Jump to content

Zeroaccess Check-up, Attn: Aaflac


adam7979
 Share

Recommended Posts

thanks aaflac, here is dds.txt:

 

 

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_21

Run by Administrator at 11:29:10 on 2011-08-19

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2941.1686 [GMT 8:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\EMS\ScheduleService.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\system32\IoctlSvc.exe

C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\notepad.exe

C:\Windows\explorer.exe

C:\Varian\Cary WinUV\SystemInformation.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\msiexec.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe

C:\Program Files\Java\jre6\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://intra.ks.com/

uInternet Settings,ProxyServer = intra.ks.com:8080

uInternet Settings,ProxyOverride = 192.168*;*intra.ks.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

mRun: [bizCover] c:\bizcover\StartBizCover.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [LanTalk] "c:\program files\cezeo software\lantalk xp\LanTalk.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [unlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\192168~1.lnk - c:\edp1\console telnet\TELNET.EXE

StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\192168~2.lnk - c:\edp1\console telnet\TELNET.EXE

StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\intra.lnk -

StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\sco_sv.lnk -

StartupFolder: c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\startup\todo.txt

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\system~1.lnk - c:\varian\cary winuv\SystemInformation.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

Trusted Zone: rwgenting.com\book

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Plants%20vs.%20Zombies/Images/armhelper.ocx

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{2A02F3D4-348E-49C7-A4F4-F36A9A045178} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{B3E54167-1847-4D03-A996-8FF8477CC04D} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C98BAFA9-BEA7-46CD-9D88-24D180A8BF60} : NameServer = 192.168.0.1,8.8.8.8

TCP: Interfaces\{E63C4294-CC7A-4945-857C-F015BDF53CD1} : DhcpNameServer = 192.168.0.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\95dmuv5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.my

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\95dmuv5q.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-18 64512]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-20 214024]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]

R2 EMSService;Schedule Service;c:\program files\ems\ScheduleService.exe [2010-12-30 584704]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-5-14 93312]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-18 366640]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]

R2 VarianSimpleGpib;VarianSimpleGpib;c:\windows\system32\drivers\VarianSimpleGpib.sys [2011-1-19 7264]

R3 connctfyMP;connctfyMP;c:\windows\system32\drivers\connctfy.sys [2010-8-11 29248]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-18 22712]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-21 189440]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FCary;FCary;c:\windows\system32\drivers\FCary.sys [2011-1-19 27776]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-16 136176]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-7-21 2151640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 connctfy;Connectify Service;c:\windows\system32\drivers\connctfy.sys [2010-8-11 29248]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-16 136176]

S3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2011-7-21 31232]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-18 41272]

S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-20 79816]

S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-20 35272]

S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-20 34248]

S3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2010-8-20 30208]

S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2010-1-7 375808]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-6 1343400]

.

=============== Created Last 30 ================

.

2011-08-19 03:21:32 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-19 03:21:30 -------- d-----w- c:\users\administrator\appdata\local\temp

2011-08-19 03:02:23 98816 ----a-w- c:\windows\sed.exe

2011-08-19 03:02:23 518144 ----a-w- c:\windows\SWREG.exe

2011-08-19 03:02:23 256000 ----a-w- c:\windows\PEV.exe

2011-08-19 03:02:23 208896 ----a-w- c:\windows\MBR.exe

2011-08-19 03:02:18 -------- d-----w- C:\ComboFix

2011-08-19 02:09:38 43408 --sha-w- c:\windows\system32\c_97891.nl_

2011-08-19 01:59:02 -------- d-----w- c:\windows\adsspy

2011-08-18 07:28:18 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-18 06:58:41 -------- d-----w- c:\users\administrator\appdata\local\Sunbelt Software

2011-08-18 06:51:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-18 06:51:10 -------- d-----w- c:\program files\Lavasoft

2011-08-18 04:09:45 388608 ----a-w- C:\HijackThis.exe

2011-08-18 04:03:39 -------- d-----w- c:\users\administrator\appdata\roaming\Malwarebytes

2011-08-18 04:03:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 04:03:35 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 04:03:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-18 04:03:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 04:03:16 -------- d--h--w- c:\windows\PIF

2011-08-18 03:29:48 388096 ----a-r- c:\users\administrator\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-18 03:29:48 -------- d-----w- c:\program files\Trend Micro

2011-08-18 02:04:36 -------- d-----w- c:\programdata\CrypKey

2011-08-18 01:40:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll

2011-08-18 01:40:46 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll

2011-08-18 01:40:45 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery

2011-08-18 01:26:18 -------- d-----w- C:\stellar

2011-08-18 01:10:53 -------- d-----w- C:\Log

2011-08-18 01:10:26 27648 ----a-r- c:\windows\Setup_ck.exe

2011-08-18 01:10:26 19584 ----a-w- c:\windows\system32\Ckldrv.sys

2011-08-18 01:10:26 18432 ----a-w- c:\windows\Setup_ck.dll

2011-08-18 01:10:26 165888 ----a-w- c:\windows\Ckconfig.exe

2011-08-18 01:10:26 122880 ----a-w- c:\windows\system32\Crypserv.exe

2011-08-18 01:10:26 11776 ----a-w- c:\windows\Ckrfresh.exe

2011-08-18 01:10:24 -------- d-----w- c:\program files\Stellar Phoenix CD DVD Data Recovery

2011-08-18 00:34:12 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e0cb3946-67f0-4fa3-a8da-9a7196ea7fcd}\mpengine.dll

2011-08-16 01:48:54 -------- d-----w- C:\show

2011-08-10 07:00:50 -------- d-----w- C:\address book tl

2011-08-10 07:00:26 -------- d-----w- C:\nooraliza.KSMDOMAIN

2011-08-10 04:49:15 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-10 04:49:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-10 04:49:13 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll

2011-08-10 04:38:42 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 04:37:38 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 04:37:36 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 04:12:51 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 04:12:51 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 04:12:51 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 04:12:50 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll

2011-08-10 04:12:50 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 04:12:50 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-05 04:16:12 -------- d-----w- C:\b1

2011-08-03 04:26:06 -------- d-----w- C:\New Folder (2)

2011-08-03 00:20:49 -------- d-----w- C:\file

2011-07-28 06:01:51 -------- d-----w- C:\cccc

2011-07-23 02:28:52 -------- d-----w- c:\program files\Multimedia Fingerprint System

2011-07-23 02:23:43 -------- d-----w- C:\Multimedia Fingerprint System

2011-07-21 07:53:52 -------- d-----w- C:\dell xps

2011-07-21 06:41:21 31232 ----a-w- c:\windows\system32\drivers\ipfnd51.sys

2011-07-21 06:41:21 -------- d-----w- C:\tplink

2011-07-21 06:35:17 0 ---ha-w- c:\users\administrator\appdata\local\BIT2FF5.tmp

2011-07-21 01:13:21 -------- d-----w- C:\ac's cctv

.

==================== Find3M ====================

.

2011-08-19 02:07:58 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-18 00:15:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-12 07:08:02 59392 ----a-w- c:\windows\nc.exe

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-21 05:34:23 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 11:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

.

============= FINISH: 11:29:31.49 ===============

Edited by adam7979
Link to comment
Share on other sites

and attach.txt:

 

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 06-Sep-10 9:11:07 AM

System Uptime: 19-Aug-11 11:09:26 AM (0 hours ago)

.

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | 3664h

Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz | CPU 1 | 2803/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 289 GiB total, 11.996 GiB free.

D: is FIXED (NTFS) - 7 GiB total, 0.004 GiB free.

E: is CDROM (CDFS)

H: is NetworkDisk (NTFS) - 47 GiB total, 38.072 GiB free.

Y: is NetworkDisk (NTFS) - 458 GiB total, 337.96 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

2007 Microsoft Office system

ActiveCheck component for HP Active Support Library

Ad-Aware

Adobe Acrobat 8 Professional - English, Français, Deutsch

Adobe Acrobat 8.1.0 Professional

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Photoshop Lightroom 3.2

Adobe Reader 9.4.5

Advanced Outlook Express DBX Recovery

Advanced Outlook Express Repair v1.2

Advanced PDF Password Recovery

Advanced PDF Password Recovery Pro

Any Video Converter 3.0.7

Apple Application Support

Apple Software Update

AutoIt v3.3.6.1

AVS Update Manager 1.0

AVS Video Converter 7

AVS4YOU Software Navigator 1.4

BizCover

BufferChm

Cary

Cary WinUV Help & Videos

Crystal Reports for .NET Framework 2.0 (x86)

CutePDF Writer 2.8

Dell Driver Download Manager

Destinations

DocProc

DVD Audio Extractor 5.3.0

DVD Decrypter (Remove Only)

EasyMPEG Lite

EMS (remove only)

ESET NOD32 Antivirus

Excel Password Recovery v2.0 (remove only)

FastStone Image Viewer 4.5

FileZilla Client 3.3.4.1

foobar2000 v1.1.1

Free Download Manager 3.0

Free DVD MP3 Ripper 1.12

Freeware PDF Unlocker

FUSION WOL v1.0

Garmin MapSource

GoldWave v5.52

Google Earth Plug-in

Google Update Helper

GPBaseService2

HeidiSQL 6.0

HiJackThis

HP Advisor

HP Customer Experience Enhancements

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Scanjet G2410 and 2400

HP Setup

HP Solution Center 13.0

HP Support Assistant

HP Update

HPAsset component for HP Active Support Library

hpg2410

HPPhotosmartEssential

HPProductAssistant

Intel® Graphics Media Accelerator Driver

InterVideo WinDVD 8

Java Auto Updater

Java 6 Update 21

Java 6 Update 6

Korean Fonts Support For Adobe Reader 9

LanTalk XP

Malwarebytes' Anti-Malware version 1.51.1.1800

MFM-Garmin 110418

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 5.0 (x86 en-US)

Mozilla Thunderbird (6.0)

MSVCRT

MSXML 4.0 SP2 (KB973688)

Multimedia Fingerprint System Uninstall

Nero 7 Ultra Edition

neroxml

nLite 1.4.9.1

OCR Software by I.R.I.S. 13.0

OGA Notifier 2.0.0048.0

Photo Slideshow Creator 2.35

QuickTime

Realtek High Definition Audio Driver

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sentinel System Driver

SolutionCenter

StealthBot 2.7

Stellar Phoenix CD DVD Data Recovery

Stellar Phoenix Windows Data Recovery V4.1

TightVNC 2.0beta1

TMPGEnc Plus 2.5

Unlocker 1.9.1

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2509470)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2586924)

VNC Free Edition 4.1.3

WebReg

Windows Automated Installation Kit

Windows Live Essentials

Windows Mobile Device Center

WinRAR archiver

WinX Free MP4 to MPEG Converter 4.1.11

.

==== Event Viewer Messages From Past Week ========

.

19-Aug-11 8:08:53 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv mfehidk mfetdik NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf

19-Aug-11 8:08:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

19-Aug-11 8:08:52 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

19-Aug-11 8:08:52 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

19-Aug-11 8:08:52 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

19-Aug-11 8:08:52 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

19-Aug-11 8:08:52 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

19-Aug-11 8:08:51 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

19-Aug-11 8:08:51 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

19-Aug-11 8:08:51 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

19-Aug-11 8:08:51 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

19-Aug-11 8:08:51 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

19-Aug-11 8:08:27 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

19-Aug-11 11:28:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.

19-Aug-11 11:28:28 AM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

19-Aug-11 11:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service SeaPort with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

19-Aug-11 11:19:35 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

19-Aug-11 11:12:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.

19-Aug-11 11:12:35 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

19-Aug-11 11:09:59 AM, Error: Service Control Manager [7000] - The FCary service failed to start due to the following error: The device is not connected.

19-Aug-11 11:09:59 AM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The system cannot find the file specified.

19-Aug-11 11:09:58 AM, Error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: Access is denied.

19-Aug-11 10:35:54 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

19-Aug-11 10:15:32 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: Access is denied.

19-Aug-11 10:13:14 AM, Error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: Access is denied.

18-Aug-11 5:04:16 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18-Aug-11 5:04:08 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18-Aug-11 5:04:04 PM, Error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 5:04:04 PM, Error: Service Control Manager [7034] - The IviRegMgr service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 5:03:38 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18-Aug-11 5:03:27 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18-Aug-11 5:03:25 PM, Error: Service Control Manager [7034] - The Schedule Service service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 5:03:22 PM, Error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 4:07:00 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 2 time(s).

18-Aug-11 3:53:13 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 3:26:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Lavasoft Ad-Aware Service service.

18-Aug-11 11:49:39 AM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

18-Aug-11 11:44:08 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 11:39:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache ehdrv mfehidk mfetdik NetBIOS NetBT NetworkX nsiproxy Psched rdbss spldr sptd tdx vwififlt Wanarpv6 WfpLwf

18-Aug-11 11:34:18 AM, Error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).

18-Aug-11 10:02:40 AM, Error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

16-Aug-11 4:26:13 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver EPSON DFX-9000 ESC/P required for printer !!account_01!EPSON DFX-9000 ESC/P (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:10 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver HP LaserJet 1200 Series PCL required for printer HP LaserJet 1200 Series PCL is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:08 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Epson LQ-300 ESC/P 2 required for printer Epson LQ-300 ESC/P 2 is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:07 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Canon S100SP required for printer Canon S100SP is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:03 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Panasonic KX-P3624 required for printer Auto Panasonic KX-P3624 on POM13 is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:03 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver hp LaserJet 1010 required for printer hp LaserJet 1010 Series Driver is unknown. Contact the administrator to install the driver before you log in again.

16-Aug-11 4:26:01 PM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

15-Aug-11 9:05:11 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Canon iP1600 required for printer Canon iP1600 is unknown. Contact the administrator to install the driver before you log in again.

15-Aug-11 9:05:10 AM, Error: Microsoft-Windows-TerminalServices-Printers [1111] - Driver Canon iP1600 required for printer Canon iP1600 (Copy 1) is unknown. Contact the administrator to install the driver before you log in again.

15-Aug-11 12:23:47 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer POM20 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C98BAFA9-BEA7-46CD-9D88-24D180A8BF60. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

Link to comment
Share on other sites

adam7979,

 

Can’t see an indication of ZeroAccess at first glance, but would appreciate your doing the following…

 

Please do exactly as follows, and nothing else. Do not delete or change anything in the Registry!! The consequences are not good.

 

 

Go to Start and type regedit in the search box above the Start globe.

Right-click and select: Run as Administrator

 

When the Registry opens, navigate it as follows:

 

Click the [>] on the left of each of the following:

HKEY_LOCAL_MACHINE

SYSTEM

CurrentControlSet

Control

Session Manager

SubSystems

 

The SubSystems folder remains open.

 

Right-click the open SubSystems folder and select: Export

 

In the Export Registry File prompt:

Save in: Desktop

File name: subsys

Save as type: Text Files (*.txt)

Click: Save

 

Close the Registry: Go to File > Exit

 

Please post the subsys info (located on the Desktop) in your reply.

 

 

Getting ready to sign off for tonight. Will check your reply tomorrow.

Link to comment
Share on other sites

Hi again, my subsys.reg:

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Debug"=hex(2):00,00

@="mnmsrvc"

"Kmode"=hex(2):5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\

00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,69,00,\

6e,00,33,00,32,00,6b,00,2e,00,73,00,79,00,73,00,00,00

"Optional"=hex(7):50,00,6f,00,73,00,69,00,78,00,00,00,00,00

"Posix"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\

00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,70,00,\

73,00,78,00,73,00,73,00,2e,00,65,00,78,00,65,00,00,00

"Required"=hex(7):44,00,65,00,62,00,75,00,67,00,00,00,57,00,69,00,6e,00,64,00,\

6f,00,77,00,73,00,00,00,00,00

"Windows"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,\

00,73,00,72,00,73,00,73,00,2e,00,65,00,78,00,65,00,20,00,4f,00,62,00,6a,00,\

65,00,63,00,74,00,44,00,69,00,72,00,65,00,63,00,74,00,6f,00,72,00,79,00,3d,\

00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,68,00,61,00,\

72,00,65,00,64,00,53,00,65,00,63,00,74,00,69,00,6f,00,6e,00,3d,00,31,00,30,\

00,32,00,34,00,2c,00,31,00,32,00,32,00,38,00,38,00,2c,00,35,00,31,00,32,00,\

20,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,3d,00,4f,00,6e,00,20,00,53,\

00,75,00,62,00,53,00,79,00,73,00,74,00,65,00,6d,00,54,00,79,00,70,00,65,00,\

3d,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,53,00,65,00,72,00,76,\

00,65,00,72,00,44,00,6c,00,6c,00,3d,00,62,00,61,00,73,00,65,00,73,00,72,00,\

76,00,2c,00,31,00,20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,\

00,3d,00,77,00,69,00,6e,00,73,00,72,00,76,00,3a,00,55,00,73,00,65,00,72,00,\

53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,\

00,69,00,61,00,6c,00,69,00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,33,00,\

20,00,53,00,65,00,72,00,76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,77,00,69,\

00,6e,00,73,00,72,00,76,00,3a,00,43,00,6f,00,6e,00,53,00,65,00,72,00,76,00,\

65,00,72,00,44,00,6c,00,6c,00,49,00,6e,00,69,00,74,00,69,00,61,00,6c,00,69,\

00,7a,00,61,00,74,00,69,00,6f,00,6e,00,2c,00,32,00,20,00,53,00,65,00,72,00,\

76,00,65,00,72,00,44,00,6c,00,6c,00,3d,00,73,00,78,00,73,00,73,00,72,00,76,\

00,2c,00,34,00,20,00,50,00,72,00,6f,00,66,00,69,00,6c,00,65,00,43,00,6f,00,\

6e,00,74,00,72,00,6f,00,6c,00,3d,00,4f,00,66,00,66,00,20,00,4d,00,61,00,78,\

00,52,00,65,00,71,00,75,00,65,00,73,00,74,00,54,00,68,00,72,00,65,00,61,00,\

64,00,73,00,3d,00,31,00,36,00,00,00

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]

"CsrSrvSharedSectionBase"=dword:7f6f0000

 

 

 

good night

Link to comment
Share on other sites

Well, adam7979, can't read that if I try!!! :pullhair:

 

Give it another whirl, and make sure the info is saved as Text Files (*.txt). If you save it as Registration Files (*.reg), all those numbers show up!!

 

In the Export Registry File prompt:

Save in: Desktop

File name: subsys

Save as type: Text Files (*.txt)

Click: Save

Link to comment
Share on other sites

oh s*!@, my bad.

 

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

Class Name: <NO CLASS>

Last Write Time: 20-Aug-11 - 8:08 AM

Value 0

Name: Debug

Type: REG_EXPAND_SZ

Data:

 

Value 1

Name: <NO NAME>

Type: REG_SZ

Data: mnmsrvc

 

Value 2

Name: Kmode

Type: REG_EXPAND_SZ

Data: \SystemRoot\System32\win32k.sys

 

Value 3

Name: Optional

Type: REG_MULTI_SZ

Data: Posix

 

Value 4

Name: Posix

Type: REG_EXPAND_SZ

Data: %SystemRoot%\system32\psxss.exe

 

Value 5

Name: Required

Type: REG_MULTI_SZ

Data: Debug

Windows

 

Value 6

Name: Windows

Type: REG_EXPAND_SZ

Data: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 

 

Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS

Class Name: <NO CLASS>

Last Write Time: 20-Aug-11 - 8:08 AM

Value 0

Name: CsrSrvSharedSectionBase

Type: REG_DWORD

Data: 0x7f6f0000

 

 

 

 

 

 

edit: oh btw, my nod32 keeps popping up saying some *random* files are infected by "Win32/Patched.HN trojan" guess i need to plug my hdd into other PC and clean it from there..... :(

Edited by adam7979
Link to comment
Share on other sites

Well, adam7979, wish it were as simple as plugging the HDD into another PC and cleaning it from there.....

 

A slave Scan can be a very dangerous procedure if any Registry changes are made without addressing malware loading points.

Windows File Protection feature is also not used when scanning a non-active partition. There was a time when slaving was a fairly common procedure, but no longer. Slaving scans are obsolete when dealing with the current malware.

 

You need to fix this problem using your infected computer, and using tools that are designed for it.

 

 

What I see is that enough was removed previously for DDS not to pick up the typical characteristics of a ZeroAccess Rootkit infection in a W7 (64-bit) system, however, only part of the removal took place, and now there is very little information to work with. Need to see the info produced by previous actions...

 

You mentioned having run TDSSKiller and ComboFix. Do you have the reports these tools produced?

 

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).

 

The ComboFix log appears on the Desktop. The log is also found at C:\Combofix.txt

 

If you wish to continue here, please search for and post these logs.

Edited by Aaflac
Link to comment
Share on other sites

combofix:

 

ComboFix 11-08-18.03 - Administrator 19-Aug-11 11:11:26.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2941.2147 [GMT 8:00]

Running from: c:\windows\adsspy\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\1.exe

C:\2.exe

C:\3.exe

C:\4.exe

C:\5.exe

C:\a.txt

c:\windows\$NtUninstallKB44174$\1656648584

c:\windows\$NtUninstallKB44174$\3655502483\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}

c:\windows\$NtUninstallKB44174$\3655502483\click.tlb

c:\windows\$NtUninstallKB44174$\3655502483\L\xadqgnnk

c:\windows\$NtUninstallKB44174$\3655502483\loader.tlb

c:\windows\$NtUninstallKB44174$\3655502483\U\@00000001

c:\windows\$NtUninstallKB44174$\3655502483\U\@000000c0

c:\windows\$NtUninstallKB44174$\3655502483\U\@000000cb

c:\windows\$NtUninstallKB44174$\3655502483\U\@000000cf

c:\windows\$NtUninstallKB44174$\3655502483\U\@80000000

c:\windows\$NtUninstallKB44174$\3655502483\U\@800000c0

c:\windows\$NtUninstallKB44174$\3655502483\U\@800000cb

c:\windows\$NtUninstallKB44174$\3655502483\U\@800000cf

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\BackUp

c:\windows\security\Database\tmp.edb

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))

.

.

2011-08-19 03:19 . 2011-08-19 03:19 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-08-19 02:09 . 2011-08-19 03:12 43408 --sha-w- c:\windows\system32\c_97891.nl_

2011-08-19 01:59 . 2011-08-19 03:01 -------- d-----w- c:\windows\adsspy

2011-08-18 07:28 . 2011-08-18 07:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-18 06:58 . 2011-08-18 06:58 -------- d-----w- c:\users\Administrator\AppData\Local\Sunbelt Software

2011-08-18 06:51 . 2011-08-18 06:51 -------- dc----w- c:\windows\system32\DRVSTORE

2011-08-18 06:51 . 2011-07-21 06:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\programdata\Lavasoft

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\program files\Lavasoft

2011-08-18 04:09 . 2011-08-18 04:09 388608 ----a-w- C:\HijackThis.exe

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes

2011-08-18 04:03 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 04:03 . 2011-08-18 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 04:03 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d--h--w- c:\windows\PIF

2011-08-18 03:29 . 2011-08-18 03:29 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-18 03:29 . 2011-08-18 03:29 -------- d-----w- c:\program files\Trend Micro

2011-08-18 02:04 . 2011-08-18 02:04 -------- d-----w- c:\programdata\CrypKey

2011-08-18 01:40 . 2006-04-17 03:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll

2011-08-18 01:40 . 2004-10-16 13:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll

2011-08-18 01:40 . 2011-08-18 01:40 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery

2011-08-18 01:26 . 2011-08-18 02:04 -------- d-----w- C:\stellar

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- C:\Log

2011-08-18 01:10 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe

2011-08-18 01:10 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys

2011-08-18 01:10 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe

2011-08-18 01:10 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe

2011-08-18 01:10 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll

2011-08-18 01:10 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- c:\program files\Stellar Phoenix CD DVD Data Recovery

2011-08-18 00:34 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0CB3946-67F0-4FA3-A8DA-9A7196EA7FCD}\mpengine.dll

2011-08-16 01:48 . 2011-08-16 01:49 -------- d-----w- C:\show

2011-08-10 07:00 . 2011-08-10 07:00 -------- d-----w- C:\address book tl

2011-08-10 07:00 . 2011-08-10 07:08 -------- d-----w- C:\nooraliza.KSMDOMAIN

2011-08-10 04:49 . 2011-06-21 05:28 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-10 04:49 . 2011-07-22 04:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-10 04:49 . 2011-06-21 05:25 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2011-08-10 04:38 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 04:37 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 04:37 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 04:12 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 04:12 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 04:12 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 04:12 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 04:12 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 04:12 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-05 04:16 . 2011-08-05 04:21 -------- d-----w- C:\b1

2011-08-03 04:26 . 2011-08-03 04:26 -------- d-----w- C:\New Folder (2)

2011-08-03 00:20 . 2011-08-03 00:21 -------- d-----w- C:\file

2011-07-28 06:01 . 2011-07-28 06:01 -------- d-----w- C:\cccc

2011-07-23 02:28 . 2011-07-23 02:40 -------- d-----w- c:\program files\Multimedia Fingerprint System

2011-07-23 02:23 . 2011-07-23 02:29 -------- d-----w- C:\Multimedia Fingerprint System

2011-07-21 07:53 . 2011-07-21 08:10 -------- d-----w- C:\dell xps

2011-07-21 06:41 . 2011-07-21 06:41 -------- d-----w- C:\tplink

2011-07-21 06:41 . 2009-03-18 13:55 31232 ----a-w- c:\windows\system32\drivers\ipfnd51.sys

2011-07-21 06:35 . 2011-07-21 06:35 0 ---ha-w- c:\users\Administrator\AppData\Local\BIT2FF5.tmp

2011-07-21 01:13 . 2011-07-21 01:13 -------- d-----w- C:\ac's cctv

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-19 02:07 . 2011-04-23 00:30 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-18 00:15 . 2011-06-07 00:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-12 07:08 . 2011-07-13 08:25 59392 ----a-w- c:\windows\nc.exe

2011-06-11 02:29 . 2011-07-13 07:26 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 11:14 . 2010-10-05 00:21 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44 . 2011-06-29 00:41 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-06-30 00:27 . 2011-04-26 03:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"LanTalk"="c:\program files\CEZEO software\LanTalk XP\LanTalk.exe" [2010-06-17 330752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-27 570664]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

192.168.0.5.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

192.168.0.50.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

intra.lnk - [N/A]

sco_sv.lnk - [N/A]

todo.txt [2011-8-15 12124]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

System Information.lnk - c:\varian\Cary WinUV\SystemInformation.exe [2011-1-19 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]

R2 FCary;FCary; [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]

R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 31232]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2008-09-19 30208]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-05 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 EMSService;Schedule Service;c:\program files\EMS\ScheduleService.exe [2010-12-30 584704]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

S2 VarianSimpleGpib;VarianSimpleGpib; [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

2011-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://intra.ks.com/

uInternet Settings,ProxyServer = intra.ks.com:8080

uInternet Settings,ProxyOverride = 192.168*;*intra.ks.com

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: rwgenting.com\book

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: Interfaces\{C98BAFA9-BEA7-46CD-9D88-24D180A8BF60}: NameServer = 192.168.0.1,8.8.8.8

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\95dmuv5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.my

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-96973225.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,63,bb,d0,bf,ba,ef,49,b4,79,af,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,01,63,a9,86,b2,47,43,a4,fb,0c,\

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LOG\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\WORDPAD.EXE"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wordpad.exe"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="textfile"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

Completion time: 2011-08-19 11:21:28

ComboFix-quarantined-files.txt 2011-08-19 03:21

.

Pre-Run: 12,426,317,824 bytes free

Post-Run: 12,972,077,056 bytes free

.

- - End Of File - - 150483A48CE3DF6FA93BBEDC86D34DAE

Link to comment
Share on other sites

tdskiller:

 

2011/08/19 10:10:58.0772 3876 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13

2011/08/19 10:10:59.0552 3876 ================================================================================

2011/08/19 10:10:59.0552 3876 SystemInfo:

2011/08/19 10:10:59.0552 3876

2011/08/19 10:10:59.0552 3876 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/19 10:10:59.0552 3876 Product type: Workstation

2011/08/19 10:10:59.0552 3876 ComputerName: EDP1

2011/08/19 10:10:59.0552 3876 UserName: Administrator

2011/08/19 10:10:59.0552 3876 Windows directory: C:\Windows

2011/08/19 10:10:59.0552 3876 System windows directory: C:\Windows

2011/08/19 10:10:59.0552 3876 Processor architecture: Intel x86

2011/08/19 10:10:59.0552 3876 Number of processors: 2

2011/08/19 10:10:59.0552 3876 Page size: 0x1000

2011/08/19 10:10:59.0552 3876 Boot type: Normal boot

2011/08/19 10:10:59.0552 3876 ================================================================================

2011/08/19 10:11:01.0049 3876 Initialize success

2011/08/19 10:11:03.0311 3836 ================================================================================

2011/08/19 10:11:03.0311 3836 Scan started

2011/08/19 10:11:03.0311 3836 Mode: Manual;

2011/08/19 10:11:03.0311 3836 ================================================================================

2011/08/19 10:11:04.0622 3836 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/19 10:11:04.0778 3836 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/19 10:11:04.0840 3836 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/19 10:11:04.0949 3836 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/19 10:11:05.0012 3836 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/19 10:11:05.0261 3836 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/19 10:11:05.0386 3836 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/19 10:11:05.0464 3836 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/19 10:11:05.0542 3836 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/19 10:11:05.0573 3836 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/19 10:11:05.0589 3836 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/19 10:11:05.0636 3836 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/19 10:11:05.0729 3836 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/19 10:11:05.0761 3836 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/19 10:11:05.0792 3836 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/19 10:11:05.0870 3836 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/19 10:11:05.0901 3836 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/19 10:11:06.0010 3836 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/19 10:11:06.0057 3836 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/19 10:11:06.0088 3836 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/19 10:11:06.0182 3836 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/19 10:11:06.0244 3836 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/19 10:11:06.0369 3836 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/19 10:11:06.0400 3836 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/19 10:11:06.0494 3836 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/19 10:11:06.0541 3836 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/19 10:11:06.0603 3836 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/19 10:11:06.0665 3836 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/19 10:11:06.0697 3836 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/19 10:11:06.0728 3836 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/19 10:11:06.0743 3836 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/19 10:11:06.0775 3836 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/19 10:11:06.0853 3836 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/19 10:11:06.0868 3836 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/19 10:11:06.0884 3836 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/19 10:11:06.0915 3836 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/19 10:11:07.0009 3836 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/19 10:11:07.0087 3836 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/19 10:11:07.0165 3836 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/19 10:11:07.0211 3836 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/19 10:11:07.0305 3836 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/19 10:11:07.0383 3836 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/19 10:11:07.0430 3836 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/19 10:11:07.0523 3836 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/19 10:11:07.0601 3836 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/19 10:11:07.0711 3836 connctfy (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/19 10:11:07.0742 3836 connctfyMP (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/19 10:11:07.0789 3836 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/19 10:11:07.0913 3836 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/19 10:11:07.0960 3836 d9e28a93 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2475352793:639464812.exe

2011/08/19 10:11:07.0960 3836 Suspicious file (Hidden): C:\Windows\2475352793:639464812.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/08/19 10:11:07.0960 3836 d9e28a93 - detected HiddenFile.Multi.Generic (1)

2011/08/19 10:11:08.0101 3836 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/08/19 10:11:08.0147 3836 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/19 10:11:08.0210 3836 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/19 10:11:08.0303 3836 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/08/19 10:11:08.0366 3836 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

2011/08/19 10:11:08.0475 3836 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/19 10:11:08.0553 3836 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/19 10:11:08.0678 3836 eamon (e31464ce787e3a0ffea55baa591897f0) C:\Windows\system32\DRIVERS\eamon.sys

2011/08/19 10:11:08.0787 3836 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/19 10:11:08.0927 3836 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\Windows\system32\DRIVERS\ehdrv.sys

2011/08/19 10:11:09.0005 3836 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/19 10:11:09.0130 3836 epfwwfpr (9798f4c71df8a86266bb0476205411f9) C:\Windows\system32\DRIVERS\epfwwfpr.sys

2011/08/19 10:11:09.0208 3836 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/19 10:11:09.0302 3836 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/19 10:11:09.0333 3836 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/19 10:11:09.0458 3836 FCary (f44f94b4cf95f082a569cc95c4ea09ff) C:\Windows\system32\drivers\FCary.sys

2011/08/19 10:11:09.0505 3836 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/19 10:11:09.0583 3836 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/19 10:11:09.0645 3836 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/19 10:11:09.0676 3836 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/19 10:11:09.0739 3836 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/19 10:11:09.0817 3836 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/19 10:11:09.0863 3836 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/19 10:11:09.0957 3836 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/19 10:11:10.0004 3836 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/19 10:11:10.0082 3836 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/19 10:11:10.0191 3836 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/19 10:11:10.0222 3836 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/19 10:11:10.0253 3836 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/19 10:11:10.0331 3836 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/19 10:11:10.0409 3836 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/19 10:11:10.0565 3836 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/19 10:11:10.0690 3836 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/19 10:11:10.0831 3836 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/19 10:11:10.0971 3836 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/19 10:11:11.0049 3836 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/19 10:11:11.0127 3836 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys

2011/08/19 10:11:11.0174 3836 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/19 10:11:11.0392 3836 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/19 10:11:11.0517 3836 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/19 10:11:11.0642 3836 IntcAzAudAddService (c877ecc52d2279818cfb0a7dd3dcb906) C:\Windows\system32\drivers\RTKVHDA.sys

2011/08/19 10:11:11.0767 3836 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/19 10:11:11.0829 3836 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/19 10:11:11.0938 3836 ip100Avista (b671fda040cea1018dab736466bdaf1d) C:\Windows\system32\DRIVERS\ipfnd51.sys

2011/08/19 10:11:11.0985 3836 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/19 10:11:12.0016 3836 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/19 10:11:12.0094 3836 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/19 10:11:12.0125 3836 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/19 10:11:12.0188 3836 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/19 10:11:12.0250 3836 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/19 10:11:12.0297 3836 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/19 10:11:12.0313 3836 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/08/19 10:11:12.0437 3836 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/19 10:11:12.0469 3836 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/19 10:11:12.0609 3836 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/08/19 10:11:12.0671 3836 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/19 10:11:12.0749 3836 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/19 10:11:12.0781 3836 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/19 10:11:12.0827 3836 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/19 10:11:12.0890 3836 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/19 10:11:12.0937 3836 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/19 10:11:12.0999 3836 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/19 10:11:13.0093 3836 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/19 10:11:13.0124 3836 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/19 10:11:13.0186 3836 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\Windows\system32\drivers\MfeAVFK.sys

2011/08/19 10:11:13.0249 3836 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\Windows\system32\drivers\MfeBOPK.sys

2011/08/19 10:11:13.0280 3836 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\Windows\system32\drivers\mfehidk.sys

2011/08/19 10:11:13.0311 3836 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\Windows\system32\drivers\MfeRKDK.sys

2011/08/19 10:11:13.0389 3836 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\Windows\system32\drivers\mfetdik.sys

2011/08/19 10:11:13.0436 3836 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/19 10:11:13.0498 3836 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/19 10:11:13.0607 3836 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/19 10:11:13.0639 3836 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/19 10:11:13.0748 3836 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/19 10:11:13.0810 3836 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/19 10:11:13.0857 3836 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/19 10:11:13.0982 3836 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/19 10:11:14.0060 3836 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/19 10:11:14.0169 3836 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/19 10:11:14.0247 3836 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/19 10:11:14.0356 3836 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/19 10:11:14.0387 3836 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/19 10:11:14.0465 3836 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/19 10:11:14.0481 3836 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/19 10:11:14.0543 3836 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/19 10:11:14.0637 3836 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/19 10:11:14.0668 3836 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/19 10:11:14.0684 3836 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/19 10:11:14.0731 3836 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/19 10:11:14.0824 3836 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/19 10:11:14.0871 3836 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/19 10:11:14.0887 3836 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/19 10:11:14.0965 3836 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/19 10:11:14.0996 3836 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/19 10:11:15.0089 3836 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/19 10:11:15.0183 3836 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/19 10:11:15.0214 3836 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/19 10:11:15.0292 3836 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/19 10:11:15.0401 3836 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/19 10:11:15.0479 3836 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/19 10:11:15.0511 3836 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/19 10:11:15.0620 3836 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/19 10:11:15.0682 3836 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/19 10:11:15.0760 3836 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/19 10:11:15.0823 3836 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/19 10:11:15.0916 3836 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/19 10:11:16.0010 3836 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/19 10:11:16.0057 3836 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/19 10:11:16.0135 3836 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/19 10:11:16.0197 3836 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/19 10:11:16.0244 3836 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/19 10:11:16.0291 3836 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/19 10:11:16.0415 3836 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/19 10:11:16.0447 3836 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/19 10:11:16.0478 3836 PCAlertDriver (ce0bf0fa2c3f8cf2549ebf508242a2c9) C:\BizCover\NTGLM7X.sys

2011/08/19 10:11:16.0603 3836 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/19 10:11:16.0634 3836 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/19 10:11:16.0681 3836 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/19 10:11:16.0774 3836 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/19 10:11:16.0805 3836 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/19 10:11:16.0961 3836 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/19 10:11:16.0993 3836 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/19 10:11:17.0024 3836 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/19 10:11:17.0164 3836 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2011/08/19 10:11:17.0227 3836 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/19 10:11:17.0305 3836 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/19 10:11:17.0351 3836 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/19 10:11:17.0383 3836 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/19 10:11:17.0414 3836 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/19 10:11:17.0492 3836 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/19 10:11:17.0523 3836 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/19 10:11:17.0539 3836 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/19 10:11:17.0648 3836 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/19 10:11:17.0679 3836 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/19 10:11:17.0788 3836 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/19 10:11:17.0882 3836 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/19 10:11:17.0975 3836 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/19 10:11:18.0007 3836 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/19 10:11:18.0085 3836 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/19 10:11:18.0194 3836 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/19 10:11:18.0256 3836 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

2011/08/19 10:11:18.0350 3836 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/19 10:11:18.0397 3836 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys

2011/08/19 10:11:18.0490 3836 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/08/19 10:11:18.0568 3836 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\rtl8187.sys

2011/08/19 10:11:18.0631 3836 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/19 10:11:18.0709 3836 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/19 10:11:18.0787 3836 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/19 10:11:18.0896 3836 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/19 10:11:18.0989 3836 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\Windows\System32\Drivers\SENTINEL.SYS

2011/08/19 10:11:19.0021 3836 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/19 10:11:19.0083 3836 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/19 10:11:19.0161 3836 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/19 10:11:19.0208 3836 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/19 10:11:19.0255 3836 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/19 10:11:19.0348 3836 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/19 10:11:19.0379 3836 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/19 10:11:19.0489 3836 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/19 10:11:19.0535 3836 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/19 10:11:19.0567 3836 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/19 10:11:19.0629 3836 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/19 10:11:19.0707 3836 SNTNLUSB (87f799c486302aceff098e067d481d9c) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

2011/08/19 10:11:19.0738 3836 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/19 10:11:19.0879 3836 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2011/08/19 10:11:19.0879 3836 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2011/08/19 10:11:19.0879 3836 sptd - detected LockedFile.Multi.Generic (1)

2011/08/19 10:11:19.0957 3836 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/19 10:11:20.0035 3836 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/19 10:11:20.0113 3836 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/19 10:11:20.0191 3836 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/19 10:11:20.0269 3836 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/19 10:11:20.0300 3836 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/19 10:11:20.0331 3836 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/19 10:11:20.0503 3836 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

2011/08/19 10:11:20.0581 3836 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/19 10:11:20.0689 3836 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/19 10:11:20.0823 3836 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/19 10:11:20.0870 3836 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/19 10:11:20.0963 3836 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/19 10:11:21.0041 3836 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/19 10:11:21.0151 3836 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/19 10:11:21.0260 3836 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/19 10:11:21.0338 3836 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/19 10:11:21.0400 3836 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/19 10:11:21.0541 3836 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/19 10:11:21.0634 3836 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/19 10:11:21.0681 3836 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/19 10:11:21.0728 3836 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/19 10:11:21.0790 3836 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys

2011/08/19 10:11:21.0915 3836 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys

2011/08/19 10:11:21.0977 3836 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/19 10:11:22.0009 3836 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/19 10:11:22.0087 3836 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/19 10:11:22.0118 3836 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/08/19 10:11:22.0149 3836 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/19 10:11:22.0243 3836 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/08/19 10:11:22.0289 3836 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/08/19 10:11:22.0321 3836 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/19 10:11:22.0399 3836 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/08/19 10:11:22.0477 3836 VarianSimpleGpib (7ed1f3eb484da3cc5a1654b2ccf72b1c) C:\Windows\system32\drivers\VarianSimpleGpib.sys

2011/08/19 10:11:22.0601 3836 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/19 10:11:22.0633 3836 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/19 10:11:22.0664 3836 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/19 10:11:22.0695 3836 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/19 10:11:22.0867 3836 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/19 10:11:22.0913 3836 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/19 10:11:23.0023 3836 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/19 10:11:23.0054 3836 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/19 10:11:23.0069 3836 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/19 10:11:23.0085 3836 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/19 10:11:23.0163 3836 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/19 10:11:23.0257 3836 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/19 10:11:23.0288 3836 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/19 10:11:23.0381 3836 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/19 10:11:23.0428 3836 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/08/19 10:11:23.0491 3836 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/19 10:11:23.0553 3836 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/19 10:11:23.0569 3836 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/19 10:11:23.0678 3836 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/19 10:11:23.0709 3836 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/19 10:11:23.0818 3836 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/19 10:11:23.0849 3836 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/19 10:11:23.0943 3836 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS

2011/08/19 10:11:24.0037 3836 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/19 10:11:24.0099 3836 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/19 10:11:24.0193 3836 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/19 10:11:24.0317 3836 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/19 10:11:24.0411 3836 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/19 10:11:24.0427 3836 Boot (0x1200) (76f9319d8a7112f9185ef0e4eabafd74) \Device\Harddisk0\DR0\Partition0

2011/08/19 10:11:24.0442 3836 Boot (0x1200) (dfdc34fda45396c00affe423c15da593) \Device\Harddisk0\DR0\Partition1

2011/08/19 10:11:24.0489 3836 Boot (0x1200) (bf05e9387591a3fb84db0bbbe645a513) \Device\Harddisk0\DR0\Partition2

2011/08/19 10:11:24.0489 3836 ================================================================================

2011/08/19 10:11:24.0489 3836 Scan finished

2011/08/19 10:11:24.0489 3836 ================================================================================

2011/08/19 10:11:24.0505 3940 Detected object count: 2

2011/08/19 10:11:24.0505 3940 Actual detected object count: 2

2011/08/19 10:11:35.0612 3940 HiddenFile.Multi.Generic(d9e28a93) - User select action: Skip

2011/08/19 10:11:35.0627 3940 LockedFile.Multi.Generic(sptd) - User select action: Skip

2011/08/19 10:11:39.0371 3908 ================================================================================

2011/08/19 10:11:39.0371 3908 Scan started

2011/08/19 10:11:39.0371 3908 Mode: Manual;

2011/08/19 10:11:39.0371 3908 ================================================================================

2011/08/19 10:11:39.0621 3908 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/19 10:11:39.0715 3908 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/19 10:11:39.0761 3908 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/19 10:11:39.0808 3908 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/19 10:11:39.0839 3908 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/19 10:11:39.0886 3908 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/19 10:11:39.0980 3908 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/19 10:11:40.0214 3908 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/19 10:11:40.0245 3908 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/19 10:11:40.0339 3908 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/19 10:11:40.0401 3908 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/19 10:11:40.0432 3908 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/19 10:11:40.0463 3908 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/19 10:11:40.0541 3908 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/19 10:11:40.0588 3908 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/19 10:11:40.0651 3908 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/19 10:11:40.0713 3908 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/19 10:11:40.0822 3908 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/19 10:11:40.0900 3908 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/19 10:11:40.0947 3908 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/19 10:11:40.0963 3908 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/19 10:11:41.0041 3908 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/19 10:11:41.0134 3908 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/19 10:11:41.0181 3908 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/19 10:11:41.0197 3908 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/19 10:11:41.0290 3908 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/19 10:11:41.0368 3908 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/19 10:11:41.0384 3908 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/19 10:11:41.0415 3908 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/19 10:11:41.0446 3908 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/19 10:11:41.0446 3908 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/19 10:11:41.0540 3908 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/19 10:11:41.0555 3908 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/19 10:11:41.0587 3908 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/19 10:11:41.0665 3908 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/19 10:11:41.0696 3908 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/19 10:11:41.0711 3908 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/19 10:11:41.0821 3908 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/19 10:11:41.0852 3908 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/19 10:11:41.0883 3908 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/19 10:11:41.0961 3908 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/19 10:11:42.0023 3908 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/19 10:11:42.0101 3908 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/19 10:11:42.0148 3908 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/19 10:11:42.0257 3908 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/19 10:11:42.0335 3908 connctfy (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/19 10:11:42.0351 3908 connctfyMP (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/19 10:11:42.0398 3908 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/19 10:11:42.0523 3908 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/19 10:11:42.0554 3908 d9e28a93 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\2475352793:639464812.exe

2011/08/19 10:11:42.0554 3908 Suspicious file (Hidden): C:\Windows\2475352793:639464812.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/08/19 10:11:42.0554 3908 d9e28a93 - detected HiddenFile.Multi.Generic (1)

2011/08/19 10:11:42.0679 3908 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/08/19 10:11:42.0710 3908 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/19 10:11:42.0725 3908 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/19 10:11:42.0850 3908 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/08/19 10:11:42.0928 3908 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

2011/08/19 10:11:42.0975 3908 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/19 10:11:43.0084 3908 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/19 10:11:43.0162 3908 eamon (e31464ce787e3a0ffea55baa591897f0) C:\Windows\system32\DRIVERS\eamon.sys

2011/08/19 10:11:43.0303 3908 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/19 10:11:43.0412 3908 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\Windows\system32\DRIVERS\ehdrv.sys

2011/08/19 10:11:43.0521 3908 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/19 10:11:43.0599 3908 epfwwfpr (9798f4c71df8a86266bb0476205411f9) C:\Windows\system32\DRIVERS\epfwwfpr.sys

2011/08/19 10:11:43.0693 3908 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/19 10:11:43.0771 3908 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/19 10:11:43.0817 3908 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/19 10:11:43.0895 3908 FCary (f44f94b4cf95f082a569cc95c4ea09ff) C:\Windows\system32\drivers\FCary.sys

2011/08/19 10:11:43.0942 3908 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/19 10:11:44.0020 3908 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/19 10:11:44.0051 3908 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/19 10:11:44.0098 3908 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/19 10:11:44.0161 3908 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/19 10:11:44.0192 3908 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/19 10:11:44.0207 3908 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/19 10:11:44.0285 3908 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/19 10:11:44.0363 3908 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/19 10:11:44.0410 3908 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/19 10:11:44.0488 3908 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/19 10:11:44.0597 3908 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/19 10:11:44.0629 3908 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/19 10:11:44.0675 3908 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/19 10:11:44.0753 3908 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/19 10:11:44.0816 3908 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/19 10:11:44.0894 3908 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/19 10:11:45.0003 3908 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/19 10:11:45.0065 3908 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/19 10:11:45.0159 3908 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/19 10:11:45.0237 3908 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys

2011/08/19 10:11:45.0284 3908 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/19 10:11:45.0533 3908 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/19 10:11:45.0627 3908 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/19 10:11:45.0767 3908 IntcAzAudAddService (c877ecc52d2279818cfb0a7dd3dcb906) C:\Windows\system32\drivers\RTKVHDA.sys

2011/08/19 10:11:45.0908 3908 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/19 10:11:45.0939 3908 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/19 10:11:46.0033 3908 ip100Avista (b671fda040cea1018dab736466bdaf1d) C:\Windows\system32\DRIVERS\ipfnd51.sys

2011/08/19 10:11:46.0079 3908 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/19 10:11:46.0095 3908 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/19 10:11:46.0157 3908 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/19 10:11:46.0189 3908 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/19 10:11:46.0267 3908 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/19 10:11:46.0313 3908 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/19 10:11:46.0407 3908 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/19 10:11:46.0438 3908 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/08/19 10:11:46.0547 3908 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/19 10:11:46.0610 3908 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/19 10:11:46.0703 3908 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/08/19 10:11:46.0813 3908 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/19 10:11:46.0859 3908 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/19 10:11:46.0906 3908 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/19 10:11:46.0984 3908 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/19 10:11:47.0031 3908 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/19 10:11:47.0062 3908 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/19 10:11:47.0125 3908 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/19 10:11:47.0171 3908 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/19 10:11:47.0203 3908 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/19 10:11:47.0281 3908 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\Windows\system32\drivers\MfeAVFK.sys

2011/08/19 10:11:47.0312 3908 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\Windows\system32\drivers\MfeBOPK.sys

2011/08/19 10:11:47.0390 3908 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\Windows\system32\drivers\mfehidk.sys

2011/08/19 10:11:47.0483 3908 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\Windows\system32\drivers\MfeRKDK.sys

2011/08/19 10:11:47.0530 3908 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\Windows\system32\drivers\mfetdik.sys

2011/08/19 10:11:47.0546 3908 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/19 10:11:47.0655 3908 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/19 10:11:47.0717 3908 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/19 10:11:47.0749 3908 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/19 10:11:47.0873 3908 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/19 10:11:47.0936 3908 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/19 10:11:47.0967 3908 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/19 10:11:48.0076 3908 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/19 10:11:48.0154 3908 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/19 10:11:48.0248 3908 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/19 10:11:48.0373 3908 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/19 10:11:48.0435 3908 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/19 10:11:48.0513 3908 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/19 10:11:48.0575 3908 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/19 10:11:48.0591 3908 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/19 10:11:48.0700 3908 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/19 10:11:48.0747 3908 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/19 10:11:48.0778 3908 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/19 10:11:48.0825 3908 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/19 10:11:48.0872 3908 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/19 10:11:48.0950 3908 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/19 10:11:49.0012 3908 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/19 10:11:49.0043 3908 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/19 10:11:49.0090 3908 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/19 10:11:49.0137 3908 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/19 10:11:49.0293 3908 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/19 10:11:49.0324 3908 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/19 10:11:49.0418 3908 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/19 10:11:49.0496 3908 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/

Link to comment
Share on other sites

Thank you, adam7979!!

 

Those reports give some info to work with.

 

First, please download DeFogger:

http://www.jpshortstuff.247fixes.com/Defogger.exe

 

Save to your Desktop.

Click on DeFogger to run the tool.

 

When the application window appears, click the Disable button to disable your CD Emulation drivers.

 

Click Yes to continue.

 

A 'Finished!' message will appear.

Click OK.

 

DeFogger will now ask to reboot the machine, click OK.

 

If you receive an error message while running DeFogger, please post the log defogger_disable which appears on your Desktop.

 

Also, please do not re-enable any drivers until otherwise instructed!!

 

 

~~~~

Second, run TDSSKiller once again, but, as follows:

 

Execute TDSSKiller.exe by right-clicking and selecting: 'Run as Administrator'

 

Click: ‘Start Scan

 

If Malicious objects are found, Do not allow the tool to 'Cure'.

Click the arrow next to 'Cure' and select Skip

 

Click: Continue

 

When the tool is done, a log is produced at the root drive, which is typically C:\

For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

 

Please post the new TDSSKiller log in your reply.

 

 

~~~~

Third, please download SystemLook from one of the links below (Use 64-bit if it applies to your system):

http://jpshortstuff.247fixes.com/SystemLook.exe

64-bit:

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

 

Right-click on SystemLook.exe and select: 'Run As Administrator'

 

Copy the content of the following box into the main text-field:

 

:filefind
sptd.sys

Click the Look button to start the scan.

 

When finished, a Notepad window opens on your Desktop with the results of the scan.

 

Also post the log in your reply.

 

~~~~

Fourth, let’s get a file analyzed at VirusTotal

 

You need to View Hidden Files and Folders

 

Next, in Virus Total, submit the following file:

 

C:\Windows\system32\Drivers\sptd.sys

Use the 'Browse' button to navigate to the location of the file

 

Click on the file, and then click the 'Open' button.

The file is now displayed in the Submit Box.

 

Scroll down and click 'Send File', and wait for the results.

 

If you get a message saying: 'File has already been analyzed', click 'Re-analyze file now'

 

Once scanned, please provide the link to the results page in your reply.

Edited by Aaflac
Link to comment
Share on other sites

tds killer:

 

2011/08/22 16:32:28.0421 4624 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17

2011/08/22 16:32:29.0477 4624 ================================================================================

2011/08/22 16:32:29.0477 4624 SystemInfo:

2011/08/22 16:32:29.0477 4624

2011/08/22 16:32:29.0478 4624 OS Version: 6.1.7601 ServicePack: 1.0

2011/08/22 16:32:29.0478 4624 Product type: Workstation

2011/08/22 16:32:29.0478 4624 ComputerName: EDP1

2011/08/22 16:32:29.0509 4624 UserName: Administrator

2011/08/22 16:32:29.0509 4624 Windows directory: C:\Windows

2011/08/22 16:32:29.0509 4624 System windows directory: C:\Windows

2011/08/22 16:32:29.0509 4624 Processor architecture: Intel x86

2011/08/22 16:32:29.0509 4624 Number of processors: 2

2011/08/22 16:32:29.0509 4624 Page size: 0x1000

2011/08/22 16:32:29.0509 4624 Boot type: Normal boot

2011/08/22 16:32:29.0509 4624 ================================================================================

2011/08/22 16:32:30.0268 4624 Initialize success

2011/08/22 16:32:36.0374 4956 ================================================================================

2011/08/22 16:32:36.0374 4956 Scan started

2011/08/22 16:32:36.0374 4956 Mode: Manual;

2011/08/22 16:32:36.0374 4956 ================================================================================

2011/08/22 16:32:38.0702 4956 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

2011/08/22 16:32:38.0829 4956 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

2011/08/22 16:32:38.0922 4956 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

2011/08/22 16:32:39.0001 4956 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/08/22 16:32:39.0095 4956 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

2011/08/22 16:32:39.0124 4956 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

2011/08/22 16:32:39.0270 4956 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

2011/08/22 16:32:39.0337 4956 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

2011/08/22 16:32:39.0389 4956 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

2011/08/22 16:32:39.0584 4956 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

2011/08/22 16:32:39.0628 4956 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

2011/08/22 16:32:39.0764 4956 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

2011/08/22 16:32:39.0834 4956 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

2011/08/22 16:32:39.0873 4956 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

2011/08/22 16:32:39.0940 4956 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

2011/08/22 16:32:39.0984 4956 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/08/22 16:32:40.0072 4956 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

2011/08/22 16:32:40.0288 4956 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

2011/08/22 16:32:40.0365 4956 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

2011/08/22 16:32:40.0441 4956 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

2011/08/22 16:32:40.0662 4956 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/22 16:32:40.0807 4956 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

2011/08/22 16:32:40.0879 4956 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

2011/08/22 16:32:40.0948 4956 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

2011/08/22 16:32:41.0004 4956 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

2011/08/22 16:32:41.0086 4956 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/08/22 16:32:41.0184 4956 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/22 16:32:41.0329 4956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/08/22 16:32:41.0429 4956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/08/22 16:32:41.0474 4956 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/22 16:32:41.0520 4956 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

2011/08/22 16:32:41.0617 4956 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

2011/08/22 16:32:41.0654 4956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/08/22 16:32:41.0684 4956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/08/22 16:32:41.0771 4956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/08/22 16:32:41.0799 4956 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/08/22 16:32:42.0026 4956 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/22 16:32:42.0125 4956 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys

2011/08/22 16:32:42.0229 4956 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

2011/08/22 16:32:42.0296 4956 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

2011/08/22 16:32:42.0404 4956 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/08/22 16:32:42.0470 4956 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

2011/08/22 16:32:42.0574 4956 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

2011/08/22 16:32:42.0601 4956 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

2011/08/22 16:32:42.0721 4956 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

2011/08/22 16:32:42.0798 4956 connctfy (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/22 16:32:42.0841 4956 connctfyMP (f483412cb726f5f09d73d92fe395f548) C:\Windows\system32\DRIVERS\connctfy.sys

2011/08/22 16:32:42.0928 4956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/08/22 16:32:43.0032 4956 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

2011/08/22 16:32:43.0188 4956 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

2011/08/22 16:32:43.0246 4956 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

2011/08/22 16:32:43.0350 4956 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

2011/08/22 16:32:43.0423 4956 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

2011/08/22 16:32:43.0512 4956 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\drivers\Dot4Prt.sys

2011/08/22 16:32:43.0627 4956 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

2011/08/22 16:32:43.0754 4956 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/22 16:32:43.0968 4956 eamon (e31464ce787e3a0ffea55baa591897f0) C:\Windows\system32\DRIVERS\eamon.sys

2011/08/22 16:32:44.0086 4956 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

2011/08/22 16:32:44.0271 4956 ehdrv (2c95a7a87e4272c1fff9baf579677db3) C:\Windows\system32\DRIVERS\ehdrv.sys

2011/08/22 16:32:44.0455 4956 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

2011/08/22 16:32:44.0792 4956 epfwwfpr (9798f4c71df8a86266bb0476205411f9) C:\Windows\system32\DRIVERS\epfwwfpr.sys

2011/08/22 16:32:44.0846 4956 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

2011/08/22 16:32:45.0006 4956 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

2011/08/22 16:32:45.0082 4956 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

2011/08/22 16:32:45.0217 4956 FCary (f44f94b4cf95f082a569cc95c4ea09ff) C:\Windows\system32\drivers\FCary.sys

2011/08/22 16:32:45.0267 4956 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/22 16:32:45.0672 4956 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

2011/08/22 16:32:45.0731 4956 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

2011/08/22 16:32:45.0786 4956 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/22 16:32:45.0873 4956 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

2011/08/22 16:32:45.0926 4956 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

2011/08/22 16:32:46.0012 4956 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/22 16:32:46.0100 4956 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

2011/08/22 16:32:46.0177 4956 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/08/22 16:32:46.0259 4956 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

2011/08/22 16:32:46.0325 4956 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

2011/08/22 16:32:46.0429 4956 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

2011/08/22 16:32:46.0468 4956 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/08/22 16:32:46.0489 4956 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

2011/08/22 16:32:46.0589 4956 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

2011/08/22 16:32:46.0662 4956 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

2011/08/22 16:32:46.0777 4956 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

2011/08/22 16:32:46.0861 4956 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

2011/08/22 16:32:46.0981 4956 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

2011/08/22 16:32:47.0101 4956 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

2011/08/22 16:32:47.0174 4956 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys

2011/08/22 16:32:47.0243 4956 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

2011/08/22 16:32:47.0438 4956 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys

2011/08/22 16:32:47.0574 4956 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

2011/08/22 16:32:47.0686 4956 IntcAzAudAddService (c877ecc52d2279818cfb0a7dd3dcb906) C:\Windows\system32\drivers\RTKVHDA.sys

2011/08/22 16:32:47.0832 4956 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

2011/08/22 16:32:47.0902 4956 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/22 16:32:48.0025 4956 ip100Avista (b671fda040cea1018dab736466bdaf1d) C:\Windows\system32\DRIVERS\ipfnd51.sys

2011/08/22 16:32:48.0071 4956 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/22 16:32:48.0159 4956 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

2011/08/22 16:32:48.0270 4956 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

2011/08/22 16:32:48.0331 4956 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

2011/08/22 16:32:48.0390 4956 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

2011/08/22 16:32:48.0446 4956 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

2011/08/22 16:32:48.0507 4956 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/22 16:32:48.0644 4956 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/08/22 16:32:48.0799 4956 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/22 16:32:48.0834 4956 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

2011/08/22 16:32:48.0971 4956 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/08/22 16:32:49.0024 4956 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/22 16:32:49.0140 4956 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/08/22 16:32:49.0191 4956 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/08/22 16:32:49.0291 4956 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/08/22 16:32:49.0327 4956 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/08/22 16:32:49.0431 4956 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

2011/08/22 16:32:49.0489 4956 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/22 16:32:49.0569 4956 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

2011/08/22 16:32:49.0644 4956 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/08/22 16:32:49.0747 4956 MfeAVFK (64b96de8c492bd435372d9130a535f1d) C:\Windows\system32\drivers\MfeAVFK.sys

2011/08/22 16:32:49.0817 4956 MfeBOPK (078e87a89d36cc3516f19d5fb518bddc) C:\Windows\system32\drivers\MfeBOPK.sys

2011/08/22 16:32:49.0913 4956 mfehidk (168c565101fd5b9db694efdec91fafa9) C:\Windows\system32\drivers\mfehidk.sys

2011/08/22 16:32:49.0974 4956 MfeRKDK (e0842f67dc9bc4d21d1e319610ebe9e5) C:\Windows\system32\drivers\MfeRKDK.sys

2011/08/22 16:32:50.0066 4956 mfetdik (43a7acbbd70ecd62f0b63486c72089a3) C:\Windows\system32\drivers\mfetdik.sys

2011/08/22 16:32:50.0134 4956 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

2011/08/22 16:32:50.0251 4956 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/22 16:32:50.0350 4956 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/22 16:32:50.0412 4956 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

2011/08/22 16:32:50.0558 4956 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

2011/08/22 16:32:50.0653 4956 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

2011/08/22 16:32:50.0754 4956 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/22 16:32:50.0842 4956 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

2011/08/22 16:32:50.0954 4956 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/22 16:32:51.0038 4956 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/22 16:32:51.0158 4956 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/22 16:32:51.0253 4956 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

2011/08/22 16:32:51.0303 4956 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

2011/08/22 16:32:51.0421 4956 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

2011/08/22 16:32:51.0463 4956 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

2011/08/22 16:32:51.0541 4956 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

2011/08/22 16:32:51.0630 4956 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/22 16:32:51.0664 4956 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/22 16:32:51.0701 4956 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

2011/08/22 16:32:51.0733 4956 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

2011/08/22 16:32:51.0847 4956 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

2011/08/22 16:32:51.0885 4956 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

2011/08/22 16:32:51.0905 4956 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/08/22 16:32:51.0986 4956 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

2011/08/22 16:32:52.0027 4956 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/22 16:32:52.0129 4956 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

2011/08/22 16:32:52.0329 4956 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/08/22 16:32:52.0376 4956 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/22 16:32:52.0477 4956 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/22 16:32:52.0551 4956 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/22 16:32:52.0628 4956 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

2011/08/22 16:32:52.0729 4956 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/22 16:32:52.0824 4956 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/22 16:32:52.0890 4956 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/08/22 16:32:52.0995 4956 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

2011/08/22 16:32:53.0047 4956 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/22 16:32:53.0162 4956 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

2011/08/22 16:32:53.0263 4956 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

2011/08/22 16:32:53.0321 4956 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

2011/08/22 16:32:53.0399 4956 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

2011/08/22 16:32:53.0487 4956 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

2011/08/22 16:32:53.0547 4956 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

2011/08/22 16:32:53.0656 4956 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

2011/08/22 16:32:53.0754 4956 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

2011/08/22 16:32:53.0789 4956 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

2011/08/22 16:32:53.0832 4956 PCAlertDriver (ce0bf0fa2c3f8cf2549ebf508242a2c9) C:\BizCover\NTGLM7X.sys

2011/08/22 16:32:53.0970 4956 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

2011/08/22 16:32:54.0015 4956 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

2011/08/22 16:32:54.0054 4956 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/08/22 16:32:54.0145 4956 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

2011/08/22 16:32:54.0189 4956 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

2011/08/22 16:32:54.0387 4956 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/22 16:32:54.0580 4956 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

2011/08/22 16:32:54.0687 4956 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/22 16:32:54.0809 4956 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2011/08/22 16:32:54.0875 4956 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

2011/08/22 16:32:54.0937 4956 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/08/22 16:32:55.0040 4956 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/22 16:32:55.0098 4956 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/22 16:32:55.0176 4956 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/08/22 16:32:55.0261 4956 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/22 16:32:55.0294 4956 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/22 16:32:55.0314 4956 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/22 16:32:55.0420 4956 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/22 16:32:55.0484 4956 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/08/22 16:32:55.0577 4956 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/22 16:32:55.0722 4956 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

2011/08/22 16:32:55.0765 4956 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/22 16:32:55.0862 4956 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

2011/08/22 16:32:55.0946 4956 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

2011/08/22 16:32:56.0070 4956 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

2011/08/22 16:32:56.0150 4956 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

2011/08/22 16:32:56.0274 4956 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/22 16:32:56.0361 4956 RTL8023xp (166911eada13cd34dd8f8c667707be94) C:\Windows\system32\DRIVERS\Rtnicxp.sys

2011/08/22 16:32:56.0434 4956 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\Windows\system32\DRIVERS\Rt86win7.sys

2011/08/22 16:32:56.0560 4956 RTL8187 (325590e7e9587459643ba24d2cf73bf2) C:\Windows\system32\DRIVERS\rtl8187.sys

2011/08/22 16:32:56.0645 4956 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

2011/08/22 16:32:56.0759 4956 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

2011/08/22 16:32:56.0908 4956 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

2011/08/22 16:32:57.0002 4956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/22 16:32:57.0095 4956 Sentinel (8627c992b8a80504fc477b2e8ff8ec4f) C:\Windows\System32\Drivers\SENTINEL.SYS

2011/08/22 16:32:57.0125 4956 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

2011/08/22 16:32:57.0164 4956 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

2011/08/22 16:32:57.0272 4956 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

2011/08/22 16:32:57.0321 4956 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

2011/08/22 16:32:57.0361 4956 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/22 16:32:57.0405 4956 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/22 16:32:57.0491 4956 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/08/22 16:32:57.0596 4956 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

2011/08/22 16:32:57.0691 4956 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/08/22 16:32:57.0753 4956 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/08/22 16:32:57.0773 4956 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

2011/08/22 16:32:57.0906 4956 SNTNLUSB (87f799c486302aceff098e067d481d9c) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS

2011/08/22 16:32:57.0952 4956 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

2011/08/22 16:32:58.0072 4956 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

2011/08/22 16:32:58.0125 4956 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/22 16:32:58.0258 4956 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/22 16:32:58.0300 4956 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

2011/08/22 16:32:58.0370 4956 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

2011/08/22 16:32:58.0463 4956 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

2011/08/22 16:32:58.0495 4956 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

2011/08/22 16:32:58.0625 4956 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys

2011/08/22 16:32:58.0739 4956 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/22 16:32:58.0819 4956 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/22 16:32:58.0911 4956 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

2011/08/22 16:32:58.0991 4956 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

2011/08/22 16:32:59.0061 4956 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/22 16:32:59.0159 4956 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

2011/08/22 16:32:59.0325 4956 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/22 16:32:59.0397 4956 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

2011/08/22 16:32:59.0526 4956 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/22 16:32:59.0564 4956 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

2011/08/22 16:32:59.0696 4956 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/22 16:32:59.0802 4956 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/22 16:32:59.0827 4956 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

2011/08/22 16:32:59.0908 4956 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

2011/08/22 16:32:59.0967 4956 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys

2011/08/22 16:33:00.0039 4956 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

2011/08/22 16:33:00.0117 4956 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/22 16:33:00.0156 4956 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/22 16:33:00.0273 4956 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

2011/08/22 16:33:00.0311 4956 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/22 16:33:00.0378 4956 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

2011/08/22 16:33:00.0445 4956 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/08/22 16:33:00.0538 4956 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/22 16:33:00.0570 4956 usb_rndisx (d82f43d15fdaa666856c0190cb73e7c9) C:\Windows\system32\DRIVERS\usb8023x.sys

2011/08/22 16:33:00.0631 4956 VarianSimpleGpib (7ed1f3eb484da3cc5a1654b2ccf72b1c) C:\Windows\system32\drivers\VarianSimpleGpib.sys

2011/08/22 16:33:00.0826 4956 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

2011/08/22 16:33:00.0909 4956 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/22 16:33:00.0993 4956 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

2011/08/22 16:33:01.0063 4956 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

2011/08/22 16:33:01.0139 4956 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

2011/08/22 16:33:01.0194 4956 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

2011/08/22 16:33:01.0261 4956 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

2011/08/22 16:33:01.0331 4956 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

2011/08/22 16:33:01.0369 4956 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

2011/08/22 16:33:01.0399 4956 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

2011/08/22 16:33:01.0502 4956 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

2011/08/22 16:33:01.0574 4956 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

2011/08/22 16:33:01.0680 4956 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/08/22 16:33:01.0733 4956 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

2011/08/22 16:33:01.0773 4956 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/08/22 16:33:01.0882 4956 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

2011/08/22 16:33:01.0961 4956 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/22 16:33:01.0987 4956 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/22 16:33:02.0102 4956 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

2011/08/22 16:33:02.0152 4956 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/22 16:33:02.0367 4956 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/08/22 16:33:02.0401 4956 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

2011/08/22 16:33:02.0506 4956 WINUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\drivers\WinUSB.SYS

2011/08/22 16:33:02.0578 4956 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

2011/08/22 16:33:02.0653 4956 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/22 16:33:02.0740 4956 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

2011/08/22 16:33:02.0857 4956 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/22 16:33:02.0941 4956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/08/22 16:33:02.0956 4956 Boot (0x1200) (76f9319d8a7112f9185ef0e4eabafd74) \Device\Harddisk0\DR0\Partition0

2011/08/22 16:33:02.0980 4956 Boot (0x1200) (dfdc34fda45396c00affe423c15da593) \Device\Harddisk0\DR0\Partition1

2011/08/22 16:33:03.0020 4956 Boot (0x1200) (bf05e9387591a3fb84db0bbbe645a513) \Device\Harddisk0\DR0\Partition2

2011/08/22 16:33:03.0024 4956 ================================================================================

2011/08/22 16:33:03.0025 4956 Scan finished

2011/08/22 16:33:03.0025 4956 ================================================================================

2011/08/22 16:33:03.0043 3980 Detected object count: 0

2011/08/22 16:33:03.0044 3980 Actual detected object count: 0

2011/08/22 16:33:09.0125 2492 Deinitialize success

 

 

 

 

 

 

 

 

 

 

 

 

and systemlook:

 

SystemLook 30.07.11 by jpshortstuff

Log created at 16:40 on 22/08/2011 by Administrator

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "sptd.sys"

No files found.

 

-= EOF =-

Link to comment
Share on other sites

Thanks, adam7979.

 

Did you get a defogger_disable log on your Desktop?

 

If so, please post.

 

Also, you were geting some notices from your AV. Is it identifying any files? If so, can you provide them?

 

Last, please remove ComboFix, download a new copy, and post a fresh log:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

The malicious files you initially had do not show up now...

Edited by Aaflac
Link to comment
Share on other sites

defogger:

 

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 08:27 on 23/08/2011 (Administrator)

 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

 

Checking for services/drivers...

 

 

-=E.O.F=-

 

 

Combofix:

 

ComboFix 11-08-22.04 - Administrator 23-Aug-11 9:13.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2941.2122 [GMT 8:00]

Running from: c:\windows\adsspy\ComboFix2.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

* Resident AV is active

.

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\$NtUninstallKB44174$

c:\windows\$NtUninstallKB44174$\1739741548

.

.

((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))

.

.

2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\users\user\AppData\Local\temp

2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\users\hp\AppData\Local\temp

2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-23 01:22 . 2011-08-23 01:22 -------- d-----w- c:\users\adam\AppData\Local\temp

2011-08-22 07:03 . 2011-07-14 09:47 -------- d-----w- C:\KSIS

2011-08-20 02:08 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE413F33-64D1-40FC-8006-9987F6B60C69}\mpengine.dll

2011-08-19 03:02 . 2011-08-19 03:21 -------- d-----w- C:\ComboFix

2011-08-19 01:59 . 2011-08-23 01:04 -------- d-----w- c:\windows\adsspy

2011-08-18 07:28 . 2011-08-18 07:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-18 06:58 . 2011-08-18 06:58 -------- d-----w- c:\users\Administrator\AppData\Local\Sunbelt Software

2011-08-18 06:51 . 2011-08-18 06:51 -------- dc----w- c:\windows\system32\DRVSTORE

2011-08-18 06:51 . 2011-07-21 06:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\programdata\Lavasoft

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\program files\Lavasoft

2011-08-18 04:09 . 2011-08-18 04:09 388608 ----a-w- C:\HijackThis.exe

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes

2011-08-18 04:03 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 04:03 . 2011-08-18 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 04:03 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d--h--w- c:\windows\PIF

2011-08-18 03:29 . 2011-08-18 03:29 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-18 03:29 . 2011-08-18 03:29 -------- d-----w- c:\program files\Trend Micro

2011-08-18 02:04 . 2011-08-18 02:04 -------- d-----w- c:\programdata\CrypKey

2011-08-18 01:40 . 2006-04-17 03:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll

2011-08-18 01:40 . 2004-10-16 13:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll

2011-08-18 01:40 . 2011-08-18 01:40 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery

2011-08-18 01:26 . 2011-08-18 02:04 -------- d-----w- C:\stellar

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- C:\Log

2011-08-18 01:10 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe

2011-08-18 01:10 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys

2011-08-18 01:10 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe

2011-08-18 01:10 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe

2011-08-18 01:10 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll

2011-08-18 01:10 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- c:\program files\Stellar Phoenix CD DVD Data Recovery

2011-08-16 01:48 . 2011-08-16 01:49 -------- d-----w- C:\show

2011-08-10 07:00 . 2011-08-10 07:00 -------- d-----w- C:\address book tl

2011-08-10 07:00 . 2011-08-10 07:08 -------- d-----w- C:\nooraliza.KSMDOMAIN

2011-08-10 04:49 . 2011-06-21 05:28 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-10 04:49 . 2011-07-22 04:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-10 04:49 . 2011-06-21 05:25 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2011-08-10 04:38 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 04:37 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 04:37 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 04:12 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 04:12 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 04:12 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 04:12 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 04:12 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 04:12 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-05 04:16 . 2011-08-05 04:21 -------- d-----w- C:\b1

2011-08-03 04:26 . 2011-08-03 04:26 -------- d-----w- C:\New Folder (2)

2011-08-03 00:20 . 2011-08-03 00:21 -------- d-----w- C:\file

2011-07-28 06:01 . 2011-07-28 06:01 -------- d-----w- C:\cccc

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-19 02:07 . 2011-04-23 00:30 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-18 00:15 . 2011-06-07 00:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-21 06:35 . 2011-07-21 06:35 0 ---ha-w- c:\users\Administrator\AppData\Local\BIT2FF5.tmp

2011-07-12 07:08 . 2011-07-13 08:25 59392 ----a-w- c:\windows\nc.exe

2011-06-11 02:29 . 2011-07-13 07:26 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-08-23 00:23 . 2011-04-26 03:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"LanTalk"="c:\program files\CEZEO software\LanTalk XP\LanTalk.exe" [2010-06-17 330752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-27 570664]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

192.168.0.5.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

192.168.0.50.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

intra.lnk - [N/A]

sco_sv.lnk - [N/A]

todo.txt [2011-8-15 12124]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

System Information.lnk - c:\varian\Cary WinUV\SystemInformation.exe [2011-1-19 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 EMSService;Schedule Service;c:\program files\EMS\ScheduleService.exe [x]

R2 FCary;FCary; [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 130560]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 130560]

R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 31232]

R3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2008-09-19 30208]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-05 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

S2 VarianSimpleGpib;VarianSimpleGpib; [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://intra.ks.com/

uInternet Settings,ProxyServer = intra.ks.com:8080

uInternet Settings,ProxyOverride = 192.168*;*intra.ks.com

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: rwgenting.com\book

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: Interfaces\{C98BAFA9-BEA7-46CD-9D88-24D180A8BF60}: NameServer = 192.168.0.1,8.8.8.8

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\95dmuv5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.my

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,63,bb,d0,bf,ba,ef,49,b4,79,af,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,01,63,a9,86,b2,47,43,a4,fb,0c,\

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LOG\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\WORDPAD.EXE"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wordpad.exe"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="textfile"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

Completion time: 2011-08-23 09:24:18

ComboFix-quarantined-files.txt 2011-08-23 01:24

ComboFix2.txt 2011-08-19 03:21

.

Pre-Run: 19,782,447,104 bytes free

Post-Run: 19,826,737,152 bytes free

.

- - End Of File - - 04C2CF9BECFD954F1CA8A1C00B0964FC

 

 

 

 

 

 

 

and about antivirus, those warning seems to have gone away...... and, sptd.sys disappeared. Filelook can't locate it either.

 

When combofix was executed, it said "bla bla bla zeroaccess.rootkit is detected in TCP/IP stack !!! bla bla bla". After that, "rootkit is detected, combofix will now restart your machine"

 

 

Thanks again for your time.

Link to comment
Share on other sites

The elusive ZeroAccess Rootkit saga...

 

Please download the GMER Rootkit Scanner:

http://majorgeeks.com/downloadget.php?id=5198&file=15&evp=3f18075291813a665b2a25536a70b307

 

Save the file to the Desktop

 

Disable your Anti Virus and any other protection programs that are currently running.

 

Right-click the file and select: Run as Administrator

GMER will begin an initial scan.

 

If the initial scan gives a warning about rootkit activity and asks if you want to run a scan...click: NO

 

Now, configure GMER as follows:

 

In the right panel, there are several boxes checked.

Uncheck the following ...

-IAT/EAT

-Drives/Partition other than Systemdrive (typically C:\)

-Show All (don't miss this one)

 

Click the Scan button and wait for it to finish.

 

Once done click on the [save..] button, and in the File name area, type in: ark.txtSave it to the Desktop

 

Please provide the ark.txt in your reply.

 

 

**Caution**

1. Do not use your computer for anything else during the scan.

2. Rootkit scans often produce false positives. Please, do NOT take action on any "<--- ROOKIT" entries

Edited by Aaflac
Link to comment
Share on other sites

gmer:

 

 

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2011-08-24 10:54:24

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JPFO

Running: gmer.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\fxldapog.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83C4D349 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83C86D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 C4842000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 C4842123 486 Bytes [D5, 83, C4, FE, 05, 34, D5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 529A C484230A 142 Bytes [83, C4, 3B, 08, 77, 04, 3B, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 C4842399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F C48423FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE ...

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 752FF4FB 4 Bytes [C2, 04, 00, 00]

.text C:\Windows\Explorer.EXE[2192] SHELL32.dll!SHFileOperationW 75F696F6 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll

 

---- Devices - GMER 1.0.15 ----

 

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

 

Device \Driver\ACPI_HAL \Device\0000005f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

 

---- Threads - GMER 1.0.15 ----

 

Thread System [4:2756] C484FF2E

 

---- Files - GMER 1.0.15 ----

 

File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HK0SXQE\tabswelcome[1] 14052 bytes

File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HK0SXQE\email_sm[1].gif 135 bytes

File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HK0SXQE\clip[1].gif 63 bytes

File C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HK0SXQE\xml_topic[1].js 7027 bytes

File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\QDHBDBO2.txt 383 bytes

File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\FZDO12TD.txt 397 bytes

File C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\2JOO5R5A.txt 729 bytes

File C:\Users\Administrator\AppData\Roaming\Thunderbird\Profiles\d8on5vl8.default\places.sqlite-shm 32768 bytes

File C:\Users\Administrator\AppData\Roaming\Thunderbird\Profiles\d8on5vl8.default\places.sqlite-wal 0 bytes

 

---- EOF - GMER 1.0.15 ----

Link to comment
Share on other sites

adam7979,

 

Is this the prompt you got (Post #15):

 

Posted Image

 

 

 

Please download the Kaspersky Virus Removal Tool:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

 

Right-click on the file you just downloaded and select: Run as Administrator

It installs to your Desktop.

 

In the prompt that appears, place a check next to My Computer

 

Click on the option that says 'Threat Detection' and change it to 'Disinfect, delete if disinfection fails'.

Then click on Start Scan.

 

Before it is done it may prompt for action regardless of the setting, so select 'Delete' if prompted.

 

When the scan is done, click on 'Report'

 

Highlight all of the items found, copy/paste to Notepad, and save on the Desktop.

 

Please post the contents of the report in your reply.

Edited by Aaflac
Link to comment
Share on other sites

yes, "this is a particularly difficult infection" not "difficult" but some other words (sorry about my limited vocab)

 

The message did not appear anymore on second time running combofix:

 

ComboFix 11-08-24.01 - Administrator 24-Aug-11 13:51:23.3.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2941.1547 [GMT 8:00]

Running from: c:\windows\adsspy\ComboFix2.exe

AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))

.

.

2011-08-24 05:57 . 2011-08-24 05:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2011-08-24 05:57 . 2011-08-24 05:57 -------- d-----w- c:\users\user\AppData\Local\temp

2011-08-24 05:57 . 2011-08-24 05:57 -------- d-----w- c:\users\hp\AppData\Local\temp

2011-08-24 05:57 . 2011-08-24 05:57 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-24 05:57 . 2011-08-24 05:57 -------- d-----w- c:\users\adam\AppData\Local\temp

2011-08-23 09:37 . 2009-05-18 05:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2011-08-23 09:37 . 2008-04-17 04:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll

2011-08-23 09:37 . 2011-08-23 09:37 -------- d-----w- c:\program files\iPod

2011-08-23 09:37 . 2011-08-23 09:37 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-08-23 09:37 . 2011-08-23 09:37 -------- d-----w- c:\program files\iTunes

2011-08-23 09:35 . 2011-08-23 09:35 -------- d-----w- c:\program files\Apple Software Update

2011-08-23 09:35 . 2011-08-23 09:35 -------- d-----w- c:\program files\Bonjour

2011-08-23 09:32 . 2011-08-23 09:34 81229680 ----a-w- C:\iTunesSetup.exe

2011-08-23 09:17 . 2011-08-23 09:17 -------- d-----w- c:\users\Administrator\AppData\Roaming\redsn0w

2011-08-22 07:03 . 2011-07-14 09:47 -------- d-----w- C:\KSIS

2011-08-20 02:08 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EE413F33-64D1-40FC-8006-9987F6B60C69}\mpengine.dll

2011-08-19 03:02 . 2011-08-19 03:21 -------- d-----w- C:\ComboFix

2011-08-19 01:59 . 2011-08-24 05:49 -------- d-----w- c:\windows\adsspy

2011-08-18 07:28 . 2011-08-18 07:28 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-08-18 06:58 . 2011-08-18 06:58 -------- d-----w- c:\users\Administrator\AppData\Local\Sunbelt Software

2011-08-18 06:51 . 2011-08-23 09:37 -------- dc----w- c:\windows\system32\DRVSTORE

2011-08-18 06:51 . 2011-07-21 06:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\programdata\Lavasoft

2011-08-18 06:51 . 2011-08-18 06:51 -------- d-----w- c:\program files\Lavasoft

2011-08-18 04:09 . 2011-08-18 04:09 388608 ----a-w- C:\HijackThis.exe

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes

2011-08-18 04:03 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 04:03 . 2011-08-18 07:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 04:03 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-18 04:03 . 2011-08-18 04:03 -------- d--h--w- c:\windows\PIF

2011-08-18 03:29 . 2011-08-18 03:29 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-18 03:29 . 2011-08-18 03:29 -------- d-----w- c:\program files\Trend Micro

2011-08-18 02:04 . 2011-08-18 02:04 -------- d-----w- c:\programdata\CrypKey

2011-08-18 01:40 . 2006-04-17 03:56 1207808 ----a-w- c:\windows\system32\PhoenixDll.dll

2011-08-18 01:40 . 2004-10-16 13:46 178176 ----a-w- c:\windows\system32\StellarProfile.dll

2011-08-18 01:40 . 2011-08-18 01:40 -------- d-----w- c:\program files\Stellar Phoenix Windows Data Recovery

2011-08-18 01:26 . 2011-08-18 02:04 -------- d-----w- C:\stellar

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- C:\Log

2011-08-18 01:10 . 2008-05-07 23:29 122880 ----a-w- c:\windows\system32\Crypserv.exe

2011-08-18 01:10 . 2008-03-17 16:45 19584 ----a-w- c:\windows\system32\Ckldrv.sys

2011-08-18 01:10 . 1999-06-18 20:49 165888 ----a-w- c:\windows\Ckconfig.exe

2011-08-18 01:10 . 1996-05-03 16:21 27648 ----a-r- c:\windows\Setup_ck.exe

2011-08-18 01:10 . 1996-05-03 14:36 18432 ----a-w- c:\windows\Setup_ck.dll

2011-08-18 01:10 . 1995-07-04 17:33 11776 ----a-w- c:\windows\Ckrfresh.exe

2011-08-18 01:10 . 2011-08-18 01:10 -------- d-----w- c:\program files\Stellar Phoenix CD DVD Data Recovery

2011-08-16 01:48 . 2011-08-16 01:49 -------- d-----w- C:\show

2011-08-10 07:00 . 2011-08-10 07:00 -------- d-----w- C:\address book tl

2011-08-10 07:00 . 2011-08-10 07:08 -------- d-----w- C:\nooraliza.KSMDOMAIN

2011-08-10 04:49 . 2011-06-21 05:28 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-10 04:49 . 2011-07-22 04:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-08-10 04:49 . 2011-06-21 05:25 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2011-08-10 04:38 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-10 04:37 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 04:37 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-10 04:12 . 2011-06-15 08:55 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-10 04:12 . 2011-06-15 08:55 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-10 04:12 . 2011-06-15 08:55 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-10 04:12 . 2011-06-15 08:55 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-10 04:12 . 2011-06-15 08:55 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-10 04:12 . 2011-06-15 08:54 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

2011-08-05 04:16 . 2011-08-05 04:21 -------- d-----w- C:\b1

2011-08-03 04:26 . 2011-08-03 04:26 -------- d-----w- C:\New Folder (2)

2011-08-03 00:20 . 2011-08-03 00:21 -------- d-----w- C:\file

2011-07-28 06:01 . 2011-07-28 06:01 -------- d-----w- C:\cccc

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-19 02:07 . 2011-04-23 00:30 187904 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-08-18 00:15 . 2011-06-07 00:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-21 06:35 . 2011-07-21 06:35 0 ---ha-w- c:\users\Administrator\AppData\Local\BIT2FF5.tmp

2011-07-12 07:08 . 2011-07-13 08:25 59392 ----a-w- c:\windows\nc.exe

2011-07-12 03:20 . 2011-07-12 03:20 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 03:20 . 2011-07-12 03:20 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 03:20 . 2011-07-12 03:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 03:20 . 2011-07-12 03:20 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-06-11 02:29 . 2011-07-13 07:26 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-08-23 00:23 . 2011-04-26 03:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BizCover"="c:\bizcover\StartBizCover.exe" [2009-10-28 204088]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"LanTalk"="c:\program files\CEZEO software\LanTalk XP\LanTalk.exe" [2010-06-17 330752]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-27 570664]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

192.168.0.5.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

192.168.0.50.lnk - c:\edp1\console telnet\TELNET.EXE [2009-6-2 306688]

intra.lnk - [N/A]

sco_sv.lnk - [N/A]

todo.txt [2011-8-15 12124]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

System Information.lnk - c:\varian\Cary WinUV\SystemInformation.exe [2011-1-19 597504]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 EMSService;Schedule Service;c:\program files\EMS\ScheduleService.exe [x]

R2 FCary;FCary; [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 130560]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]

R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 130560]

R3 ip100Avista;TP-LINK 10/100Mbps PCI Network Adapter NT Driver;c:\windows\system32\DRIVERS\ipfnd51.sys [2009-03-18 31232]

R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-06 375808]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-05 1343400]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-05-14 93312]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

S2 VarianSimpleGpib;VarianSimpleGpib; [x]

S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-08-11 29248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

S3 PCAlertDriver;PCAlertDriver;c:\bizcover\NTGLM7X.sys [2008-09-19 30208]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - fxldapog

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

2011-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 03:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://intra.keckseng.com/

uInternet Settings,ProxyServer = intra.keckseng.com:8080

uInternet Settings,ProxyOverride = 192.168*;*intra.keckseng.com;*.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: rwgenting.com\book

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

TCP: Interfaces\{C98BAFA9-BEA7-46CD-9D88-24D180A8BF60}: NameServer = 192.168.0.1,8.8.8.8

FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\95dmuv5q.default\

FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

FF - prefs.js: browser.startup.homepage - www.google.com.my

FF - prefs.js: keyword.URL - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,63,bb,d0,bf,ba,ef,49,b4,79,af,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,00,01,63,a9,86,b2,47,43,a4,fb,0c,\

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3G2"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.3GP"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AVI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.CDA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LOG\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\WORDPAD.EXE"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.m3u"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M4A"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MOV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP3"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MPEG"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.M2TS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.php\UserChoice]

@Denied: (2) (Administrator)

"Progid"="Applications\\wordpad.exe"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MIDI"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice]

@Denied: (2) (Administrator)

"Progid"="textfile"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WAX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ThunderbirdEML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASF"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMA"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMV"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ASX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WVX"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-2743775528-2047896128-1595387412-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

Completion time: 2011-08-24 13:59:51

ComboFix-quarantined-files.txt 2011-08-24 05:59

ComboFix2.txt 2011-08-23 01:24

ComboFix3.txt 2011-08-19 03:21

.

Pre-Run: 19,041,697,792 bytes free

Post-Run: 19,011,514,368 bytes free

.

- - End Of File - - A0A32F775CCFDD7F5FFA88E9821FD421

 

 

 

 

 

will run kaspersky soon. 99MB is gonna take me an hour to do so.

 

 

 

 

 

 

 

 

edit: kaspersky basically found nothing except the "mother of rootkit i double clicked.exe" i stored in drive C:\

 

24-Aug-11 3:00:13 PM Detected: Backdoor.Win32.ZAccess.mh C:\users\administrator\Desktop\<blablabla>.exe

 

 

and some interesting entries:

 

 

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0149/#/PE_Patch

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0149/data0000.res/PE_Patch

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0144/PE_Patch.PECompact

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0144/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0143/PE_Patch.PECompact

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0143/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0130/#/PE_Patch

24-Aug-11 2:59:22 PM OK C:\windows\adsspy\ComboFix2.exe/UPX/data0130/data0000.res/PE_Patch

24-Aug-11 2:59:00 PM OK C:\windows\System32\drivers\secdrv.sys/PE_Patch

24-Aug-11 2:58:57 PM OK C:\BizCover\NTGLM7X.sys/PE_Patch

24-Aug-11 2:58:56 PM OK C:\windows\System32\drivers\nfrd960.sys/PE_Patch

24-Aug-11 2:58:51 PM OK C:\windows\System32\drivers\iirsp.sys/PE_Patch

24-Aug-11 2:58:51 PM OK C:\windows\System32\drivers\iirsp.sys/PE_Patch/PE_Patch

24-Aug-11 2:58:46 PM OK C:\windows\System32\drivers\connctfy.sys/PE_Patch

24-Aug-11 2:58:45 PM OK C:\windows\System32\drivers\BrUsbSer.sys/PE_Patch

24-Aug-11 2:58:45 PM OK C:\windows\System32\drivers\BrUsbMdm.sys/PE_Patch

24-Aug-11 2:58:45 PM OK C:\windows\System32\drivers\BrSerWdm.sys/PE_Patch

24-Aug-11 2:58:44 PM OK C:\windows\System32\drivers\BrSerId.sys/PE_Patch

24-Aug-11 2:58:44 PM OK C:\windows\System32\drivers\BrFiltUp.sys/PE_Patch

24-Aug-11 2:58:44 PM OK C:\windows\System32\drivers\BrFiltLo.sys/PE_Patch

24-Aug-11 2:58:43 PM OK C:\windows\System32\drivers\djsvs.sys/PE_Patch

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:26 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 2:59:26 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:22 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/UPX/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:22 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/UPX/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:26 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 2:59:22 PM Packed: PE_Patch C:\windows\adsspy\ComboFix2.exe/UPX/data0149/#

24-Aug-11 2:59:22 PM Packed: PE_Patch C:\windows\adsspy\ComboFix2.exe/UPX/data0149/data0000.res

24-Aug-11 2:59:00 PM Packed: PE_Patch C:\windows\System32\drivers\secdrv.sys

24-Aug-11 2:58:57 PM Packed: PE_Patch C:\BizCover\NTGLM7X.sys

24-Aug-11 2:58:56 PM Packed: PE_Patch C:\windows\System32\drivers\nfrd960.sys

24-Aug-11 2:58:51 PM Packed: PE_Patch C:\windows\System32\drivers\iirsp.sys/PE_Patch

24-Aug-11 2:58:51 PM Packed: PE_Patch C:\windows\System32\drivers\iirsp.sys

24-Aug-11 2:58:46 PM Packed: PE_Patch C:\windows\System32\drivers\connctfy.sys

24-Aug-11 2:58:45 PM Packed: PE_Patch C:\windows\System32\drivers\BrUsbSer.sys

24-Aug-11 2:58:45 PM Packed: PE_Patch C:\windows\System32\drivers\BrUsbMdm.sys

24-Aug-11 2:58:45 PM Packed: PE_Patch C:\windows\System32\drivers\BrSerWdm.sys

24-Aug-11 2:58:44 PM Packed: PE_Patch C:\windows\System32\drivers\BrSerId.sys

24-Aug-11 2:58:44 PM Packed: PE_Patch C:\windows\System32\drivers\BrFiltUp.sys

24-Aug-11 2:58:44 PM Packed: PE_Patch C:\windows\System32\drivers\BrFiltLo.sys

24-Aug-11 2:58:43 PM Packed: PE_Patch C:\windows\System32\drivers\djsvs.sys

24-Aug-11 2:59:22 PM Packed: PE_Patch C:\windows\adsspy\ComboFix2.exe/UPX/data0130/#

24-Aug-11 2:59:22 PM Packed: PE_Patch C:\windows\adsspy\ComboFix2.exe/UPX/data0130/data0000.res

24-Aug-11 2:59:26 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/data0144

24-Aug-11 2:59:22 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/UPX/data0144

24-Aug-11 2:59:22 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/UPX/data0143

24-Aug-11 2:59:26 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/data0143

24-Aug-11 2:59:26 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact

24-Aug-11 2:59:22 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/UPX/data0144/PE_Patch.PECompact

24-Aug-11 2:59:22 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/UPX/data0143/PE_Patch.PECompact

24-Aug-11 2:59:26 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact

24-Aug-11 3:59:30 PM OK c:\windows\SoftwareDistribution\Download\Install\mpas-d_bd1.exe/PE_Patch

24-Aug-11 3:59:30 PM Packed: PE_Patch c:\windows\SoftwareDistribution\Download\Install\mpas-d_bd1.exe

24-Aug-11 3:59:13 PM OK c:\Users\Administrator\Desktop\Win32kDiag.exe/PE_Patch.PECompact

24-Aug-11 3:59:13 PM OK c:\Users\Administrator\Desktop\Win32kDiag.exe/PE_Patch.PECompact/PecBundle

24-Aug-11 3:59:13 PM OK c:\Users\Administrator\Desktop\Win32kDiag.exe/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 3:59:13 PM Packed: PECompact c:\Users\Administrator\Desktop\Win32kDiag.exe/PE_Patch.PECompact/PecBundle

24-Aug-11 3:59:13 PM Packed: PecBundle c:\Users\Administrator\Desktop\Win32kDiag.exe/PE_Patch.PECompact

24-Aug-11 3:59:13 PM Packed: PE_Patch.PECompact c:\Users\Administrator\Desktop\Win32kDiag.exe

24-Aug-11 3:56:03 PM OK c:\Program Files\Common Files\Business Objects\2.7\Bin\crdb_adoplus_res_en.dll/PE_Patch

24-Aug-11 3:56:03 PM Packed: PE_Patch c:\Program Files\Common Files\Business Objects\2.7\Bin\crdb_adoplus_res_en.dll

24-Aug-11 3:55:27 PM OK c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll/PE_Patch

24-Aug-11 3:55:27 PM Packed: PE_Patch c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\NPSWF32.dll

24-Aug-11 3:55:17 PM OK c:\Program Files\BetterJPEG 2\BetterJPEG.exe/PE_Patch

24-Aug-11 3:55:17 PM OK c:\Program Files\BetterJPEG 2\BetterJPEG.exe/PE_Patch/ASProtect

24-Aug-11 3:55:17 PM Packed: ASProtect c:\Program Files\BetterJPEG 2\BetterJPEG.exe/PE_Patch

24-Aug-11 3:55:17 PM OK c:\Program Files\BetterJPEG 2\BetterJPEG.exe/PE_Patch/ASProtect14

24-Aug-11 3:55:17 PM Packed: PE_Patch c:\Program Files\BetterJPEG 2\BetterJPEG.exe

24-Aug-11 3:53:57 PM OK C:\ComboFix231061C\pev.cfxxe/PE_Patch.PECompact

24-Aug-11 3:53:57 PM OK C:\ComboFix231061C\pev.cfxxe/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:57 PM OK C:\ComboFix231061C\pev.cfxxe/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 3:53:57 PM Packed: PECompact C:\ComboFix231061C\pev.cfxxe/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:57 PM Packed: PecBundle C:\ComboFix231061C\pev.cfxxe/PE_Patch.PECompact

24-Aug-11 3:53:57 PM Packed: PE_Patch.PECompact C:\ComboFix231061C\pev.cfxxe

24-Aug-11 3:53:22 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact

24-Aug-11 3:53:22 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:22 PM OK C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 3:53:22 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:22 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/data0144/PE_Patch.PECompact

24-Aug-11 3:53:22 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/data0144

24-Aug-11 3:53:21 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact

24-Aug-11 3:53:21 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:21 PM OK C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle/PECompact

24-Aug-11 3:53:21 PM Packed: PECompact C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact/PecBundle

24-Aug-11 3:53:21 PM Packed: PecBundle C:\windows\adsspy\ComboFix2.exe/data0143/PE_Patch.PECompact

24-Aug-11 3:53:21 PM Packed: PE_Patch.PECompact C:\windows\adsspy\ComboFix2.exe/data0143

 

 

 

if you still require the whole (big) log file i'll just post it here.

Edited by adam7979
Link to comment
Share on other sites

adam7979,

 

Since the Kaspersky report is quite large, please go to the ‘Uploading’ website:

http://uploading.com/files/upload/

 

 

In: Select files to upload, click 'Browse', and 'Look in' the location where it is saved

Select the Kaspersky report, and click on 'Open'

You will see the following:

“Your file has been uploaded successfully: (Name and size of the file)”

 

Please copy the 'Download link', and provide it in your reply.

 

Thanks

Link to comment
Share on other sites

I think you really don't want to view this one, it's over 400MB +. The scan alone took around 8-10 hours. Anyway hope you don't mind that i'll PM the link to you to download the rar file instead of posting it here because there are too many private :filtered: in it. Anyway some of the entries are well taken care of since the one in c:\edp1 is actually copied over from my old hard disk, so they are basically sitting there doing nothing.

 

Also, i'll try some other antivirus + a few more time of combofix in near future (just in case they updated the definition). Thanks for all the advice and help you've given.

Edited by adam7979
Link to comment
Share on other sites

It is not possible for me to download the RAR file. My system keeps locking up.

 

PE and UPX files are not viruses. They are packers.

 

UPX = Ultimate Packer for eXecutables. A free and open source executable packer supporting a number of file formats from different operating systems.

 

PE = Portable Executable. A file format used for lots of Windows executables, DLL or EXE.

 

Looks as if a setting in the Kaspersky Virus Removal Tool is geared to detect these.

 

 

edit: kaspersky basically found nothing except the "mother of rootkit i double clicked.exe" i stored in drive C:\

 

24-Aug-11 3:00:13 PM Detected: Backdoor.Win32.ZAccess.mh C:\users\administrator\Desktop\<blablabla>.exe

Can you provide the "blablabla" portion of this?

 

 

 

This is not a good idea:

...a few more time of combofix in near future (just in case they updated the definition).

CF results require a review, possible actions, etc.

 

The tool is also powerful enough that, if not used properly, can turn your computer into a doorstop.

Link to comment
Share on other sites

To be honest with you I'm working in the IT industry as well. CF looks promising and i feel pretty comfortable using it, along with couple of tools as suggested by you in earlier post. Since this machine is not quite mission critical one i'll just leave it as it is for now as long as it doesn't redirect me to some stupid websites when i click on the google search result. I've also block this machine from accessing the internet directly and web browsing will be routed thru local squid proxy.

 

i've pm'ed you on the blablabla part, hope you don't mind.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...