View Full Version : Trojan.sirefef removal?
Hi,
I have a trojan.sirefef.bv virus on my computer. As the FAQ suggested I have now run the ERUNT program and afterwards did the DDS which made my computer freeze completely.
The virus has been detected mostly in c:/windows/system32 and and it has now disabled my internet connection and sound system from working.
I tried earlier system restoring without succeeding and downloaded another anti-virus program that did not clear the virus either.
I would be grateful for any help in this matter. Please let me know what information you need in order for you to understand more of the problem.
:thanks:
Hi,
Please download and run this (http://download.bleepingcomputer.com/sUBs/Beta/dds.exe). Check "attach.txt" and uncheck mbr setting let the other settings be as default and run. Post back the logs it creates.
Hi,
Here are the logs. Hope this helps!!
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Sacha J at 19:43:33 on 2012-03-13
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.2046.1486 [GMT 2:00]
.
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: F-Secure Internet Security 2011 10.51 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2011 10.51 *Enabled*
FW: *Disabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hs.fi/
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = wtcproxy:8080
uProxyOverride = wtc.msk.ru;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [F-Secure Manager] "c:\program files\f-secure internet security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [sclauncher] c:\program files\simplecenter\bin\win\sclauncher.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [IETI] c:\program files\skype\phone\ieplugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART
StartupFolder: c:\docume~1\sachaj~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\movesl~1.lnk - c:\windows\installer\{0ed016b2-c009-4253-9ddd-bdb8da9ce181}\_E02D80CCF13FCD5A87F526.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Vie Microsoft E&xceliin - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{D341B0D7-9D2D-4FD8-AF2F-215D247C5F86} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E9468BC1-4EBC-4A21-9C40-EFD4779510AF} : DHCPNameServer = 62.241.198.245 62.241.198.246
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-17 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-8-4 82824]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure internet security\hips\drivers\fshs.sys [2009-3-17 72520]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-6 497496]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-12 21992]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure internet security\anti-virus\fsgk32st.exe [2006-8-4 221864]
R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\program files\fujitsu handydrive\password\F3EJTHDD.EXE [2008-3-8 45056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure internet security\anti-virus\minifilter\fsgk.sys [2006-8-4 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure internet security\orsp client\fsorsp.exe [2009-3-17 61088]
S2 gupdate1c9b61d11a26d5d;Google Update Service (gupdate1c9b61d11a26d5d);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2006-8-4 41600]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
.
=============== Created Last 30 ================
.
2012-03-12 10:14:26 -------- d-----w- C:\SWTOOLS
2012-03-12 10:01:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-03-12 08:42:57 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-12 08:42:56 -------- d-----w- c:\program files\CPUID
2012-03-06 14:22:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-06 11:36:28 -------- d-sh--w- C:\found.002
2012-03-06 10:14:51 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-06 09:40:10 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-03-06 09:39:55 -------- d-----w- c:\documents and settings\sacha jurva\application data\IObit
2012-03-06 09:39:37 -------- d-----w- c:\program files\IObit
2012-03-05 10:46:30 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-15 11:33:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 11:33:14 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
==================== Find3M ====================
.
2012-01-17 19:00:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-17 19:00:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2006-11-19 20:20:10 909312 ----a-w- c:\program files\GSpot.exe
2004-08-04 04:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 19:45:26.90 ===============
Hi,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Hi again,
Installed combofix.exe, it installed the recovery console that i downloaded, whereafter it started scanning. Then two popups came where it said that the computer is infected with Rootkit.ZeroAccess and it is inserted into the tcp/ip stack. The second popup informed that the rootkit is detected and be patient this may take some moments.
After that the computer freezes (i did it three times) and I waited almost two hours but nothing happened and i couldnīt do anything.
Is there something else that I could try or did I do something wrong?
Hi,
Make sure you have ComboFix on your desktop and then do the following:
click start->run->type cmd.exe and press enter.
In command prompt window type the following (quotes included) command: "%userprofile%\desktop\ComboFix.exe" /nombr
It worked!! Im posting first the combofix log and then the dds log.
ComboFix 12-03-13.01 - Sacha J 03/14/2012 16:41:50.1.2 - x86
Running from: c:\documents and settings\Sacha Jurva\desktop\ComboFix.exe
Command switches used :: /nombr
AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: F-Secure Internet Security 2011 10.51 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Sacha Jurva\Local Settings\Application Data\assembly\tmp
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\SET20D.tmp
c:\windows\system32\Settings
c:\windows\system32\Settings\Settings.ini
c:\windows\system32\setup.ini
c:\windows\system32\Thumbs.db
c:\windows\WindowsXP-KB822603-x86.exe
.
c:\windows\system32\drivers\ipsec.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\ipsec.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
.
.
((((((((((((((((((((((((( Files Created from 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))))
.
.
2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-03-12 17:13 . 2012-03-12 17:14 -------- d-----w- c:\program files\ERUNT
2012-03-12 10:14 . 2012-03-12 10:14 -------- d-----w- C:\SWTOOLS
2012-03-12 10:01 . 2012-03-12 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-03-12 08:42 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-12 08:42 . 2012-03-12 08:42 -------- d-----w- c:\program files\CPUID
2012-03-06 14:22 . 2012-03-06 14:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-06 11:39 . 2012-03-06 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-03-06 11:36 . 2012-03-06 11:36 -------- d-----w- C:\found.002
2012-03-06 10:14 . 2011-12-30 15:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-06 09:40 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-03-06 09:39 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\Sacha Jurva\Application Data\IObit
2012-03-06 09:39 . 2012-03-06 09:39 -------- d-----w- c:\program files\IObit
2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 19:00 . 2012-01-17 19:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-17 19:00 . 2012-01-17 19:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-12 16:53 . 2004-08-10 11:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-10 11:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2006-11-19 20:20 . 2006-11-28 19:03 909312 ----a-w- c:\program files\GSpot.exe
2004-08-04 04:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2010-10-29 201384]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2010-10-29 1655464]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Sacha Jurva\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Moveslink.lnk - c:\windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe [2011-7-19 15086]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure 2006.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F-Secure 2006.lnk
backup=c:\windows\pss\F-Secure 2006.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21157:TCP"= 21157:TCP:BitComet 21157 TCP
"21157:UDP"= 21157:UDP:BitComet 21157 UDP
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [3/17/2009 8:14 PM 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2006 10:09 AM 82824]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/22/2007 8:17 PM 646392]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [3/17/2009 8:05 PM 72520]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2/24/2010 12:22 PM 185472]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/6/2012 11:39 AM 497496]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [3/12/2012 10:42 AM 21992]
R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\program files\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [3/8/2008 9:18 AM 45056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [8/4/2006 10:09 AM 148632]
S2 gupdate1c9b61d11a26d5d;Google Update Service (gupdate1c9b61d11a26d5d);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [8/4/2006 7:11 PM 41600]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 11:58 PM 20704]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [3/17/2009 8:05 PM 61088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ose
isamsmt
carboncopy32
Ld51ocnucsnp
oracleorahome811cmadmin
websensewfreportserver
com4qlb
swmsflt
se58mdm
CoachAud
backupexecnamingservice
snac
sqlagent$pinnaclesys
s3psddr
pcdrndisuio
DivisCTP
hidbatt
k750bus
efs
alcaudsl
vmm
spupdsvc
KMW_KBD
RTL8169
TMBUS
wintab32
ireike
sysdown
slapd-data52
pnmsrv
was
mssqlserveradhelper
uhcd
vpctcom
uiusys
mwspollserver
caboagp
z525mdfl
szkg
UsbserFilt
transactional
msftpsvc
zenos1
msftesql
backuplauncher
ikhlayer
atikmdag
rnadiagreceiver
DELTA
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:57]
.
2012-03-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 13:22]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
.
2012-03-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
.
2012-02-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
.
2012-03-14 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2006-08-04 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hs.fi/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = wtcproxy:8080
uInternet Settings,ProxyOverride = wtc.msk.ru;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.241.198.245 62.241.198.246
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
AddRemove-Elecard MPEG-2 Decoder&Streaming Plug-in for WMP 3.3.60526 - c:\program files\Elecard\Elecard MPEG-2 Decoder&Streaming Plug-in for WMP\Uninstall.exe
AddRemove-SUUVCOMM&10C4&80F6 - c:\program files\Suunto\SuuntoUSB\DriverUninstaller.exe VCP CP210x Cardinal\SUUVCOMM&10C4&80F6
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\License information*]
"datasecu"=hex:6d,c4,7e,b1,b0,34,ce,8a,f8,02,2f,17,07,d7,a2,89,46,16,6f,2f,7e,
41,bb,35,34,d9,f1,56,33,ce,05,18,8f,ee,15,0f,b8,79,50,8f,0d,e9,a5,98,5c,63,\
"rkeysecu"=hex:77,df,be,8a,dc,f5,e8,06,b5,be,d3,b7,93,95,3e,ec
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(888)
c:\program files\f-secure internet security\hips\fshook32.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(944)
c:\program files\f-secure internet security\hips\fshook32.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(3736)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(856)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
c:\program files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
c:\program files\F-Secure Internet Security\Common\FSMA32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\rundll32.exe
c:\windows\stsystra.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\F-Secure Internet Security\Anti-Virus\fssm32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\F-Secure Internet Security\Common\FSLAUNCHER1.EXE
.
**************************************************************************
.
Completion time: 2012-03-14 17:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-14 15:05
.
Pre-Run: 26,877,853,696 bytes free
Post-Run: 27,339,816,960 bytes free
.
- - End Of File - - 1A069FD0BC2DF4E43D698381B41AC386
DDS LOG:
DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Sacha J at 17:08:51 on 2012-03-14
#Option MBR scan is disabled.
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.2046.1465 [GMT 2:00]
.
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: F-Secure Internet Security 2011 10.51 *Disabled*
FW: *Disabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\Fujitsu HandyDrive\Password\F3EJTHDD.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure Internet Security\Common\FSLAUNCHER1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hs.fi/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uProxyServer = wtcproxy:8080
uProxyOverride = wtc.msk.ru;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\f-secure internet security\nrs\iescript\baselitmus.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [F-Secure Manager] "c:\program files\f-secure internet security\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure internet security\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [sclauncher] c:\program files\simplecenter\bin\win\sclauncher.exe
mRun: [tsnp2std] c:\windows\tsnp2std.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\sachaj~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\movesl~1.lnk - c:\windows\installer\{0ed016b2-c009-4253-9ddd-bdb8da9ce181}\_E02D80CCF13FCD5A87F526.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Vie Microsoft E&xceliin - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{D341B0D7-9D2D-4FD8-AF2F-215D247C5F86} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{E9468BC1-4EBC-4A21-9C40-EFD4779510AF} : DHCPNameServer = 62.241.198.245 62.241.198.246
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-3-17 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2006-8-4 82824]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure internet security\hips\drivers\fshs.sys [2009-3-17 72520]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-2-24 185472]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2012-3-6 497496]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-3-12 21992]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure internet security\anti-virus\fsgk32st.exe [2006-8-4 221864]
R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\program files\fujitsu handydrive\password\F3EJTHDD.EXE [2008-3-8 45056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure internet security\anti-virus\minifilter\fsgk.sys [2006-8-4 148632]
S2 gupdate1c9b61d11a26d5d;Google Update Service (gupdate1c9b61d11a26d5d);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [2006-8-4 41600]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure internet security\orsp client\fsorsp.exe [2009-3-17 61088]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-5 133104]
.
=============== Created Last 30 ================
.
2012-03-14 14:55:21 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-14 14:55:21 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-03-14 12:03:36 -------- d-sha-r- C:\cmdcons
2012-03-14 08:56:21 98816 ----a-w- c:\windows\sed.exe
2012-03-14 08:56:21 256000 ----a-w- c:\windows\PEV.exe
2012-03-14 08:56:21 208896 ----a-w- c:\windows\MBR.exe
2012-03-12 10:14:26 -------- d-----w- C:\SWTOOLS
2012-03-12 10:01:45 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup
2012-03-12 08:42:57 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-12 08:42:56 -------- d-----w- c:\program files\CPUID
2012-03-06 14:22:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-06 11:36:28 -------- d-----w- C:\found.002
2012-03-06 10:14:51 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-06 09:40:10 -------- d-----w- c:\documents and settings\all users\application data\IObit
2012-03-06 09:39:55 -------- d-----w- c:\documents and settings\sacha jurva\application data\IObit
2012-03-06 09:39:37 -------- d-----w- c:\program files\IObit
2012-02-15 11:33:14 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 11:33:14 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
==================== Find3M ====================
.
2012-01-17 19:00:22 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-17 19:00:20 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
2006-11-19 20:20:10 909312 ----a-w- c:\program files\GSpot.exe
2004-08-04 04:00:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 17:08:58.96 ===============
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
SWREG QUERY "HKLM\SYSTEM\CurrentControlSet\Services\oracleorahome811cmadmin" /s >Logit.txt
SWREG QUERY "HKLM\SYSTEM\CurrentControlSet\Services\backupexecnamingservice" /s >>Logit.txt
SWREG QUERY "HKLM\SYSTEM\CurrentControlSet\Services\alcaudsl" /s >>Logit.txt
START Logit.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please.
Here are the results:
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)
Error: Key: system\currentcontrolset\services\oracleorahome811cmadmin does not exist!
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)
Error: Key: system\currentcontrolset\services\backupexecnamingservice does not exist!
SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 (C)
Error: Key: system\currentcontrolset\services\alcaudsl does not exist!
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
REGEDIT /E "%USERPROFILE%\Desktop\regExp.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost"
DEL %0
Double-click on fixes.bat file to execute it. regExp.txt file should appear to your desktop. Attach it to your post.
Hi,
Please see attached regExp.txt file... I donīt understand much of this but is it looking better?
Hi,
Yes, we're making some progress there.
Please download attached .zip file to your desktop and extract its contents. Double-click regfix.reg file and allow merging. Reboot and run ComboFix again like earlier. Post back its log.
Note: the attachment is to be used on this specific case only.
Hi,
It detected the rootkit again. Here is the log:
ComboFix 12-03-13.01 - Sacha J 03/15/2012 17:53:27.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1251.7.1033.18.2046.1527 [GMT 2:00]
Running from: c:\documents and settings\Sacha Jurva\desktop\ComboFix.exe
Command switches used :: /nombr
AV: F-Secure Internet Security 2011 10.51 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: F-Secure Internet Security 2011 10.51 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-03-14 14:55 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\dllcache\ipsec.sys
2012-03-12 17:13 . 2012-03-12 17:14 -------- d-----w- c:\program files\ERUNT
2012-03-12 10:14 . 2012-03-12 10:14 -------- d-----w- C:\SWTOOLS
2012-03-12 10:01 . 2012-03-12 10:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2012-03-12 08:42 . 2011-09-21 08:25 21992 ----a-w- c:\windows\system32\drivers\cpuz135_x32.sys
2012-03-12 08:42 . 2012-03-12 08:42 -------- d-----w- c:\program files\CPUID
2012-03-06 14:22 . 2012-03-06 14:22 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-03-06 11:39 . 2012-03-06 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2012-03-06 11:36 . 2012-03-06 11:36 -------- d-----w- C:\found.002
2012-03-06 10:14 . 2011-12-30 15:03 21336 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-03-06 09:40 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2012-03-06 09:39 . 2012-03-06 09:40 -------- d-----w- c:\documents and settings\Sacha Jurva\Application Data\IObit
2012-03-06 09:39 . 2012-03-06 09:39 -------- d-----w- c:\program files\IObit
2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 11:33 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 19:00 . 2012-01-17 19:00 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-01-17 19:00 . 2012-01-17 19:00 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-01-12 16:53 . 2004-08-10 11:51 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-10 11:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-10 11:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2006-11-19 20:20 . 2006-11-28 19:03 909312 ----a-w- c:\program files\GSpot.exe
2004-08-04 04:00 94784 -csh--w- c:\windows\twain.dll
2008-04-14 00:12 50688 -csh--w- c:\windows\twain_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
2010-12-20 17:32 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-14_14.58.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-15 15:50 . 2012-03-15 15:50 16384 c:\windows\Temp\Perflib_Perfdata_698.dat
+ 2012-03-15 15:50 . 2012-03-15 15:50 16384 c:\windows\Temp\Perflib_Perfdata_208.dat
+ 2006-07-29 09:59 . 2012-03-14 18:05 28409 c:\windows\system32\nvModes.dat
- 2006-07-29 09:59 . 2012-01-17 21:25 28409 c:\windows\system32\nvModes.dat
+ 2012-03-15 15:27 . 2012-03-15 15:28 655360 c:\windows\ERDNT\AutoBackup\3-15-2012\Users\00000002\UsrClass.dat
+ 2012-03-15 15:28 . 2005-10-20 10:02 163328 c:\windows\ERDNT\AutoBackup\3-15-2012\ERDNT.EXE
+ 2012-03-15 15:27 . 2012-03-15 15:27 16957440 c:\windows\ERDNT\AutoBackup\3-15-2012\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-30 39408]
"Advanced SystemCare 5"="c:\program files\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-12-29 620376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2010-10-29 201384]
"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2010-10-29 1655464]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
"sclauncher"="c:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 94208]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"NvMediaCenter"="NvMCTray.dll" [2008-02-22 86016]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Sacha Jurva\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-7-29 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Moveslink.lnk - c:\windows\Installer\{0ED016B2-C009-4253-9DDD-BDB8DA9CE181}\_E02D80CCF13FCD5A87F526.exe [2011-7-19 15086]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^F-Secure 2006.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\F-Secure 2006.lnk
backup=c:\windows\pss\F-Secure 2006.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21157:TCP"= 21157:TCP:BitComet 21157 TCP
"21157:UDP"= 21157:UDP:BitComet 21157 UDP
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [3/17/2009 8:14 PM 42672]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [8/4/2006 10:09 AM 82824]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/22/2007 8:17 PM 646392]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [3/17/2009 8:05 PM 72520]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2/24/2010 12:22 PM 185472]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [3/6/2012 11:39 AM 497496]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [3/12/2012 10:42 AM 21992]
R2 F3EJTHDD;HandyDrive Password Lock Tool Service;c:\program files\Fujitsu HandyDrive\Password\F3EJTHDD.EXE [3/8/2008 9:18 AM 45056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [8/4/2006 10:09 AM 148632]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [3/17/2009 8:05 PM 61088]
S2 gupdate1c9b61d11a26d5d;Google Update Service (gupdate1c9b61d11a26d5d);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
S3 avera800;AVerMedia DVB-T BDA Video Capture(A800);c:\windows\system32\drivers\avera800.sys [8/4/2006 7:11 PM 41600]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [5/14/2010 11:58 PM 20704]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/5/2009 8:33 PM 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:57]
.
2012-03-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 13:22]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-05 18:33]
.
2012-03-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
.
2012-02-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3338972828-3241488432-1645712057-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 18:09]
.
2012-03-15 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2006-08-04 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hs.fi/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = wtcproxy:8080
uInternet Settings,ProxyOverride = wtc.msk.ru;<local>;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3338972828-3241488432-1645712057-1006\Software\SecuROM\License information*]
"datasecu"=hex:6d,c4,7e,b1,b0,34,ce,8a,f8,02,2f,17,07,d7,a2,89,46,16,6f,2f,7e,
41,bb,35,34,d9,f1,56,33,ce,05,18,8f,ee,15,0f,b8,79,50,8f,0d,e9,a5,98,5c,63,\
"rkeysecu"=hex:77,df,be,8a,dc,f5,e8,06,b5,be,d3,b7,93,95,3e,ec
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(884)
c:\program files\f-secure internet security\hips\fshook32.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(940)
c:\program files\f-secure internet security\hips\fshook32.dll
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
- - - - - - - > 'csrss.exe'(852)
c:\program files\F-Secure Internet Security\FWES\Program\fsdc32.dll
.
Completion time: 2012-03-15 18:11:10
ComboFix-quarantined-files.txt 2012-03-15 16:11
ComboFix2.txt 2012-03-14 15:05
.
Pre-Run: 27,612,209,152 bytes free
Post-Run: 27,604,787,200 bytes free
.
- - End Of File - - 80817AFE7C957C50696055074A4156AC
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
I did number 1 as instructed but nothing happens when i double click on tdsskiller.exe. Can I start the program from cmd somehow, or what should I do?
Hi,
Please see if it runs from safe mode.
It didnīt work so i downloaded it from the webpage and installed it again.
Here is the log:
15:14:15.0093 1952 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
15:14:15.0187 1952 ============================================================
15:14:15.0187 1952 Current date / time: 2012/03/16 15:14:15.0187
15:14:15.0187 1952 SystemInfo:
15:14:15.0187 1952
15:14:15.0187 1952 OS Version: 5.1.2600 ServicePack: 3.0
15:14:15.0187 1952 Product type: Workstation
15:14:15.0187 1952 ComputerName: SACHA
15:14:15.0187 1952 UserName: Sacha J
15:14:15.0187 1952 Windows directory: C:\WINDOWS
15:14:15.0187 1952 System windows directory: C:\WINDOWS
15:14:15.0187 1952 Processor architecture: Intel x86
15:14:15.0187 1952 Number of processors: 2
15:14:15.0187 1952 Page size: 0x1000
15:14:15.0187 1952 Boot type: Normal boot
15:14:15.0187 1952 ============================================================
15:14:16.0265 1952 Drive \Device\Harddisk0\DR0 - Size: 0x16F0649400 (91.76 Gb), SectorSize: 0x200, Cylinders: 0x2ECA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:14:16.0265 1952 Drive \Device\Harddisk1\DR5 - Size: 0x3D200000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:14:16.0265 1952 \Device\Harddisk0\DR0:
15:14:16.0265 1952 MBR used
15:14:16.0265 1952 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0xB75027D
15:14:16.0265 1952 \Device\Harddisk1\DR5:
15:14:16.0265 1952 MBR used
15:14:16.0265 1952 \Device\Harddisk1\DR5\Partition0: MBR, Type 0x6, StartLBA 0x40, BlocksNum 0x1E8FC0
15:14:16.0359 1952 Initialize success
15:14:16.0359 1952 ============================================================
15:14:38.0484 3800 ============================================================
15:14:38.0484 3800 Scan started
15:14:38.0484 3800 Mode: Manual;
15:14:38.0484 3800 ============================================================
15:14:38.0765 3800 Abiosdsk - ok
15:14:38.0828 3800 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:14:38.0828 3800 abp480n5 - ok
15:14:38.0875 3800 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
15:14:38.0875 3800 acedrv11 - ok
15:14:38.0921 3800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:14:38.0921 3800 ACPI - ok
15:14:38.0953 3800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:14:38.0953 3800 ACPIEC - ok
15:14:38.0968 3800 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:14:38.0984 3800 adpu160m - ok
15:14:39.0031 3800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:14:39.0031 3800 aec - ok
15:14:39.0093 3800 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
15:14:39.0125 3800 AegisP - ok
15:14:39.0203 3800 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:14:39.0218 3800 AFD - ok
15:14:39.0250 3800 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:14:39.0250 3800 agp440 - ok
15:14:39.0281 3800 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:14:39.0281 3800 agpCPQ - ok
15:14:39.0296 3800 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:14:39.0296 3800 Aha154x - ok
15:14:39.0328 3800 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:14:39.0328 3800 aic78u2 - ok
15:14:39.0359 3800 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:14:39.0359 3800 aic78xx - ok
15:14:39.0390 3800 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:14:39.0390 3800 AliIde - ok
15:14:39.0421 3800 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:14:39.0437 3800 alim1541 - ok
15:14:39.0453 3800 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:14:39.0453 3800 amdagp - ok
15:14:39.0468 3800 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:14:39.0468 3800 amsint - ok
15:14:39.0515 3800 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
15:14:39.0515 3800 APPDRV - ok
15:14:39.0578 3800 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
15:14:39.0578 3800 Arp1394 - ok
15:14:39.0593 3800 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:14:39.0609 3800 asc - ok
15:14:39.0625 3800 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:14:39.0625 3800 asc3350p - ok
15:14:39.0640 3800 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:14:39.0656 3800 asc3550 - ok
15:14:39.0703 3800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:14:39.0703 3800 AsyncMac - ok
15:14:39.0734 3800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:14:39.0734 3800 atapi - ok
15:14:39.0750 3800 Atdisk - ok
15:14:39.0796 3800 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
15:14:39.0796 3800 atksgt - ok
15:14:39.0843 3800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:14:39.0843 3800 Atmarpc - ok
15:14:39.0875 3800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:14:39.0875 3800 audstub - ok
15:14:39.0921 3800 avera800 (f014b6116260e02e0a958e921966e748) C:\WINDOWS\system32\Drivers\avera800.sys
15:14:39.0921 3800 avera800 - ok
15:14:39.0953 3800 b57w2k (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
15:14:39.0953 3800 b57w2k - ok
15:14:39.0968 3800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:14:39.0968 3800 Beep - ok
15:14:40.0125 3800 catchme - ok
15:14:40.0218 3800 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:14:40.0218 3800 cbidf - ok
15:14:40.0234 3800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:14:40.0234 3800 cbidf2k - ok
15:14:40.0281 3800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:14:40.0281 3800 CCDECODE - ok
15:14:40.0296 3800 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:14:40.0296 3800 cd20xrnt - ok
15:14:40.0312 3800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:14:40.0312 3800 Cdaudio - ok
15:14:40.0343 3800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:14:40.0343 3800 Cdfs - ok
15:14:40.0390 3800 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:14:40.0390 3800 Cdrom - ok
15:14:40.0406 3800 Changer - ok
15:14:40.0453 3800 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
15:14:40.0453 3800 CmBatt - ok
15:14:40.0484 3800 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:14:40.0484 3800 CmdIde - ok
15:14:40.0500 3800 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
15:14:40.0500 3800 Compbatt - ok
15:14:40.0546 3800 CompFilter (13612d5107c9b65bef347f449bcaf54d) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys
15:14:40.0546 3800 CompFilter - ok
15:14:40.0578 3800 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:14:40.0578 3800 Cpqarray - ok
15:14:40.0640 3800 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
15:14:40.0640 3800 cpuz135 - ok
15:14:40.0671 3800 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:14:40.0671 3800 dac2w2k - ok
15:14:40.0703 3800 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:14:40.0703 3800 dac960nt - ok
15:14:40.0750 3800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:14:40.0750 3800 Disk - ok
15:14:40.0843 3800 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
15:14:40.0859 3800 DLABOIOM - ok
15:14:40.0921 3800 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:14:40.0937 3800 DLACDBHM - ok
15:14:40.0953 3800 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
15:14:40.0953 3800 DLADResN - ok
15:14:40.0984 3800 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
15:14:40.0984 3800 DLAIFS_M - ok
15:14:41.0031 3800 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
15:14:41.0031 3800 DLAOPIOM - ok
15:14:41.0031 3800 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
15:14:41.0046 3800 DLAPoolM - ok
15:14:41.0093 3800 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
15:14:41.0109 3800 DLARTL_N - ok
15:14:41.0125 3800 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
15:14:41.0156 3800 DLAUDFAM - ok
15:14:41.0171 3800 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
15:14:41.0312 3800 DLAUDF_M - ok
15:14:41.0500 3800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:14:41.0562 3800 dmboot - ok
15:14:41.0656 3800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:14:41.0656 3800 dmio - ok
15:14:41.0671 3800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:14:41.0687 3800 dmload - ok
15:14:41.0703 3800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:14:41.0703 3800 DMusic - ok
15:14:41.0734 3800 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:14:41.0734 3800 dpti2o - ok
15:14:41.0765 3800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:14:41.0765 3800 drmkaud - ok
15:14:41.0812 3800 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:14:41.0828 3800 DRVMCDB - ok
15:14:41.0843 3800 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:14:41.0843 3800 DRVNDDM - ok
15:14:41.0875 3800 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
15:14:41.0875 3800 E100B - ok
15:14:42.0078 3800 F-Secure Gatekeeper (29d12e1e45d93b45d2598e2663bbeff4) C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
15:14:42.0078 3800 F-Secure Gatekeeper - ok
15:14:42.0156 3800 F-Secure HIPS (91fc6a3c01a771a5aa65959a361c22c5) C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys
15:14:42.0156 3800 F-Secure HIPS - ok
15:14:42.0328 3800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:14:42.0328 3800 Fastfat - ok
15:14:42.0359 3800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:14:42.0375 3800 Fdc - ok
15:14:42.0390 3800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:14:42.0390 3800 Fips - ok
15:14:42.0406 3800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:14:42.0421 3800 Flpydisk - ok
15:14:42.0453 3800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
15:14:42.0468 3800 FltMgr - ok
15:14:42.0515 3800 fsbts (343786e182b9c9ae3066e00dec650f50) C:\WINDOWS\system32\Drivers\fsbts.sys
15:14:42.0515 3800 fsbts - ok
15:14:42.0562 3800 FSFW (b7feb06217a421ffd9eee6604e60f903) C:\WINDOWS\system32\drivers\fsdfw.sys
15:14:42.0578 3800 FSFW - ok
15:14:42.0640 3800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:14:42.0640 3800 Fs_Rec - ok
15:14:42.0703 3800 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys
15:14:42.0703 3800 FTDIBUS - ok
15:14:42.0765 3800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:14:42.0765 3800 Ftdisk - ok
15:14:42.0812 3800 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys
15:14:42.0828 3800 FTSER2K - ok
15:14:42.0859 3800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:14:42.0859 3800 GEARAspiWDM - ok
15:14:42.0906 3800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:14:42.0906 3800 Gpc - ok
15:14:42.0953 3800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:14:42.0953 3800 HDAudBus - ok
15:14:43.0000 3800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:14:43.0000 3800 HidUsb - ok
15:14:43.0234 3800 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:14:43.0250 3800 hpn - ok
15:14:43.0328 3800 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
15:14:43.0484 3800 HSF_DPV - ok
15:14:43.0625 3800 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
15:14:43.0640 3800 HSXHWAZL - ok
15:14:43.0687 3800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:14:43.0687 3800 HTTP - ok
15:14:43.0734 3800 hwdatacard (2310ca92d37d97c9231adf1796b47b9d) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
15:14:43.0750 3800 hwdatacard - ok
15:14:43.0781 3800 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:14:43.0781 3800 i2omgmt - ok
15:14:43.0812 3800 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:14:43.0812 3800 i2omp - ok
15:14:43.0828 3800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:14:43.0828 3800 i8042prt - ok
15:14:43.0890 3800 ICM10USB (dc6cd5bbfa5e89824783b4140a6d4abe) C:\WINDOWS\system32\Drivers\ICM10USB.sys
15:14:43.0906 3800 ICM10USB - ok
15:14:43.0937 3800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:14:43.0937 3800 Imapi - ok
15:14:43.0984 3800 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:14:43.0984 3800 ini910u - ok
15:14:44.0015 3800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:14:44.0015 3800 IntelIde - ok
15:14:44.0062 3800 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:14:44.0062 3800 intelppm - ok
15:14:44.0109 3800 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
15:14:44.0109 3800 Ip6Fw - ok
15:14:44.0140 3800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:14:44.0140 3800 IpFilterDriver - ok
15:14:44.0203 3800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:14:44.0203 3800 IpInIp - ok
15:14:44.0250 3800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:14:44.0250 3800 IpNat - ok
15:14:44.0312 3800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:14:44.0312 3800 IPSec - ok
15:14:44.0343 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:14:44.0343 3800 IRENUM - ok
15:14:44.0375 3800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:14:44.0375 3800 isapnp - ok
15:14:44.0390 3800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:14:44.0390 3800 Kbdclass - ok
15:14:44.0421 3800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:14:44.0421 3800 kbdhid - ok
15:14:44.0453 3800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:14:44.0453 3800 kmixer - ok
15:14:44.0500 3800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:14:44.0500 3800 KSecDD - ok
15:14:44.0515 3800 lbrtfdc - ok
15:14:44.0593 3800 LHidKE (452ecfc32a4b5d9a761e113f149e1b9e) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
15:14:44.0593 3800 LHidKE - ok
15:14:44.0625 3800 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
15:14:44.0640 3800 lirsgt - ok
15:14:44.0656 3800 LMouKE (95871e8c4aecfed95f884d2d10b8bcfb) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
15:14:44.0656 3800 LMouKE - ok
15:14:44.0734 3800 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys
15:14:44.0750 3800 LVRS - ok
15:14:45.0062 3800 LVUVC (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
15:14:45.0328 3800 LVUVC - ok
15:14:45.0390 3800 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:14:45.0406 3800 mdmxsdk - ok
15:14:45.0437 3800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:14:45.0437 3800 mnmdd - ok
15:14:45.0484 3800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:14:45.0484 3800 Modem - ok
15:14:45.0500 3800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:14:45.0500 3800 Mouclass - ok
15:14:45.0531 3800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:14:45.0531 3800 mouhid - ok
15:14:45.0562 3800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:14:45.0562 3800 MountMgr - ok
15:14:45.0593 3800 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
15:14:45.0593 3800 MPE - ok
15:14:45.0625 3800 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:14:45.0625 3800 mraid35x - ok
15:14:45.0671 3800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:14:45.0671 3800 MRxDAV - ok
15:14:45.0734 3800 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:14:45.0750 3800 MRxSmb - ok
15:14:45.0781 3800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:14:45.0781 3800 Msfs - ok
15:14:45.0828 3800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:14:45.0828 3800 MSKSSRV - ok
15:14:45.0843 3800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:14:45.0843 3800 MSPCLOCK - ok
15:14:45.0859 3800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:14:45.0859 3800 MSPQM - ok
15:14:45.0921 3800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:14:45.0921 3800 mssmbios - ok
15:14:45.0953 3800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
15:14:45.0953 3800 MSTEE - ok
15:14:46.0015 3800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:14:46.0031 3800 Mup - ok
15:14:46.0046 3800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:14:46.0046 3800 NABTSFEC - ok
15:14:46.0093 3800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:14:46.0093 3800 NDIS - ok
15:14:46.0125 3800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:14:46.0125 3800 NdisIP - ok
15:14:46.0171 3800 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:14:46.0171 3800 NdisTapi - ok
15:14:46.0203 3800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:14:46.0203 3800 Ndisuio - ok
15:14:46.0234 3800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:14:46.0234 3800 NdisWan - ok
15:14:46.0281 3800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:14:46.0281 3800 NDProxy - ok
15:14:46.0312 3800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:14:46.0328 3800 NetBIOS - ok
15:14:46.0359 3800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:14:46.0359 3800 NetBT - ok
15:14:46.0406 3800 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
15:14:46.0421 3800 NIC1394 - ok
15:14:46.0437 3800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:14:46.0437 3800 Npfs - ok
15:14:46.0484 3800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:14:46.0484 3800 Ntfs - ok
15:14:46.0531 3800 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
15:14:46.0531 3800 NuidFltr - ok
15:14:46.0562 3800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:14:46.0562 3800 Null - ok
15:14:46.0859 3800 nv (0390b9368ea20dfb9e416a520b28a555) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:14:47.0109 3800 nv - ok
15:14:47.0296 3800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:14:47.0296 3800 NwlnkFlt - ok
15:14:47.0359 3800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:14:47.0359 3800 NwlnkFwd - ok
15:14:47.0406 3800 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
15:14:47.0421 3800 ohci1394 - ok
15:14:47.0453 3800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:14:47.0453 3800 Parport - ok
15:14:47.0484 3800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:14:47.0484 3800 PartMgr - ok
15:14:47.0515 3800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:14:47.0515 3800 ParVdm - ok
15:14:47.0578 3800 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
15:14:47.0578 3800 pccsmcfd - ok
15:14:47.0625 3800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:14:47.0625 3800 PCI - ok
15:14:47.0640 3800 PCIDump - ok
15:14:47.0718 3800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:14:47.0718 3800 PCIIde - ok
15:14:47.0765 3800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:14:47.0765 3800 Pcmcia - ok
15:14:47.0781 3800 PDCOMP - ok
15:14:47.0796 3800 PDFRAME - ok
15:14:47.0812 3800 PDRELI - ok
15:14:47.0828 3800 PDRFRAME - ok
15:14:47.0859 3800 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:14:47.0859 3800 perc2 - ok
15:14:47.0890 3800 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:14:47.0890 3800 perc2hib - ok
15:14:47.0953 3800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:14:47.0953 3800 PptpMiniport - ok
15:14:47.0984 3800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:14:47.0984 3800 PSched - ok
15:14:48.0015 3800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:14:48.0015 3800 Ptilink - ok
15:14:48.0062 3800 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:14:48.0062 3800 PxHelp20 - ok
15:14:48.0093 3800 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:14:48.0109 3800 ql1080 - ok
15:14:48.0125 3800 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:14:48.0125 3800 Ql10wnt - ok
15:14:48.0156 3800 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:14:48.0156 3800 ql12160 - ok
15:14:48.0187 3800 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:14:48.0187 3800 ql1240 - ok
15:14:48.0234 3800 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:14:48.0234 3800 ql1280 - ok
15:14:48.0265 3800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:14:48.0265 3800 RasAcd - ok
15:14:48.0312 3800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:14:48.0312 3800 Rasl2tp - ok
15:14:48.0343 3800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:14:48.0343 3800 RasPppoe - ok
15:14:48.0359 3800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:14:48.0359 3800 Raspti - ok
15:14:48.0390 3800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:14:48.0390 3800 Rdbss - ok
15:14:48.0421 3800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:14:48.0421 3800 RDPCDD - ok
15:14:48.0484 3800 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:14:48.0484 3800 rdpdr - ok
15:14:48.0640 3800 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
15:14:48.0640 3800 RDPWD - ok
15:14:48.0687 3800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:14:48.0687 3800 redbook - ok
15:14:48.0750 3800 rimmptsk (24ed7af20651f9fa1f249482e7c1f165) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
15:14:48.0765 3800 rimmptsk - ok
15:14:48.0781 3800 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
15:14:48.0796 3800 rimsptsk - ok
15:14:48.0828 3800 rismxdp (f774ecd11a064f0debb2d4395418153c) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
15:14:48.0843 3800 rismxdp - ok
15:14:48.0875 3800 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
15:14:48.0875 3800 ROOTMODEM - ok
15:14:48.0953 3800 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
15:14:48.0953 3800 s24trans - ok
15:14:49.0015 3800 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
15:14:49.0015 3800 sdbus - ok
15:14:49.0046 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:14:49.0046 3800 Secdrv - ok
15:14:49.0109 3800 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:14:49.0109 3800 serenum - ok
15:14:49.0156 3800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:14:49.0156 3800 Serial - ok
15:14:49.0218 3800 sfdrv01 (9e7dee11fd5a4355941a45f13c0ed59a) C:\WINDOWS\system32\drivers\sfdrv01.sys
15:14:49.0218 3800 sfdrv01 - ok
15:14:49.0265 3800 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
15:14:49.0265 3800 sffdisk - ok
15:14:49.0281 3800 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
15:14:49.0281 3800 sffp_sd - ok
15:14:49.0328 3800 sfhlp02 (ecefb59d2206d281e6d317af0ea0d8bd) C:\WINDOWS\system32\drivers\sfhlp02.sys
15:14:49.0328 3800 sfhlp02 - ok
15:14:49.0375 3800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
15:14:49.0390 3800 Sfloppy - ok
15:14:49.0437 3800 sfsync02 (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
15:14:49.0437 3800 sfsync02 - ok
15:14:49.0484 3800 sfsync04 (05e3038180cd846b0bca0e915163606a) C:\WINDOWS\system32\drivers\sfsync04.sys
15:14:49.0484 3800 sfsync04 - ok
15:14:49.0515 3800 Simbad - ok
15:14:49.0578 3800 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:14:49.0593 3800 sisagp - ok
15:14:49.0640 3800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:14:49.0640 3800 SLIP - ok
15:14:50.0078 3800 SNP2STD (d5c9643589313db08fd27a30d93e4146) C:\WINDOWS\system32\DRIVERS\snp2sxp.sys
15:14:50.0453 3800 SNP2STD - ok
15:14:50.0609 3800 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:14:50.0609 3800 Sparrow - ok
15:14:50.0656 3800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:14:50.0656 3800 splitter - ok
15:14:50.0734 3800 sptd (e8b705f9abe446aaf7a315ef8b4aea5a) C:\WINDOWS\system32\Drivers\sptd.sys
15:14:50.0734 3800 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: e8b705f9abe446aaf7a315ef8b4aea5a
15:14:50.0734 3800 sptd ( LockedFile.Multi.Generic ) - warning
15:14:50.0734 3800 sptd - detected LockedFile.Multi.Generic (1)
15:14:50.0765 3800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:14:50.0781 3800 sr - ok
15:14:50.0843 3800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:14:50.0843 3800 Srv - ok
15:14:50.0937 3800 STHDA (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
15:14:51.0031 3800 STHDA - ok
15:14:51.0078 3800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:14:51.0078 3800 streamip - ok
15:14:51.0109 3800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:14:51.0125 3800 swenum - ok
15:14:51.0140 3800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:14:51.0140 3800 swmidi - ok
15:14:51.0171 3800 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:14:51.0187 3800 symc810 - ok
15:14:51.0218 3800 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:14:51.0218 3800 symc8xx - ok
15:14:51.0250 3800 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:14:51.0265 3800 sym_hi - ok
15:14:51.0296 3800 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:14:51.0296 3800 sym_u3 - ok
15:14:51.0359 3800 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
15:14:51.0406 3800 SynTP - ok
15:14:51.0468 3800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:14:51.0468 3800 sysaudio - ok
15:14:51.0531 3800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:14:51.0531 3800 Tcpip - ok
15:14:51.0578 3800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:14:51.0578 3800 TDPIPE - ok
15:14:51.0593 3800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:14:51.0593 3800 TDTCP - ok
15:14:51.0640 3800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:14:51.0640 3800 TermDD - ok
15:14:51.0687 3800 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
15:14:51.0687 3800 toshidpt - ok
15:14:51.0718 3800 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:14:51.0718 3800 TosIde - ok
15:14:51.0750 3800 tosporte (0470bf2d5f49ff98464ac2c838e6a080) C:\WINDOWS\system32\DRIVERS\tosporte.sys
15:14:51.0750 3800 tosporte - ok
15:14:51.0781 3800 Tosrfbd (077869082a635e8ff2c205dc95c78775) C:\WINDOWS\system32\Drivers\tosrfbd.sys
15:14:51.0796 3800 Tosrfbd - ok
15:14:51.0812 3800 Tosrfbnp (613e09572f4c5b92ca6be8bdc4cc5b7d) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
15:14:51.0828 3800 Tosrfbnp - ok
15:14:51.0859 3800 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
15:14:51.0859 3800 Tosrfcom - ok
15:14:51.0890 3800 Tosrfhid (f4e4795528d17ff8d1d6d98ebbb92655) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
15:14:51.0906 3800 Tosrfhid - ok
15:14:51.0937 3800 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
15:14:51.0953 3800 tosrfnds - ok
15:14:51.0984 3800 TosRfSnd (b5518adb2b0029ff95d22e8e7336f49f) C:\WINDOWS\system32\drivers\TosRfSnd.sys
15:14:51.0984 3800 TosRfSnd - ok
15:14:52.0015 3800 Tosrfusb (ac2123e788230c712d0919ed0fec9ddd) C:\WINDOWS\system32\Drivers\tosrfusb.sys
15:14:52.0031 3800 Tosrfusb - ok
15:14:52.0078 3800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:14:52.0078 3800 Udfs - ok
15:14:52.0265 3800 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:14:52.0265 3800 ultra - ok
15:14:52.0312 3800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:14:52.0312 3800 Update - ok
15:14:52.0328 3800 upperdev - ok
15:14:52.0390 3800 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:14:52.0390 3800 USBAAPL - ok
15:14:52.0437 3800 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:14:52.0437 3800 usbaudio - ok
15:14:52.0484 3800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:14:52.0484 3800 usbccgp - ok
15:14:52.0515 3800 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys
15:14:52.0531 3800 USBCCID - ok
15:14:52.0562 3800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:14:52.0562 3800 usbehci - ok
15:14:52.0593 3800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:14:52.0593 3800 usbhub - ok
15:14:52.0625 3800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:14:52.0625 3800 usbprint - ok
15:14:52.0640 3800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:14:52.0640 3800 usbscan - ok
15:14:52.0656 3800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:14:52.0656 3800 USBSTOR - ok
15:14:52.0671 3800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:14:52.0671 3800 usbuhci - ok
15:14:52.0734 3800 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
15:14:52.0734 3800 usbvideo - ok
15:14:52.0781 3800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:14:52.0781 3800 VgaSave - ok
15:14:52.0812 3800 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:14:52.0812 3800 viaagp - ok
15:14:52.0859 3800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:14:52.0859 3800 ViaIde - ok
15:14:52.0890 3800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:14:52.0890 3800 VolSnap - ok
15:14:52.0984 3800 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
15:14:53.0031 3800 w39n51 - ok
15:14:53.0062 3800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:14:53.0062 3800 Wanarp - ok
15:14:53.0140 3800 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
15:14:53.0156 3800 Wdf01000 - ok
15:14:53.0171 3800 WDICA - ok
15:14:53.0203 3800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:14:53.0203 3800 wdmaud - ok
15:14:53.0281 3800 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
15:14:53.0375 3800 winachsf - ok
15:14:53.0515 3800 WmBEnum (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
15:14:53.0531 3800 WmBEnum - ok
15:14:53.0562 3800 WmFilter (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
15:14:53.0562 3800 WmFilter - ok
15:14:53.0625 3800 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:14:53.0625 3800 WmiAcpi - ok
15:14:53.0656 3800 WmVirHid (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
15:14:53.0671 3800 WmVirHid - ok
15:14:53.0703 3800 WmXlCore (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
15:14:53.0703 3800 WmXlCore - ok
15:14:53.0765 3800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:14:53.0765 3800 WS2IFSL - ok
15:14:53.0812 3800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:14:53.0828 3800 WSTCODEC - ok
15:14:53.0875 3800 WudfPf (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:14:53.0875 3800 WudfPf - ok
15:14:53.0906 3800 WudfRd (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:14:53.0906 3800 WudfRd - ok
15:14:53.0968 3800 MBR (0x1B8) (e4a73531e6fb4e8b44e27271e3540da0) \Device\Harddisk0\DR0
15:14:53.0968 3800 \Device\Harddisk0\DR0 - ok
15:14:53.0984 3800 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR5
15:14:53.0984 3800 \Device\Harddisk1\DR5 - ok
15:14:54.0031 3800 Boot (0x1200) (78802794cacaf1ffb62a181124030333) \Device\Harddisk0\DR0\Partition0
15:14:54.0031 3800 \Device\Harddisk0\DR0\Partition0 - ok
15:14:54.0031 3800 Boot (0x1200) (ae3bfae42852f7f7315f31bc6190226d) \Device\Harddisk1\DR5\Partition0
15:14:54.0031 3800 \Device\Harddisk1\DR5\Partition0 - ok
15:14:54.0031 3800 ============================================================
15:14:54.0031 3800 Scan finished
15:14:54.0031 3800 ============================================================
15:14:54.0046 3900 Detected object count: 1
15:14:54.0046 3900 Actual detected object count: 1
15:15:10.0015 3900 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:15:10.0015 3900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:15:50.0828 3300 Deinitialize success
Ok, that log looks good. Any symptoms with the system left?
Hi,
I ran all the scans and they found nothing on the computer. Sound and internet work also perfectly.
I donīt know what you did but thank you very much Blade for taking time to help me.
Next time I have a problem i certainly know where to ask immediately for help!
:thanks:
You're welcome :)
It's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.