Jump to content

Malwarebytes

trojan agents that won't go away

- - - - -
Started by alexinc, May 14 2012 07:03 PM
trojan

57 replies to this topic

#1
alexinc
Posted 14 May 2012 - 07:03 PM

    New Member

  • Members
  • Pip
  • 30 posts
Hi guys. I noticed that when I use Malwarebytes over and over, after restarting the trojans are still there and sometimes I have more infected files than when I scanned before!

This is my log. Thanks for any help with this headache:

---------------------------------------


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7538

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/22/2011 14:21:29
mbam-log-2011-08-22 (14-21-29).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 316329
Time elapsed: 28 minute(s), 18 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
c:\WINDOWS\system32\oleaccrc32.exe (Trojan.Tracur) -> 580 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\mapi3232.dll (Trojan.Tracur.S) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0E4CA718-2DB1-4E65-93C7-39B514C7025d} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E4CA718-2DB1-4E65-93C7-39B514C7025D} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E4CA718-2DB1-4E65-93C7-39B514C7025D} (IPH.GenericBHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BITS32 (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur.S) -> Bad: (C:\WINDOWS\system32\mapi3232.dll) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\usbmons.dll (Trojan.Downloader) -> Delete on reboot.
c:\WINDOWS\system32\mapi3232.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\WINDOWS\system32\atipdlxx32.dll (IPH.GenericBHO) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\tmph9041176854228795358.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\kb2006a.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usbmons.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000c27ec2a91406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000c27ec2a91406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000c27ec2a91406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000c27ec2a91406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c27ec2a91406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c27ec2a91406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c27ec2a91406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000c27ec2a91406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\oleaccrc32.exe (Trojan.Tracur) -> Quarantined and deleted successfully.

#2
MrCharlie
Posted 15 May 2012 - 06:24 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3
alexinc
Posted 15 May 2012 - 04:19 PM

    New Member

  • Members
  • Pip
  • 30 posts
Thanks MrC!

Here is the DDS.txt:

|-----------|


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Administrator at 14:14:17 on 2012-05-15
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\atipdlxx32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\odpdx3232.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steinberg\Cubase Studio 4\Cubase Studio 4.exe
C:\PROGRA~1\SYNCRO~1\POS\SYNSOPOS.exe
C:\Program Files\Propellerhead\Reason\Reason.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsz382.tmp\MBR.DAT
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6DF6B719-B140-40B1-BA68-29991289C2F8} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\windows\system32\atipdlxx32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R? BITS32;Background Intelligent Transfer Service
R? LMIInfo;LogMeIn Kernel Information Provider
R? LMIRfsClientNP;LMIRfsClientNP
R? WsAudio_DeviceS(1);WsAudio_DeviceS(1)
R? WsAudio_DeviceS(2);WsAudio_DeviceS(2)
R? WsAudio_DeviceS(3);WsAudio_DeviceS(3)
R? WsAudio_DeviceS(4);WsAudio_DeviceS(4)
R? WsAudio_DeviceS(5);WsAudio_DeviceS(5)
S? iPod Service32;iPod Service
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? LynxWDM;LynxWDM
S? mv614x;mv614x
S? SynasUSB;SynasUSB
.
=============== Created Last 30 ================
.
2012-05-14 23:57:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 23:22:33 270336 ----a-w- c:\windows\system32\atipdlxx32.dll
2012-05-14 23:17:35 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-14 23:14:24 -------- d-----w- c:\windows\system32\syncdb
2012-04-29 23:40:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 23:40:56 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-04-29 23:40:45 472864 -c--a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24:02 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-03-26 21:24:02 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-03-26 21:24:02 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-03-26 21:24:02 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-03-26 21:24:02 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
.
============= FINISH: 14:15:17.64 ===============

And here is the Attach.txt:

|--------|


.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Antares Tube VST v1.02
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtsAcoustic Reverb 1.2.2
ASIO4ALL
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chinese (Traditional) Language Support
Dropbox
DVD Decrypter (Remove Only)
FileZilla Client 3.5.0
Google Chrome
HashCheck Shell Extension (x86-32)
Interlok driver setup x32
IrfanView (remove only)
iTunes
iZotope Ozone 4
Japanese Language Support
Java Auto Updater
Java™ 6 Update 32
Korean Language Support
Lynx Version 2 Driver (Remove Only)
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MSXML 6.0 Parser
Native Instruments Absynth 4
Native Instruments Akoustik Piano
Native Instruments B4 II
Native Instruments Battery 3
Native Instruments Elektrik Piano 1.5
Native Instruments FM8
Native Instruments Guitar Rig 3
Native Instruments Komplete 5
Native Instruments Kontakt 3
Native Instruments Massive
Native Instruments Pro-53
Native Instruments Reaktor 5
Ohmforce Ohmboyz PRO VST v1.42
PSP VintageWarmer 2.0.0
PSP.Audioware.Lexicon.PSP.42.DX.RTAS.VST.v1.4.1-DAC
QuickTime
Reason 5.0
Series II MIDI
Skins
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
Sonnox Oxford R3 Dynamics Native VST v1.3.1
Sonnox Oxford R3 EQ Native VST v1.6.1
Sonnox Oxford Reverb Native VST v1.0
Sonnox Oxford TransMod Native VST v1.3.1
Starcraft
StarCraft II
Steinberg Cubase Studio 4
Steinberg HALionOne
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
StudioDevil VGA 1.3
Syncrosoft License Control
Update for Windows XP (KB955839)
URS Classic Console Strip Pro VST RTAS v1.0
VLC media player 1.1.11
Waves Mercury Complete VST DX RTAS v1.01
Waves SSL Collection v1.2
Windows Media Format Runtime
WinRAR archiver
Yahoo! Detect
.
==== End Of File ===========================


And here is the RogueKiller:

|---------|


RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Scan -- Date: 05/15/2012 14:19:26

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[FAKED] cdfs.sys : c:\windows\system32\drivers\cdfs.sys --> CANNOT FIX
[FAKED] cdrom.sys : c:\windows\system32\drivers\cdrom.sys --> CANNOT FIX
[FAKED] fltMgr.sys : c:\windows\system32\drivers\fltMgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] mrxsmb.sys : c:\windows\system32\drivers\mrxsmb.sys --> CANNOT FIX
[FAKED] nic1394.sys : c:\windows\system32\drivers\nic1394.sys --> CANNOT FIX
[FAKED] ohci1394.sys : c:\windows\system32\drivers\ohci1394.sys --> CANNOT FIX
[FAKED] rdpdr.sys : c:\windows\system32\drivers\rdpdr.sys --> CANNOT FIX
[FAKED] serial.sys : c:\windows\system32\drivers\serial.sys --> CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF740BB40)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3170123A! ! ! ! ! ! ! ! ! ! ! ! ! ! ! +++++
--- User ---
[MBR] NOT VALID
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD740GD-00FLC0 +++++
--- User ---
[MBR] bff7c1955401226b0282fcceeaa7e3ef
[BSP] bc37b26cf0acbb936e7065781dd0f111 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 70896 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Maxtor 6L300S0 +++++
--- User ---
[MBR] e493e629accd8d24b96cf14eb5aff2d5
[BSP] 8df59c9c16ada969f9cbae2b0148f679 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 286181 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#4
MrCharlie
Posted 15 May 2012 - 04:53 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.
Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:
http://forums.malwar...showtopic=97700

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5
alexinc
Posted 15 May 2012 - 08:00 PM

    New Member

  • Members
  • Pip
  • 30 posts
Understood, MrC, it is uninstalled.

#6
MrCharlie
Posted 15 May 2012 - 08:25 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK Good.
All those [FAKED] files found by RogueKiller are most likely OK.

-------------------------------------------------

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7
alexinc
Posted 16 May 2012 - 04:21 PM

    New Member

  • Members
  • Pip
  • 30 posts
Here is the TDSSKILLER log:

14:17:22.0343 3748 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
14:17:22.0687 3748 ============================================================
14:17:22.0687 3748 Current date / time: 2012/05/16 14:17:22.0687
14:17:22.0687 3748 SystemInfo:
14:17:22.0687 3748
14:17:22.0687 3748 OS Version: 5.1.2600 ServicePack: 3.0
14:17:22.0687 3748 Product type: Workstation
14:17:22.0687 3748 ComputerName: ALEXXX-12E93458
14:17:22.0687 3748 UserName: Administrator
14:17:22.0687 3748 Windows directory: C:\WINDOWS
14:17:22.0687 3748 System windows directory: C:\WINDOWS
14:17:22.0687 3748 Processor architecture: Intel x86
14:17:22.0687 3748 Number of processors: 2
14:17:22.0687 3748 Page size: 0x1000
14:17:22.0687 3748 Boot type: Normal boot
14:17:22.0687 3748 ============================================================
14:17:23.0703 3748 Drive \Device\Harddisk0\DR0 - Size: 0x27433F6000 (157.05 Gb), SectorSize: 0x200, Cylinders: 0x5015, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:17:23.0718 3748 Drive \Device\Harddisk1\DR1 - Size: 0x114FF30000 (69.25 Gb), SectorSize: 0x200, Cylinders: 0x234F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:17:23.0718 3748 Drive \Device\Harddisk2\DR2 - Size: 0x45DECD2000 (279.48 Gb), SectorSize: 0x200, Cylinders: 0x8E83, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:17:23.0734 3748 ============================================================
14:17:23.0734 3748 \Device\Harddisk0\DR0:
14:17:23.0734 3748 Invalid mbr signature
14:17:23.0734 3748 \Device\Harddisk1\DR1:
14:17:23.0734 3748 MBR partitions:
14:17:23.0734 3748 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8A7818F
14:17:23.0734 3748 \Device\Harddisk2\DR2:
14:17:23.0734 3748 MBR partitions:
14:17:23.0734 3748 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EF2A84
14:17:23.0734 3748 ============================================================
14:17:23.0750 3748 D: <-> \Device\Harddisk2\DR2\Partition0
14:17:23.0750 3748 C: <-> \Device\Harddisk1\DR1\Partition0
14:17:23.0750 3748 ============================================================
14:17:23.0750 3748 Initialize success
14:17:23.0750 3748 ============================================================
14:17:42.0921 2312 ============================================================
14:17:42.0921 2312 Scan started
14:17:42.0921 2312 Mode: Manual;
14:17:42.0921 2312 ============================================================
14:17:43.0093 2312 Abiosdsk - ok
14:17:43.0093 2312 abp480n5 - ok
14:17:43.0125 2312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:17:43.0125 2312 ACPI - ok
14:17:43.0140 2312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:17:43.0140 2312 ACPIEC - ok
14:17:43.0140 2312 adpu160m - ok
14:17:43.0171 2312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:17:43.0171 2312 aec - ok
14:17:43.0187 2312 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:17:43.0203 2312 AFD - ok
14:17:43.0203 2312 Aha154x - ok
14:17:43.0203 2312 aic78u2 - ok
14:17:43.0218 2312 aic78xx - ok
14:17:43.0234 2312 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:17:43.0234 2312 Alerter - ok
14:17:43.0250 2312 AliIde - ok
14:17:43.0250 2312 amsint - ok
14:17:43.0296 2312 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:17:43.0296 2312 Apple Mobile Device - ok
14:17:43.0312 2312 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:17:43.0312 2312 AppMgmt - ok
14:17:43.0328 2312 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:17:43.0328 2312 Arp1394 - ok
14:17:43.0343 2312 asc - ok
14:17:43.0343 2312 asc3350p - ok
14:17:43.0359 2312 asc3550 - ok
14:17:43.0406 2312 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:17:43.0406 2312 aspnet_state - ok
14:17:43.0406 2312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:17:43.0406 2312 AsyncMac - ok
14:17:43.0437 2312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:17:43.0437 2312 atapi - ok
14:17:43.0437 2312 Atdisk - ok
14:17:43.0484 2312 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe
14:17:43.0484 2312 Ati HotKey Poller - ok
14:17:43.0531 2312 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe
14:17:43.0546 2312 ATI Smart - ok
14:17:43.0687 2312 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:17:43.0765 2312 ati2mtag - ok
14:17:43.0812 2312 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:17:43.0812 2312 AudioSrv - ok
14:17:43.0843 2312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:17:43.0843 2312 audstub - ok
14:17:43.0859 2312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:17:43.0859 2312 Beep - ok
14:17:43.0890 2312 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:17:43.0906 2312 BITS - ok
14:17:43.0906 2312 BITS32 - ok
14:17:43.0968 2312 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:17:43.0968 2312 Bonjour Service - ok
14:17:43.0984 2312 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:17:43.0984 2312 Browser - ok
14:17:44.0000 2312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:17:44.0000 2312 cbidf2k - ok
14:17:44.0000 2312 cd20xrnt - ok
14:17:44.0015 2312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:17:44.0015 2312 Cdaudio - ok
14:17:44.0015 2312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:17:44.0031 2312 Cdfs - ok
14:17:44.0046 2312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:17:44.0046 2312 Cdrom - ok
14:17:44.0046 2312 Changer - ok
14:17:44.0078 2312 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:17:44.0093 2312 clr_optimization_v2.0.50727_32 - ok
14:17:44.0093 2312 CmdIde - ok
14:17:44.0093 2312 COMSysApp - ok
14:17:44.0093 2312 Cpqarray - ok
14:17:44.0109 2312 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:17:44.0109 2312 CryptSvc - ok
14:17:44.0109 2312 dac2w2k - ok
14:17:44.0125 2312 dac960nt - ok
14:17:44.0140 2312 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
14:17:44.0156 2312 DcomLaunch - ok
14:17:44.0156 2312 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:17:44.0156 2312 Dhcp - ok
14:17:44.0171 2312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:17:44.0171 2312 Disk - ok
14:17:44.0171 2312 dmadmin - ok
14:17:44.0203 2312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:17:44.0218 2312 dmboot - ok
14:17:44.0218 2312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:17:44.0234 2312 dmio - ok
14:17:44.0250 2312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:17:44.0250 2312 dmload - ok
14:17:44.0250 2312 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:17:44.0250 2312 dmserver - ok
14:17:44.0265 2312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:17:44.0265 2312 DMusic - ok
14:17:44.0312 2312 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
14:17:44.0312 2312 Dnscache - ok
14:17:44.0328 2312 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:17:44.0343 2312 Dot3svc - ok
14:17:44.0343 2312 dpti2o - ok
14:17:44.0359 2312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:17:44.0359 2312 drmkaud - ok
14:17:44.0390 2312 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:17:44.0390 2312 EapHost - ok
14:17:44.0406 2312 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
14:17:44.0406 2312 Eventlog - ok
14:17:44.0421 2312 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:17:44.0437 2312 EventSystem - ok
14:17:44.0453 2312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:17:44.0453 2312 Fastfat - ok
14:17:44.0468 2312 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:17:44.0468 2312 FastUserSwitchingCompatibility - ok
14:17:44.0484 2312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:17:44.0484 2312 Fdc - ok
14:17:44.0500 2312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:17:44.0500 2312 Fips - ok
14:17:44.0562 2312 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:17:44.0578 2312 FLEXnet Licensing Service - ok
14:17:44.0578 2312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:17:44.0578 2312 Flpydisk - ok
14:17:44.0609 2312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:17:44.0609 2312 FltMgr - ok
14:17:44.0625 2312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:17:44.0625 2312 Fs_Rec - ok
14:17:44.0640 2312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:17:44.0640 2312 Ftdisk - ok
14:17:44.0656 2312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:17:44.0656 2312 GEARAspiWDM - ok
14:17:44.0671 2312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:17:44.0671 2312 Gpc - ok
14:17:44.0687 2312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:17:44.0687 2312 HDAudBus - ok
14:17:44.0718 2312 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:17:44.0718 2312 HidServ - ok
14:17:44.0718 2312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:17:44.0734 2312 hidusb - ok
14:17:44.0750 2312 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:17:44.0750 2312 hkmsvc - ok
14:17:44.0750 2312 hpn - ok
14:17:44.0781 2312 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
14:17:44.0781 2312 HTTP - ok
14:17:44.0796 2312 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:17:44.0796 2312 HTTPFilter - ok
14:17:44.0796 2312 i2omgmt - ok
14:17:44.0812 2312 i2omp - ok
14:17:44.0828 2312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:17:44.0828 2312 i8042prt - ok
14:17:44.0828 2312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:17:44.0843 2312 Imapi - ok
14:17:44.0843 2312 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:17:44.0859 2312 ImapiService - ok
14:17:44.0859 2312 ini910u - ok
14:17:44.0859 2312 IntelIde - ok
14:17:44.0875 2312 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:17:44.0875 2312 intelppm - ok
14:17:44.0875 2312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:17:44.0875 2312 Ip6Fw - ok
14:17:44.0890 2312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:17:44.0890 2312 IpFilterDriver - ok
14:17:44.0890 2312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:17:44.0890 2312 IpInIp - ok
14:17:44.0921 2312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:17:44.0921 2312 IpNat - ok
14:17:44.0968 2312 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:17:44.0984 2312 iPod Service - ok
14:17:45.0031 2312 iPod Service32 (c49df1c63ddad21e17840832d772f8b0) C:\WINDOWS\system32\atipdlxx32.exe
14:17:45.0062 2312 iPod Service32 - ok
14:17:45.0093 2312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:17:45.0109 2312 IPSec - ok
14:17:45.0125 2312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:17:45.0125 2312 IRENUM - ok
14:17:45.0140 2312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:17:45.0140 2312 isapnp - ok
14:17:45.0234 2312 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
14:17:45.0234 2312 JavaQuickStarterService - ok
14:17:45.0250 2312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:17:45.0250 2312 Kbdclass - ok
14:17:45.0250 2312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:17:45.0265 2312 kbdhid - ok
14:17:45.0281 2312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:17:45.0281 2312 kmixer - ok
14:17:45.0296 2312 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
14:17:45.0296 2312 KSecDD - ok
14:17:45.0328 2312 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
14:17:45.0328 2312 LanmanServer - ok
14:17:45.0343 2312 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
14:17:45.0343 2312 lanmanworkstation - ok
14:17:45.0343 2312 lbrtfdc - ok
14:17:45.0375 2312 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:17:45.0375 2312 LmHosts - ok
14:17:45.0375 2312 LMIInfo - ok
14:17:45.0390 2312 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:17:45.0390 2312 lmimirr - ok
14:17:45.0390 2312 LMIRfsClientNP - ok
14:17:45.0406 2312 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:17:45.0406 2312 LMIRfsDriver - ok
14:17:45.0421 2312 LynxWDM (0ff7e557d025ae5283d09ca44f30d1d6) C:\WINDOWS\system32\DRIVERS\LynxWDM.sys
14:17:45.0421 2312 LynxWDM - ok
14:17:45.0453 2312 MA_CMIDI (6b5d093711eadd77c789b0150dc4879c) C:\WINDOWS\system32\drivers\ma_cmidi.sys
14:17:45.0453 2312 MA_CMIDI - ok
14:17:45.0484 2312 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:17:45.0484 2312 Microsoft Office Groove Audit Service - ok
14:17:45.0500 2312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:17:45.0500 2312 Modem - ok
14:17:45.0515 2312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:17:45.0515 2312 Mouclass - ok
14:17:45.0546 2312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:17:45.0546 2312 mouhid - ok
14:17:45.0546 2312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:17:45.0546 2312 MountMgr - ok
14:17:45.0562 2312 mraid35x - ok
14:17:45.0578 2312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:17:45.0578 2312 MRxDAV - ok
14:17:45.0609 2312 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:17:45.0625 2312 MRxSmb - ok
14:17:45.0640 2312 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:17:45.0640 2312 MSDTC - ok
14:17:45.0656 2312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:17:45.0656 2312 Msfs - ok
14:17:45.0656 2312 MSIServer - ok
14:17:45.0671 2312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:17:45.0671 2312 MSKSSRV - ok
14:17:45.0687 2312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:17:45.0687 2312 MSPCLOCK - ok
14:17:45.0703 2312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:17:45.0703 2312 MSPQM - ok
14:17:45.0718 2312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:17:45.0718 2312 mssmbios - ok
14:17:45.0734 2312 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:17:45.0734 2312 Mup - ok
14:17:45.0750 2312 mv614x (6eb1d27590d4bc040f105d2bf35a6c4f) C:\WINDOWS\system32\DRIVERS\mv614x.sys
14:17:45.0750 2312 mv614x - ok
14:17:45.0781 2312 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:17:45.0781 2312 napagent - ok
14:17:45.0812 2312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:17:45.0812 2312 NDIS - ok
14:17:45.0828 2312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:17:45.0828 2312 NdisTapi - ok
14:17:45.0828 2312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:17:45.0828 2312 Ndisuio - ok
14:17:45.0843 2312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:17:45.0843 2312 NdisWan - ok
14:17:45.0859 2312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:17:45.0859 2312 NDProxy - ok
14:17:45.0875 2312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:17:45.0875 2312 NetBIOS - ok
14:17:45.0890 2312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:17:45.0890 2312 NetBT - ok
14:17:45.0906 2312 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:45.0921 2312 Netlogon - ok
14:17:45.0921 2312 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:17:45.0937 2312 Netman - ok
14:17:45.0953 2312 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:17:45.0953 2312 NIC1394 - ok
14:17:45.0968 2312 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
14:17:45.0968 2312 Nla - ok
14:17:45.0968 2312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:17:45.0968 2312 Npfs - ok
14:17:46.0015 2312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:17:46.0031 2312 Ntfs - ok
14:17:46.0031 2312 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:46.0031 2312 NtLmSsp - ok
14:17:46.0046 2312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:17:46.0046 2312 Null - ok
14:17:46.0125 2312 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:17:46.0140 2312 odserv - ok
14:17:46.0156 2312 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:17:46.0156 2312 ohci1394 - ok
14:17:46.0171 2312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:17:46.0171 2312 ose - ok
14:17:46.0187 2312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:17:46.0187 2312 Parport - ok
14:17:46.0234 2312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:17:46.0234 2312 PartMgr - ok
14:17:46.0250 2312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:17:46.0250 2312 ParVdm - ok
14:17:46.0265 2312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:17:46.0265 2312 PCI - ok
14:17:46.0265 2312 PCIDump - ok
14:17:46.0281 2312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:17:46.0281 2312 PCIIde - ok
14:17:46.0296 2312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:17:46.0296 2312 Pcmcia - ok
14:17:46.0296 2312 PDCOMP - ok
14:17:46.0312 2312 PDFRAME - ok
14:17:46.0312 2312 PDRELI - ok
14:17:46.0312 2312 PDRFRAME - ok
14:17:46.0328 2312 perc2 - ok
14:17:46.0328 2312 perc2hib - ok
14:17:46.0375 2312 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
14:17:46.0375 2312 PlugPlay - ok
14:17:46.0375 2312 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:46.0375 2312 PolicyAgent - ok
14:17:46.0390 2312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:17:46.0390 2312 PptpMiniport - ok
14:17:46.0390 2312 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:17:46.0390 2312 ProtectedStorage - ok
14:17:46.0421 2312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:17:46.0421 2312 PSched - ok
14:17:46.0437 2312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:17:46.0437 2312 Ptilink - ok
14:17:46.0437 2312 ql1080 - ok
14:17:46.0437 2312 Ql10wnt - ok
14:17:46.0453 2312 ql12160 - ok
14:17:46.0453 2312 ql1240 - ok
14:17:46.0453 2312 ql1280 - ok
14:17:46.0468 2312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:17:46.0468 2312 RasAcd - ok
14:17:46.0484 2312 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:17:46.0484 2312 RasAuto - ok
14:17:46.0500 2312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:17:46.0500 2312 Rasl2tp - ok
14:17:46.0515 2312 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:17:46.0531 2312 RasMan - ok
14:17:46.0546 2312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:17:46.0546 2312 RasPppoe - ok
14:17:46.0546 2312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:17:46.0546 2312 Raspti - ok
14:17:46.0562 2312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:17:46.0562 2312 Rdbss - ok
14:17:46.0562 2312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:17:46.0562 2312 RDPCDD - ok
14:17:46.0593 2312 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:17:46.0593 2312 rdpdr - ok
14:17:46.0609 2312 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:17:46.0625 2312 RDPWD - ok
14:17:46.0625 2312 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:17:46.0625 2312 RDSessMgr - ok
14:17:46.0640 2312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:17:46.0656 2312 redbook - ok
14:17:46.0656 2312 Scan interrupted by user!
14:17:46.0656 2312 Scan interrupted by user!
14:17:46.0656 2312 Scan interrupted by user!
14:17:46.0656 2312 ============================================================
14:17:46.0656 2312 Scan finished
14:17:46.0656 2312 ============================================================
14:17:46.0656 2816 Detected object count: 0
14:17:46.0656 2816 Actual detected object count: 0
14:18:00.0015 1608 ============================================================
14:18:00.0015 1608 Scan started
14:18:00.0015 1608 Mode: Manual; SigCheck; TDLFS;
14:18:00.0015 1608 ============================================================
14:18:00.0156 1608 Abiosdsk - ok
14:18:00.0156 1608 abp480n5 - ok
14:18:00.0187 1608 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:18:01.0000 1608 ACPI - ok
14:18:01.0015 1608 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:18:01.0140 1608 ACPIEC - ok
14:18:01.0140 1608 adpu160m - ok
14:18:01.0171 1608 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:18:01.0296 1608 aec - ok
14:18:01.0312 1608 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
14:18:01.0343 1608 AFD - ok
14:18:01.0343 1608 Aha154x - ok
14:18:01.0343 1608 aic78u2 - ok
14:18:01.0359 1608 aic78xx - ok
14:18:01.0375 1608 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
14:18:01.0500 1608 Alerter - ok
14:18:01.0500 1608 AliIde - ok
14:18:01.0500 1608 amsint - ok
14:18:01.0546 1608 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:18:01.0562 1608 Apple Mobile Device - ok
14:18:01.0578 1608 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
14:18:01.0625 1608 AppMgmt - ok
14:18:01.0640 1608 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:18:01.0765 1608 Arp1394 - ok
14:18:01.0781 1608 asc - ok
14:18:01.0781 1608 asc3350p - ok
14:18:01.0781 1608 asc3550 - ok
14:18:01.0828 1608 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:18:01.0843 1608 aspnet_state - ok
14:18:01.0859 1608 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:18:02.0015 1608 AsyncMac - ok
14:18:02.0046 1608 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:18:02.0171 1608 atapi - ok
14:18:02.0171 1608 Atdisk - ok
14:18:02.0218 1608 Ati HotKey Poller (471087b5e1e01cc82604e81ea14781d8) C:\WINDOWS\system32\Ati2evxx.exe
14:18:02.0234 1608 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - warning
14:18:02.0234 1608 Ati HotKey Poller - detected UnsignedFile.Multi.Generic (1)
14:18:02.0281 1608 ATI Smart (b979ba0120b6db757196a8e2e873fe3c) C:\WINDOWS\system32\ati2sgag.exe
14:18:02.0312 1608 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
14:18:02.0312 1608 ATI Smart - detected UnsignedFile.Multi.Generic (1)
14:18:02.0468 1608 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:18:02.0562 1608 ati2mtag ( UnsignedFile.Multi.Generic ) - warning
14:18:02.0562 1608 ati2mtag - detected UnsignedFile.Multi.Generic (1)
14:18:02.0609 1608 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
14:18:02.0734 1608 AudioSrv - ok
14:18:02.0750 1608 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:18:02.0875 1608 audstub - ok
14:18:02.0906 1608 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:18:03.0031 1608 Beep - ok
14:18:03.0062 1608 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
14:18:03.0187 1608 BITS - ok
14:18:03.0203 1608 BITS32 - ok
14:18:03.0250 1608 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:18:03.0265 1608 Bonjour Service - ok
14:18:03.0281 1608 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
14:18:03.0421 1608 Browser - ok
14:18:03.0437 1608 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:18:03.0562 1608 cbidf2k - ok
14:18:03.0562 1608 cd20xrnt - ok
14:18:03.0562 1608 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:18:03.0703 1608 Cdaudio - ok
14:18:03.0703 1608 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:18:03.0828 1608 Cdfs - ok
14:18:03.0843 1608 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:18:03.0968 1608 Cdrom - ok
14:18:03.0984 1608 Changer - ok
14:18:04.0046 1608 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:18:04.0046 1608 clr_optimization_v2.0.50727_32 - ok
14:18:04.0046 1608 CmdIde - ok
14:18:04.0062 1608 COMSysApp - ok
14:18:04.0062 1608 Cpqarray - ok
14:18:04.0078 1608 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
14:18:04.0203 1608 CryptSvc - ok
14:18:04.0203 1608 dac2w2k - ok
14:18:04.0203 1608 dac960nt - ok
14:18:04.0234 1608 DcomLaunch (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
14:18:04.0359 1608 DcomLaunch - ok
14:18:04.0390 1608 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
14:18:04.0515 1608 Dhcp - ok
14:18:04.0515 1608 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:18:04.0640 1608 Disk - ok
14:18:04.0656 1608 dmadmin - ok
14:18:04.0671 1608 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:18:04.0828 1608 dmboot - ok
14:18:04.0843 1608 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:18:04.0968 1608 dmio - ok
14:18:04.0984 1608 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:18:05.0109 1608 dmload - ok
14:18:05.0125 1608 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
14:18:05.0250 1608 dmserver - ok
14:18:05.0265 1608 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:18:05.0390 1608 DMusic - ok
14:18:05.0390 1608 Dnscache (474b4dc3983173e4b4c9740b0dac98a6) C:\WINDOWS\System32\dnsrslvr.dll
14:18:05.0515 1608 Dnscache - ok
14:18:05.0546 1608 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
14:18:05.0671 1608 Dot3svc - ok
14:18:05.0671 1608 dpti2o - ok
14:18:05.0687 1608 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:18:05.0796 1608 drmkaud - ok
14:18:05.0812 1608 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
14:18:05.0937 1608 EapHost - ok
14:18:05.0953 1608 Eventlog (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
14:18:06.0078 1608 Eventlog - ok
14:18:06.0093 1608 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
14:18:06.0171 1608 EventSystem - ok
14:18:06.0187 1608 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:18:06.0312 1608 Fastfat - ok
14:18:06.0328 1608 FastUserSwitchingCompatibility (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:18:06.0453 1608 FastUserSwitchingCompatibility - ok
14:18:06.0453 1608 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:18:06.0578 1608 Fdc - ok
14:18:06.0593 1608 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:18:06.0718 1608 Fips - ok
14:18:06.0796 1608 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:18:06.0828 1608 FLEXnet Licensing Service - ok
14:18:06.0828 1608 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:18:06.0968 1608 Flpydisk - ok
14:18:06.0984 1608 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:18:07.0109 1608 FltMgr - ok
14:18:07.0140 1608 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:18:07.0265 1608 Fs_Rec - ok
14:18:07.0281 1608 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:18:07.0406 1608 Ftdisk - ok
14:18:07.0421 1608 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:18:07.0421 1608 GEARAspiWDM - ok
14:18:07.0453 1608 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:18:07.0562 1608 Gpc - ok
14:18:07.0593 1608 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:18:07.0718 1608 HDAudBus - ok
14:18:07.0734 1608 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
14:18:07.0859 1608 HidServ - ok
14:18:07.0875 1608 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:18:08.0000 1608 hidusb - ok
14:18:08.0015 1608 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
14:18:08.0140 1608 hkmsvc - ok
14:18:08.0140 1608 hpn - ok
14:18:08.0156 1608 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
14:18:08.0296 1608 HTTP - ok
14:18:08.0312 1608 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
14:18:08.0437 1608 HTTPFilter - ok
14:18:08.0437 1608 i2omgmt - ok
14:18:08.0437 1608 i2omp - ok
14:18:08.0453 1608 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
14:18:08.0593 1608 i8042prt - ok
14:18:08.0609 1608 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:18:08.0734 1608 Imapi - ok
14:18:08.0750 1608 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
14:18:08.0875 1608 ImapiService - ok
14:18:08.0875 1608 ini910u - ok
14:18:08.0890 1608 IntelIde - ok
14:18:08.0906 1608 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:18:09.0031 1608 intelppm - ok
14:18:09.0046 1608 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:18:09.0171 1608 Ip6Fw - ok
14:18:09.0187 1608 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:18:09.0312 1608 IpFilterDriver - ok
14:18:09.0343 1608 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:18:09.0468 1608 IpInIp - ok
14:18:09.0484 1608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:18:09.0593 1608 IpNat - ok
14:18:09.0656 1608 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:18:09.0671 1608 iPod Service - ok
14:18:09.0734 1608 iPod Service32 (c49df1c63ddad21e17840832d772f8b0) C:\WINDOWS\system32\atipdlxx32.exe
14:18:09.0765 1608 iPod Service32 ( UnsignedFile.Multi.Generic ) - warning
14:18:09.0765 1608 iPod Service32 - detected UnsignedFile.Multi.Generic (1)
14:18:09.0812 1608 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:18:09.0968 1608 IPSec - ok
14:18:09.0984 1608 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:18:10.0031 1608 IRENUM - ok
14:18:10.0046 1608 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:18:10.0156 1608 isapnp - ok
14:18:10.0218 1608 JavaQuickStarterService (a38441ed570f190cc041a7be49488fa7) C:\Program Files\Java\jre6\bin\jqs.exe
14:18:10.0234 1608 JavaQuickStarterService - ok
14:18:10.0250 1608 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:18:10.0375 1608 Kbdclass - ok
14:18:10.0390 1608 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:18:10.0500 1608 kbdhid - ok
14:18:10.0531 1608 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:18:10.0640 1608 kmixer - ok
14:18:10.0656 1608 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
14:18:10.0781 1608 KSecDD - ok
14:18:10.0812 1608 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
14:18:10.0921 1608 LanmanServer - ok
14:18:10.0937 1608 lanmanworkstation (1b67b632786fef1c1bbaef46c2f3f2e6) C:\WINDOWS\System32\wkssvc.dll
14:18:11.0062 1608 lanmanworkstation - ok
14:18:11.0062 1608 lbrtfdc - ok
14:18:11.0078 1608 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
14:18:11.0203 1608 LmHosts - ok
14:18:11.0203 1608 LMIInfo - ok
14:18:11.0234 1608 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:18:11.0265 1608 lmimirr - ok
14:18:11.0265 1608 LMIRfsClientNP - ok
14:18:11.0281 1608 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:18:11.0296 1608 LMIRfsDriver - ok
14:18:11.0312 1608 LynxWDM (0ff7e557d025ae5283d09ca44f30d1d6) C:\WINDOWS\system32\DRIVERS\LynxWDM.sys
14:18:11.0312 1608 LynxWDM - ok
14:18:11.0343 1608 MA_CMIDI (6b5d093711eadd77c789b0150dc4879c) C:\WINDOWS\system32\drivers\ma_cmidi.sys
14:18:11.0343 1608 MA_CMIDI - ok
14:18:11.0406 1608 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:18:11.0421 1608 Microsoft Office Groove Audit Service - ok
14:18:11.0437 1608 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:18:11.0562 1608 Modem - ok
14:18:11.0578 1608 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:18:11.0703 1608 Mouclass - ok
14:18:11.0734 1608 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:18:11.0828 1608 mouhid - ok
14:18:11.0843 1608 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:18:11.0968 1608 MountMgr - ok
14:18:11.0968 1608 mraid35x - ok
14:18:11.0984 1608 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:18:12.0093 1608 MRxDAV - ok
14:18:12.0125 1608 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:18:12.0156 1608 MRxSmb - ok
14:18:12.0171 1608 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
14:18:12.0296 1608 MSDTC - ok
14:18:12.0328 1608 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:18:12.0468 1608 Msfs - ok
14:18:12.0468 1608 MSIServer - ok
14:18:12.0484 1608 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:18:12.0609 1608 MSKSSRV - ok
14:18:12.0609 1608 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:18:12.0734 1608 MSPCLOCK - ok
14:18:12.0750 1608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:18:12.0859 1608 MSPQM - ok
14:18:12.0875 1608 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:18:12.0984 1608 mssmbios - ok
14:18:13.0000 1608 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
14:18:13.0125 1608 Mup - ok
14:18:13.0140 1608 mv614x (6eb1d27590d4bc040f105d2bf35a6c4f) C:\WINDOWS\system32\DRIVERS\mv614x.sys
14:18:13.0140 1608 mv614x ( UnsignedFile.Multi.Generic ) - warning
14:18:13.0140 1608 mv614x - detected UnsignedFile.Multi.Generic (1)
14:18:13.0171 1608 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
14:18:13.0281 1608 napagent - ok
14:18:13.0296 1608 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:18:13.0421 1608 NDIS - ok
14:18:13.0437 1608 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:18:13.0546 1608 NdisTapi - ok
14:18:13.0546 1608 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:18:13.0671 1608 Ndisuio - ok
14:18:13.0687 1608 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:18:13.0796 1608 NdisWan - ok
14:18:13.0796 1608 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
14:18:13.0921 1608 NDProxy - ok
14:18:13.0937 1608 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:18:14.0046 1608 NetBIOS - ok
14:18:14.0062 1608 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:18:14.0171 1608 NetBT - ok
14:18:14.0187 1608 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:14.0312 1608 Netlogon - ok
14:18:14.0328 1608 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
14:18:14.0437 1608 Netman - ok
14:18:14.0437 1608 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:18:14.0546 1608 NIC1394 - ok
14:18:14.0578 1608 Nla (832e4dd8964ab7acc880b2837cb1ed20) C:\WINDOWS\System32\mswsock.dll
14:18:14.0593 1608 Nla - ok
14:18:14.0609 1608 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:18:14.0718 1608 Npfs - ok
14:18:14.0750 1608 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:18:14.0875 1608 Ntfs - ok
14:18:14.0875 1608 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:14.0984 1608 NtLmSsp - ok
14:18:15.0000 1608 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:18:15.0109 1608 Null - ok
14:18:15.0187 1608 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:18:15.0203 1608 odserv - ok
14:18:15.0234 1608 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:18:15.0343 1608 ohci1394 - ok
14:18:15.0359 1608 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:18:15.0359 1608 ose - ok
14:18:15.0390 1608 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
14:18:15.0500 1608 Parport - ok
14:18:15.0515 1608 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:18:15.0625 1608 PartMgr - ok
14:18:15.0640 1608 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:18:15.0734 1608 ParVdm - ok
14:18:15.0765 1608 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:18:15.0890 1608 PCI - ok
14:18:15.0890 1608 PCIDump - ok
14:18:15.0906 1608 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:18:16.0015 1608 PCIIde - ok
14:18:16.0031 1608 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:18:16.0140 1608 Pcmcia - ok
14:18:16.0156 1608 PDCOMP - ok
14:18:16.0156 1608 PDFRAME - ok
14:18:16.0156 1608 PDRELI - ok
14:18:16.0171 1608 PDRFRAME - ok
14:18:16.0171 1608 perc2 - ok
14:18:16.0187 1608 perc2hib - ok
14:18:16.0218 1608 PlugPlay (0e776ed5f7cc9f94299e70461b7b8185) C:\WINDOWS\system32\services.exe
14:18:16.0328 1608 PlugPlay - ok
14:18:16.0343 1608 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:16.0453 1608 PolicyAgent - ok
14:18:16.0468 1608 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:18:16.0578 1608 PptpMiniport - ok
14:18:16.0593 1608 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:16.0687 1608 ProtectedStorage - ok
14:18:16.0703 1608 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:18:16.0812 1608 PSched - ok
14:18:16.0828 1608 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:18:16.0953 1608 Ptilink - ok
14:18:16.0953 1608 ql1080 - ok
14:18:16.0953 1608 Ql10wnt - ok
14:18:16.0968 1608 ql12160 - ok
14:18:16.0968 1608 ql1240 - ok
14:18:16.0968 1608 ql1280 - ok
14:18:16.0984 1608 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:18:17.0093 1608 RasAcd - ok
14:18:17.0109 1608 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
14:18:17.0218 1608 RasAuto - ok
14:18:17.0234 1608 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:18:17.0343 1608 Rasl2tp - ok
14:18:17.0359 1608 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
14:18:17.0468 1608 RasMan - ok
14:18:17.0484 1608 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:18:17.0578 1608 RasPppoe - ok
14:18:17.0593 1608 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:18:17.0703 1608 Raspti - ok
14:18:17.0718 1608 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:18:17.0828 1608 Rdbss - ok
14:18:17.0828 1608 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:18:17.0937 1608 RDPCDD - ok
14:18:17.0953 1608 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:18:18.0062 1608 rdpdr - ok
14:18:18.0093 1608 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
14:18:18.0203 1608 RDPWD - ok
14:18:18.0218 1608 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
14:18:18.0328 1608 RDSessMgr - ok
14:18:18.0328 1608 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:18:18.0437 1608 redbook - ok
14:18:18.0453 1608 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
14:18:18.0562 1608 RemoteAccess - ok
14:18:18.0593 1608 RpcSs (2589fe6015a316c0f5d5112b4da7b509) C:\WINDOWS\system32\rpcss.dll
14:18:18.0718 1608 RpcSs - ok
14:18:18.0734 1608 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
14:18:18.0843 1608 RSVP - ok
14:18:18.0843 1608 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
14:18:18.0937 1608 SamSs - ok
14:18:18.0968 1608 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
14:18:19.0062 1608 SCardSvr - ok
14:18:19.0093 1608 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
14:18:19.0203 1608 Schedule - ok
14:18:19.0218 1608 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:18:19.0250 1608 Secdrv - ok
14:18:19.0265 1608 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
14:18:19.0375 1608 seclogon - ok
14:18:19.0375 1608 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
14:18:19.0484 1608 SENS - ok
14:18:19.0500 1608 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:18:19.0609 1608 serenum - ok
14:18:19.0609 1608 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:18:19.0718 1608 Serial - ok
14:18:19.0718 1608 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:18:19.0812 1608 Sfloppy - ok
14:18:19.0859 1608 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
14:18:19.0968 1608 SharedAccess - ok
14:18:19.0984 1608 ShellHWDetection (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:18:20.0093 1608 ShellHWDetection - ok
14:18:20.0093 1608 Simbad - ok
14:18:20.0093 1608 Sparrow - ok
14:18:20.0125 1608 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:18:20.0218 1608 splitter - ok
14:18:20.0234 1608 Spooler (d8e14a61acc1d4a6cd0d38aebac7fa3b) C:\WINDOWS\system32\spoolsv.exe
14:18:20.0343 1608 Spooler - ok
14:18:20.0390 1608 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
14:18:20.0390 1608 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:18:20.0390 1608 sptd ( LockedFile.Multi.Generic ) - warning
14:18:20.0390 1608 sptd - detected LockedFile.Multi.Generic (1)
14:18:20.0421 1608 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:18:20.0468 1608 Sr - ok
14:18:20.0484 1608 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
14:18:20.0531 1608 srservice - ok
14:18:20.0562 1608 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
14:18:20.0609 1608 Srv - ok
14:18:20.0625 1608 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
14:18:20.0671 1608 SSDPSRV - ok
14:18:20.0703 1608 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
14:18:20.0843 1608 stisvc - ok
14:18:20.0859 1608 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:18:20.0953 1608 swenum - ok
14:18:20.0968 1608 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:18:21.0078 1608 swmidi - ok
14:18:21.0078 1608 SwPrv - ok
14:18:21.0093 1608 symc810 - ok
14:18:21.0093 1608 symc8xx - ok
14:18:21.0109 1608 sym_hi - ok
14:18:21.0109 1608 sym_u3 - ok
14:18:21.0125 1608 SynasUSB (e46088b882e6315518630e249ddf958c) C:\WINDOWS\system32\drivers\SynasUSB.sys
14:18:21.0140 1608 SynasUSB - ok
14:18:21.0140 1608 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:18:21.0265 1608 sysaudio - ok
14:18:21.0281 1608 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
14:18:21.0390 1608 SysmonLog - ok
14:18:21.0406 1608 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
14:18:21.0515 1608 TapiSrv - ok
14:18:21.0546 1608 Tcpip (a29e1209f925a0e9b330e11da5fc7bab) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:18:21.0562 1608 Tcpip ( UnsignedFile.Multi.Generic ) - warning
14:18:21.0562 1608 Tcpip - detected UnsignedFile.Multi.Generic (1)
14:18:21.0593 1608 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:18:21.0703 1608 TDPIPE - ok
14:18:21.0718 1608 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:18:21.0828 1608 TDTCP - ok
14:18:21.0843 1608 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:18:21.0953 1608 TermDD - ok
14:18:21.0984 1608 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
14:18:22.0093 1608 TermService - ok
14:18:22.0109 1608 Themes (1926899bf9ffe2602b63074971700412) C:\WINDOWS\System32\shsvcs.dll
14:18:22.0218 1608 Themes - ok
14:18:22.0218 1608 TosIde - ok
14:18:22.0234 1608 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys
14:18:22.0281 1608 TPkd ( UnsignedFile.Multi.Generic ) - warning
14:18:22.0281 1608 TPkd - detected UnsignedFile.Multi.Generic (1)
14:18:22.0312 1608 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
14:18:22.0421 1608 TrkWks - ok
14:18:22.0437 1608 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:18:22.0546 1608 Udfs - ok
14:18:22.0562 1608 ultra - ok
14:18:22.0578 1608 UMWdf (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe
14:18:22.0593 1608 UMWdf - ok
14:18:22.0625 1608 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:18:22.0734 1608 Update - ok
14:18:22.0750 1608 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
14:18:22.0796 1608 upnphost - ok
14:18:22.0796 1608 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
14:18:22.0937 1608 UPS - ok
14:18:22.0953 1608 USB11LDR (57af81fbaa297c254541cddfbe8d2cb4) C:\WINDOWS\system32\drivers\usb11ldr.sys
14:18:22.0968 1608 USB11LDR - ok
14:18:22.0984 1608 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:18:22.0984 1608 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
14:18:22.0984 1608 USBAAPL - detected UnsignedFile.Multi.Generic (1)
14:18:23.0000 1608 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:18:23.0093 1608 usbccgp - ok
14:18:23.0125 1608 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:18:23.0218 1608 usbehci - ok
14:18:23.0234 1608 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:18:23.0343 1608 usbhub - ok
14:18:23.0359 1608 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:18:23.0453 1608 usbprint - ok
14:18:23.0468 1608 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:18:23.0578 1608 usbscan - ok
14:18:23.0593 1608 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:18:23.0687 1608 USBSTOR - ok
14:18:23.0703 1608 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:18:23.0796 1608 usbuhci - ok
14:18:23.0812 1608 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:18:23.0921 1608 VgaSave - ok
14:18:23.0921 1608 ViaIde - ok
14:18:23.0937 1608 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:18:24.0031 1608 VolSnap - ok
14:18:24.0046 1608 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
14:18:24.0109 1608 VSS - ok
14:18:24.0125 1608 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
14:18:24.0234 1608 W32Time - ok
14:18:24.0250 1608 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:18:24.0343 1608 Wanarp - ok
14:18:24.0359 1608 WDICA - ok
14:18:24.0375 1608 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:18:24.0484 1608 wdmaud - ok
14:18:24.0500 1608 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
14:18:24.0593 1608 WebClient - ok
14:18:24.0625 1608 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:18:24.0734 1608 winmgmt - ok
14:18:24.0765 1608 WmdmPmSN (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\MsPMSNSv.dll
14:18:24.0781 1608 WmdmPmSN - ok
14:18:24.0812 1608 Wmi (bab489a5fe26f2d0c910cf7af7e4cf92) C:\WINDOWS\System32\advapi32.dll
14:18:24.0921 1608 Wmi - ok
14:18:24.0968 1608 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:18:25.0078 1608 WmiApSrv - ok
14:18:25.0093 1608 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
14:18:25.0109 1608 WsAudio_DeviceS(1) - ok
14:18:25.0125 1608 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
14:18:25.0125 1608 WsAudio_DeviceS(2) - ok
14:18:25.0140 1608 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
14:18:25.0156 1608 WsAudio_DeviceS(3) - ok
14:18:25.0156 1608 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
14:18:25.0171 1608 WsAudio_DeviceS(4) - ok
14:18:25.0171 1608 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
14:18:25.0187 1608 WsAudio_DeviceS(5) - ok
14:18:25.0203 1608 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
14:18:25.0296 1608 wuauserv - ok
14:18:25.0343 1608 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
14:18:25.0468 1608 WZCSVC - ok
14:18:25.0484 1608 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
14:18:25.0578 1608 xmlprov - ok
14:18:25.0609 1608 yukonwxp (89f8c4875e19c7081cf9c37539242ae3) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
14:18:25.0656 1608 yukonwxp - ok
14:18:25.0703 1608 MBR (0x1B8) (ff31c288c3816ef847fb6e7788ce8d72) \Device\Harddisk0\DR0
14:18:26.0812 1608 \Device\Harddisk0\DR0 - ok
14:18:26.0828 1608 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:18:27.0250 1608 \Device\Harddisk1\DR1 - ok
14:18:27.0250 1608 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
14:18:27.0296 1608 \Device\Harddisk2\DR2 - ok
14:18:27.0296 1608 Boot (0x1200) (a6dcf807b564c7b40ab07cd0b0a77228) \Device\Harddisk1\DR1\Partition0
14:18:27.0296 1608 \Device\Harddisk1\DR1\Partition0 - ok
14:18:27.0296 1608 Boot (0x1200) (bbe87415c59dd940bfafd94716464936) \Device\Harddisk2\DR2\Partition0
14:18:27.0296 1608 \Device\Harddisk2\DR2\Partition0 - ok
14:18:27.0296 1608 ============================================================
14:18:27.0296 1608 Scan finished
14:18:27.0296 1608 ============================================================
14:18:27.0421 0688 Detected object count: 9
14:18:27.0421 0688 Actual detected object count: 9
14:20:31.0750 0688 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 Ati HotKey Poller ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 ati2mtag ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 ati2mtag ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 iPod Service32 ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 iPod Service32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 mv614x ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 mv614x ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:20:31.0750 0688 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0750 0688 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0765 0688 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0765 0688 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:20:31.0765 0688 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
14:20:31.0765 0688 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

#8
MrCharlie
Posted 16 May 2012 - 05:06 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
That scan was clean, please do this.......

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9
alexinc
Posted 16 May 2012 - 05:41 PM

    New Member

  • Members
  • Pip
  • 30 posts
Combofix.txt:

ComboFix 12-05-16.02 - Administrator 05/16/2012 15:33:33.2.2 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
c:\windows\system32\vbscript.dll is missing
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\PriceGong
c:\documents and settings\Administrator\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Administrator\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Administrator\bfoaupwyzj.tmp
c:\documents and settings\Administrator\WINDOWS
c:\windows\system32\msconfig.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BITS32
-------\Service_BITS32
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\wbem\snmp
2012-05-14 23:57 . 2012-05-14 23:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 23:22 . 2012-05-14 23:22 270336 ----a-w- c:\windows\system32\atipdlxx32.dll
2012-05-14 23:17 . 2012-05-14 23:22 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-14 23:14 . 2012-05-14 23:14 -------- d-----w- c:\windows\system32\syncdb
2012-04-29 23:41 . 2012-04-29 23:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-29 23:40 . 2012-04-29 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 23:40 . 2012-04-29 23:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 23:40 . 2010-08-02 04:07 472864 -c--a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-02-08 23:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-03-26 21:24 . 2012-03-30 21:47 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-03 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
.
.
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-03-26 25704]
S0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2006-01-06 34432]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 691696]
S2 iPod Service32;iPod Service ;c:\windows\system32\atipdlxx32.exe [2011-08-16 1208832]
S3 LynxWDM;LynxWDM;c:\windows\system32\DRIVERS\LynxWDM.sys [2008-06-27 196744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-LogMeIn GUI - c:\program files\LogMeIn\x86\LogMeInSystray.exe
HKLM-Run-Wondershare Helper Compact.exe - c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
AddRemove-Ohmforce Ohmboyz PRO VST v1.42 - c:\progra~1\VSTPLU~1\OHMFOR~1\OHMBOY~1\UNINST~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-16 15:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(672)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\odpdx3232.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-16 15:40:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 22:40
.
Pre-Run: 35,128,258,560 bytes free
Post-Run: 35,130,068,992 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin
.
- - End Of File - - 9676481F634D9498C59B99DCED762BA1

#10
MrCharlie
Posted 16 May 2012 - 06:34 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :Filefind
wscntfy.exe
regsvc.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

---------------------------------

Please find this file and upload it to VirusTotal for a free scan, let me know the results (Just post the url)
C:\WINDOWS\system32\odpdx3232.exe

http://www.virustotal.com/

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11
alexinc
Posted 16 May 2012 - 06:42 PM

    New Member

  • Members
  • Pip
  • 30 posts
Systemlook.txt:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:42 on 16/05/2012 by Administrator
Administrator - Elevation successful

========== Filefind ==========

Searching for "wscntfy.exe"
No files found.

Searching for "regsvc.dll"
No files found.

-= EOF =-

#12
MrCharlie
Posted 16 May 2012 - 07:16 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Did you upload and scan that file??

You're missing 3 files, do you have a Windows cd that we can get them off of?

vbscript.dll
wscntfy.exe
regsvc.dll

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#13
alexinc
Posted 16 May 2012 - 07:18 PM

    New Member

  • Members
  • Pip
  • 30 posts
I did do a scan and that is what came up. Hmm, I do not have a Windows cd to get these files??

#14
MrCharlie
Posted 16 May 2012 - 07:34 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
I don't see the results of the scan!

Please find this file and upload it to VirusTotal for a free scan, let me know the results (Just copy back the url)
C:\WINDOWS\system32\odpdx3232.exe

http://www.virustotal.com/

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#15
alexinc
Posted 18 May 2012 - 04:02 PM

    New Member

  • Members
  • Pip
  • 30 posts
That website is under maintenance. I'll report back once it is back and running. Thanks MrCharlie for your help.

#16
MrCharlie
Posted 18 May 2012 - 04:11 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Try this one:

http://virusscan.jotti.org/en

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#17
alexinc
Posted 18 May 2012 - 05:16 PM

    New Member

  • Members
  • Pip
  • 30 posts
This is the report:

http://virusscan.jot...bc4bbcb793a52ba

-------------

#18
MrCharlie
Posted 18 May 2012 - 05:23 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
OK...lets delete that...it's malware.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.

Quote

File::
C:\WINDOWS\system32\odpdx3232.exe


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19
alexinc
Posted 18 May 2012 - 05:36 PM

    New Member

  • Members
  • Pip
  • 30 posts
ComboFix.txt:

----------------------------------

ComboFix 12-05-18.03 - Administrator 05/18/2012 15:29:07.3.2 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\odpdx3232.exe"
c:\windows\system32\vbscript.dll is missing
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\02000000c27ec2a91406C.manifest
c:\documents and settings\LocalService\Application Data\02000000c27ec2a91406O.manifest
c:\documents and settings\LocalService\Application Data\02000000c27ec2a91406P.manifest
c:\documents and settings\LocalService\Application Data\02000000c27ec2a91406S.manifest
c:\windows\system32\odpdx3232.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\wbem\snmp
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\xircom
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\oobe
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\srchasst
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\msagent
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\program files\microsoft frontpage
2012-05-14 23:57 . 2012-05-14 23:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 23:22 . 2012-05-14 23:22 270336 ----a-w- c:\windows\system32\atipdlxx32.dll
2012-05-14 23:17 . 2012-05-14 23:22 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-14 23:14 . 2012-05-14 23:14 -------- d-----w- c:\windows\system32\syncdb
2012-04-29 23:41 . 2012-04-29 23:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-29 23:40 . 2012-04-29 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 23:40 . 2012-04-29 23:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 23:40 . 2010-08-02 04:07 472864 -c--a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-02-08 23:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-03-26 21:24 . 2012-03-30 21:47 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-03 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_22.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-18 22:33 . 2012-05-18 22:33 16384 c:\windows\Temp\Perflib_Perfdata_7a0.dat
+ 2001-08-23 13:00 . 2012-05-16 22:42 58170 c:\windows\system32\perfc009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 58170 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2012-05-16 22:42 392690 c:\windows\system32\perfh009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 392690 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-03-26 25704]
S0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2006-01-06 34432]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 691696]
S2 iPod Service32;iPod Service ;c:\windows\system32\atipdlxx32.exe [2011-08-16 1208832]
S3 LynxWDM;LynxWDM;c:\windows\system32\DRIVERS\LynxWDM.sys [2008-06-27 196744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2344)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\odpdx3232.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-18 15:34:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 22:34
ComboFix2.txt 2012-05-16 22:40
.
Pre-Run: 34,908,196,864 bytes free
Post-Run: 35,001,540,608 bytes free
.
- - End Of File - - E3E7F8622C5443D47E3A2E1621108154

#20
MrCharlie
Posted 18 May 2012 - 05:40 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 17,422 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA
Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us