Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Address has been blocked - DDS scan

  1. #1
    Join Date
    May 2009

    Default Address has been blocked - DDS scan

    Hello again.

    I have done what Tashi said to me; I have tryed to scan with D.D.S. and I have waited not 3 minutes, which the black screen said to me, but more than half an hour, but... nothing - a logfile/report does not open; it seems that the infection prevents DDS from running. I can not close the black screen.
    It seems that is a severe infection here.
    The problem is again described below, in case that is another analyst who didn't read my previous post.
    Another thing: concernes "Please do not use a usb/external hard drive that has been connected to the infected machine to transfer media", is too late - I didn't knew - so, now I have an USB stick possibly infected; but for now, please help me with the computer and then...will see.
    Of course, I have done all that Tashi told me, Erunt and all...

    Thank you,

    For some days, my security software Eset Smart Security 4.0.417.0 give me continuously the following message:


    Address has been blocked
    URL address:
    IP address:"

    This is only an example, URL and IP are changing each time.

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007


    Hi spandau

    Please download from Gmer and save it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

    If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Join Date
    May 2009

    Default Address has been blocked - DDS scan


    Thank you for help.
    Below, the requested log.
    Only some informations please, maybe are important:
    1. First scan: computer interrupted; I don't know where.
    2. Second scan: computer interrupted again; to some movies on the hard C.; I have deleted the movies.
    3. Third scan: at last, it works; but he didn't gave me notice about rootkit activity.
    4. In the log, before saving in txt format, the last sentence (about pciide.sys) was colourfull in red.
    5. Maybe is relevant: when I give Start / Windows Update, IE cannot display the webpage (of course, hi,hi, I am connected to the net, he works fine).

    Best regards,

    GMER -
    Rootkit scan 2010-11-09 20:05:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort3 WDC_WD6400AACS-00G8B1 rev.05.04C05
    Running: gmer.exe; Driver: C:\DOCUME~1\a\LOCALS~1\Temp\fgxoipoc.sys

    ---- System - GMER 1.0.15 ----

    SSDT 892ED580 ZwAssignProcessToJobObject
    SSDT spgc.sys ZwCreateKey [0xB9EA80E0]
    SSDT 892EE100 ZwDebugActiveProcess
    SSDT 892EDB30 ZwDuplicateObject
    SSDT spgc.sys ZwEnumerateKey [0xB9EC6CA2]
    SSDT spgc.sys ZwEnumerateValueKey [0xB9EC7030]
    SSDT spgc.sys ZwOpenKey [0xB9EA80C0]
    SSDT 892ECCC0 ZwOpenProcess
    SSDT 892ECFC0 ZwOpenThread
    SSDT 892ED9C0 ZwProtectVirtualMemory
    SSDT spgc.sys ZwQueryKey [0xB9EC7108]
    SSDT spgc.sys ZwQueryValueKey [0xB9EC6F88]
    SSDT 892ED860 ZwSetContextThread
    SSDT 892ED6E0 ZwSetInformationThread
    SSDT 892EA700 ZwSetSecurityObject
    SSDT spgc.sys ZwSetValueKey [0xB9EC719A]
    SSDT 892ED420 ZwSuspendProcess
    SSDT 892ED2C0 ZwSuspendThread
    SSDT 892ECE50 ZwTerminateProcess
    SSDT 892ED150 ZwTerminateThread
    SSDT 892EDF50 ZwWriteVirtualMemory

    INT 0x63 ? 89E56BF8
    INT 0x63 ? 89E56BF8
    INT 0x63 ? 89E56BF8
    INT 0x63 ? 89E56BF8
    INT 0x63 ? 89E56BF8
    INT 0x83 ? 89E56BF8
    INT 0x83 ? 89E56BF8
    INT 0x83 ? 89BA0BF8
    INT 0x83 ? 89E56BF8
    INT 0x84 ? 89BA0BF8
    INT 0x94 ? 89BA0BF8
    INT 0xA4 ? 89BA0BF8
    INT 0xA4 ? 89BA0BF8
    INT 0xA4 ? 89BA0BF8
    INT 0xA4 ? 89BA0BF8
    INT 0xB4 ? 89BA0BF8

    ---- Kernel code sections - GMER 1.0.15 ----

    ? spgc.sys The system cannot find the file specified. !
    .rsrc C:\WINDOWS\system32\drivers\pciide.sys entry point in ".rsrc" section [0xBA670814]
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7F6A360, 0x35483F, 0xE8000020]
    .text USBPORT.SYS!DllUnload B7F4A8AC 5 Bytes JMP 89BA01D8
    .text ay3b6lfo.SYS B7BEF386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text ay3b6lfo.SYS B7BEF3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text ay3b6lfo.SYS B7BEF3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text ay3b6lfo.SYS B7BEF3C9 1 Byte [2E]
    .text ay3b6lfo.SYS B7BEF3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[260] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
    .text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F6000A
    .text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7000A
    .text C:\WINDOWS\Explorer.EXE[320] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D4000C
    .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE000A
    .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EF000A
    .text C:\WINDOWS\System32\svchost.exe[1660] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D9000C
    .text C:\WINDOWS\System32\svchost.exe[1660] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 010D000A
    .text C:\WINDOWS\system32\wuauclt.exe[2432] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F9000A
    .text C:\WINDOWS\system32\wuauclt.exe[2432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FA000A
    .text C:\WINDOWS\system32\wuauclt.exe[2432] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F8000C

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spgc.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spgc.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spgc.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spgc.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spgc.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spgc.sys
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KeGetCurrentIrql] CB033043
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KfRaiseIrql] 0673C13B
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KfLowerIrql] C13B0003
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!READ_PORT_USHORT] 83660000
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
    IAT \SystemRoot\System32\Drivers\ay3b6lfo.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89E551F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

    Device \Driver\PCI_PNP5630 \Device\00000043 spgc.sys
    Device \Driver\usbuhci \Device\USBPDO-0 89B9F1F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE31F8
    Device \Driver\dmio \Device\DmControl\DmConfig 89DE31F8
    Device \Driver\dmio \Device\DmControl\DmPnP 89DE31F8
    Device \Driver\dmio \Device\DmControl\DmInfo 89DE31F8
    Device \Driver\usbuhci \Device\USBPDO-1 89B9F1F8
    Device \Driver\usbuhci \Device\USBPDO-2 89B9F1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{892781EA-94A8-4939-B829-BD66217FEE7D} 894321F8
    Device \Driver\usbehci \Device\USBPDO-3 89B701F8
    Device \Driver\usbuhci \Device\USBPDO-4 89B9F1F8

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

    Device \Driver\usbuhci \Device\USBPDO-5 89B9F1F8
    Device \Driver\usbuhci \Device\USBPDO-6 89B9F1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 89E571F8
    Device \Driver\usbehci \Device\USBPDO-7 89B701F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 89E571F8
    Device \Driver\Cdrom \Device\CdRom0 89B521F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort0 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort1 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort2 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort3 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort4 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 89CDBAEA
    Device \Driver\atapi \Device\Ide\IdePort5 [B9DFCB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\Ftdisk \Device\HarddiskVolume3 89E571F8
    Device \Driver\Cdrom \Device\CdRom1 89B521F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 894321F8
    Device \Driver\NetBT \Device\NetbiosSmb 894321F8
    Device \Driver\sptd \Device\2056155630 spgc.sys

    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

    Device \Driver\usbuhci \Device\USBFDO-0 89B9F1F8
    Device \Driver\usbstor \Device\0000007a 89A08500
    Device \Driver\usbuhci \Device\USBFDO-1 89B9F1F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8911C1F8
    Device \Driver\usbuhci \Device\USBFDO-2 89B9F1F8
    Device \Driver\usbstor \Device\0000007c 89A08500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8911C1F8
    Device \Driver\usbehci \Device\USBFDO-3 89B701F8
    Device \Driver\usbstor \Device\0000007d 89A08500
    Device \Driver\usbuhci \Device\USBFDO-4 89B9F1F8
    Device \Driver\Ftdisk \Device\FtControl 89E571F8
    Device \Driver\usbstor \Device\0000007e 89A08500
    Device \Driver\usbuhci \Device\USBFDO-5 89B9F1F8
    Device \Driver\usbstor \Device\0000007f 89A08500
    Device \Driver\usbuhci \Device\USBFDO-6 89B9F1F8
    Device \Driver\usbehci \Device\USBFDO-7 89B701F8
    Device \Driver\ay3b6lfo \Device\Scsi\ay3b6lfo1Port6Path0Target0Lun0 89A641F8
    Device \Driver\ay3b6lfo \Device\Scsi\ay3b6lfo1 89A641F8
    Device \FileSystem\Cdfs \Cdfs 89A09500
    Device \Device\Ide\IdeDeviceP3T0L0-12 -> \??\IDE#DiskWDC_WD6400AACS-00G8B1___________________05.04C05#5&643f929&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0xE9 0x89 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x43 0x4E 0x64 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEB 0xE2 0xC5 0xB1 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7A 0xE9 0x89 0x07 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x03 0x43 0x4E 0x64 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEB 0xE2 0xC5 0xB1 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E18336E1-CC46-01E8-0635-1D16F4E8C193}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E18336E1-CC46-01E8-0635-1D16F4E8C193}@iaikjpapngokmnajhc 0x6A 0x61 0x6E 0x6F ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E18336E1-CC46-01E8-0635-1D16F4E8C193}@haclppjemnmphfjm 0x6A 0x61 0x6E 0x6F ...

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 1250263472 (+254): rootkit-like behavior;

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\drivers\pciide.sys suspicious modification; TDL3 <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007


    Hi spandau


    1. Download TDSSKiller.exe and save it to your desktop.
    2. Double-click TDSSKiller.exe to run it.
    3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
    4. Click Start scan and allow it to scan for Malicious objects.
    5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
    6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
    7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
    8. A log will be created on your root (usually C drive. The log is like UtilityName.Version_Date_Time_log.txt.
      for example, C:\TDSSKiller.
    9. If no reboot is required, click on Report. A log file should appear.
    10. Please post the contents of the logfile in your next reply

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  5. #5
    Join Date
    May 2009

    Default Address has been blocked - DDS scan


    Below, the requested log.
    Well, until now no more annoying message.
    And I bet that also the Windows update is OK.
    Please tell me what I do next.

    Thank you,

    2010/11/09 21:04:25.0890 TDSS rootkit removing tool Nov 8 2010 10:52:22
    2010/11/09 21:04:25.0890 ================================================================================
    2010/11/09 21:04:25.0890 SystemInfo:
    2010/11/09 21:04:25.0890
    2010/11/09 21:04:25.0890 OS Version: 5.1.2600 ServicePack: 3.0
    2010/11/09 21:04:25.0890 Product type: Workstation
    2010/11/09 21:04:25.0890 ComputerName: A-1D2D0368C7834
    2010/11/09 21:04:25.0890 UserName: a
    2010/11/09 21:04:25.0890 Windows directory: C:\WINDOWS
    2010/11/09 21:04:25.0890 System windows directory: C:\WINDOWS
    2010/11/09 21:04:25.0890 Processor architecture: Intel x86
    2010/11/09 21:04:25.0890 Number of processors: 2
    2010/11/09 21:04:25.0890 Page size: 0x1000
    2010/11/09 21:04:25.0890 Boot type: Normal boot
    2010/11/09 21:04:25.0890 ================================================================================
    2010/11/09 21:04:26.0265 Initialize success
    2010/11/09 21:04:48.0234 ================================================================================
    2010/11/09 21:04:48.0234 Scan started
    2010/11/09 21:04:48.0234 Mode: Manual;
    2010/11/09 21:04:48.0234 ================================================================================
    2010/11/09 21:04:48.0562 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/11/09 21:04:48.0593 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/11/09 21:04:48.0640 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/11/09 21:04:48.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/11/09 21:04:48.0765 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/11/09 21:04:48.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/11/09 21:04:48.0812 AtcL001 (19f277bc4ce5689f20f347a6b8aa8c42) C:\WINDOWS\system32\DRIVERS\atl01_xp.sys
    2010/11/09 21:04:48.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/11/09 21:04:48.0875 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/11/09 21:04:48.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/11/09 21:04:48.0937 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
    2010/11/09 21:04:48.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/11/09 21:04:48.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2010/11/09 21:04:49.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/11/09 21:04:49.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/11/09 21:04:49.0031 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/11/09 21:04:49.0093 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/11/09 21:04:49.0140 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/11/09 21:04:49.0171 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/11/09 21:04:49.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/11/09 21:04:49.0187 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/11/09 21:04:49.0203 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/11/09 21:04:49.0218 eamon (d4f94d45e25d764462a5b95bc426c8d0) C:\WINDOWS\system32\DRIVERS\eamon.sys
    2010/11/09 21:04:49.0250 ehdrv (9456462c1425d2bbf1616edabfaba5f4) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    2010/11/09 21:04:49.0281 epfw (9957f65bedc0c5f654ff5be4552f3df7) C:\WINDOWS\system32\DRIVERS\epfw.sys
    2010/11/09 21:04:49.0296 Epfwndis (a39214536abb60dc3ac73c6fc963e06d) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
    2010/11/09 21:04:49.0312 epfwtdi (7119e9001fbb9d562905cc3932400683) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
    2010/11/09 21:04:49.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/11/09 21:04:49.0343 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/11/09 21:04:49.0359 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/11/09 21:04:49.0359 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/11/09 21:04:49.0390 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/11/09 21:04:49.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/11/09 21:04:49.0421 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/11/09 21:04:49.0437 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/11/09 21:04:49.0453 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/11/09 21:04:49.0500 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/11/09 21:04:49.0531 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/11/09 21:04:49.0562 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/11/09 21:04:49.0578 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/11/09 21:04:49.0671 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2010/11/09 21:04:49.0703 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/11/09 21:04:49.0734 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/11/09 21:04:49.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/11/09 21:04:49.0750 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/11/09 21:04:49.0765 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/11/09 21:04:49.0781 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/11/09 21:04:49.0812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/11/09 21:04:49.0828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/11/09 21:04:49.0828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/11/09 21:04:49.0843 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/11/09 21:04:49.0875 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/11/09 21:04:49.0890 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/11/09 21:04:49.0906 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/11/09 21:04:49.0921 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/11/09 21:04:49.0921 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/11/09 21:04:49.0937 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/11/09 21:04:49.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/11/09 21:04:49.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/11/09 21:04:50.0000 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/11/09 21:04:50.0015 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/11/09 21:04:50.0031 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/11/09 21:04:50.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/11/09 21:04:50.0078 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/11/09 21:04:50.0109 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2010/11/09 21:04:50.0140 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2010/11/09 21:04:50.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/11/09 21:04:50.0171 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2010/11/09 21:04:50.0171 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/11/09 21:04:50.0187 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2010/11/09 21:04:50.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/11/09 21:04:50.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/11/09 21:04:50.0218 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/11/09 21:04:50.0234 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/11/09 21:04:50.0234 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/11/09 21:04:50.0250 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/11/09 21:04:50.0296 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2010/11/09 21:04:50.0312 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2010/11/09 21:04:50.0328 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\WINDOWS\system32\drivers\nmwcd.sys
    2010/11/09 21:04:50.0359 Nokia USB Port (353c16d21eec1f11306270040b3713c1) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2010/11/09 21:04:50.0359 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/11/09 21:04:50.0390 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/11/09 21:04:50.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/11/09 21:04:50.0546 nv (07e25fe08344021091f000d84611a2ab) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2010/11/09 21:04:50.0656 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/11/09 21:04:50.0671 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/11/09 21:04:50.0687 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/11/09 21:04:50.0687 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/11/09 21:04:50.0718 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/11/09 21:04:50.0718 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/11/09 21:04:50.0734 PCIIde (dd89e7d7915982f3273655f63ee1fe1e) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/09 21:04:50.0734 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: dd89e7d7915982f3273655f63ee1fe1e, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
    2010/11/09 21:04:50.0734 PCIIde - detected Rootkit.Win32.TDSS.tdl3 (0)
    2010/11/09 21:04:50.0765 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/11/09 21:04:50.0781 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2010/11/09 21:04:50.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/11/09 21:04:50.0859 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/11/09 21:04:50.0890 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/11/09 21:04:50.0921 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2010/11/09 21:04:50.0984 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/11/09 21:04:51.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/11/09 21:04:51.0015 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/11/09 21:04:51.0015 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/11/09 21:04:51.0031 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/11/09 21:04:51.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/11/09 21:04:51.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/11/09 21:04:51.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/11/09 21:04:51.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/11/09 21:04:51.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/11/09 21:04:51.0140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/11/09 21:04:51.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/11/09 21:04:51.0156 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/11/09 21:04:51.0203 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2010/11/09 21:04:51.0281 SNP2UVC (9e027c8ec85d33a0ac1f34bbac58763d) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
    2010/11/09 21:04:51.0359 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/11/09 21:04:51.0406 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
    2010/11/09 21:04:51.0406 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
    2010/11/09 21:04:51.0406 sptd - detected Locked file (1)
    2010/11/09 21:04:51.0421 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/11/09 21:04:51.0437 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/11/09 21:04:51.0453 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2010/11/09 21:04:51.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/11/09 21:04:51.0500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/11/09 21:04:51.0562 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/11/09 21:04:51.0656 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
    2010/11/09 21:04:51.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/11/09 21:04:51.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/11/09 21:04:51.0750 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/11/09 21:04:51.0765 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/11/09 21:04:51.0890 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
    2010/11/09 21:04:51.0890 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/11/09 21:04:51.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/11/09 21:04:51.0953 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2010/11/09 21:04:51.0953 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/11/09 21:04:52.0000 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/11/09 21:04:52.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/11/09 21:04:52.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/11/09 21:04:52.0046 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/11/09 21:04:52.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/11/09 21:04:52.0062 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2010/11/09 21:04:52.0093 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/11/09 21:04:52.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/11/09 21:04:52.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/11/09 21:04:52.0187 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2010/11/09 21:04:52.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/11/09 21:04:52.0265 WFPVRBAR (ad54c6e174b220a7226ecd339425ad1e) C:\WINDOWS\system32\drivers\WFPVRBAR.sys
    2010/11/09 21:04:52.0296 WFPVRENC (5258ad62098325736f0dc68e2a6b9470) C:\WINDOWS\system32\drivers\wfpvrenc.sys
    2010/11/09 21:04:52.0312 WFPVRTUNER (0dd8e9e4ca0525bdb1bd17652f422bdf) C:\WINDOWS\system32\drivers\wfpvrtun.sys
    2010/11/09 21:04:52.0343 WFPVRVIDEO (8e22bbdc0461deee73253e862da49656) C:\WINDOWS\system32\drivers\wfpvrcap.sys
    2010/11/09 21:04:52.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2010/11/09 21:04:52.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/11/09 21:04:52.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/11/09 21:04:52.0515 ================================================================================
    2010/11/09 21:04:52.0515 Scan finished
    2010/11/09 21:04:52.0515 ================================================================================
    2010/11/09 21:04:52.0515 Detected object count: 2
    2010/11/09 21:06:35.0812 PCIIde (dd89e7d7915982f3273655f63ee1fe1e) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2010/11/09 21:06:35.0812 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\pciide.sys. Real md5: dd89e7d7915982f3273655f63ee1fe1e, Fake md5: ccf5f451bb1a5a2a522a76e670000ff0
    2010/11/09 21:06:41.0906 Backup copy found, using it..
    2010/11/09 21:06:41.0921 C:\WINDOWS\system32\DRIVERS\pciide.sys - will be cured after reboot
    2010/11/09 21:06:41.0921 Rootkit.Win32.TDSS.tdl3(PCIIde) - User select action: Cure
    2010/11/09 21:06:41.0921 Locked file(sptd) - User select action: Skip
    2010/11/09 21:06:57.0750 Deinitialize success

  6. #6
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007


    Hi spandau

    yeah, looks better.........

    Download and Run Malwarebytes' Anti-Malware

    Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
    Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
    Alternate download sites available here or here.
    1. Make sure you are connected to the Internet.
    2. Double-click on mbam-setup.exe to install the application.
    3. When the installation begins, follow the prompts and do not make any changes to default settings.
    4. When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
      • Then click Finish.
      MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself.
      • Press the OK button to close that box and continue.
      • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

    On the Scanner tab:
    1. Make sure the "Perform full scan" option is selected.
    2. Then click on the Scan button.
    3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    6. Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.

    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Please reply with

    Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #7
    Join Date
    May 2009

    Default Malwarebytes' Anti-Malware Log


    Below, the requested log.
    I hope is a good report.
    Please tell me what I do next and don't forget that I have also a suspicios to be infected USB stick, because I have used it in the period of time when the computer was infected.

    Thank you,

    Malwarebytes' Anti-Malware 1.46

    Database version: 5084

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    11/9/2010 11:02:21 PM
    mbam-log-2010-11-09 (23-02-21).txt

    Scan type: Full scan (C:\|D:\|E:\|)
    Objects scanned: 196203
    Time elapsed: 18 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #8
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007


    Hi spandau

    Scan your USB stick with mbam

    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #9
    Join Date
    May 2009

    Default Address has been blocked - DDS scan


    Below, the requested scan.
    Additional information: MBAM has not detected threat in my USB stick.

    Thank you,

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=7.00.6000.17091 (vista_gdr.100824-1500)
    # OnlineScanner.ocx=
    # api_version=3.0.2
    # EOSSerial=95ff7597fec7b4488f1c8550d600e8ca
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-11-10 04:30:03
    # local_time=2010-11-10 06:30:03 (+0200, E. Europe Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 46223663 46223663 0 0
    # compatibility_mode=6912 16777215 100 0 0 0 0 0
    # compatibility_mode=8202 22379861 100 100 5685 51956517 0 0
    # scanned=55118
    # found=1
    # cleaned=1
    # scan_time=1015
    # nod_component=V3 Build:0x30000000
    C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

  10. #10
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007


    Hi spandau

    Security Check
    Please download Security Check ... by screen317. Save it to your desktop.
    Alternate download site: Link 2
    1. Double click the SecurityCheck.exe icon to begin.
    2. Press the Space Bar when you see the "press any key to continue..." message.
      A Notepad results file will open automatically called checkup.txt
    3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
    4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts