you're able to run GMER now (disable protection software first).

**Anton_eric** · 2010-05-26, 23:46

Originally Posted by Blade81

Hi,

Please see if you're able to run GMER now (disable protection software first).

i tried and i was unable to start it. it opens and runs for a few seconds then tells me to send an error report. and the program closes on me. as soon as i open it, it starts and i cannot click on any of the checked boxes.

**Blade81** · 2010-05-27, 08:24

Hi,

Run ComboFix with following script:

Code:

DeQuarantine::
c:\qoobox\quarantine\c\program files\common files\installshield\updateservice\ISUSPM.exe.vir
Quit::

It should generate DeQuarantine.txt log for you. Post back its contents.

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe and wait for the process to finish.
3. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

**Anton_eric** · 2010-05-27, 17:04

c:\qoobox\quarantine\c\program files\common files\installshield\updateservice\ISUSPM.exe.vir -> c:\program files\common files\installshield\updateservice\ISUSPM.exe ( 206112 bytes )

08:44:18:375 3164 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14
08:44:18:375 3164 ================================================================================
08:44:18:375 3164 SystemInfo:

08:44:18:375 3164 OS Version: 5.1.2600 ServicePack: 3.0
08:44:18:375 3164 Product type: Workstation
08:44:18:375 3164 ComputerName: DOWNSTAIRS
08:44:18:375 3164 UserName: User
08:44:18:375 3164 Windows directory: C:\WINDOWS
08:44:18:375 3164 Processor architecture: Intel x86
08:44:18:375 3164 Number of processors: 2
08:44:18:375 3164 Page size: 0x1000
08:44:18:375 3164 Boot type: Normal boot
08:44:18:375 3164 ================================================================================
08:44:18:718 3164 Initialize success
08:44:18:718 3164
08:44:18:718 3164 Scanning Services ...
08:44:19:062 3164 Raw services enum returned 355 services
08:44:19:062 3164
08:44:19:062 3164 Scanning Drivers ...
08:44:19:875 3164 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:44:19:906 3164 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:44:19:953 3164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:44:20:046 3164 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
08:44:20:109 3164 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:44:20:140 3164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:44:20:171 3164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:44:20:234 3164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:44:20:281 3164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:44:20:375 3164 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
08:44:20:468 3164 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
08:44:20:500 3164 avgntflt (551d52aa398392f427ce2538051da947) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
08:44:20:546 3164 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
08:44:20:578 3164 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\WINDOWS\system32\DRIVERS\avipbb.sys
08:44:20:640 3164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:44:20:687 3164 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:44:20:703 3164 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
08:44:20:734 3164 BsStor (d6d0f3860f022a12e888965f8237cbd9) C:\WINDOWS\system32\drivers\BsStor.sys
08:44:20:781 3164 BsUDF (588f5e394617e879097f39064542cb40) C:\WINDOWS\system32\drivers\BsUDF.sys
08:44:20:937 3164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:44:20:968 3164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:44:21:000 3164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:44:21:031 3164 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
08:44:21:093 3164 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:44:21:203 3164 cmdGuard (ee8d7168cbbe3af052ea93015f51abe9) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
08:44:21:250 3164 cmdHlp (45a1f7d2890681f22406458d93d03cc1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
08:44:21:281 3164 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys
08:44:21:328 3164 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
08:44:21:390 3164 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys
08:44:21:437 3164 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:44:21:484 3164 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:44:21:531 3164 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:44:21:593 3164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:44:21:625 3164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:44:21:640 3164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:44:21:656 3164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:44:21:703 3164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:44:21:718 3164 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:44:21:765 3164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:44:21:843 3164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:44:21:875 3164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:44:21:968 3164 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:44:22:015 3164 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:44:22:062 3164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:44:22:093 3164 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:44:22:156 3164 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:44:22:218 3164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:44:22:265 3164 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:44:22:312 3164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:44:22:421 3164 Inspect (508837e828309bd8444ae5c7550c2c17) C:\WINDOWS\system32\DRIVERS\inspect.sys
08:44:22:546 3164 IntcAzAudAddService (274ff777c369cc8f05a4b4f9a243335b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:44:22:656 3164 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:44:22:687 3164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:44:22:703 3164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:44:22:718 3164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:44:22:765 3164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:44:22:796 3164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:44:22:875 3164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:44:22:921 3164 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:44:22:953 3164 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:44:22:968 3164 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:44:23:015 3164 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys
08:44:23:078 3164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:44:23:125 3164 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:44:23:171 3164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:44:23:203 3164 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:44:23:265 3164 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:44:23:312 3164 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:44:23:328 3164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:44:23:359 3164 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:44:23:453 3164 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:44:23:625 3164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:44:24:000 3164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:44:24:171 3164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:44:24:281 3164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:44:24:453 3164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:44:24:484 3164 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
08:44:24:546 3164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:44:24:562 3164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:44:24:625 3164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:44:24:640 3164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:44:24:656 3164 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
08:44:24:703 3164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:44:24:734 3164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:44:24:828 3164 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:44:24:890 3164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:44:24:906 3164 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:44:24:953 3164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:44:25:125 3164 nv (90a2fe4b6e558e05e88e4517001a33ea) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:44:25:328 3164 nvsmu (2a085aec3ab2b1211611d2a7b9e22456) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
08:44:25:359 3164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:44:25:359 3164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:44:25:437 3164 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:44:25:468 3164 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
08:44:25:515 3164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:44:25:546 3164 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:44:25:609 3164 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:44:25:625 3164 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:44:25:656 3164 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:44:25:781 3164 PnkBstrK (10be25c04613b70d8ce1f412e14d9454) C:\WINDOWS\system32\drivers\PnkBstrK.sys
08:44:25:875 3164 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys
08:44:25:906 3164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:44:25:921 3164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:44:25:953 3164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:44:26:000 3164 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:44:26:046 3164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:44:26:062 3164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:44:26:062 3164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:44:26:078 3164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:44:26:125 3164 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:44:26:140 3164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:44:26:171 3164 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
08:44:26:250 3164 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:44:26:281 3164 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
08:44:26:328 3164 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
08:44:26:359 3164 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
08:44:26:421 3164 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
08:44:26:468 3164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:44:26:500 3164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
08:44:26:562 3164 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
08:44:26:609 3164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:44:26:640 3164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:44:26:687 3164 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
08:44:26:781 3164 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:44:26:828 3164 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
08:44:26:843 3164 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
08:44:26:890 3164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:44:26:921 3164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:44:26:968 3164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:44:27:046 3164 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:44:27:078 3164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:44:27:140 3164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:44:27:187 3164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:44:27:234 3164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:44:27:281 3164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:44:27:312 3164 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:44:27:406 3164 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:44:27:437 3164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:44:27:484 3164 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:44:27:531 3164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:44:27:640 3164 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:44:27:703 3164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:44:27:781 3164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:44:27:828 3164 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:44:27:937 3164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:44:28:000 3164 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:44:28:046 3164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:44:28:109 3164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:44:28:171 3164 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:44:28:203 3164 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
08:44:28:296 3164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:44:28:375 3164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:44:28:546 3164 yukonwxp (67331fd053f97a874a60374be6b59523) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
08:44:28:546 3164
08:44:28:546 3164 Completed
08:44:28:546 3164
08:44:28:546 3164 Results:
08:44:28:546 3164 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
08:44:28:546 3164 File objects infected / cured / cured on reboot: 0 / 0 / 0
08:44:28:546 3164
08:44:28:546 3164 KLMD(ARK) unloaded successfully

Thread: s&d constantlly removing viruses. they always come back

Thread Tools

Display

Posting Permissions