Print Spooler, Fraud.InternetSecurity2011, infected temp files, browser redirecting

[Fieari]

Hey! I have internet again!

I'll post this in two posts. First, the log when I clicked "Cure" for afd.sys, and then secondly the log for when I ran it afterwards.

12:38:44.0734 2188 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:38:44.0750 2188 ============================================================
12:38:44.0750 2188 Current date / time: 2011/12/12 12:38:44.0750
12:38:44.0750 2188 SystemInfo:
12:38:44.0750 2188
12:38:44.0750 2188 OS Version: 5.1.2600 ServicePack: 3.0
12:38:44.0750 2188 Product type: Workstation
12:38:44.0750 2188 ComputerName: RICHARD-VYJC6BH
12:38:44.0750 2188 UserName: Fieari Kei'lin
12:38:44.0750 2188 Windows directory: C:\WINDOWS
12:38:44.0750 2188 System windows directory: C:\WINDOWS
12:38:44.0750 2188 Processor architecture: Intel x86
12:38:44.0750 2188 Number of processors: 2
12:38:44.0750 2188 Page size: 0x1000
12:38:44.0750 2188 Boot type: Normal boot
12:38:44.0750 2188 ============================================================
12:38:45.0656 2188 Initialize success
12:38:47.0406 3472 ============================================================
12:38:47.0406 3472 Scan started
12:38:47.0406 3472 Mode: Manual;
12:38:47.0406 3472 ============================================================
12:38:48.0234 3472 Abiosdsk - ok
12:38:48.0234 3472 abp480n5 - ok
12:38:48.0296 3472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:38:48.0296 3472 ACPI - ok
12:38:48.0328 3472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:38:48.0328 3472 ACPIEC - ok
12:38:48.0343 3472 adpu160m - ok
12:38:48.0359 3472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:38:48.0375 3472 aec - ok
12:38:48.0390 3472 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:38:48.0390 3472 Afc - ok
12:38:48.0453 3472 AFD (b49e92cce1a011ede676716b824916e9) C:\WINDOWS\System32\drivers\afd.sys
12:38:48.0453 3472 AFD ( Rootkit.Win32.ZAccess.k ) - infected
12:38:48.0453 3472 AFD - detected Rootkit.Win32.ZAccess.k (0)
12:38:48.0453 3472 Aha154x - ok
12:38:48.0468 3472 aic78u2 - ok
12:38:48.0468 3472 aic78xx - ok
12:38:48.0484 3472 AliIde - ok
12:38:48.0515 3472 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:38:48.0515 3472 AmdK8 - ok
12:38:48.0531 3472 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:38:48.0531 3472 AmdLLD - ok
12:38:48.0546 3472 amsint - ok
12:38:48.0593 3472 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:38:48.0593 3472 Arp1394 - ok
12:38:48.0609 3472 asc - ok
12:38:48.0609 3472 asc3350p - ok
12:38:48.0625 3472 asc3550 - ok
12:38:48.0671 3472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:38:48.0671 3472 AsyncMac - ok
12:38:48.0687 3472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:38:48.0687 3472 atapi - ok
12:38:48.0703 3472 Atdisk - ok
12:38:48.0875 3472 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:38:48.0921 3472 ati2mtag - ok
12:38:48.0968 3472 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:38:48.0968 3472 AtiHdmiService - ok
12:38:49.0015 3472 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:38:49.0015 3472 atksgt - ok
12:38:49.0046 3472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:38:49.0046 3472 Atmarpc - ok
12:38:49.0046 3472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:38:49.0046 3472 audstub - ok
12:38:49.0093 3472 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:38:49.0093 3472 AVGIDSDriver - ok
12:38:49.0125 3472 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:38:49.0125 3472 AVGIDSEH - ok
12:38:49.0140 3472 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:38:49.0140 3472 AVGIDSFilter - ok
12:38:49.0171 3472 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:38:49.0171 3472 AVGIDSShim - ok
12:38:49.0218 3472 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:38:49.0218 3472 Avgldx86 - ok
12:38:49.0265 3472 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:38:49.0265 3472 Avgmfx86 - ok
12:38:49.0281 3472 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:38:49.0281 3472 Avgrkx86 - ok
12:38:49.0328 3472 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:38:49.0328 3472 Avgtdix - ok
12:38:49.0359 3472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:38:49.0359 3472 Beep - ok
12:38:49.0359 3472 catchme - ok
12:38:49.0375 3472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:38:49.0390 3472 cbidf2k - ok
12:38:49.0421 3472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:38:49.0421 3472 CCDECODE - ok
12:38:49.0437 3472 cd20xrnt - ok
12:38:49.0453 3472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:38:49.0453 3472 Cdaudio - ok
12:38:49.0484 3472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:38:49.0484 3472 Cdfs - ok
12:38:49.0500 3472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:38:49.0500 3472 Cdrom - ok
12:38:49.0500 3472 Changer - ok
12:38:49.0531 3472 CmdIde - ok
12:38:49.0546 3472 Cpqarray - ok
12:38:49.0546 3472 dac2w2k - ok
12:38:49.0562 3472 dac960nt - ok
12:38:49.0593 3472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:38:49.0593 3472 Disk - ok
12:38:49.0640 3472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:38:49.0640 3472 dmboot - ok
12:38:49.0656 3472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:38:49.0656 3472 dmio - ok
12:38:49.0687 3472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:38:49.0687 3472 dmload - ok
12:38:49.0718 3472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:38:49.0718 3472 DMusic - ok
12:38:49.0718 3472 dpti2o - ok
12:38:49.0734 3472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:38:49.0734 3472 drmkaud - ok
12:38:49.0750 3472 EagleXNt - ok
12:38:49.0781 3472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:38:49.0796 3472 Fastfat - ok
12:38:49.0796 3472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:38:49.0796 3472 Fdc - ok
12:38:49.0828 3472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:38:49.0828 3472 Fips - ok
12:38:49.0843 3472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:38:49.0843 3472 Flpydisk - ok
12:38:49.0875 3472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:38:49.0875 3472 FltMgr - ok
12:38:49.0890 3472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:38:49.0890 3472 Fs_Rec - ok
12:38:49.0906 3472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:38:49.0906 3472 Ftdisk - ok
12:38:49.0937 3472 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
12:38:49.0937 3472 gdrv - ok
12:38:49.0953 3472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:38:49.0953 3472 Gpc - ok
12:38:50.0000 3472 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:38:50.0000 3472 GTNDIS5 - ok
12:38:50.0031 3472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:38:50.0031 3472 HDAudBus - ok
12:38:50.0046 3472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:38:50.0046 3472 HidUsb - ok
12:38:50.0062 3472 hpn - ok
12:38:50.0062 3472 hpt3xx - ok
12:38:50.0109 3472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:38:50.0109 3472 HTTP - ok
12:38:50.0125 3472 i2omgmt - ok
12:38:50.0140 3472 i2omp - ok
12:38:50.0156 3472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:38:50.0156 3472 i8042prt - ok
12:38:50.0156 3472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:38:50.0171 3472 Imapi - ok
12:38:50.0171 3472 ini910u - ok
12:38:50.0312 3472 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:38:50.0343 3472 IntcAzAudAddService - ok
12:38:50.0359 3472 IntelIde - ok
12:38:50.0390 3472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:38:50.0390 3472 intelppm - ok
12:38:50.0421 3472 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:38:50.0421 3472 ip6fw - ok
12:38:50.0453 3472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:38:50.0453 3472 IpFilterDriver - ok
12:38:50.0468 3472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:38:50.0468 3472 IpInIp - ok
12:38:50.0484 3472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:38:50.0484 3472 IpNat - ok
12:38:50.0500 3472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:38:50.0500 3472 IPSec - ok
12:38:50.0531 3472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:38:50.0531 3472 IRENUM - ok
12:38:50.0546 3472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:38:50.0546 3472 isapnp - ok
12:38:50.0578 3472 jnprna (441bdc7f6b4ef836dbee969501a45bf7) C:\WINDOWS\system32\DRIVERS\jnprna.sys
12:38:50.0578 3472 jnprna - ok
12:38:50.0609 3472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:38:50.0609 3472 Kbdclass - ok
12:38:50.0625 3472 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:38:50.0625 3472 kbdhid - ok
12:38:50.0640 3472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:38:50.0640 3472 kmixer - ok
12:38:50.0671 3472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:38:50.0671 3472 KSecDD - ok
12:38:50.0687 3472 lbrtfdc - ok
12:38:50.0718 3472 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:38:50.0718 3472 lirsgt - ok
12:38:50.0750 3472 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:38:50.0750 3472 MA_CMIDI - ok
12:38:50.0781 3472 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:38:50.0781 3472 MDC8021X - ok
12:38:50.0796 3472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:38:50.0796 3472 mnmdd - ok
12:38:50.0828 3472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:38:50.0828 3472 Modem - ok
12:38:50.0843 3472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:38:50.0843 3472 Mouclass - ok
12:38:50.0875 3472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:38:50.0875 3472 mouhid - ok
12:38:50.0890 3472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:38:50.0890 3472 MountMgr - ok
12:38:50.0906 3472 mraid35x - ok
12:38:50.0921 3472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:38:50.0921 3472 MRxDAV - ok
12:38:50.0968 3472 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:38:50.0968 3472 MRxSmb - ok
12:38:50.0984 3472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:38:50.0984 3472 Msfs - ok
12:38:51.0015 3472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:38:51.0015 3472 MSKSSRV - ok
12:38:51.0031 3472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:38:51.0031 3472 MSPCLOCK - ok
12:38:51.0031 3472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:38:51.0031 3472 MSPQM - ok
12:38:51.0062 3472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:38:51.0062 3472 mssmbios - ok
12:38:51.0093 3472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:38:51.0093 3472 MSTEE - ok
12:38:51.0125 3472 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:38:51.0125 3472 Mup - ok
12:38:51.0140 3472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:38:51.0140 3472 NABTSFEC - ok
12:38:51.0156 3472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:38:51.0156 3472 NDIS - ok
12:38:51.0171 3472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:38:51.0171 3472 NdisIP - ok
12:38:51.0187 3472 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:38:51.0187 3472 NdisTapi - ok
12:38:51.0218 3472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:38:51.0218 3472 Ndisuio - ok
12:38:51.0234 3472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:38:51.0234 3472 NdisWan - ok
12:38:51.0265 3472 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:38:51.0265 3472 NDProxy - ok
12:38:51.0281 3472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:38:51.0281 3472 NetBIOS - ok
12:38:51.0312 3472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:38:51.0312 3472 NetBT - ok
12:38:51.0343 3472 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:38:51.0343 3472 NIC1394 - ok
12:38:51.0359 3472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:38:51.0359 3472 Npfs - ok
12:38:51.0390 3472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:38:51.0390 3472 Ntfs - ok
12:38:51.0421 3472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:38:51.0421 3472 Null - ok
12:38:51.0578 3472 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:38:51.0625 3472 nv - ok
12:38:51.0640 3472 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:38:51.0640 3472 nvata - ok
12:38:51.0671 3472 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:38:51.0671 3472 NVENETFD - ok
12:38:51.0671 3472 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:38:51.0671 3472 nvnetbus - ok
12:38:51.0718 3472 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
12:38:51.0718 3472 NVTCP - ok
12:38:51.0765 3472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:38:51.0765 3472 NwlnkFlt - ok
12:38:51.0781 3472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:38:51.0781 3472 NwlnkFwd - ok
12:38:51.0796 3472 odFips (28a25e6ccb36c7f14dedcf05c5e4de5f) C:\WINDOWS\system32\drivers\odFips.sys
12:38:51.0796 3472 odFips - ok
12:38:51.0812 3472 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:38:51.0812 3472 ohci1394 - ok
12:38:51.0859 3472 PAC207 (3fd27cd542aab721c8acb1208abe62fd) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
12:38:51.0859 3472 PAC207 - ok
12:38:51.0875 3472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:38:51.0875 3472 Parport - ok
12:38:51.0890 3472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:38:51.0890 3472 PartMgr - ok
12:38:51.0906 3472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:38:51.0906 3472 ParVdm - ok
12:38:51.0984 3472 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
12:38:51.0984 3472 pbfilter - ok
12:38:52.0000 3472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:38:52.0000 3472 PCI - ok
12:38:52.0015 3472 PCIDump - ok
12:38:52.0046 3472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:38:52.0046 3472 PCIIde - ok
12:38:52.0078 3472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:38:52.0078 3472 Pcmcia - ok
12:38:52.0078 3472 PDCOMP - ok
12:38:52.0093 3472 PDFRAME - ok
12:38:52.0109 3472 PDRELI - ok
12:38:52.0109 3472 PDRFRAME - ok
12:38:52.0125 3472 perc2 - ok
12:38:52.0140 3472 perc2hib - ok
12:38:52.0171 3472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:38:52.0171 3472 PptpMiniport - ok
12:38:52.0218 3472 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
12:38:52.0218 3472 PRISM_A02 - ok
12:38:52.0234 3472 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:38:52.0234 3472 Processor - ok
12:38:52.0250 3472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:38:52.0250 3472 PSched - ok
12:38:52.0265 3472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:38:52.0265 3472 Ptilink - ok
12:38:52.0281 3472 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:38:52.0281 3472 PxHelp20 - ok
12:38:52.0296 3472 ql1080 - ok
12:38:52.0296 3472 Ql10wnt - ok
12:38:52.0312 3472 ql12160 - ok
12:38:52.0328 3472 ql1240 - ok
12:38:52.0328 3472 ql1280 - ok
12:38:52.0343 3472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:38:52.0343 3472 RasAcd - ok
12:38:52.0375 3472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:38:52.0375 3472 Rasl2tp - ok
12:38:52.0390 3472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:38:52.0390 3472 RasPppoe - ok
12:38:52.0390 3472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:38:52.0390 3472 Raspti - ok
12:38:52.0421 3472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:38:52.0421 3472 Rdbss - ok
12:38:52.0421 3472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:38:52.0421 3472 RDPCDD - ok
12:38:52.0453 3472 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:38:52.0453 3472 rdpdr - ok
12:38:52.0500 3472 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:38:52.0500 3472 RDPWD - ok
12:38:52.0515 3472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:38:52.0515 3472 redbook - ok
12:38:52.0562 3472 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:38:52.0562 3472 RTLE8023xp - ok
12:38:52.0593 3472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:38:52.0593 3472 Secdrv - ok
12:38:52.0609 3472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:38:52.0609 3472 serenum - ok
12:38:52.0609 3472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:38:52.0609 3472 Serial - ok
12:38:52.0640 3472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:38:52.0640 3472 Sfloppy - ok
12:38:52.0640 3472 Simbad - ok
12:38:52.0671 3472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:38:52.0671 3472 SLIP - ok
12:38:52.0703 3472 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:38:52.0703 3472 SONYPVU1 - ok
12:38:52.0718 3472 Sparrow - ok
12:38:52.0734 3472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:38:52.0734 3472 splitter - ok
12:38:52.0781 3472 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:38:52.0781 3472 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:38:52.0781 3472 sptd ( LockedFile.Multi.Generic ) - warning
12:38:52.0781 3472 sptd - detected LockedFile.Multi.Generic (1)
12:38:52.0796 3472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:38:52.0796 3472 sr - ok
12:38:52.0828 3472 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:38:52.0828 3472 Srv - ok
12:38:52.0875 3472 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
12:38:52.0875 3472 StkAMini - ok
12:38:52.0890 3472 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
12:38:52.0890 3472 StkScan - ok
12:38:52.0906 3472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:38:52.0906 3472 streamip - ok
12:38:52.0953 3472 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
12:38:52.0953 3472 STV680 - ok
12:38:52.0968 3472 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
12:38:52.0968 3472 STV680m - ok
12:38:52.0984 3472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:38:52.0984 3472 swenum - ok
12:38:53.0000 3472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:38:53.0000 3472 swmidi - ok
12:38:53.0015 3472 symc810 - ok
12:38:53.0031 3472 symc8xx - ok
12:38:53.0046 3472 sym_hi - ok
12:38:53.0046 3472 sym_u3 - ok
12:38:53.0062 3472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:38:53.0078 3472 sysaudio - ok
12:38:53.0125 3472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:38:53.0125 3472 Tcpip - ok
12:38:53.0171 3472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:38:53.0171 3472 TDPIPE - ok
12:38:53.0187 3472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:38:53.0187 3472 TDTCP - ok
12:38:53.0203 3472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:38:53.0203 3472 TermDD - ok
12:38:53.0218 3472 TosIde - ok
12:38:53.0250 3472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:38:53.0250 3472 Udfs - ok
12:38:53.0265 3472 ultra - ok
12:38:53.0312 3472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:38:53.0312 3472 Update - ok
12:38:53.0359 3472 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:38:53.0359 3472 usbaudio - ok
12:38:53.0390 3472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:38:53.0390 3472 usbccgp - ok
12:38:53.0421 3472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:38:53.0421 3472 usbehci - ok
12:38:53.0453 3472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:38:53.0453 3472 usbhub - ok
12:38:53.0484 3472 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:38:53.0484 3472 usbohci - ok
12:38:53.0531 3472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:38:53.0531 3472 usbprint - ok
12:38:53.0546 3472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:38:53.0546 3472 usbscan - ok
12:38:53.0593 3472 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:38:53.0593 3472 usbser - ok
12:38:53.0625 3472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:38:53.0625 3472 USBSTOR - ok
12:38:53.0656 3472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:38:53.0656 3472 usbuhci - ok
12:38:53.0671 3472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:38:53.0671 3472 VgaSave - ok
12:38:53.0687 3472 ViaIde - ok
12:38:53.0703 3472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:38:53.0703 3472 VolSnap - ok
12:38:53.0718 3472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:38:53.0734 3472 Wanarp - ok
12:38:53.0734 3472 WDICA - ok
12:38:53.0750 3472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:38:53.0750 3472 wdmaud - ok
12:38:53.0812 3472 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:38:53.0812 3472 WS2IFSL - ok
12:38:53.0843 3472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:38:53.0843 3472 WSTCODEC - ok
12:38:53.0890 3472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:38:53.0890 3472 WudfPf - ok
12:38:53.0906 3472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:38:53.0906 3472 WudfRd - ok
12:38:53.0953 3472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:38:54.0062 3472 \Device\Harddisk0\DR0 - ok
12:38:54.0078 3472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:38:54.0078 3472 \Device\Harddisk1\DR1 - ok
12:38:54.0078 3472 Boot (0x1200) (024b73c33575d5213807fb31cb3bf5f1) \Device\Harddisk0\DR0\Partition0
12:38:54.0078 3472 \Device\Harddisk0\DR0\Partition0 - ok
12:38:54.0109 3472 Boot (0x1200) (4ca52aad5b818e8e9c0917641d264227) \Device\Harddisk0\DR0\Partition1
12:38:54.0109 3472 \Device\Harddisk0\DR0\Partition1 - ok
12:38:54.0109 3472 ============================================================
12:38:54.0109 3472 Scan finished
12:38:54.0109 3472 ============================================================
12:38:54.0109 0376 Detected object count: 2
12:38:54.0109 0376 Actual detected object count: 2
12:39:05.0218 0376 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\afd.sys) error 1813
12:39:05.0875 0376 Backup copy found, using it..
12:39:05.0906 0376 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
12:39:07.0812 0376 AFD ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
12:39:07.0812 0376 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:39:07.0812 0376 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:39:12.0156 1676 Deinitialize success

[Fieari]

12:46:04.0359 2508 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
12:46:04.0781 2508 ============================================================
12:46:04.0781 2508 Current date / time: 2011/12/12 12:46:04.0781
12:46:04.0781 2508 SystemInfo:
12:46:04.0781 2508
12:46:04.0781 2508 OS Version: 5.1.2600 ServicePack: 3.0
12:46:04.0781 2508 Product type: Workstation
12:46:04.0781 2508 ComputerName: RICHARD-VYJC6BH
12:46:04.0781 2508 UserName: Fieari Kei'lin
12:46:04.0781 2508 Windows directory: C:\WINDOWS
12:46:04.0781 2508 System windows directory: C:\WINDOWS
12:46:04.0781 2508 Processor architecture: Intel x86
12:46:04.0781 2508 Number of processors: 2
12:46:04.0781 2508 Page size: 0x1000
12:46:04.0781 2508 Boot type: Normal boot
12:46:04.0781 2508 ============================================================
12:46:05.0843 2508 Initialize success
12:46:07.0140 4864 ============================================================
12:46:07.0140 4864 Scan started
12:46:07.0140 4864 Mode: Manual;
12:46:07.0156 4864 ============================================================
12:46:08.0125 4864 Abiosdsk - ok
12:46:08.0140 4864 abp480n5 - ok
12:46:08.0156 4864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:46:08.0156 4864 ACPI - ok
12:46:08.0187 4864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:46:08.0187 4864 ACPIEC - ok
12:46:08.0187 4864 adpu160m - ok
12:46:08.0218 4864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:46:08.0218 4864 aec - ok
12:46:08.0250 4864 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
12:46:08.0250 4864 Afc - ok
12:46:08.0296 4864 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:46:08.0296 4864 AFD - ok
12:46:08.0312 4864 Aha154x - ok
12:46:08.0328 4864 aic78u2 - ok
12:46:08.0328 4864 aic78xx - ok
12:46:08.0343 4864 AliIde - ok
12:46:08.0375 4864 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
12:46:08.0375 4864 AmdK8 - ok
12:46:08.0406 4864 AmdLLD (e7314d43cd2be981d8bc4826b50eaf05) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
12:46:08.0406 4864 AmdLLD - ok
12:46:08.0406 4864 amsint - ok
12:46:08.0437 4864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:46:08.0437 4864 Arp1394 - ok
12:46:08.0437 4864 asc - ok
12:46:08.0453 4864 asc3350p - ok
12:46:08.0468 4864 asc3550 - ok
12:46:08.0515 4864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:46:08.0515 4864 AsyncMac - ok
12:46:08.0531 4864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:46:08.0531 4864 atapi - ok
12:46:08.0531 4864 Atdisk - ok
12:46:08.0734 4864 ati2mtag (6660b58e893499fb5cc7f92923d3f720) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:46:08.0859 4864 ati2mtag - ok
12:46:08.0906 4864 AtiHdmiService (f661f01e990b84c58519c1ff43c2108f) C:\WINDOWS\system32\drivers\AtiHdmi.sys
12:46:08.0906 4864 AtiHdmiService - ok
12:46:08.0953 4864 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
12:46:08.0953 4864 atksgt - ok
12:46:08.0984 4864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:46:08.0984 4864 Atmarpc - ok
12:46:09.0000 4864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:46:09.0000 4864 audstub - ok
12:46:09.0031 4864 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:46:09.0031 4864 AVGIDSDriver - ok
12:46:09.0078 4864 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:46:09.0078 4864 AVGIDSEH - ok
12:46:09.0078 4864 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:46:09.0093 4864 AVGIDSFilter - ok
12:46:09.0125 4864 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:46:09.0125 4864 AVGIDSShim - ok
12:46:09.0171 4864 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:46:09.0171 4864 Avgldx86 - ok
12:46:09.0203 4864 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:46:09.0203 4864 Avgmfx86 - ok
12:46:09.0234 4864 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:46:09.0234 4864 Avgrkx86 - ok
12:46:09.0265 4864 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:46:09.0265 4864 Avgtdix - ok
12:46:09.0296 4864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:46:09.0296 4864 Beep - ok
12:46:09.0312 4864 catchme - ok
12:46:09.0328 4864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:46:09.0328 4864 cbidf2k - ok
12:46:09.0359 4864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:46:09.0375 4864 CCDECODE - ok
12:46:09.0375 4864 cd20xrnt - ok
12:46:09.0406 4864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:46:09.0406 4864 Cdaudio - ok
12:46:09.0437 4864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:46:09.0437 4864 Cdfs - ok
12:46:09.0453 4864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:46:09.0453 4864 Cdrom - ok
12:46:09.0453 4864 Changer - ok
12:46:09.0484 4864 CmdIde - ok
12:46:09.0500 4864 Cpqarray - ok
12:46:09.0515 4864 dac2w2k - ok
12:46:09.0515 4864 dac960nt - ok
12:46:09.0562 4864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:46:09.0562 4864 Disk - ok
12:46:09.0640 4864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:46:09.0656 4864 dmboot - ok
12:46:09.0671 4864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
12:46:09.0671 4864 dmio - ok
12:46:09.0718 4864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:46:09.0718 4864 dmload - ok
12:46:09.0734 4864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:46:09.0734 4864 DMusic - ok
12:46:09.0750 4864 dpti2o - ok
12:46:09.0781 4864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:46:09.0781 4864 drmkaud - ok
12:46:09.0812 4864 EagleXNt - ok
12:46:09.0843 4864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:46:09.0843 4864 Fastfat - ok
12:46:09.0859 4864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:46:09.0859 4864 Fdc - ok
12:46:09.0890 4864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:46:09.0890 4864 Fips - ok
12:46:09.0921 4864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:46:09.0921 4864 Flpydisk - ok
12:46:09.0937 4864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:46:09.0953 4864 FltMgr - ok
12:46:09.0968 4864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:46:09.0968 4864 Fs_Rec - ok
12:46:09.0968 4864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:46:09.0968 4864 Ftdisk - ok
12:46:10.0000 4864 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
12:46:11.0421 4864 gdrv - ok
12:46:11.0515 4864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:46:11.0515 4864 Gpc - ok
12:46:11.0562 4864 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
12:46:11.0734 4864 GTNDIS5 - ok
12:46:11.0796 4864 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:46:11.0796 4864 HDAudBus - ok
12:46:11.0828 4864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:46:11.0828 4864 HidUsb - ok
12:46:11.0843 4864 hpn - ok
12:46:11.0859 4864 hpt3xx - ok
12:46:11.0906 4864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:46:11.0906 4864 HTTP - ok
12:46:11.0921 4864 i2omgmt - ok
12:46:11.0937 4864 i2omp - ok
12:46:11.0953 4864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:46:11.0953 4864 i8042prt - ok
12:46:11.0968 4864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:46:11.0968 4864 Imapi - ok
12:46:11.0984 4864 ini910u - ok
12:46:12.0125 4864 IntcAzAudAddService (2cb7c44a36b54d1712ea3e537ca827b1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:46:12.0218 4864 IntcAzAudAddService - ok
12:46:12.0234 4864 IntelIde - ok
12:46:12.0265 4864 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:46:12.0265 4864 intelppm - ok
12:46:12.0296 4864 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:46:12.0296 4864 ip6fw - ok
12:46:12.0328 4864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:46:12.0328 4864 IpFilterDriver - ok
12:46:12.0343 4864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:46:12.0343 4864 IpInIp - ok
12:46:12.0375 4864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:46:12.0375 4864 IpNat - ok
12:46:12.0375 4864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:46:12.0390 4864 IPSec - ok
12:46:12.0406 4864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:46:12.0406 4864 IRENUM - ok
12:46:12.0421 4864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:46:12.0421 4864 isapnp - ok
12:46:12.0453 4864 jnprna (441bdc7f6b4ef836dbee969501a45bf7) C:\WINDOWS\system32\DRIVERS\jnprna.sys
12:46:12.0468 4864 jnprna - ok
12:46:12.0484 4864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:46:12.0484 4864 Kbdclass - ok
12:46:12.0500 4864 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:46:12.0500 4864 kbdhid - ok
12:46:12.0515 4864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:46:12.0531 4864 kmixer - ok
12:46:12.0546 4864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:46:12.0546 4864 KSecDD - ok
12:46:12.0562 4864 lbrtfdc - ok
12:46:12.0625 4864 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
12:46:12.0625 4864 lirsgt - ok
12:46:12.0656 4864 MA_CMIDI (6d03a526eeded908759ca8c0e581494d) C:\WINDOWS\system32\drivers\ma_cmidi.sys
12:46:12.0656 4864 MA_CMIDI - ok
12:46:12.0718 4864 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
12:46:12.0718 4864 MDC8021X - ok
12:46:12.0734 4864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:46:12.0734 4864 mnmdd - ok
12:46:12.0765 4864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:46:12.0765 4864 Modem - ok
12:46:12.0781 4864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:46:12.0781 4864 Mouclass - ok
12:46:12.0828 4864 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:46:12.0828 4864 mouhid - ok
12:46:12.0828 4864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:46:12.0843 4864 MountMgr - ok
12:46:12.0843 4864 mraid35x - ok
12:46:12.0859 4864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:46:12.0859 4864 MRxDAV - ok
12:46:12.0906 4864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:46:12.0921 4864 MRxSmb - ok
12:46:12.0937 4864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:46:12.0937 4864 Msfs - ok
12:46:12.0968 4864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:46:12.0968 4864 MSKSSRV - ok
12:46:13.0000 4864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:46:13.0000 4864 MSPCLOCK - ok
12:46:13.0031 4864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:46:13.0031 4864 MSPQM - ok
12:46:13.0046 4864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:46:13.0046 4864 mssmbios - ok
12:46:13.0078 4864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:46:13.0078 4864 MSTEE - ok
12:46:13.0109 4864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:46:13.0109 4864 Mup - ok
12:46:13.0140 4864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:46:13.0140 4864 NABTSFEC - ok
12:46:13.0171 4864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:46:13.0171 4864 NDIS - ok
12:46:13.0187 4864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:46:13.0187 4864 NdisIP - ok
12:46:13.0218 4864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:46:13.0218 4864 NdisTapi - ok
12:46:13.0234 4864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:46:13.0234 4864 Ndisuio - ok
12:46:13.0265 4864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:46:13.0265 4864 NdisWan - ok
12:46:13.0296 4864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:46:13.0296 4864 NDProxy - ok
12:46:13.0296 4864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:46:13.0296 4864 NetBIOS - ok
12:46:13.0328 4864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:46:13.0328 4864 NetBT - ok
12:46:13.0359 4864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:46:13.0375 4864 NIC1394 - ok
12:46:13.0375 4864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:46:13.0375 4864 Npfs - ok
12:46:13.0406 4864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:46:13.0437 4864 Ntfs - ok
12:46:13.0453 4864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:46:13.0453 4864 Null - ok
12:46:13.0625 4864 nv (83780f3a86d2804912f22f6e37cd2254) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:46:13.0765 4864 nv - ok
12:46:13.0781 4864 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
12:46:13.0781 4864 nvata - ok
12:46:13.0812 4864 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:46:13.0812 4864 NVENETFD - ok
12:46:13.0828 4864 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:46:13.0828 4864 nvnetbus - ok
12:46:13.0875 4864 NVTCP (57d0fb1b75420db651a71d5517afdf8a) C:\WINDOWS\system32\DRIVERS\NVTcp.sys
12:46:13.0875 4864 NVTCP - ok
12:46:13.0906 4864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:46:13.0906 4864 NwlnkFlt - ok
12:46:13.0937 4864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:46:13.0937 4864 NwlnkFwd - ok
12:46:13.0953 4864 odFips (28a25e6ccb36c7f14dedcf05c5e4de5f) C:\WINDOWS\system32\drivers\odFips.sys
12:46:13.0968 4864 odFips - ok
12:46:13.0968 4864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:46:13.0968 4864 ohci1394 - ok
12:46:14.0015 4864 PAC207 (3fd27cd542aab721c8acb1208abe62fd) C:\WINDOWS\system32\DRIVERS\PFC027.SYS
12:46:14.0031 4864 PAC207 - ok
12:46:14.0046 4864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:46:14.0046 4864 Parport - ok
12:46:14.0062 4864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:46:14.0062 4864 PartMgr - ok
12:46:14.0062 4864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:46:14.0062 4864 ParVdm - ok
12:46:14.0156 4864 pbfilter (61a5701e3f543861b21bbe0932c4cc03) C:\Program Files\PeerBlock\pbfilter.sys
12:46:14.0156 4864 pbfilter - ok
12:46:14.0171 4864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:46:14.0171 4864 PCI - ok
12:46:14.0187 4864 PCIDump - ok
12:46:14.0218 4864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:46:14.0218 4864 PCIIde - ok
12:46:14.0250 4864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:46:14.0250 4864 Pcmcia - ok
12:46:14.0250 4864 PDCOMP - ok
12:46:14.0265 4864 PDFRAME - ok
12:46:14.0281 4864 PDRELI - ok
12:46:14.0281 4864 PDRFRAME - ok
12:46:14.0296 4864 perc2 - ok
12:46:14.0312 4864 perc2hib - ok
12:46:14.0343 4864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:46:14.0343 4864 PptpMiniport - ok
12:46:14.0390 4864 PRISM_A02 (9d8f196d9fbb74f8e3ec5cdfd77c90e6) C:\WINDOWS\system32\DRIVERS\WUSBGXP.sys
12:46:14.0406 4864 PRISM_A02 - ok
12:46:14.0406 4864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:46:14.0406 4864 Processor - ok
12:46:14.0421 4864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:46:14.0421 4864 PSched - ok
12:46:14.0453 4864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:46:14.0453 4864 Ptilink - ok
12:46:14.0468 4864 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:46:14.0468 4864 PxHelp20 - ok
12:46:14.0484 4864 ql1080 - ok
12:46:14.0484 4864 Ql10wnt - ok
12:46:14.0500 4864 ql12160 - ok
12:46:14.0515 4864 ql1240 - ok
12:46:14.0515 4864 ql1280 - ok
12:46:14.0546 4864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:46:14.0562 4864 RasAcd - ok
12:46:14.0593 4864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:46:14.0593 4864 Rasl2tp - ok
12:46:14.0609 4864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:46:14.0609 4864 RasPppoe - ok
12:46:14.0640 4864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:46:14.0640 4864 Raspti - ok
12:46:14.0671 4864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:46:14.0671 4864 Rdbss - ok
12:46:14.0687 4864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:46:14.0687 4864 RDPCDD - ok
12:46:14.0703 4864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:46:14.0703 4864 rdpdr - ok
12:46:14.0750 4864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:46:14.0750 4864 RDPWD - ok
12:46:14.0750 4864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:46:14.0765 4864 redbook - ok
12:46:14.0828 4864 RTLE8023xp (6d6d5c7049c502289bcd96684e363b35) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:46:14.0828 4864 RTLE8023xp - ok
12:46:14.0859 4864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:46:14.0859 4864 Secdrv - ok
12:46:14.0875 4864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:46:14.0875 4864 serenum - ok
12:46:14.0890 4864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:46:14.0890 4864 Serial - ok
12:46:14.0906 4864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:46:14.0906 4864 Sfloppy - ok
12:46:14.0921 4864 Simbad - ok
12:46:14.0953 4864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:46:14.0953 4864 SLIP - ok
12:46:14.0984 4864 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
12:46:14.0984 4864 SONYPVU1 - ok
12:46:15.0000 4864 Sparrow - ok
12:46:15.0015 4864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:46:15.0015 4864 splitter - ok
12:46:15.0062 4864 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
12:46:15.0062 4864 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
12:46:15.0062 4864 sptd ( LockedFile.Multi.Generic ) - warning
12:46:15.0062 4864 sptd - detected LockedFile.Multi.Generic (1)
12:46:15.0078 4864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:46:15.0078 4864 sr - ok
12:46:15.0109 4864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:46:15.0109 4864 Srv - ok
12:46:15.0156 4864 StkAMini (36ed459e9130e6d07fa66faca1e491d0) C:\WINDOWS\system32\Drivers\StkAMini.sys
12:46:15.0156 4864 StkAMini - ok
12:46:15.0187 4864 StkScan (df29245097f6de1ca9861c75df7fbe42) C:\WINDOWS\system32\Drivers\StkScan.sys
12:46:15.0187 4864 StkScan - ok
12:46:15.0187 4864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:46:15.0187 4864 streamip - ok
12:46:15.0234 4864 STV680 (1c38bfdf92332b488244bf8e2a3f6779) C:\WINDOWS\system32\drivers\STV680.sys
12:46:15.0234 4864 STV680 - ok
12:46:15.0265 4864 STV680m (84bc7e28d97be426b301879233f71de6) C:\WINDOWS\system32\drivers\STV680m.sys
12:46:15.0265 4864 STV680m - ok
12:46:15.0265 4864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:46:15.0265 4864 swenum - ok
12:46:15.0296 4864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:46:15.0296 4864 swmidi - ok
12:46:15.0312 4864 symc810 - ok
12:46:15.0328 4864 symc8xx - ok
12:46:15.0343 4864 sym_hi - ok
12:46:15.0343 4864 sym_u3 - ok
12:46:15.0359 4864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:46:15.0359 4864 sysaudio - ok
12:46:15.0421 4864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:46:15.0421 4864 Tcpip - ok
12:46:15.0468 4864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:46:15.0468 4864 TDPIPE - ok
12:46:15.0484 4864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:46:15.0484 4864 TDTCP - ok
12:46:15.0500 4864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:46:15.0500 4864 TermDD - ok
12:46:15.0515 4864 TosIde - ok
12:46:15.0562 4864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:46:15.0562 4864 Udfs - ok
12:46:15.0578 4864 ultra - ok
12:46:15.0625 4864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:46:15.0640 4864 Update - ok
12:46:15.0687 4864 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:46:15.0687 4864 usbaudio - ok
12:46:15.0718 4864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:46:15.0718 4864 usbccgp - ok
12:46:15.0750 4864 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:46:15.0750 4864 usbehci - ok
12:46:15.0781 4864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:46:15.0781 4864 usbhub - ok
12:46:15.0812 4864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:46:15.0812 4864 usbohci - ok
12:46:15.0859 4864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:46:15.0859 4864 usbprint - ok
12:46:15.0890 4864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:15.0890 4864 usbscan - ok
12:46:15.0921 4864 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys
12:46:15.0921 4864 usbser - ok
12:46:15.0953 4864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:46:15.0968 4864 USBSTOR - ok
12:46:15.0984 4864 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:46:15.0984 4864 usbuhci - ok
12:46:16.0000 4864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:46:16.0000 4864 VgaSave - ok
12:46:16.0015 4864 ViaIde - ok
12:46:16.0046 4864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:46:16.0046 4864 VolSnap - ok
12:46:16.0062 4864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:46:16.0062 4864 Wanarp - ok
12:46:16.0078 4864 WDICA - ok
12:46:16.0093 4864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:46:16.0093 4864 wdmaud - ok
12:46:16.0171 4864 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:46:16.0171 4864 WS2IFSL - ok
12:46:16.0203 4864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:46:16.0203 4864 WSTCODEC - ok
12:46:16.0234 4864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:46:16.0234 4864 WudfPf - ok
12:46:16.0265 4864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:46:16.0265 4864 WudfRd - ok
12:46:16.0312 4864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:46:16.0437 4864 \Device\Harddisk0\DR0 - ok
12:46:16.0437 4864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
12:46:16.0437 4864 \Device\Harddisk1\DR1 - ok
12:46:16.0437 4864 Boot (0x1200) (024b73c33575d5213807fb31cb3bf5f1) \Device\Harddisk0\DR0\Partition0
12:46:16.0453 4864 \Device\Harddisk0\DR0\Partition0 - ok
12:46:16.0468 4864 Boot (0x1200) (4ca52aad5b818e8e9c0917641d264227) \Device\Harddisk0\DR0\Partition1
12:46:16.0468 4864 \Device\Harddisk0\DR0\Partition1 - ok
12:46:16.0468 4864 ============================================================
12:46:16.0468 4864 Scan finished
12:46:16.0468 4864 ============================================================
12:46:16.0484 4856 Detected object count: 1
12:46:16.0484 4856 Actual detected object count: 1
12:46:20.0750 4856 sptd ( LockedFile.Multi.Generic ) - skipped by user
12:46:20.0750 4856 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
12:46:25.0546 4356 Deinitialize success

[Blade81]

Good. Let's continue


Open notepad and copy/paste the text in the quotebox below into it:

Code:

DDS::
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
Folder::
c:\windows\$NtUninstallKB45063$
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9421:TCP"=-
"9421:UDP"=-
"21253:TCP"=-
"21253:UDP"=-

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.

* Go here to run an online scanner from ESET.

• Note: You will need to use Internet explorer for this scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
• Click Scan
• Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

[Fieari]

I'm 11% of the way into the ESET scan, so it looks like that'll take a while. In the meantime, here's my ComboFix log. (I've also uninstalled/reinstalled Flash and Reader as requested)


ComboFix 11-12-12.02 - Fieari Kei'lin 12/12/2011 13:13:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.1333 [GMT -5:00]
Running from: c:\documents and settings\Fieari Kei'lin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Fieari Kei'lin\Desktop\CFScript.txt
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB45063$
.
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 17:27 . 2011-12-07 18:22 1577776 ----a-w- C:\TDSSKiller.exe
2011-12-09 15:34 . 2011-12-09 15:34 -------- d-----w- c:\program files\Common Files\Java
2011-12-09 15:33 . 2011-12-09 15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-09 00:36 . 2011-12-09 00:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-12-07 15:28 . 2011-12-07 15:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-06 22:14 . 2002-02-11 18:13 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14 . 2002-02-11 18:13 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14 . 2002-02-11 18:13 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14 . 2002-02-11 18:13 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-12-06 22:14 . 2002-02-11 18:13 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14 . 2002-02-11 18:13 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14 . 2002-01-15 21:17 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14 . 2002-01-15 15:06 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14 . 2001-01-26 22:37 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14 . 2000-08-03 20:09 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-11-25 19:56 . 2011-11-25 19:57 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\EVE-Central MarketUploader
2011-11-14 13:58 . 2011-11-14 14:00 -------- d-----w- c:\documents and settings\Fieari Kei'lin\Application Data\GTS
2011-11-14 13:56 . 2011-11-14 13:56 -------- d-----w- c:\program files\Garpa Topographical Survey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-12 17:40 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-12 17:23 . 2011-12-12 17:23 1557928 ----a-w- C:\tdsskiller.zip
2011-12-09 15:33 . 2011-06-20 20:00 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-16 16:52 . 2011-05-29 02:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2007-08-03 07:51 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2010-03-18 14:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-09 15:17 . 2011-05-03 12:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-12_16.34.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-12 18:07 . 2011-12-12 18:07 16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2011-12-12 18:06 . 2011-12-12 18:06 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 14:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="c:\program files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 885248]
"Steam"="c:\program files\steam\steam.exe" [2011-08-07 1242448]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-11-22 12889088]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Akamai NetSession Interface"="c:\documents and settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-17 3303000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 18077696]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\drivers\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-09 98304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-20 286720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\documents and settings\Fieari Kei'lin\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - e:\util\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 3.3.lnk - e:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-6-24 113664]
Microsoft Office.lnk - e:\util\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
2007-09-17 19:27 122949 ----a-w- c:\windows\system32\odyEvent.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi8"=ma_cmidn.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2006-11-17 21:49 77824 ----a-w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2011-03-09 04:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2006-11-03 16:01 319488 ----a-w- c:\windows\PixArt\PAC207\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-07 18:33 13574144 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 18:33 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-10-07 18:33 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OdTray.exe]
2007-06-20 21:32 1028160 ----a-w- c:\program files\Juniper Networks\Odyssey Access Client\OdTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-20 01:16 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-12-23 03:34 18077696 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-20 10:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun]
2008-04-14 00:12 67584 ----a-w- c:\windows\system32\srclient.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
2004-04-19 13:19 24576 ----a-w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Games\\League of Legends\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Games\\AI War\\AIWar.exe"=
"c:\\Games\\AI War\\AIWarUpdater.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\boostertrooper\\BTroopers.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\Majesty2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\majesty 2\\M2Editor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\shatter\\ShatterSettingsEditor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Documents and Settings\\Fieari Kei'lin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"e:\\Games\\CCP\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"56552:TCP"= 56552:TCP:Pando Media Booster
"56552:UDP"= 56552:UDP:Pando Media Booster
"8370:TCP"= 8370:TCP:League of Legends Launcher
"8370:UDP"= 8370:UDP:League of Legends Launcher
"57233:TCP"= 57233:TCP:Pando Media Booster
"57233:UDP"= 57233:UDP:Pando Media Booster
"1059:TCP"= 1059:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [1/23/2006 4:19 PM 254208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/17/2007 2:20 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336]
R2 FAH@C:+folding+FAH504-Console.exe;FA...04-Console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [6/14/2007 5:12 PM 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/28/2007 5:20 PM 24652]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [6/14/2007 2:25 PM 398720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [6/20/2007 6:06 PM 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/3/2011 6:50 PM 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [6/12/2007 11:39 AM 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pbfilter
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-RICHARD-VYJC6BH-Fieari Kei'lin.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-07-07 21:42]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
2011-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-03 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - e:\util\MICROS~1\Office10\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Fieari Kei'lin\Application Data\Mozilla\Firefox\Profiles\79axusb3.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-80408115.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-12 13:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+folding+FAH504-Console.exe]
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_d768ebc.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1644491937-1979792683-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,fb,72,46,f5,02,0a,6e,2a,6c,c5,ba,a1,2c,e9,74,95,10,65,eb,91,dc,07,
4e,65,a2,70,89,e4,4c,90,b6,dc,26,f4,55,96,4b,12,81,1c,d6,eb,ac,cb,57,b2,ea,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1884)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\system32\odyEvent.dll
c:\program files\Juniper Networks\Odyssey Access Client\odLogin.dll
.
- - - - - - - > 'lsass.exe'(2024)
c:\windows\system32\nvappfilter.dll
.
- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
e:\util\TortoiseSVN\bin\TortoiseStub32.dll
e:\util\TortoiseSVN\bin\TortoiseSVN32.dll
e:\util\TortoiseSVN\bin\libsvn_tsvn32.dll
e:\util\TortoiseSVN\bin\intl3_tsvn32.dll
e:\util\TortoiseSVN\bin\libsasl32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-12 13:29:25
ComboFix-quarantined-files.txt 2011-12-12 18:29
ComboFix2.txt 2011-12-12 16:43
.
Pre-Run: 16,100,589,568 bytes free
Post-Run: 16,076,124,160 bytes free
.
- - End Of File - - 34FF28789AB90C7A5A6FC180F4739E7F

[Fieari]

ESET log:

C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP289\A0074317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP289\A0075317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076317.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076334.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076345.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP290\A0076358.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0077427.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0077513.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0078513.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0078596.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0079596.sys a variant of Win32/Rootkit.Kryptik.FW trojan
C:\System Volume Information\_restore{00A14033-441B-46D3-976A-D9D4F1B22457}\RP299\A0080596.sys a variant of Win32/Rootkit.Kryptik.FW trojan

[Fieari]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Fieari Kei'lin at 16:42:40 on 2011-12-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2044.823 [GMT -5:00]
.
FW: ActiveArmor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\folding\FAH504-Console.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\BurnAware Free\nmsaccessu.exe
C:\folding\FahCore_78.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
E:\util\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\program files\steam\steam.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Drivers\ATI\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Fieari Kei'lin\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [ResChanger 2005] c:\program files\reschanger 2005\ResChanger2005.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Akamai NetSession Interface] c:\documents and settings\fieari kei'lin\local settings\application data\akamai\netsession_win.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [StartCCC] "c:\drivers\ati\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\erunta~1.lnk - e:\util\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\fieari~1\startm~1\programs\startup\openof~1.lnk - e:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\util\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\util\micros~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E71C445-0AF3-4E11-852A-EA3E88AEF44B} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8E1C49CD-F495-41A3-B052-54A9281E338D} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: OdysseyClient - odyEvent.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fieari kei'lin\application data\mozilla\firefox\profiles\79axusb3.default\
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\fieari kei'lin\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 odFips;odFips;c:\windows\system32\drivers\odFIPS.sys [2006-1-23 254208]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336]
R2 FAH@C:+folding+FAH504-Console.exe;FA...04-console.exe -svcstart --> c:\folding\FAH504-Console.exe -svcstart [?]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\common files\juniper networks\juns\dsAccessService.exe [2007-6-14 87664]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-28 24652]
R3 jnprna;Juniper Network Agent Miniport;c:\windows\system32\drivers\jnprna.sys [2007-6-14 398720]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2009-11-11 19056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 EacService;Juniper TNC Endpoint Assessment;c:\program files\common files\juniper networks\tnc client\jTnccService.exe [2007-6-20 81992]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-3 136176]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-6-12 508416]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=Notepad++_file
.
=============== Created Last 30 ================
.
2011-12-12 19:05:35 -------- d-----w- c:\program files\ESET
2011-12-12 18:38:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-12 17:27:53 1577776 ----a-w- C:\TDSSKiller.exe
2011-12-12 15:51:08 -------- d-sha-r- C:\cmdcons
2011-12-12 15:49:15 98816 ----a-w- c:\windows\sed.exe
2011-12-12 15:49:15 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 15:49:15 256000 ----a-w- c:\windows\PEV.exe
2011-12-12 15:49:15 208896 ----a-w- c:\windows\MBR.exe
2011-12-09 15:33:48 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-06 22:14:16 9024 ----a-w- c:\windows\system32\drivers\stv680m.sys
2011-12-06 22:14:16 86016 ----a-w- c:\windows\system32\stvcoldx.ax
2011-12-06 22:14:16 69632 ----a-w- c:\windows\system32\stv680sl.dll
2011-12-06 22:14:16 618496 ----a-w- c:\windows\system32\stvcol.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\stvscale.dll
2011-12-06 22:14:16 49152 ----a-w- c:\windows\system32\STV680tg.dll
2011-12-06 22:14:16 331776 ----a-w- c:\windows\system32\g2video1.ocx
2011-12-06 22:14:16 30286 ----a-w- c:\windows\system32\stv680wi.dll
2011-12-06 22:14:16 245760 ----a-w- c:\windows\system32\STV680u.dll
2011-12-06 22:14:16 119536 ----a-w- c:\windows\system32\drivers\stv680.sys
2011-11-25 19:56:47 -------- d-----w- c:\documents and settings\fieari kei'lin\local settings\application data\EVE-Central MarketUploader
2011-11-14 13:58:03 -------- d-----w- c:\documents and settings\fieari kei'lin\application data\GTS
2011-11-14 13:56:39 -------- d-----w- c:\program files\Garpa Topographical Survey
.
==================== Find3M ====================
.
2011-12-12 17:40:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-12-09 15:33:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 16:44:21.29 ===============

[Blade81]

Good. Those ESET findings will be removed when system restore is reseted. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade


AVG can be reinstalled now.

[Fieari]

No problems noticed, even the print spooler is online again, and furthermore thanks for the PSI! I'd not known its existence, and it looks like it'll be a great help in keeping my system safe.

AVG reinstalled, programs updating, I think it's likely I'm good to go. Thank you so very much!

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.