View Full Version : Print Spooler, Fraud.InternetSecurity2011, infected temp files, browser redirecting
I first started noticing problems when my printer stopped working, apparently due to a bad print spooler service? It was shortly afterwards that I started getting AVG alerts, and all kinds of temp files are being moved to the virus vault on a regular basis. Here's what I've done:
1) I ran spybot, and it claimed to have removed Fraud.InternetSecurity2011.
2) I ran AVG and it did a full scan, removing all kinds of things, mostly infected temp files.
3) Reboot, rescan: AVG finds more stuff, Spybot finds none.
4) Rebooted into safemode, ran both AVG and spybot. Spybot found nothing, AVG found and removed all kinds of stuff.
5) Reboot normally, rescan: AVG still finding stuff, and now I'm noticing that at regular intervals Firefox is loading webpages I didn't tell it to load.
So now I'm really frustrated, and would like help. I feel like an idiot, because normally I practice safer browsing habits, but in this case I did follow a link to a sketchy video provider from a friend, and I'm 99% positive that's where all this junk came from. I should have known better.
Anyway, Here's my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Owner at 12:37:12 on 2011-12-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.527 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\folding\FAH504-Console.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\BurnAware Free\nmsaccessu.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
E:\util\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\program files\steam\steam.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\ccc.exe
C:\folding\FahCore_78.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ResChanger 2005] c:\program files\reschanger 2005\ResChanger2005.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [<NO NAME>]
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] c:\documents and settings\fieari kei'lin\local settings\application data\akamai\netsession_win.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [StartCCC] "c:\drivers\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\erunta~1.lnk - e:\util\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\openof~1.lnk - e:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\util\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\util\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
LSP: mswsock.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E71C445-0AF3-4E11-852A-EA3E88AEF44B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E1C49CD-F495-41A3-B052-54A9281E338D} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OdysseyClient - odyEvent.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fieari kei'lin\application data\mozilla\firefox\profiles\79axusb3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\fieari kei'lin\application data\mozilla\firefox\profiles\79axusb3.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\fieari kei'lin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FAH@C:+folding+FAH504-Console.exe;FAH@C:+folding+FAH504-Console.exe;c:\folding\fah504-console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2007-6-14 398720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-11 19056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-6-12 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-12-09 15:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 16:52:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 12:38:58.84 ===============
Attached is the DDS Attach.txt in zip form.
Hi,
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
I followed the guide to the best of my understanding, and ran combofix-- however, it does tell me that "ComboFix has detected the following real time scanner(s) to be active: AVG Anti-Virus Free Edition 2012"
I have temporarily disabled AVG via the means listed in the guide (Tools->Advanced Settings->Temporarily Disable AVG->Select 15 minutes->OK) and also disabled resident shield (Anti-Virus->Deselect Enable Resident Shield->Save Changes). ComboFix still says it is active. Should I proceed with ComboFix anyway?
As a side note, my symptoms are getting worse, and I'm now having to close message boxes claiming Ping.exe has crashed OVER AND OVER again. Rebooting is also tricky, since 2 out of 3 times I reboot, it BSODs instead, requiring multiple hard boots before working.
Hi,
It might be safest to uninstall AVG and reinstall later when we've finished the case.
Well, here's what happened.
In an attempt to close ComboFix before uninstalling AVG, it began to run anyway. After vascillating a few moments, I decided to just let it go, unsure whether premature termination or letting it run would be worse. So, it ran completely, and I have the logs.
Unfortunately, after running, it disabled my internet, and has not re-enabled it. Attempting to manually re-enable the network card (well, manually disabling it and then reenabling it) did not work. So I loaded the log files onto a USB drive, and am posting from another computer (linux, so there -should- be no danger of transferring a virus to it).
The following post will be the ComboFix log:
ComboFix 11-12-12.02 - Fieari Kei'lin 12/12/2011 11:08:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.1424 [GMT -5:00]
Running from: c:\documents and settings\Fieari Kei'lin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\Fieari Kei'lin\Application Data\mIRC\logs\status.log
c:\documents and settings\Fieari Kei'lin\Templates\luieiu2i6qxo0dcs4faq8t132n8m
c:\documents and settings\Fieari Kei'lin\WINDOWS
c:\windows\$NtUninstallKB45063$\2310788016
c:\windows\$NtUninstallKB45063$\526167899\@
c:\windows\$NtUninstallKB45063$\526167899\bckfg.tmp
c:\windows\$NtUninstallKB45063$\526167899\cfg.ini
c:\windows\$NtUninstallKB45063$\526167899\Desktop.ini
c:\windows\$NtUninstallKB45063$\526167899\keywords
c:\windows\$NtUninstallKB45063$\526167899\kwrd.dll
c:\windows\$NtUninstallKB45063$\526167899\L\demuukvf
c:\windows\$NtUninstallKB45063$\526167899\lsflt7.ver
c:\windows\$NtUninstallKB45063$\526167899\U\00000001.@
c:\windows\$NtUninstallKB45063$\526167899\U\00000002.@
c:\windows\$NtUninstallKB45063$\526167899\U\00000004.@
c:\windows\$NtUninstallKB45063$\526167899\U\80000000.@
c:\windows\$NtUninstallKB45063$\526167899\U\80000004.@
c:\windows\$NtUninstallKB45063$\526167899\U\80000032.@
c:\windows\CSC\d6
c:\windows\iun6002.exe
c:\windows\ST6UNST.000
c:\windows\system32\odyGina.dll
c:\windows\$NtUninstallKB45063$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-09 15:34 . 2011-12-09 15:34 -------- d-----w- c:\program files\Common Files\Java
2011-12-09 15:33 . 2011-12-09 15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-09 00:36 . 2011-12-09 00:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-07 15:28 . 2011-12-07 15:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-06 22:14 . 2002-02-11 18:13 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14 . 2002-02-11 18:13 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14 . 2002-02-11 18:13 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14 . 2002-02-11 18:13 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-12-06 22:14 . 2002-02-11 18:13 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14 . 2002-02-11 18:13 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14 . 2002-01-15 21:17 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14 . 2002-01-15 15:06 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14 . 2001-01-26 22:37 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14 . 2000-08-03 20:09 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-11-25 19:56 . 2011-11-25 19:57 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\EVE-Central MarketUploader
2011-11-14 13:58 . 2011-11-14 14:00 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Application Data\GTS
2011-11-14 13:56 . 2011-11-14 13:56 -------- d-----w- c:\program files\Garpa Topographical Survey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-09 15:33 . 2011-06-20 20:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 16:52 . 2011-05-29 02:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2007-08-03 07:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23 . 2011-07-11 05:13 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2011-07-11 05:14 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 15:17 . 2011-05-03 12:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248]
"Steam"="c:\program files\steam\steam.exe" [2011-08-07 1242448]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Akamai NetSession Interface"="c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\drivers\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Fieari Kei'lin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\util\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - e:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-24 113664]
Microsoft Office.lnk - e:\util\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2007-09-17 19:27 122949 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi8"=ma_cmidn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2006-11-17 21:49 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2011-03-09 04:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 18:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 18:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 18:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
2007-06-20 21:32 1028160 ----a-w- c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-20 01:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-23 03:34 18077696 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
2008-04-14 00:12 67584 ----a-w- c:\windows\system32\srclient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
2004-04-19 13:19 24576 ----a-w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Games\\AI War\\AIWar.exe"=
"c:\\Games\\AI War\\AIWarUpdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\boostertrooper\\BTroopers.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\Majesty2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\M2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shatter\\ShatterSettingsEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Documents and Settings\\Fieari Kei'lin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"e:\\Games\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9421:TCP"= 9421:TCP:BitComet 9421 TCP
"9421:UDP"= 9421:UDP:BitComet 9421 UDP
"21253:TCP"= 21253:TCP:BitComet 21253 TCP
"21253:UDP"= 21253:UDP:BitComet 21253 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"56552:TCP"= 56552:TCP:Pando Media Booster
"56552:UDP"= 56552:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"57233:TCP"= 57233:TCP:Pando Media Booster
"57233:UDP"= 57233:UDP:Pando Media Booster
"1159:TCP"= 1159:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 12:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/13/2011 5:30 AM 32592]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [1/23/2006 4:19 PM 254208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/17/2007 2:20 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 12:13 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 12:14 AM 295248]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 FAH@C:+folding+FAH504-Console.exe;FAH@C:+folding+FAH504-Console.exe;c:\folding\FAH504-Console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [6/14/2007 5:12 PM 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 5:20 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 12:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 12:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 12:14 AM 16720]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/14/2007 2:25 PM 398720]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/11/2009 11:24 PM 19056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [6/20/2007 6:06 PM 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [6/12/2007 11:39 AM 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - GTNDIS5
*NewlyCreated* - PBFILTER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-RICHARD-VYJC6BH-Fieari Kei'lin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-07 21:42]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - e:\util\MICROS~1\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Fieari Kei'lin\Application Data\Mozilla\Firefox\Profiles\79axusb3.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
.
------- File Associations -------
.
.txt=Notepad++_file
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-25DE8967-F8BD-4AA7-9D28-4B627663D2DB - g:\d&d\Character Builder\CBLoader\uninstall.exe
AddRemove-Adobe Photoshop 7.0 - e:\applications\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-ResChanger 20051.0 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 11:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+folding+FAH504-Console.exe]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1979792683-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,fb,72,46,f5,02,0a,6e,2a,6c,c5,ba,a1,2c,e9,74,95,10,65,eb,91,dc,07,
4e,65,a2,70,89,e4,4c,90,b6,dc,26,f4,55,96,4b,12,81,1c,d6,eb,ac,cb,57,b2,ea,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1496)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\odyEvent.dll
c:\program files\Juniper Networks\Odyssey Access Client\odLogin.dll
.
- - - - - - - > 'lsass.exe'(1640)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(1404)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\util\TortoiseSVN\bin\TortoiseStub32.dll
e:\util\TortoiseSVN\bin\TortoiseSVN32.dll
e:\util\TortoiseSVN\bin\libsvn_tsvn32.dll
e:\util\TortoiseSVN\bin\intl3_tsvn32.dll
e:\util\TortoiseSVN\bin\libsasl32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Juniper Networks\Odyssey Access Client\odClientService.exe
c:\folding\FAH504-Console.exe
c:\folding\FahCore_78.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\BurnAware Free\nmsaccessu.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\System32\StkASv2K.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
e:\util\TortoiseSVN\bin\TSVNCache.exe
c:\drivers\ATI\ATI.ACE\Core-Static\MOM.exe
e:\program files\OpenOffice.org 3\program\soffice.exe
e:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\drivers\ATI\ATI.ACE\Core-Static\ccc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-12-12 11:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 16:43
.
Pre-Run: 15,124,602,880 bytes free
Post-Run: 15,880,531,968 bytes free
.
- - End Of File - - 7F139B0FDDC85B6F95C617E9B869CECE
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Fieari Kei'lin at 11:55:37 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.1186 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\folding\FAH504-Console.exe
C:\folding\FahCore_78.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\BurnAware Free\nmsaccessu.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
E:\util\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Drivers\ATI\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG2012\avgui.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ResChanger 2005] c:\program files\reschanger 2005\ResChanger2005.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] c:\documents and settings\fieari kei'lin\local settings\application data\akamai\netsession_win.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [StartCCC] "c:\drivers\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\erunta~1.lnk - e:\util\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\openof~1.lnk - e:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\util\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\util\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: Interfaces\{3E71C445-0AF3-4E11-852A-EA3E88AEF44B} : DhcpNameServer = 192.168.2.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OdysseyClient - odyEvent.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fieari kei'lin\application data\mozilla\firefox\profiles\79axusb3.default\
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FAH@C:+folding+FAH504-Console.exe;FAH@C:+folding+FAH504-Console.exe;c:\folding\fah504-console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2007-6-14 398720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-11 19056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-6-12 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-12-12 15:51:08 -------- d-sha-r- C:\cmdcons
2011-12-12 15:49:15 98816 ----a-w- c:\windows\sed.exe
2011-12-12 15:49:15 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 15:49:15 256000 ----a-w- c:\windows\PEV.exe
2011-12-12 15:49:15 208896 ----a-w- c:\windows\MBR.exe
2011-12-09 15:33:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-06 22:14:16 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14:16 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14:16 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14:16 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14:16 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14:16 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14:16 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14:16 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-11-25 19:56:47 -------- d-----w- c:\documents and settings\fieari kei'lin\local settings\application data\EVE-Central MarketUploader
2011-11-14 13:58:03 -------- d-----w- c:\documents and settings\fieari kei'lin\application data\GTS
2011-11-14 13:56:39 -------- d-----w- c:\program files\Garpa Topographical Survey
.
==================== Find3M ====================
.
2011-12-09 15:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 16:52:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:56:32.84 ===============
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
12:27:59.0484 1560 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:27:59.0562 1560 ============================================================
12:27:59.0562 1560 Current date / time: 2011/12/12 12:27:59.0562
12:27:59.0562 1560 SystemInfo:
12:27:59.0562 1560
12:27:59.0562 1560 OS Version: 5.1.2600 ServicePack: 3.0
12:27:59.0562 1560 Product type: Workstation
12:27:59.0562 1560 ComputerName: RICHARD-VYJC6BH
12:27:59.0562 1560 UserName: Fieari Kei'lin
12:27:59.0562 1560 Windows directory: C:\WINDOWS
12:27:59.0562 1560 System windows directory: C:\WINDOWS
12:27:59.0562 1560 Processor architecture: Intel x86
12:27:59.0562 1560 Number of processors: 2
12:27:59.0562 1560 Page size: 0x1000
12:27:59.0562 1560 Boot type: Normal boot
12:27:59.0562 1560 ============================================================
12:28:01.0187 1560 Initialize success
12:28:09.0406 3048 ============================================================
12:28:09.0406 3048 Scan started
12:28:09.0406 3048 Mode: Manual;
12:28:09.0406 3048 ============================================================
12:28:10.0968 3048 Abiosdsk - ok
12:28:10.0968 3048 abp480n5 - ok
12:28:11.0015 3048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:28:11.0031 3048 ACPI - ok
12:28:11.0062 3048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:28:11.0062 3048 ACPIEC - ok
12:28:11.0062 3048 adpu160m - ok
12:28:11.0093 3048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:28:11.0093 3048 aec - ok
12:28:11.0125 3048 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:28:11.0125 3048 Afc - ok
12:28:11.0171 3048 AFD (b49e92cce1a011ede676716b824916e9) C:\WINDOWS\System32\drivers\afd.sys
12:28:11.0187 3048 AFD ( Rootkit.Win32.ZAccess.k ) - infected
12:28:11.0187 3048 AFD - detected Rootkit.Win32.ZAccess.k (0)
12:28:11.0187 3048 Aha154x - ok
12:28:11.0203 3048 aic78u2 - ok
12:28:11.0203 3048 aic78xx - ok
12:28:11.0218 3048 AliIde - ok
12:28:11.0250 3048 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:28:11.0250 3048 AmdK8 - ok
12:28:11.0265 3048 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:28:11.0265 3048 AmdLLD - ok
12:28:11.0281 3048 amsint - ok
12:28:11.0328 3048 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:28:11.0328 3048 Arp1394 - ok
12:28:11.0343 3048 asc - ok
12:28:11.0343 3048 asc3350p - ok
12:28:11.0359 3048 asc3550 - ok
12:28:11.0406 3048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:28:11.0406 3048 AsyncMac - ok
12:28:11.0421 3048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:28:11.0421 3048 atapi - ok
12:28:11.0421 3048 Atdisk - ok
12:28:11.0609 3048 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:28:11.0765 3048 ati2mtag - ok
12:28:11.0796 3048 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:28:11.0796 3048 AtiHdmiService - ok
12:28:11.0843 3048 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:28:11.0859 3048 atksgt - ok
12:28:11.0875 3048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:28:11.0875 3048 Atmarpc - ok
12:28:11.0906 3048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:28:11.0906 3048 audstub - ok
12:28:11.0937 3048 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:28:11.0937 3048 AVGIDSDriver - ok
12:28:11.0968 3048 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:28:11.0984 3048 AVGIDSEH - ok
12:28:11.0984 3048 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:28:11.0984 3048 AVGIDSFilter - ok
12:28:12.0031 3048 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:28:12.0031 3048 AVGIDSShim - ok
12:28:12.0062 3048 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:28:12.0078 3048 Avgldx86 - ok
12:28:12.0109 3048 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:28:12.0109 3048 Avgmfx86 - ok
12:28:12.0140 3048 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:28:12.0140 3048 Avgrkx86 - ok
12:28:12.0171 3048 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:28:12.0171 3048 Avgtdix - ok
12:28:12.0203 3048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:28:12.0203 3048 Beep - ok
12:28:12.0203 3048 catchme - ok
12:28:12.0234 3048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:28:12.0234 3048 cbidf2k - ok
12:28:12.0265 3048 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:28:12.0265 3048 CCDECODE - ok
12:28:12.0281 3048 cd20xrnt - ok
12:28:12.0328 3048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:28:12.0328 3048 Cdaudio - ok
12:28:12.0343 3048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:28:12.0343 3048 Cdfs - ok
12:28:12.0359 3048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:28:12.0359 3048 Cdrom - ok
12:28:12.0359 3048 Changer - ok
12:28:12.0390 3048 CmdIde - ok
12:28:12.0421 3048 Cpqarray - ok
12:28:12.0421 3048 dac2w2k - ok
12:28:12.0437 3048 dac960nt - ok
12:28:12.0468 3048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:28:12.0468 3048 Disk - ok
12:28:12.0515 3048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:28:12.0531 3048 dmboot - ok
12:28:12.0546 3048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:28:12.0546 3048 dmio - ok
12:28:12.0593 3048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:28:12.0593 3048 dmload - ok
12:28:12.0609 3048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:28:12.0609 3048 DMusic - ok
12:28:12.0625 3048 dpti2o - ok
12:28:12.0640 3048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:28:12.0640 3048 drmkaud - ok
12:28:12.0656 3048 EagleXNt - ok
12:28:12.0687 3048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:28:12.0687 3048 Fastfat - ok
12:28:12.0703 3048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:28:12.0703 3048 Fdc - ok
12:28:12.0718 3048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:28:12.0718 3048 Fips - ok
12:28:12.0734 3048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:28:12.0750 3048 Flpydisk - ok
12:28:12.0765 3048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:28:12.0765 3048 FltMgr - ok
12:28:12.0796 3048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:28:12.0796 3048 Fs_Rec - ok
12:28:12.0796 3048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:28:12.0796 3048 Ftdisk - ok
12:28:12.0828 3048 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
12:28:12.0937 3048 gdrv - ok
12:28:12.0968 3048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:28:12.0968 3048 Gpc - ok
12:28:13.0000 3048 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:28:13.0078 3048 GTNDIS5 - ok
12:28:13.0156 3048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:28:13.0171 3048 HDAudBus - ok
12:28:13.0171 3048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:28:13.0171 3048 HidUsb - ok
12:28:13.0187 3048 hpn - ok
12:28:13.0203 3048 hpt3xx - ok
12:28:13.0250 3048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:28:13.0250 3048 HTTP - ok
12:28:13.0265 3048 i2omgmt - ok
12:28:13.0281 3048 i2omp - ok
12:28:13.0296 3048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:28:13.0296 3048 i8042prt - ok
12:28:13.0312 3048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:28:13.0312 3048 Imapi - ok
12:28:13.0328 3048 ini910u - ok
12:28:13.0453 3048 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:28:13.0546 3048 IntcAzAudAddService - ok
12:28:13.0562 3048 IntelIde - ok
12:28:13.0593 3048 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:28:13.0593 3048 intelppm - ok
12:28:13.0625 3048 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:28:13.0625 3048 ip6fw - ok
12:28:13.0656 3048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:28:13.0656 3048 IpFilterDriver - ok
12:28:13.0671 3048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:28:13.0671 3048 IpInIp - ok
12:28:13.0703 3048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:28:13.0703 3048 IpNat - ok
12:28:13.0718 3048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:28:13.0718 3048 IPSec - ok
12:28:13.0734 3048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:28:13.0750 3048 IRENUM - ok
12:28:13.0765 3048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:28:13.0765 3048 isapnp - ok
12:28:13.0796 3048 jnprna (441bdc7f6b4ef836dbee969501a45bf7) C:\WINDOWS\system32\DRIVERS\jnprna.sys
12:28:13.0796 3048 jnprna - ok
12:28:13.0828 3048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:28:13.0828 3048 Kbdclass - ok
12:28:13.0843 3048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:28:13.0843 3048 kbdhid - ok
12:28:13.0859 3048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:28:13.0859 3048 kmixer - ok
12:28:13.0890 3048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:28:13.0890 3048 KSecDD - ok
12:28:13.0906 3048 lbrtfdc - ok
12:28:13.0937 3048 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:28:13.0937 3048 lirsgt - ok
12:28:13.0968 3048 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:28:13.0968 3048 MA_CMIDI - ok
12:28:14.0000 3048 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:28:14.0000 3048 MDC8021X - ok
12:28:14.0015 3048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:28:14.0015 3048 mnmdd - ok
12:28:14.0031 3048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:28:14.0031 3048 Modem - ok
12:28:14.0062 3048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:28:14.0062 3048 Mouclass - ok
12:28:14.0093 3048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:28:14.0093 3048 mouhid - ok
12:28:14.0109 3048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:28:14.0109 3048 MountMgr - ok
12:28:14.0109 3048 mraid35x - ok
12:28:14.0125 3048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:28:14.0125 3048 MRxDAV - ok
12:28:14.0187 3048 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:28:14.0187 3048 MRxSmb - ok
12:28:14.0203 3048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:28:14.0203 3048 Msfs - ok
12:28:14.0234 3048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:28:14.0234 3048 MSKSSRV - ok
12:28:14.0250 3048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:28:14.0250 3048 MSPCLOCK - ok
12:28:14.0265 3048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:28:14.0265 3048 MSPQM - ok
12:28:14.0296 3048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:28:14.0296 3048 mssmbios - ok
12:28:14.0328 3048 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:28:14.0328 3048 MSTEE - ok
12:28:14.0359 3048 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:28:14.0359 3048 Mup - ok
12:28:14.0390 3048 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:28:14.0390 3048 NABTSFEC - ok
12:28:14.0406 3048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:28:14.0421 3048 NDIS - ok
12:28:14.0437 3048 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:28:14.0437 3048 NdisIP - ok
12:28:14.0453 3048 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:28:14.0453 3048 NdisTapi - ok
12:28:14.0484 3048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:28:14.0484 3048 Ndisuio - ok
12:28:14.0500 3048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:28:14.0500 3048 NdisWan - ok
12:28:14.0531 3048 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:28:14.0531 3048 NDProxy - ok
12:28:14.0546 3048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:28:14.0546 3048 NetBIOS - ok
12:28:14.0578 3048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:28:14.0578 3048 NetBT - ok
12:28:14.0609 3048 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:28:14.0609 3048 NIC1394 - ok
12:28:14.0625 3048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:28:14.0625 3048 Npfs - ok
12:28:14.0671 3048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:28:14.0687 3048 Ntfs - ok
12:28:14.0703 3048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:28:14.0703 3048 Null - ok
12:28:14.0875 3048 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:28:14.0984 3048 nv - ok
12:28:15.0000 3048 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:28:15.0000 3048 nvata - ok
12:28:15.0015 3048 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:28:15.0031 3048 NVENETFD - ok
12:28:15.0046 3048 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:28:15.0046 3048 nvnetbus - ok
12:28:15.0093 3048 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
12:28:15.0093 3048 NVTCP - ok
12:28:15.0125 3048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:28:15.0125 3048 NwlnkFlt - ok
12:28:15.0140 3048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:28:15.0156 3048 NwlnkFwd - ok
12:28:15.0171 3048 odFips (28a25e6ccb36c7f14dedcf05c5e4de5f) C:\WINDOWS\system32\drivers\odFips.sys
12:28:15.0171 3048 odFips - ok
12:28:15.0187 3048 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:28:15.0187 3048 ohci1394 - ok
12:28:15.0250 3048 PAC207 (3fd27cd542aab721c8acb1208abe62fd) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
12:28:15.0265 3048 PAC207 - ok
12:28:15.0281 3048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:28:15.0281 3048 Parport - ok
12:28:15.0296 3048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:28:15.0296 3048 PartMgr - ok
12:28:15.0312 3048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:28:15.0312 3048 ParVdm - ok
12:28:15.0390 3048 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
12:28:15.0390 3048 pbfilter - ok
12:28:15.0406 3048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:28:15.0406 3048 PCI - ok
12:28:15.0421 3048 PCIDump - ok
12:28:15.0453 3048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:28:15.0453 3048 PCIIde - ok
12:28:15.0484 3048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:28:15.0484 3048 Pcmcia - ok
12:28:15.0500 3048 PDCOMP - ok
12:28:15.0500 3048 PDFRAME - ok
12:28:15.0515 3048 PDRELI - ok
12:28:15.0531 3048 PDRFRAME - ok
12:28:15.0531 3048 perc2 - ok
12:28:15.0562 3048 perc2hib - ok
12:28:15.0593 3048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:28:15.0593 3048 PptpMiniport - ok
12:28:15.0640 3048 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
12:28:15.0640 3048 PRISM_A02 - ok
12:28:15.0656 3048 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:28:15.0656 3048 Processor - ok
12:28:15.0671 3048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:28:15.0671 3048 PSched - ok
12:28:15.0687 3048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:28:15.0687 3048 Ptilink - ok
12:28:15.0703 3048 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:28:15.0703 3048 PxHelp20 - ok
12:28:15.0718 3048 ql1080 - ok
12:28:15.0718 3048 Ql10wnt - ok
12:28:15.0734 3048 ql12160 - ok
12:28:15.0750 3048 ql1240 - ok
12:28:15.0750 3048 ql1280 - ok
12:28:15.0765 3048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:28:15.0781 3048 RasAcd - ok
12:28:15.0796 3048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:28:15.0796 3048 Rasl2tp - ok
12:28:15.0812 3048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:28:15.0812 3048 RasPppoe - ok
12:28:15.0812 3048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:28:15.0828 3048 Raspti - ok
12:28:15.0843 3048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:28:15.0843 3048 Rdbss - ok
12:28:15.0843 3048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:28:15.0843 3048 RDPCDD - ok
12:28:15.0875 3048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:28:15.0875 3048 rdpdr - ok
12:28:15.0906 3048 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:28:15.0906 3048 RDPWD - ok
12:28:15.0921 3048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:28:15.0921 3048 redbook - ok
12:28:15.0984 3048 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:28:15.0984 3048 RTLE8023xp - ok
12:28:16.0015 3048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:28:16.0015 3048 Secdrv - ok
12:28:16.0031 3048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:28:16.0031 3048 serenum - ok
12:28:16.0031 3048 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:28:16.0031 3048 Serial - ok
12:28:16.0062 3048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:28:16.0062 3048 Sfloppy - ok
12:28:16.0078 3048 Simbad - ok
12:28:16.0093 3048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:28:16.0093 3048 SLIP - ok
12:28:16.0140 3048 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:28:16.0140 3048 SONYPVU1 - ok
12:28:16.0140 3048 Sparrow - ok
12:28:16.0171 3048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:28:16.0187 3048 splitter - ok
12:28:16.0218 3048 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:28:16.0218 3048 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:28:16.0218 3048 sptd ( LockedFile.Multi.Generic ) - warning
12:28:16.0218 3048 sptd - detected LockedFile.Multi.Generic (1)
12:28:16.0234 3048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:28:16.0234 3048 sr - ok
12:28:16.0281 3048 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:28:16.0296 3048 Srv - ok
12:28:16.0343 3048 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
12:28:16.0359 3048 StkAMini - ok
12:28:16.0375 3048 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
12:28:16.0375 3048 StkScan - ok
12:28:16.0375 3048 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:28:16.0375 3048 streamip - ok
12:28:16.0421 3048 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
12:28:16.0421 3048 STV680 - ok
12:28:16.0453 3048 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
12:28:16.0453 3048 STV680m - ok
12:28:16.0453 3048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:28:16.0453 3048 swenum - ok
12:28:16.0484 3048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:28:16.0484 3048 swmidi - ok
12:28:16.0500 3048 symc810 - ok
12:28:16.0500 3048 symc8xx - ok
12:28:16.0515 3048 sym_hi - ok
12:28:16.0515 3048 sym_u3 - ok
12:28:16.0546 3048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:28:16.0546 3048 sysaudio - ok
12:28:16.0593 3048 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:28:16.0593 3048 Tcpip - ok
12:28:16.0640 3048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:28:16.0656 3048 TDPIPE - ok
12:28:16.0671 3048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:28:16.0671 3048 TDTCP - ok
12:28:16.0687 3048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:28:16.0687 3048 TermDD - ok
12:28:16.0703 3048 TosIde - ok
12:28:16.0734 3048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:28:16.0734 3048 Udfs - ok
12:28:16.0734 3048 ultra - ok
12:28:16.0812 3048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:28:16.0843 3048 Update - ok
12:28:16.0890 3048 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:28:16.0890 3048 usbaudio - ok
12:28:16.0921 3048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:28:16.0921 3048 usbccgp - ok
12:28:16.0953 3048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:28:16.0953 3048 usbehci - ok
12:28:16.0984 3048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:28:16.0984 3048 usbhub - ok
12:28:17.0015 3048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:28:17.0015 3048 usbohci - ok
12:28:17.0046 3048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:28:17.0062 3048 usbprint - ok
12:28:17.0078 3048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:28:17.0078 3048 usbscan - ok
12:28:17.0109 3048 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:28:17.0109 3048 usbser - ok
12:28:17.0156 3048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:28:17.0156 3048 USBSTOR - ok
12:28:17.0171 3048 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:28:17.0171 3048 usbuhci - ok
12:28:17.0203 3048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:28:17.0203 3048 VgaSave - ok
12:28:17.0218 3048 ViaIde - ok
12:28:17.0250 3048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:28:17.0250 3048 VolSnap - ok
12:28:17.0265 3048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:28:17.0265 3048 Wanarp - ok
12:28:17.0281 3048 WDICA - ok
12:28:17.0296 3048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:28:17.0296 3048 wdmaud - ok
12:28:17.0375 3048 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:28:17.0375 3048 WS2IFSL - ok
12:28:17.0421 3048 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:28:17.0421 3048 WSTCODEC - ok
12:28:17.0453 3048 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:28:17.0453 3048 WudfPf - ok
12:28:17.0484 3048 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:28:17.0484 3048 WudfRd - ok
12:28:17.0531 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:28:17.0656 3048 \Device\Harddisk0\DR0 - ok
12:28:17.0656 3048 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:28:17.0656 3048 \Device\Harddisk1\DR1 - ok
12:28:17.0671 3048 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR7
12:28:17.0718 3048 \Device\Harddisk2\DR7 - ok
12:28:17.0718 3048 Boot (0x1200) (024b73c33575d5213807fb31cb3bf5f1) \Device\Harddisk0\DR0\Partition0
12:28:17.0718 3048 \Device\Harddisk0\DR0\Partition0 - ok
12:28:17.0750 3048 Boot (0x1200) (4ca52aad5b818e8e9c0917641d264227) \Device\Harddisk0\DR0\Partition1
12:28:17.0750 3048 \Device\Harddisk0\DR0\Partition1 - ok
12:28:17.0750 3048 Boot (0x1200) (fdc9f420df86e464694b4f2b6558aa42) \Device\Harddisk2\DR7\Partition0
12:28:17.0750 3048 \Device\Harddisk2\DR7\Partition0 - ok
12:28:17.0750 3048 ============================================================
12:28:17.0750 3048 Scan finished
12:28:17.0750 3048 ============================================================
12:28:17.0765 3060 Detected object count: 2
12:28:17.0765 3060 Actual detected object count: 2
12:29:24.0312 3060 AFD ( Rootkit.Win32.ZAccess.k ) - skipped by user
12:29:24.0312 3060 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Skip
12:29:24.0312 3060 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:29:24.0312 3060 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:29:27.0953 0288 Deinitialize success
Hi,
Re-run TDSSKiller and this time select cure on that afd.sys finding. Reboot and run TDSSKiller again. Post back the log.
Hey! I have internet again!
I'll post this in two posts. First, the log when I clicked "Cure" for afd.sys, and then secondly the log for when I ran it afterwards.
12:38:44.0734 2188 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:38:44.0750 2188 ============================================================
12:38:44.0750 2188 Current date / time: 2011/12/12 12:38:44.0750
12:38:44.0750 2188 SystemInfo:
12:38:44.0750 2188
12:38:44.0750 2188 OS Version: 5.1.2600 ServicePack: 3.0
12:38:44.0750 2188 Product type: Workstation
12:38:44.0750 2188 ComputerName: RICHARD-VYJC6BH
12:38:44.0750 2188 UserName: Fieari Kei'lin
12:38:44.0750 2188 Windows directory: C:\WINDOWS
12:38:44.0750 2188 System windows directory: C:\WINDOWS
12:38:44.0750 2188 Processor architecture: Intel x86
12:38:44.0750 2188 Number of processors: 2
12:38:44.0750 2188 Page size: 0x1000
12:38:44.0750 2188 Boot type: Normal boot
12:38:44.0750 2188 ============================================================
12:38:45.0656 2188 Initialize success
12:38:47.0406 3472 ============================================================
12:38:47.0406 3472 Scan started
12:38:47.0406 3472 Mode: Manual;
12:38:47.0406 3472 ============================================================
12:38:48.0234 3472 Abiosdsk - ok
12:38:48.0234 3472 abp480n5 - ok
12:38:48.0296 3472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:38:48.0296 3472 ACPI - ok
12:38:48.0328 3472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:38:48.0328 3472 ACPIEC - ok
12:38:48.0343 3472 adpu160m - ok
12:38:48.0359 3472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:38:48.0375 3472 aec - ok
12:38:48.0390 3472 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:38:48.0390 3472 Afc - ok
12:38:48.0453 3472 AFD (b49e92cce1a011ede676716b824916e9) C:\WINDOWS\System32\drivers\afd.sys
12:38:48.0453 3472 AFD ( Rootkit.Win32.ZAccess.k ) - infected
12:38:48.0453 3472 AFD - detected Rootkit.Win32.ZAccess.k (0)
12:38:48.0453 3472 Aha154x - ok
12:38:48.0468 3472 aic78u2 - ok
12:38:48.0468 3472 aic78xx - ok
12:38:48.0484 3472 AliIde - ok
12:38:48.0515 3472 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:38:48.0515 3472 AmdK8 - ok
12:38:48.0531 3472 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:38:48.0531 3472 AmdLLD - ok
12:38:48.0546 3472 amsint - ok
12:38:48.0593 3472 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:38:48.0593 3472 Arp1394 - ok
12:38:48.0609 3472 asc - ok
12:38:48.0609 3472 asc3350p - ok
12:38:48.0625 3472 asc3550 - ok
12:38:48.0671 3472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:38:48.0671 3472 AsyncMac - ok
12:38:48.0687 3472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:38:48.0687 3472 atapi - ok
12:38:48.0703 3472 Atdisk - ok
12:38:48.0875 3472 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:38:48.0921 3472 ati2mtag - ok
12:38:48.0968 3472 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:38:48.0968 3472 AtiHdmiService - ok
12:38:49.0015 3472 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:38:49.0015 3472 atksgt - ok
12:38:49.0046 3472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:38:49.0046 3472 Atmarpc - ok
12:38:49.0046 3472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:38:49.0046 3472 audstub - ok
12:38:49.0093 3472 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:38:49.0093 3472 AVGIDSDriver - ok
12:38:49.0125 3472 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:38:49.0125 3472 AVGIDSEH - ok
12:38:49.0140 3472 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:38:49.0140 3472 AVGIDSFilter - ok
12:38:49.0171 3472 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:38:49.0171 3472 AVGIDSShim - ok
12:38:49.0218 3472 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:38:49.0218 3472 Avgldx86 - ok
12:38:49.0265 3472 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:38:49.0265 3472 Avgmfx86 - ok
12:38:49.0281 3472 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:38:49.0281 3472 Avgrkx86 - ok
12:38:49.0328 3472 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:38:49.0328 3472 Avgtdix - ok
12:38:49.0359 3472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:38:49.0359 3472 Beep - ok
12:38:49.0359 3472 catchme - ok
12:38:49.0375 3472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:38:49.0390 3472 cbidf2k - ok
12:38:49.0421 3472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:38:49.0421 3472 CCDECODE - ok
12:38:49.0437 3472 cd20xrnt - ok
12:38:49.0453 3472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:38:49.0453 3472 Cdaudio - ok
12:38:49.0484 3472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:38:49.0484 3472 Cdfs - ok
12:38:49.0500 3472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:38:49.0500 3472 Cdrom - ok
12:38:49.0500 3472 Changer - ok
12:38:49.0531 3472 CmdIde - ok
12:38:49.0546 3472 Cpqarray - ok
12:38:49.0546 3472 dac2w2k - ok
12:38:49.0562 3472 dac960nt - ok
12:38:49.0593 3472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:38:49.0593 3472 Disk - ok
12:38:49.0640 3472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:38:49.0640 3472 dmboot - ok
12:38:49.0656 3472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:38:49.0656 3472 dmio - ok
12:38:49.0687 3472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:38:49.0687 3472 dmload - ok
12:38:49.0718 3472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:38:49.0718 3472 DMusic - ok
12:38:49.0718 3472 dpti2o - ok
12:38:49.0734 3472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:38:49.0734 3472 drmkaud - ok
12:38:49.0750 3472 EagleXNt - ok
12:38:49.0781 3472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:38:49.0796 3472 Fastfat - ok
12:38:49.0796 3472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:38:49.0796 3472 Fdc - ok
12:38:49.0828 3472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:38:49.0828 3472 Fips - ok
12:38:49.0843 3472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:38:49.0843 3472 Flpydisk - ok
12:38:49.0875 3472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:38:49.0875 3472 FltMgr - ok
12:38:49.0890 3472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:38:49.0890 3472 Fs_Rec - ok
12:38:49.0906 3472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:38:49.0906 3472 Ftdisk - ok
12:38:49.0937 3472 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
12:38:49.0937 3472 gdrv - ok
12:38:49.0953 3472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:38:49.0953 3472 Gpc - ok
12:38:50.0000 3472 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:38:50.0000 3472 GTNDIS5 - ok
12:38:50.0031 3472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:38:50.0031 3472 HDAudBus - ok
12:38:50.0046 3472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:38:50.0046 3472 HidUsb - ok
12:38:50.0062 3472 hpn - ok
12:38:50.0062 3472 hpt3xx - ok
12:38:50.0109 3472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:38:50.0109 3472 HTTP - ok
12:38:50.0125 3472 i2omgmt - ok
12:38:50.0140 3472 i2omp - ok
12:38:50.0156 3472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:38:50.0156 3472 i8042prt - ok
12:38:50.0156 3472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:38:50.0171 3472 Imapi - ok
12:38:50.0171 3472 ini910u - ok
12:38:50.0312 3472 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:38:50.0343 3472 IntcAzAudAddService - ok
12:38:50.0359 3472 IntelIde - ok
12:38:50.0390 3472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:38:50.0390 3472 intelppm - ok
12:38:50.0421 3472 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:38:50.0421 3472 ip6fw - ok
12:38:50.0453 3472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:38:50.0453 3472 IpFilterDriver - ok
12:38:50.0468 3472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:38:50.0468 3472 IpInIp - ok
12:38:50.0484 3472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:38:50.0484 3472 IpNat - ok
12:38:50.0500 3472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:38:50.0500 3472 IPSec - ok
12:38:50.0531 3472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:38:50.0531 3472 IRENUM - ok
12:38:50.0546 3472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:38:50.0546 3472 isapnp - ok
12:38:50.0578 3472 jnprna (441bdc7f6b4ef836dbee969501a45bf7) C:\WINDOWS\system32\DRIVERS\jnprna.sys
12:38:50.0578 3472 jnprna - ok
12:38:50.0609 3472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:38:50.0609 3472 Kbdclass - ok
12:38:50.0625 3472 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:38:50.0625 3472 kbdhid - ok
12:38:50.0640 3472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:38:50.0640 3472 kmixer - ok
12:38:50.0671 3472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:38:50.0671 3472 KSecDD - ok
12:38:50.0687 3472 lbrtfdc - ok
12:38:50.0718 3472 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:38:50.0718 3472 lirsgt - ok
12:38:50.0750 3472 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:38:50.0750 3472 MA_CMIDI - ok
12:38:50.0781 3472 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:38:50.0781 3472 MDC8021X - ok
12:38:50.0796 3472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:38:50.0796 3472 mnmdd - ok
12:38:50.0828 3472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:38:50.0828 3472 Modem - ok
12:38:50.0843 3472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:38:50.0843 3472 Mouclass - ok
12:38:50.0875 3472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:38:50.0875 3472 mouhid - ok
12:38:50.0890 3472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:38:50.0890 3472 MountMgr - ok
12:38:50.0906 3472 mraid35x - ok
12:38:50.0921 3472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:38:50.0921 3472 MRxDAV - ok
12:38:50.0968 3472 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:38:50.0968 3472 MRxSmb - ok
12:38:50.0984 3472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:38:50.0984 3472 Msfs - ok
12:38:51.0015 3472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:38:51.0015 3472 MSKSSRV - ok
12:38:51.0031 3472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:38:51.0031 3472 MSPCLOCK - ok
12:38:51.0031 3472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:38:51.0031 3472 MSPQM - ok
12:38:51.0062 3472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:38:51.0062 3472 mssmbios - ok
12:38:51.0093 3472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:38:51.0093 3472 MSTEE - ok
12:38:51.0125 3472 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:38:51.0125 3472 Mup - ok
12:38:51.0140 3472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:38:51.0140 3472 NABTSFEC - ok
12:38:51.0156 3472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:38:51.0156 3472 NDIS - ok
12:38:51.0171 3472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:38:51.0171 3472 NdisIP - ok
12:38:51.0187 3472 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:38:51.0187 3472 NdisTapi - ok
12:38:51.0218 3472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:38:51.0218 3472 Ndisuio - ok
12:38:51.0234 3472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:38:51.0234 3472 NdisWan - ok
12:38:51.0265 3472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:38:51.0265 3472 NDProxy - ok
12:38:51.0281 3472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:38:51.0281 3472 NetBIOS - ok
12:38:51.0312 3472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:38:51.0312 3472 NetBT - ok
12:38:51.0343 3472 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:38:51.0343 3472 NIC1394 - ok
12:38:51.0359 3472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:38:51.0359 3472 Npfs - ok
12:38:51.0390 3472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:38:51.0390 3472 Ntfs - ok
12:38:51.0421 3472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:38:51.0421 3472 Null - ok
12:38:51.0578 3472 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:38:51.0625 3472 nv - ok
12:38:51.0640 3472 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:38:51.0640 3472 nvata - ok
12:38:51.0671 3472 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:38:51.0671 3472 NVENETFD - ok
12:38:51.0671 3472 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:38:51.0671 3472 nvnetbus - ok
12:38:51.0718 3472 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
12:38:51.0718 3472 NVTCP - ok
12:38:51.0765 3472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:38:51.0765 3472 NwlnkFlt - ok
12:38:51.0781 3472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:38:51.0781 3472 NwlnkFwd - ok
12:38:51.0796 3472 odFips (28a25e6ccb36c7f14dedcf05c5e4de5f) C:\WINDOWS\system32\drivers\odFips.sys
12:38:51.0796 3472 odFips - ok
12:38:51.0812 3472 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:38:51.0812 3472 ohci1394 - ok
12:38:51.0859 3472 PAC207 (3fd27cd542aab721c8acb1208abe62fd) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
12:38:51.0859 3472 PAC207 - ok
12:38:51.0875 3472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:38:51.0875 3472 Parport - ok
12:38:51.0890 3472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:38:51.0890 3472 PartMgr - ok
12:38:51.0906 3472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:38:51.0906 3472 ParVdm - ok
12:38:51.0984 3472 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
12:38:51.0984 3472 pbfilter - ok
12:38:52.0000 3472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:38:52.0000 3472 PCI - ok
12:38:52.0015 3472 PCIDump - ok
12:38:52.0046 3472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:38:52.0046 3472 PCIIde - ok
12:38:52.0078 3472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:38:52.0078 3472 Pcmcia - ok
12:38:52.0078 3472 PDCOMP - ok
12:38:52.0093 3472 PDFRAME - ok
12:38:52.0109 3472 PDRELI - ok
12:38:52.0109 3472 PDRFRAME - ok
12:38:52.0125 3472 perc2 - ok
12:38:52.0140 3472 perc2hib - ok
12:38:52.0171 3472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:38:52.0171 3472 PptpMiniport - ok
12:38:52.0218 3472 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
12:38:52.0218 3472 PRISM_A02 - ok
12:38:52.0234 3472 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:38:52.0234 3472 Processor - ok
12:38:52.0250 3472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:38:52.0250 3472 PSched - ok
12:38:52.0265 3472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:38:52.0265 3472 Ptilink - ok
12:38:52.0281 3472 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:38:52.0281 3472 PxHelp20 - ok
12:38:52.0296 3472 ql1080 - ok
12:38:52.0296 3472 Ql10wnt - ok
12:38:52.0312 3472 ql12160 - ok
12:38:52.0328 3472 ql1240 - ok
12:38:52.0328 3472 ql1280 - ok
12:38:52.0343 3472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:38:52.0343 3472 RasAcd - ok
12:38:52.0375 3472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:38:52.0375 3472 Rasl2tp - ok
12:38:52.0390 3472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:38:52.0390 3472 RasPppoe - ok
12:38:52.0390 3472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:38:52.0390 3472 Raspti - ok
12:38:52.0421 3472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:38:52.0421 3472 Rdbss - ok
12:38:52.0421 3472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:38:52.0421 3472 RDPCDD - ok
12:38:52.0453 3472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:38:52.0453 3472 rdpdr - ok
12:38:52.0500 3472 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:38:52.0500 3472 RDPWD - ok
12:38:52.0515 3472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:38:52.0515 3472 redbook - ok
12:38:52.0562 3472 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:38:52.0562 3472 RTLE8023xp - ok
12:38:52.0593 3472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:38:52.0593 3472 Secdrv - ok
12:38:52.0609 3472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:38:52.0609 3472 serenum - ok
12:38:52.0609 3472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:38:52.0609 3472 Serial - ok
12:38:52.0640 3472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:38:52.0640 3472 Sfloppy - ok
12:38:52.0640 3472 Simbad - ok
12:38:52.0671 3472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:38:52.0671 3472 SLIP - ok
12:38:52.0703 3472 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:38:52.0703 3472 SONYPVU1 - ok
12:38:52.0718 3472 Sparrow - ok
12:38:52.0734 3472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:38:52.0734 3472 splitter - ok
12:38:52.0781 3472 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:38:52.0781 3472 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:38:52.0781 3472 sptd ( LockedFile.Multi.Generic ) - warning
12:38:52.0781 3472 sptd - detected LockedFile.Multi.Generic (1)
12:38:52.0796 3472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:38:52.0796 3472 sr - ok
12:38:52.0828 3472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:38:52.0828 3472 Srv - ok
12:38:52.0875 3472 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
12:38:52.0875 3472 StkAMini - ok
12:38:52.0890 3472 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
12:38:52.0890 3472 StkScan - ok
12:38:52.0906 3472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:38:52.0906 3472 streamip - ok
12:38:52.0953 3472 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
12:38:52.0953 3472 STV680 - ok
12:38:52.0968 3472 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
12:38:52.0968 3472 STV680m - ok
12:38:52.0984 3472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:38:52.0984 3472 swenum - ok
12:38:53.0000 3472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:38:53.0000 3472 swmidi - ok
12:38:53.0015 3472 symc810 - ok
12:38:53.0031 3472 symc8xx - ok
12:38:53.0046 3472 sym_hi - ok
12:38:53.0046 3472 sym_u3 - ok
12:38:53.0062 3472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:38:53.0078 3472 sysaudio - ok
12:38:53.0125 3472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:38:53.0125 3472 Tcpip - ok
12:38:53.0171 3472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:38:53.0171 3472 TDPIPE - ok
12:38:53.0187 3472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:38:53.0187 3472 TDTCP - ok
12:38:53.0203 3472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:38:53.0203 3472 TermDD - ok
12:38:53.0218 3472 TosIde - ok
12:38:53.0250 3472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:38:53.0250 3472 Udfs - ok
12:38:53.0265 3472 ultra - ok
12:38:53.0312 3472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:38:53.0312 3472 Update - ok
12:38:53.0359 3472 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:38:53.0359 3472 usbaudio - ok
12:38:53.0390 3472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:38:53.0390 3472 usbccgp - ok
12:38:53.0421 3472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:38:53.0421 3472 usbehci - ok
12:38:53.0453 3472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:38:53.0453 3472 usbhub - ok
12:38:53.0484 3472 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:38:53.0484 3472 usbohci - ok
12:38:53.0531 3472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:38:53.0531 3472 usbprint - ok
12:38:53.0546 3472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:38:53.0546 3472 usbscan - ok
12:38:53.0593 3472 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:38:53.0593 3472 usbser - ok
12:38:53.0625 3472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:38:53.0625 3472 USBSTOR - ok
12:38:53.0656 3472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:38:53.0656 3472 usbuhci - ok
12:38:53.0671 3472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:38:53.0671 3472 VgaSave - ok
12:38:53.0687 3472 ViaIde - ok
12:38:53.0703 3472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:38:53.0703 3472 VolSnap - ok
12:38:53.0718 3472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:38:53.0734 3472 Wanarp - ok
12:38:53.0734 3472 WDICA - ok
12:38:53.0750 3472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:38:53.0750 3472 wdmaud - ok
12:38:53.0812 3472 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:38:53.0812 3472 WS2IFSL - ok
12:38:53.0843 3472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:38:53.0843 3472 WSTCODEC - ok
12:38:53.0890 3472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:38:53.0890 3472 WudfPf - ok
12:38:53.0906 3472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:38:53.0906 3472 WudfRd - ok
12:38:53.0953 3472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:38:54.0062 3472 \Device\Harddisk0\DR0 - ok
12:38:54.0078 3472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:38:54.0078 3472 \Device\Harddisk1\DR1 - ok
12:38:54.0078 3472 Boot (0x1200) (024b73c33575d5213807fb31cb3bf5f1) \Device\Harddisk0\DR0\Partition0
12:38:54.0078 3472 \Device\Harddisk0\DR0\Partition0 - ok
12:38:54.0109 3472 Boot (0x1200) (4ca52aad5b818e8e9c0917641d264227) \Device\Harddisk0\DR0\Partition1
12:38:54.0109 3472 \Device\Harddisk0\DR0\Partition1 - ok
12:38:54.0109 3472 ============================================================
12:38:54.0109 3472 Scan finished
12:38:54.0109 3472 ============================================================
12:38:54.0109 0376 Detected object count: 2
12:38:54.0109 0376 Actual detected object count: 2
12:39:05.0218 0376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
12:39:05.0875 0376 Backup copy found, using it..
12:39:05.0906 0376 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
12:39:07.0812 0376 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
12:39:07.0812 0376 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:39:07.0812 0376 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:39:12.0156 1676 Deinitialize success
12:46:04.0359 2508 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:46:04.0781 2508 ============================================================
12:46:04.0781 2508 Current date / time: 2011/12/12 12:46:04.0781
12:46:04.0781 2508 SystemInfo:
12:46:04.0781 2508
12:46:04.0781 2508 OS Version: 5.1.2600 ServicePack: 3.0
12:46:04.0781 2508 Product type: Workstation
12:46:04.0781 2508 ComputerName: RICHARD-VYJC6BH
12:46:04.0781 2508 UserName: Fieari Kei'lin
12:46:04.0781 2508 Windows directory: C:\WINDOWS
12:46:04.0781 2508 System windows directory: C:\WINDOWS
12:46:04.0781 2508 Processor architecture: Intel x86
12:46:04.0781 2508 Number of processors: 2
12:46:04.0781 2508 Page size: 0x1000
12:46:04.0781 2508 Boot type: Normal boot
12:46:04.0781 2508 ============================================================
12:46:05.0843 2508 Initialize success
12:46:07.0140 4864 ============================================================
12:46:07.0140 4864 Scan started
12:46:07.0140 4864 Mode: Manual;
12:46:07.0156 4864 ============================================================
12:46:08.0125 4864 Abiosdsk - ok
12:46:08.0140 4864 abp480n5 - ok
12:46:08.0156 4864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:46:08.0156 4864 ACPI - ok
12:46:08.0187 4864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:46:08.0187 4864 ACPIEC - ok
12:46:08.0187 4864 adpu160m - ok
12:46:08.0218 4864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:46:08.0218 4864 aec - ok
12:46:08.0250 4864 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:46:08.0250 4864 Afc - ok
12:46:08.0296 4864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:46:08.0296 4864 AFD - ok
12:46:08.0312 4864 Aha154x - ok
12:46:08.0328 4864 aic78u2 - ok
12:46:08.0328 4864 aic78xx - ok
12:46:08.0343 4864 AliIde - ok
12:46:08.0375 4864 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:46:08.0375 4864 AmdK8 - ok
12:46:08.0406 4864 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:46:08.0406 4864 AmdLLD - ok
12:46:08.0406 4864 amsint - ok
12:46:08.0437 4864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:46:08.0437 4864 Arp1394 - ok
12:46:08.0437 4864 asc - ok
12:46:08.0453 4864 asc3350p - ok
12:46:08.0468 4864 asc3550 - ok
12:46:08.0515 4864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:46:08.0515 4864 AsyncMac - ok
12:46:08.0531 4864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:46:08.0531 4864 atapi - ok
12:46:08.0531 4864 Atdisk - ok
12:46:08.0734 4864 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:46:08.0859 4864 ati2mtag - ok
12:46:08.0906 4864 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:46:08.0906 4864 AtiHdmiService - ok
12:46:08.0953 4864 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:46:08.0953 4864 atksgt - ok
12:46:08.0984 4864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:46:08.0984 4864 Atmarpc - ok
12:46:09.0000 4864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:46:09.0000 4864 audstub - ok
12:46:09.0031 4864 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:46:09.0031 4864 AVGIDSDriver - ok
12:46:09.0078 4864 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:46:09.0078 4864 AVGIDSEH - ok
12:46:09.0078 4864 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:46:09.0093 4864 AVGIDSFilter - ok
12:46:09.0125 4864 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:46:09.0125 4864 AVGIDSShim - ok
12:46:09.0171 4864 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:46:09.0171 4864 Avgldx86 - ok
12:46:09.0203 4864 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:46:09.0203 4864 Avgmfx86 - ok
12:46:09.0234 4864 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:46:09.0234 4864 Avgrkx86 - ok
12:46:09.0265 4864 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:46:09.0265 4864 Avgtdix - ok
12:46:09.0296 4864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:46:09.0296 4864 Beep - ok
12:46:09.0312 4864 catchme - ok
12:46:09.0328 4864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:46:09.0328 4864 cbidf2k - ok
12:46:09.0359 4864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:46:09.0375 4864 CCDECODE - ok
12:46:09.0375 4864 cd20xrnt - ok
12:46:09.0406 4864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:46:09.0406 4864 Cdaudio - ok
12:46:09.0437 4864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:46:09.0437 4864 Cdfs - ok
12:46:09.0453 4864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:46:09.0453 4864 Cdrom - ok
12:46:09.0453 4864 Changer - ok
12:46:09.0484 4864 CmdIde - ok
12:46:09.0500 4864 Cpqarray - ok
12:46:09.0515 4864 dac2w2k - ok
12:46:09.0515 4864 dac960nt - ok
12:46:09.0562 4864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:46:09.0562 4864 Disk - ok
12:46:09.0640 4864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:46:09.0656 4864 dmboot - ok
12:46:09.0671 4864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:46:09.0671 4864 dmio - ok
12:46:09.0718 4864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:46:09.0718 4864 dmload - ok
12:46:09.0734 4864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:46:09.0734 4864 DMusic - ok
12:46:09.0750 4864 dpti2o - ok
12:46:09.0781 4864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:46:09.0781 4864 drmkaud - ok
12:46:09.0812 4864 EagleXNt - ok
12:46:09.0843 4864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:46:09.0843 4864 Fastfat - ok
12:46:09.0859 4864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:46:09.0859 4864 Fdc - ok
12:46:09.0890 4864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:46:09.0890 4864 Fips - ok
12:46:09.0921 4864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:46:09.0921 4864 Flpydisk - ok
12:46:09.0937 4864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:46:09.0953 4864 FltMgr - ok
12:46:09.0968 4864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:46:09.0968 4864 Fs_Rec - ok
12:46:09.0968 4864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:46:09.0968 4864 Ftdisk - ok
12:46:10.0000 4864 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
12:46:11.0421 4864 gdrv - ok
12:46:11.0515 4864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:46:11.0515 4864 Gpc - ok
12:46:11.0562 4864 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:46:11.0734 4864 GTNDIS5 - ok
12:46:11.0796 4864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:46:11.0796 4864 HDAudBus - ok
12:46:11.0828 4864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:46:11.0828 4864 HidUsb - ok
12:46:11.0843 4864 hpn - ok
12:46:11.0859 4864 hpt3xx - ok
12:46:11.0906 4864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:46:11.0906 4864 HTTP - ok
12:46:11.0921 4864 i2omgmt - ok
12:46:11.0937 4864 i2omp - ok
12:46:11.0953 4864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:46:11.0953 4864 i8042prt - ok
12:46:11.0968 4864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:46:11.0968 4864 Imapi - ok
12:46:11.0984 4864 ini910u - ok
12:46:12.0125 4864 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:46:12.0218 4864 IntcAzAudAddService - ok
12:46:12.0234 4864 IntelIde - ok
12:46:12.0265 4864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:46:12.0265 4864 intelppm - ok
12:46:12.0296 4864 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:46:12.0296 4864 ip6fw - ok
12:46:12.0328 4864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:46:12.0328 4864 IpFilterDriver - ok
12:46:12.0343 4864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:46:12.0343 4864 IpInIp - ok
12:46:12.0375 4864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:46:12.0375 4864 IpNat - ok
12:46:12.0375 4864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:46:12.0390 4864 IPSec - ok
12:46:12.0406 4864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:46:12.0406 4864 IRENUM - ok
12:46:12.0421 4864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:46:12.0421 4864 isapnp - ok
12:46:12.0453 4864 jnprna (441bdc7f6b4ef836dbee969501a45bf7) C:\WINDOWS\system32\DRIVERS\jnprna.sys
12:46:12.0468 4864 jnprna - ok
12:46:12.0484 4864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:46:12.0484 4864 Kbdclass - ok
12:46:12.0500 4864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:46:12.0500 4864 kbdhid - ok
12:46:12.0515 4864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:46:12.0531 4864 kmixer - ok
12:46:12.0546 4864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:46:12.0546 4864 KSecDD - ok
12:46:12.0562 4864 lbrtfdc - ok
12:46:12.0625 4864 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:46:12.0625 4864 lirsgt - ok
12:46:12.0656 4864 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:46:12.0656 4864 MA_CMIDI - ok
12:46:12.0718 4864 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:46:12.0718 4864 MDC8021X - ok
12:46:12.0734 4864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:46:12.0734 4864 mnmdd - ok
12:46:12.0765 4864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:46:12.0765 4864 Modem - ok
12:46:12.0781 4864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:46:12.0781 4864 Mouclass - ok
12:46:12.0828 4864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:46:12.0828 4864 mouhid - ok
12:46:12.0828 4864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:46:12.0843 4864 MountMgr - ok
12:46:12.0843 4864 mraid35x - ok
12:46:12.0859 4864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:46:12.0859 4864 MRxDAV - ok
12:46:12.0906 4864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:46:12.0921 4864 MRxSmb - ok
12:46:12.0937 4864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:46:12.0937 4864 Msfs - ok
12:46:12.0968 4864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:46:12.0968 4864 MSKSSRV - ok
12:46:13.0000 4864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:46:13.0000 4864 MSPCLOCK - ok
12:46:13.0031 4864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:46:13.0031 4864 MSPQM - ok
12:46:13.0046 4864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:46:13.0046 4864 mssmbios - ok
12:46:13.0078 4864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:46:13.0078 4864 MSTEE - ok
12:46:13.0109 4864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:46:13.0109 4864 Mup - ok
12:46:13.0140 4864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:46:13.0140 4864 NABTSFEC - ok
12:46:13.0171 4864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:46:13.0171 4864 NDIS - ok
12:46:13.0187 4864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:46:13.0187 4864 NdisIP - ok
12:46:13.0218 4864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:46:13.0218 4864 NdisTapi - ok
12:46:13.0234 4864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:46:13.0234 4864 Ndisuio - ok
12:46:13.0265 4864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:46:13.0265 4864 NdisWan - ok
12:46:13.0296 4864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:46:13.0296 4864 NDProxy - ok
12:46:13.0296 4864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:46:13.0296 4864 NetBIOS - ok
12:46:13.0328 4864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:46:13.0328 4864 NetBT - ok
12:46:13.0359 4864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:46:13.0375 4864 NIC1394 - ok
12:46:13.0375 4864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:46:13.0375 4864 Npfs - ok
12:46:13.0406 4864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:46:13.0437 4864 Ntfs - ok
12:46:13.0453 4864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:46:13.0453 4864 Null - ok
12:46:13.0625 4864 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:46:13.0765 4864 nv - ok
12:46:13.0781 4864 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:46:13.0781 4864 nvata - ok
12:46:13.0812 4864 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:46:13.0812 4864 NVENETFD - ok
12:46:13.0828 4864 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:46:13.0828 4864 nvnetbus - ok
12:46:13.0875 4864 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
12:46:13.0875 4864 NVTCP - ok
12:46:13.0906 4864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:46:13.0906 4864 NwlnkFlt - ok
12:46:13.0937 4864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:46:13.0937 4864 NwlnkFwd - ok
12:46:13.0953 4864 odFips (28a25e6ccb36c7f14dedcf05c5e4de5f) C:\WINDOWS\system32\drivers\odFips.sys
12:46:13.0968 4864 odFips - ok
12:46:13.0968 4864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:46:13.0968 4864 ohci1394 - ok
12:46:14.0015 4864 PAC207 (3fd27cd542aab721c8acb1208abe62fd) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
12:46:14.0031 4864 PAC207 - ok
12:46:14.0046 4864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:46:14.0046 4864 Parport - ok
12:46:14.0062 4864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:46:14.0062 4864 PartMgr - ok
12:46:14.0062 4864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:46:14.0062 4864 ParVdm - ok
12:46:14.0156 4864 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
12:46:14.0156 4864 pbfilter - ok
12:46:14.0171 4864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:46:14.0171 4864 PCI - ok
12:46:14.0187 4864 PCIDump - ok
12:46:14.0218 4864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:46:14.0218 4864 PCIIde - ok
12:46:14.0250 4864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:46:14.0250 4864 Pcmcia - ok
12:46:14.0250 4864 PDCOMP - ok
12:46:14.0265 4864 PDFRAME - ok
12:46:14.0281 4864 PDRELI - ok
12:46:14.0281 4864 PDRFRAME - ok
12:46:14.0296 4864 perc2 - ok
12:46:14.0312 4864 perc2hib - ok
12:46:14.0343 4864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:46:14.0343 4864 PptpMiniport - ok
12:46:14.0390 4864 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
12:46:14.0406 4864 PRISM_A02 - ok
12:46:14.0406 4864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:46:14.0406 4864 Processor - ok
12:46:14.0421 4864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:46:14.0421 4864 PSched - ok
12:46:14.0453 4864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:46:14.0453 4864 Ptilink - ok
12:46:14.0468 4864 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:46:14.0468 4864 PxHelp20 - ok
12:46:14.0484 4864 ql1080 - ok
12:46:14.0484 4864 Ql10wnt - ok
12:46:14.0500 4864 ql12160 - ok
12:46:14.0515 4864 ql1240 - ok
12:46:14.0515 4864 ql1280 - ok
12:46:14.0546 4864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:46:14.0562 4864 RasAcd - ok
12:46:14.0593 4864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:46:14.0593 4864 Rasl2tp - ok
12:46:14.0609 4864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:46:14.0609 4864 RasPppoe - ok
12:46:14.0640 4864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:46:14.0640 4864 Raspti - ok
12:46:14.0671 4864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:46:14.0671 4864 Rdbss - ok
12:46:14.0687 4864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:46:14.0687 4864 RDPCDD - ok
12:46:14.0703 4864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:46:14.0703 4864 rdpdr - ok
12:46:14.0750 4864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:46:14.0750 4864 RDPWD - ok
12:46:14.0750 4864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:46:14.0765 4864 redbook - ok
12:46:14.0828 4864 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:46:14.0828 4864 RTLE8023xp - ok
12:46:14.0859 4864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:46:14.0859 4864 Secdrv - ok
12:46:14.0875 4864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:46:14.0875 4864 serenum - ok
12:46:14.0890 4864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:46:14.0890 4864 Serial - ok
12:46:14.0906 4864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:46:14.0906 4864 Sfloppy - ok
12:46:14.0921 4864 Simbad - ok
12:46:14.0953 4864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:46:14.0953 4864 SLIP - ok
12:46:14.0984 4864 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:46:14.0984 4864 SONYPVU1 - ok
12:46:15.0000 4864 Sparrow - ok
12:46:15.0015 4864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:46:15.0015 4864 splitter - ok
12:46:15.0062 4864 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:46:15.0062 4864 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:46:15.0062 4864 sptd ( LockedFile.Multi.Generic ) - warning
12:46:15.0062 4864 sptd - detected LockedFile.Multi.Generic (1)
12:46:15.0078 4864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:46:15.0078 4864 sr - ok
12:46:15.0109 4864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:46:15.0109 4864 Srv - ok
12:46:15.0156 4864 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
12:46:15.0156 4864 StkAMini - ok
12:46:15.0187 4864 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
12:46:15.0187 4864 StkScan - ok
12:46:15.0187 4864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:46:15.0187 4864 streamip - ok
12:46:15.0234 4864 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
12:46:15.0234 4864 STV680 - ok
12:46:15.0265 4864 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
12:46:15.0265 4864 STV680m - ok
12:46:15.0265 4864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:46:15.0265 4864 swenum - ok
12:46:15.0296 4864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:46:15.0296 4864 swmidi - ok
12:46:15.0312 4864 symc810 - ok
12:46:15.0328 4864 symc8xx - ok
12:46:15.0343 4864 sym_hi - ok
12:46:15.0343 4864 sym_u3 - ok
12:46:15.0359 4864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:46:15.0359 4864 sysaudio - ok
12:46:15.0421 4864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:46:15.0421 4864 Tcpip - ok
12:46:15.0468 4864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:46:15.0468 4864 TDPIPE - ok
12:46:15.0484 4864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:46:15.0484 4864 TDTCP - ok
12:46:15.0500 4864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:46:15.0500 4864 TermDD - ok
12:46:15.0515 4864 TosIde - ok
12:46:15.0562 4864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:46:15.0562 4864 Udfs - ok
12:46:15.0578 4864 ultra - ok
12:46:15.0625 4864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:46:15.0640 4864 Update - ok
12:46:15.0687 4864 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:46:15.0687 4864 usbaudio - ok
12:46:15.0718 4864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:46:15.0718 4864 usbccgp - ok
12:46:15.0750 4864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:46:15.0750 4864 usbehci - ok
12:46:15.0781 4864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:46:15.0781 4864 usbhub - ok
12:46:15.0812 4864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:46:15.0812 4864 usbohci - ok
12:46:15.0859 4864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:46:15.0859 4864 usbprint - ok
12:46:15.0890 4864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:15.0890 4864 usbscan - ok
12:46:15.0921 4864 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:46:15.0921 4864 usbser - ok
12:46:15.0953 4864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:46:15.0968 4864 USBSTOR - ok
12:46:15.0984 4864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:46:15.0984 4864 usbuhci - ok
12:46:16.0000 4864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:46:16.0000 4864 VgaSave - ok
12:46:16.0015 4864 ViaIde - ok
12:46:16.0046 4864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:46:16.0046 4864 VolSnap - ok
12:46:16.0062 4864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:46:16.0062 4864 Wanarp - ok
12:46:16.0078 4864 WDICA - ok
12:46:16.0093 4864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:46:16.0093 4864 wdmaud - ok
12:46:16.0171 4864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:46:16.0171 4864 WS2IFSL - ok
12:46:16.0203 4864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:46:16.0203 4864 WSTCODEC - ok
12:46:16.0234 4864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:46:16.0234 4864 WudfPf - ok
12:46:16.0265 4864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:46:16.0265 4864 WudfRd - ok
12:46:16.0312 4864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:46:16.0437 4864 \Device\Harddisk0\DR0 - ok
12:46:16.0437 4864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:46:16.0437 4864 \Device\Harddisk1\DR1 - ok
12:46:16.0437 4864 Boot (0x1200) (024b73c33575d5213807fb31cb3bf5f1) \Device\Harddisk0\DR0\Partition0
12:46:16.0453 4864 \Device\Harddisk0\DR0\Partition0 - ok
12:46:16.0468 4864 Boot (0x1200) (4ca52aad5b818e8e9c0917641d264227) \Device\Harddisk0\DR0\Partition1
12:46:16.0468 4864 \Device\Harddisk0\DR0\Partition1 - ok
12:46:16.0468 4864 ============================================================
12:46:16.0468 4864 Scan finished
12:46:16.0468 4864 ============================================================
12:46:16.0484 4856 Detected object count: 1
12:46:16.0484 4856 Actual detected object count: 1
12:46:20.0750 4856 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:46:20.0750 4856 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:46:25.0546 4356 Deinitialize success
Good. Let's continue :)
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Folder::
c:\windows\$NtUninstallKB45063$
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9421:TCP"=-
"9421:UDP"=-
"21253:TCP"=-
"21253:UDP"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
I'm 11% of the way into the ESET scan, so it looks like that'll take a while. In the meantime, here's my ComboFix log. (I've also uninstalled/reinstalled Flash and Reader as requested)
ComboFix 11-12-12.02 - Fieari Kei'lin 12/12/2011 13:13:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.1333 [GMT -5:00]
Running from: c:\documents and settings\Fieari Kei'lin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fieari Kei'lin\Desktop\CFScript.txt
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB45063$
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 17:27 . 2011-12-07 18:22 1577776 ----a-w- C:\TDSSKiller.exe
2011-12-09 15:34 . 2011-12-09 15:34 -------- d-----w- c:\program files\Common Files\Java
2011-12-09 15:33 . 2011-12-09 15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-09 00:36 . 2011-12-09 00:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-07 15:28 . 2011-12-07 15:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-06 22:14 . 2002-02-11 18:13 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14 . 2002-02-11 18:13 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14 . 2002-02-11 18:13 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14 . 2002-02-11 18:13 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-12-06 22:14 . 2002-02-11 18:13 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14 . 2002-02-11 18:13 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14 . 2002-01-15 21:17 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14 . 2002-01-15 15:06 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14 . 2001-01-26 22:37 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14 . 2000-08-03 20:09 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-11-25 19:56 . 2011-11-25 19:57 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\EVE-Central MarketUploader
2011-11-14 13:58 . 2011-11-14 14:00 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Application Data\GTS
2011-11-14 13:56 . 2011-11-14 13:56 -------- d-----w- c:\program files\Garpa Topographical Survey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 17:40 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-12 17:23 . 2011-12-12 17:23 1557928 ----a-w- C:\tdsskiller.zip
2011-12-09 15:33 . 2011-06-20 20:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 16:52 . 2011-05-29 02:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2007-08-03 07:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 15:17 . 2011-05-03 12:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-12_16.34.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-12 18:07 . 2011-12-12 18:07 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2011-12-12 18:06 . 2011-12-12 18:06 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248]
"Steam"="c:\program files\steam\steam.exe" [2011-08-07 1242448]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Akamai NetSession Interface"="c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\drivers\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Fieari Kei'lin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\util\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - e:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-24 113664]
Microsoft Office.lnk - e:\util\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2007-09-17 19:27 122949 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi8"=ma_cmidn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2006-11-17 21:49 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2011-03-09 04:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 18:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 18:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 18:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
2007-06-20 21:32 1028160 ----a-w- c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-20 01:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-23 03:34 18077696 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
2008-04-14 00:12 67584 ----a-w- c:\windows\system32\srclient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
2004-04-19 13:19 24576 ----a-w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Games\\AI War\\AIWar.exe"=
"c:\\Games\\AI War\\AIWarUpdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\boostertrooper\\BTroopers.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\Majesty2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\M2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shatter\\ShatterSettingsEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Documents and Settings\\Fieari Kei'lin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"e:\\Games\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"56552:TCP"= 56552:TCP:Pando Media Booster
"56552:UDP"= 56552:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"57233:TCP"= 57233:TCP:Pando Media Booster
"57233:UDP"= 57233:UDP:Pando Media Booster
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [1/23/2006 4:19 PM 254208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/17/2007 2:20 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336]
R2 FAH@C:+folding+FAH504-Console.exe;FAH@C:+folding+FAH504-Console.exe;c:\folding\FAH504-Console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [6/14/2007 5:12 PM 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 5:20 PM 24652]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/14/2007 2:25 PM 398720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [6/20/2007 6:06 PM 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [6/12/2007 11:39 AM 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-RICHARD-VYJC6BH-Fieari Kei'lin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-07 21:42]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - e:\util\MICROS~1\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Fieari Kei'lin\Application Data\Mozilla\Firefox\Profiles\79axusb3.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-80408115.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+folding+FAH504-Console.exe]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1979792683-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,fb,72,46,f5,02,0a,6e,2a,6c,c5,ba,a1,2c,e9,74,95,10,65,eb,91,dc,07,
4e,65,a2,70,89,e4,4c,90,b6,dc,26,f4,55,96,4b,12,81,1c,d6,eb,ac,cb,57,b2,ea,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1884)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\odyEvent.dll
c:\program files\Juniper Networks\Odyssey Access Client\odLogin.dll
.
- - - - - - - > 'lsass.exe'(2024)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\util\TortoiseSVN\bin\TortoiseStub32.dll
e:\util\TortoiseSVN\bin\TortoiseSVN32.dll
e:\util\TortoiseSVN\bin\libsvn_tsvn32.dll
e:\util\TortoiseSVN\bin\intl3_tsvn32.dll
e:\util\TortoiseSVN\bin\libsasl32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-12 13:29:25
ComboFix-quarantined-files.txt 2011-12-12 18:29
ComboFix2.txt 2011-12-12 16:43
.
Pre-Run: 16,100,589,568 bytes free
Post-Run: 16,076,124,160 bytes free
.
- - End Of File - - 34FF28789AB90C7A5A6FC180F4739E7F
ESET log:
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP289\A0074317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP289\A0075317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076334.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076345.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076358.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0077427.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0077513.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0078513.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0078596.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0079596.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0080596.sys a variant of Win32/Rootkit.Kryptik.FW trojan
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Fieari Kei'lin at 16:42:40 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.823 [GMT -5:00]
.
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\folding\FAH504-Console.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\BurnAware Free\nmsaccessu.exe
C:\folding\FahCore_78.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
E:\util\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\program files\steam\steam.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [ResChanger 2005] c:\program files\reschanger 2005\ResChanger2005.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] c:\documents and settings\fieari kei'lin\local settings\application data\akamai\netsession_win.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [StartCCC] "c:\drivers\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\erunta~1.lnk - e:\util\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\openof~1.lnk - e:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\util\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\util\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E71C445-0AF3-4E11-852A-EA3E88AEF44B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E1C49CD-F495-41A3-B052-54A9281E338D} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OdysseyClient - odyEvent.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fieari kei'lin\application data\mozilla\firefox\profiles\79axusb3.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\fieari kei'lin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336]
R2 FAH@C:+folding+FAH504-Console.exe;FAH@C:+folding+FAH504-Console.exe;c:\folding\fah504-console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2007-6-14 398720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-11 19056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-6-12 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-12-12 19:05:35 -------- d-----w- c:\program files\ESET
2011-12-12 18:38:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-12 17:27:53 1577776 ----a-w- C:\TDSSKiller.exe
2011-12-12 15:51:08 -------- d-sha-r- C:\cmdcons
2011-12-12 15:49:15 98816 ----a-w- c:\windows\sed.exe
2011-12-12 15:49:15 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 15:49:15 256000 ----a-w- c:\windows\PEV.exe
2011-12-12 15:49:15 208896 ----a-w- c:\windows\MBR.exe
2011-12-09 15:33:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-06 22:14:16 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14:16 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14:16 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14:16 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14:16 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14:16 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14:16 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14:16 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-11-25 19:56:47 -------- d-----w- c:\documents and settings\fieari kei'lin\local settings\application data\EVE-Central MarketUploader
2011-11-14 13:58:03 -------- d-----w- c:\documents and settings\fieari kei'lin\application data\GTS
2011-11-14 13:56:39 -------- d-----w- c:\program files\Garpa Topographical Survey
.
==================== Find3M ====================
.
2011-12-12 17:40:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-09 15:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 16:44:21.29 ===============
Good. Those ESET findings will be removed when system restore is reseted. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
AVG can be reinstalled now.
No problems noticed, even the print spooler is online again, and furthermore thanks for the PSI! I'd not known its existence, and it looks like it'll be a great help in keeping my system safe.
AVG reinstalled, programs updating, I think it's likely I'm good to go. Thank you so very much!
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.