Backdoor.Trace and slow internet buffering

deviruchi · February 29, 2012

Hello!!

I noticed that my internet buffering is so slow.

I just scanned my pc and got this virus called "Backdoor.Trace" and it's location was in the registry (I forgot where it is) so I removed it using malwarebytes but my buffering is STILL SLOW. Im guessing this might be a RAT.

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by barok at 19:17:00 on 2012-02-29

Microsoft Windows 7 Home Basic 6.1.7600.0.1252.63.1033.18.1917.265 [GMT 8:00]

.

AV: Sunbelt VIPRE *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Sunbelt VIPRE *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agrsmsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

c:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\hp\HP Software Update\hpwuschd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Internet Download Manager\IDMan.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\notepad.exe

C:\Users\barok\Desktop\Tata's Files\openkore Phishing Payon\start.exe

C:\Windows\system32\conhost.exe

C:\Users\barok\Desktop\Tata's Files\openkore Phishing alberta\start.exe

C:\Windows\system32\conhost.exe

C:\Users\barok\Desktop\Tata's Files\Openkore phishing pront\start.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt

BHO: AutorunsDisabled - No File

BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

uPolicies-explorer: HideSCAHealth = 1 (0x1)

uPolicies-explorer: NoThumbnailCache = 1 (0x1)

uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm

IE: Download with IDM - c:\program files\internet download manager\IEExt.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: DhcpNameServer = 192.168.254.254

TCP: Interfaces\{6852BE8E-2573-4EB2-AE15-6D94F1CC0CBA} : DhcpNameServer = 202.126.40.5 222.127.143.5

TCP: Interfaces\{8558561B-0AF9-40FA-BFE4-6DA101706666} : DhcpNameServer = 192.168.254.254

TCP: Interfaces\{9D4AEC3F-99C4-4B61-97ED-D496587182D2} : DhcpNameServer = 192.168.254.254

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\barok\appdata\roaming\mozilla\firefox\profiles\9pxlbsm7.default\

FF - prefs.js: network.proxy.http - 203.177.193.102

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.type - 0

FF - component: c:\users\barok\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\barok\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2011-3-21 5281672]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]

R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-26 89888]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-2 652360]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2011-3-18 46680]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-1 20464]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-29 40776]

R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-11 381032]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]

S2 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]

S2 SetupARService;SetupARService;c:\program files\realtek\audio\SetupAfterRebootService.exe [2011-5-11 24576]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]

S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]

S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]

S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]

S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2011-4-19 36928]

.

=============== Created Last 30 ================

.

2012-02-29 10:31:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-29 02:35:49 -------- d-----w- c:\users\barok\appdata\local\ElevatedDiagnostics

2012-02-08 17:57:29 -------- d-----w- c:\program files\iTunes

2012-02-08 17:39:38 -------- d-----w- c:\users\barok\appdata\roaming\WindSolutions

2012-02-08 17:39:37 -------- d-----w- c:\programdata\WindSolutions

.

==================== Find3M ====================

.

2012-02-08 11:32:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 05:49:17 48128 ----a-w- c:\users\barok\appdata\roaming\msvcp101.dll

2012-01-14 04:43:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-26 08:26:04 866604 ----a-w- c:\windows\ASD.HS4L

2011-12-18 09:50:11 1467200 ----a-w- c:\windows\system32\msvcr100d.dll

2011-12-14 16:02:12 21504 ----a-w- c:\users\barok\appdata\roaming\msvcp110.dll

2011-12-10 07:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 19:17:13.18 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Basic

Boot Device: \Device\HarddiskVolume1

Install Date: 10/21/2010 6:58:13 PM

System Uptime: 2/29/2012 6:29:09 PM (1 hours ago)

.

Motherboard: FOXCONN | | ETON

Processor: Intel® Core2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 244.011 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 1.404 GiB free.

E: is CDROM ()

F: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

µTorrent

001 Joiner

ActiveCheck component for HP Active Support Library

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Player 9 ActiveX

Adobe Shockwave Player 11.5

Alcor Micro USB Card Reader

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 1.3.13 (Unicode)

Auslogics BoostSpeed

CCleaner

Cheat Engine 6.1

Compatibility Pack for the 2007 Office system

Components Setup

CopyTrans Suite Remove Only

DirectX for Managed Code Update (Summer 2004)

Driver Reviver

Facebook Video Calling 1.0.0.8714

Facebook Video Calling 1.0.0.8953

Facebook Video Calling 1.1.0.13

Facebook Video Calling 1.1.1.1

Fiddler2

FileZilla Client 3.5.0

FLV to MP3 Converter

Game Booster 3

Garena - Heroes of Newerth

Garena Classic 2011

Garena Plus

Google Chrome

Google Update Helper

Hardware Diagnostic Tools

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)

Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP MediaSmart SmartMenu

HP Odometer

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

Human Japanese 2.0

HxD Hex Editor version 1.7.7.0

IM Magician

Intel® Graphics Media Accelerator Driver

Interlok driver setup x32

Internet Download Manager

Java Auto Updater

Java 6 Update 22

LabelPrint

LAME v3.98.3 for Audacity

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

MediaInfo 0.7.53

Microsoft Office 2003 Web Components

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Office XP Web Components

Microsoft Silverlight

Microsoft Visual Basic 2008 Express Edition with SP1 - ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu

Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

Microsoft Works

Microsoft WSE 3.0 Runtime

Mozilla Firefox 9.0.1 (x86 en-US)

Mp3tag v2.49

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetLimiter 3

OpenOffice.org 3.3

plist Editor for Windows 1.0.2

Power2Go

PowerDirector

PowerRecover

Process Hacker 2.22

Proxifier version 2.91

PunkBuster Services

QuickTime

QuickTime Alternative 1.81

RagnarokOnline-Valkyrie

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

S4 League_EU

SIMetrix Intro

SIMetrix/SIMPLIS Intro

Switch Sound File Converter

System Requirements Lab CYRI

Ubisoft Game Launcher

VC 9.0 Runtime

VirtualCloneDrive

VLC media player 1.1.5

Windows Movie Maker 2.6

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/29/2012 6:31:55 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.

2/29/2012 6:29:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

2/29/2012 6:29:35 PM, Error: Service Control Manager [7000] - The altio service failed to start due to the following error: The system cannot find the path specified.

2/29/2012 6:25:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.

2/29/2012 6:24:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.

2/29/2012 6:24:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

2/29/2012 6:24:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.

2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

MalwareBytes Scan log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.29.02

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

barok :: BAROK-PC [administrator]

Protection: Enabled

2/29/2012 6:33:33 PM

mbam-log-2012-02-29 (18-33-33).txt

Scan type: Quick scan

Scan options disabled:

Objects scanned: 176349

Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Elise · March 1, 2012

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

deviruchi · March 1, 2012

My Combofix stucks on the "Preparing the log report"

I'm currently trying to run it again

20:30:44.0919 2588 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24

20:30:45.0621 2588 ============================================================

20:30:45.0621 2588 Current date / time: 2012/03/01 20:30:45.0621

20:30:45.0621 2588 SystemInfo:

20:30:45.0621 2588

20:30:45.0621 2588 OS Version: 6.1.7600 ServicePack: 0.0

20:30:45.0621 2588 Product type: Workstation

20:30:45.0621 2588 ComputerName: BAROK-PC

20:30:45.0621 2588 UserName: barok

20:30:45.0621 2588 Windows directory: C:\Windows

20:30:45.0621 2588 System windows directory: C:\Windows

20:30:45.0621 2588 Processor architecture: Intel x86

20:30:45.0621 2588 Number of processors: 4

20:30:45.0621 2588 Page size: 0x1000

20:30:45.0621 2588 Boot type: Normal boot

20:30:45.0621 2588 ============================================================

20:30:46.0510 2588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

20:30:46.0510 2588 \Device\Harddisk0\DR0:

20:30:46.0510 2588 MBR used

20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x23F8C7C1

20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23FBF800, BlocksNum 0x146E800

20:30:46.0573 2588 Initialize success

20:30:46.0573 2588 ============================================================

20:30:48.0336 3804 ============================================================

20:30:48.0336 3804 Scan started

20:30:48.0336 3804 Mode: Manual;

20:30:48.0336 3804 ============================================================

20:30:49.0552 3804 1394hub - ok

20:30:49.0630 3804 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

20:30:49.0630 3804 1394ohci - ok

20:30:49.0662 3804 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

20:30:49.0662 3804 ACPI - ok

20:30:49.0677 3804 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

20:30:49.0693 3804 AcpiPmi - ok

20:30:49.0724 3804 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

20:30:49.0724 3804 adp94xx - ok

20:30:49.0755 3804 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

20:30:49.0755 3804 adpahci - ok

20:30:49.0771 3804 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

20:30:49.0771 3804 adpu320 - ok

20:30:49.0818 3804 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

20:30:49.0818 3804 AFD - ok

20:30:49.0880 3804 AgereSoftModem (75e3fec5a4aac46fff76ac794c8340ea) C:\Windows\system32\DRIVERS\AGRSM.sys

20:30:49.0911 3804 AgereSoftModem - ok

20:30:49.0927 3804 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

20:30:49.0942 3804 agp440 - ok

20:30:49.0974 3804 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

20:30:49.0974 3804 aic78xx - ok

20:30:50.0005 3804 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

20:30:50.0005 3804 aliide - ok

20:30:50.0052 3804 altio - ok

20:30:50.0067 3804 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

20:30:50.0067 3804 amdagp - ok

20:30:50.0083 3804 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

20:30:50.0083 3804 amdide - ok

20:30:50.0130 3804 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

20:30:50.0130 3804 AmdK8 - ok

20:30:50.0130 3804 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

20:30:50.0130 3804 AmdPPM - ok

20:30:50.0176 3804 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys

20:30:50.0176 3804 amdsata - ok

20:30:50.0192 3804 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

20:30:50.0192 3804 amdsbs - ok

20:30:50.0208 3804 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys

20:30:50.0208 3804 amdxata - ok

20:30:50.0239 3804 AmUStor (755d74bed450f7342f9d0ab01efcf1aa) C:\Windows\system32\drivers\AmUStor.SYS

20:30:50.0239 3804 AmUStor - ok

20:30:50.0270 3804 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

20:30:50.0270 3804 AppID - ok

20:30:50.0348 3804 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

20:30:50.0348 3804 arc - ok

20:30:50.0348 3804 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

20:30:50.0364 3804 arcsas - ok

20:30:50.0379 3804 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

20:30:50.0379 3804 AsyncMac - ok

20:30:50.0410 3804 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

20:30:50.0410 3804 atapi - ok

20:30:50.0473 3804 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

20:30:50.0473 3804 b06bdrv - ok

20:30:50.0488 3804 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

20:30:50.0488 3804 b57nd60x - ok

20:30:50.0520 3804 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

20:30:50.0520 3804 Beep - ok

20:30:50.0551 3804 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

20:30:50.0551 3804 blbdrive - ok

20:30:50.0582 3804 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

20:30:50.0582 3804 bowser - ok

20:30:50.0598 3804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:30:50.0598 3804 BrFiltLo - ok

20:30:50.0613 3804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:30:50.0613 3804 BrFiltUp - ok

20:30:50.0629 3804 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

20:30:50.0629 3804 BridgeMP - ok

20:30:50.0676 3804 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

20:30:50.0676 3804 Brserid - ok

20:30:50.0691 3804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

20:30:50.0691 3804 BrSerWdm - ok

20:30:50.0707 3804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:30:50.0707 3804 BrUsbMdm - ok

20:30:50.0722 3804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

20:30:50.0722 3804 BrUsbSer - ok

20:30:50.0754 3804 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

20:30:50.0754 3804 BTHMODEM - ok

20:30:50.0832 3804 catchme - ok

20:30:50.0910 3804 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

20:30:50.0910 3804 cdfs - ok

20:30:50.0972 3804 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

20:30:50.0972 3804 cdrom - ok

20:30:51.0019 3804 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

20:30:51.0019 3804 circlass - ok

20:30:51.0050 3804 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

20:30:51.0050 3804 CLFS - ok

20:30:51.0159 3804 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

20:30:51.0159 3804 CmBatt - ok

20:30:51.0175 3804 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

20:30:51.0190 3804 cmdide - ok

20:30:51.0222 3804 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys

20:30:51.0222 3804 CNG - ok

20:30:51.0237 3804 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

20:30:51.0237 3804 Compbatt - ok

20:30:51.0284 3804 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:30:51.0284 3804 CompositeBus - ok

20:30:51.0300 3804 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

20:30:51.0315 3804 crcdisk - ok

20:30:51.0502 3804 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys

20:30:51.0502 3804 DfsC - ok

20:30:51.0518 3804 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

20:30:51.0518 3804 discache - ok

20:30:51.0549 3804 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

20:30:51.0565 3804 Disk - ok

20:30:51.0596 3804 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

20:30:51.0596 3804 drmkaud - ok

20:30:51.0643 3804 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys

20:30:51.0658 3804 DXGKrnl - ok

20:30:51.0752 3804 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

20:30:51.0799 3804 ebdrv - ok

20:30:51.0924 3804 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys

20:30:51.0924 3804 ElbyCDIO - ok

20:30:51.0970 3804 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

20:30:51.0970 3804 elxstor - ok

20:30:52.0002 3804 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

20:30:52.0002 3804 ErrDev - ok

20:30:52.0033 3804 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

20:30:52.0033 3804 exfat - ok

20:30:52.0048 3804 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

20:30:52.0048 3804 fastfat - ok

20:30:52.0080 3804 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

20:30:52.0080 3804 fdc - ok

20:30:52.0111 3804 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

20:30:52.0111 3804 FileInfo - ok

20:30:52.0126 3804 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

20:30:52.0126 3804 Filetrace - ok

20:30:52.0142 3804 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

20:30:52.0142 3804 flpydisk - ok

20:30:52.0173 3804 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

20:30:52.0173 3804 FltMgr - ok

20:30:52.0189 3804 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

20:30:52.0189 3804 FsDepends - ok

20:30:52.0220 3804 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

20:30:52.0220 3804 Fs_Rec - ok

20:30:52.0251 3804 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

20:30:52.0251 3804 fvevol - ok

20:30:52.0282 3804 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:30:52.0282 3804 gagp30kx - ok

20:30:52.0376 3804 GGSAFERDriver - ok

20:30:52.0454 3804 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

20:30:52.0454 3804 hcw85cir - ok

20:30:52.0501 3804 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

20:30:52.0501 3804 HdAudAddService - ok

20:30:52.0516 3804 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:30:52.0516 3804 HDAudBus - ok

20:30:52.0532 3804 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

20:30:52.0532 3804 HidBatt - ok

20:30:52.0548 3804 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

20:30:52.0548 3804 HidBth - ok

20:30:52.0563 3804 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

20:30:52.0579 3804 HidIr - ok

20:30:52.0594 3804 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

20:30:52.0594 3804 HidUsb - ok

20:30:52.0719 3804 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

20:30:52.0719 3804 HpSAMD - ok

20:30:52.0766 3804 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

20:30:52.0782 3804 HTTP - ok

20:30:52.0797 3804 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

20:30:52.0797 3804 hwpolicy - ok

20:30:52.0828 3804 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

20:30:52.0828 3804 i8042prt - ok

20:30:52.0860 3804 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys

20:30:52.0860 3804 iaStorV - ok

20:30:52.0891 3804 IDMWFP (7fc796d62dbdf6d33f4792a3674da4c9) C:\Windows\system32\DRIVERS\idmwfp.sys

20:30:52.0891 3804 IDMWFP - ok

20:30:53.0016 3804 igfx (8828710129b835fd59e8be6615eb3786) C:\Windows\system32\DRIVERS\igdkmd32.sys

20:30:53.0109 3804 igfx - ok

20:30:53.0125 3804 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

20:30:53.0140 3804 iirsp - ok

20:30:53.0218 3804 IntcAzAudAddService (345ac48d17f5c2f2aa1ee50d34c3978b) C:\Windows\system32\drivers\RTKVHDA.sys

20:30:53.0281 3804 IntcAzAudAddService - ok

20:30:53.0312 3804 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

20:30:53.0312 3804 intelide - ok

20:30:53.0343 3804 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

20:30:53.0343 3804 intelppm - ok

20:30:53.0359 3804 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:30:53.0374 3804 IpFilterDriver - ok

20:30:53.0406 3804 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

20:30:53.0406 3804 IPMIDRV - ok

20:30:53.0421 3804 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

20:30:53.0421 3804 IPNAT - ok

20:30:53.0452 3804 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

20:30:53.0452 3804 IRENUM - ok

20:30:53.0468 3804 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

20:30:53.0468 3804 isapnp - ok

20:30:53.0484 3804 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

20:30:53.0499 3804 iScsiPrt - ok

20:30:53.0530 3804 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys

20:30:53.0530 3804 ivusb - ok

20:30:53.0577 3804 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

20:30:53.0577 3804 kbdclass - ok

20:30:53.0608 3804 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

20:30:53.0608 3804 kbdhid - ok

20:30:53.0624 3804 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys

20:30:53.0624 3804 KSecDD - ok

20:30:53.0640 3804 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys

20:30:53.0655 3804 KSecPkg - ok

20:30:53.0702 3804 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\Windows\system32\DRIVERS\libusb0.sys

20:30:53.0702 3804 libusb0 - ok

20:30:53.0749 3804 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

20:30:53.0749 3804 lltdio - ok

20:30:53.0796 3804 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:30:53.0796 3804 LSI_FC - ok

20:30:53.0811 3804 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:30:53.0811 3804 LSI_SAS - ok

20:30:53.0827 3804 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:30:53.0827 3804 LSI_SAS2 - ok

20:30:53.0842 3804 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:30:53.0842 3804 LSI_SCSI - ok

20:30:53.0858 3804 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

20:30:53.0858 3804 luafv - ok

20:30:53.0952 3804 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

20:30:53.0952 3804 MBAMProtector - ok

20:30:53.0998 3804 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

20:30:53.0998 3804 megasas - ok

20:30:54.0030 3804 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

20:30:54.0030 3804 MegaSR - ok

20:30:54.0061 3804 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

20:30:54.0061 3804 Modem - ok

20:30:54.0092 3804 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

20:30:54.0092 3804 monitor - ok

20:30:54.0123 3804 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

20:30:54.0123 3804 mouclass - ok

20:30:54.0154 3804 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

20:30:54.0154 3804 mouhid - ok

20:30:54.0154 3804 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

20:30:54.0170 3804 mountmgr - ok

20:30:54.0186 3804 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

20:30:54.0186 3804 mpio - ok

20:30:54.0201 3804 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

20:30:54.0201 3804 mpsdrv - ok

20:30:54.0232 3804 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

20:30:54.0232 3804 MRxDAV - ok

20:30:54.0264 3804 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:30:54.0264 3804 mrxsmb - ok

20:30:54.0279 3804 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:30:54.0279 3804 mrxsmb10 - ok

20:30:54.0295 3804 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:30:54.0295 3804 mrxsmb20 - ok

20:30:54.0310 3804 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

20:30:54.0310 3804 msahci - ok

20:30:54.0326 3804 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

20:30:54.0326 3804 msdsm - ok

20:30:54.0373 3804 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

20:30:54.0373 3804 Msfs - ok

20:30:54.0388 3804 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

20:30:54.0388 3804 mshidkmdf - ok

20:30:54.0404 3804 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

20:30:54.0404 3804 msisadrv - ok

20:30:54.0451 3804 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

20:30:54.0451 3804 MSKSSRV - ok

20:30:54.0482 3804 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys

20:30:54.0498 3804 msloop - ok

20:30:54.0513 3804 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

20:30:54.0513 3804 MSPCLOCK - ok

20:30:54.0529 3804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

20:30:54.0529 3804 MSPQM - ok

20:30:54.0544 3804 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

20:30:54.0544 3804 MsRPC - ok

20:30:54.0576 3804 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

20:30:54.0576 3804 mssmbios - ok

20:30:54.0607 3804 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

20:30:54.0607 3804 MSTEE - ok

20:30:54.0622 3804 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

20:30:54.0622 3804 MTConfig - ok

20:30:54.0654 3804 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

20:30:54.0654 3804 Mup - ok

20:30:54.0685 3804 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

20:30:54.0685 3804 NativeWifiP - ok

20:30:54.0732 3804 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

20:30:54.0747 3804 NDIS - ok

20:30:54.0778 3804 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

20:30:54.0778 3804 NdisCap - ok

20:30:54.0794 3804 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

20:30:54.0794 3804 NdisTapi - ok

20:30:54.0841 3804 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

20:30:54.0841 3804 Ndisuio - ok

20:30:54.0872 3804 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

20:30:54.0872 3804 NdisWan - ok

20:30:54.0888 3804 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

20:30:54.0888 3804 NDProxy - ok

20:30:54.0919 3804 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys

20:30:54.0919 3804 Netaapl - ok

20:30:54.0950 3804 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

20:30:54.0950 3804 NetBIOS - ok

20:30:54.0966 3804 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

20:30:54.0966 3804 NetBT - ok

20:30:55.0012 3804 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

20:30:55.0012 3804 nfrd960 - ok

20:30:55.0137 3804 NLNdisMP (1b49b83747509b2b1d707cd4b09aa504) C:\Windows\system32\DRIVERS\nlndis.sys

20:30:55.0231 3804 NLNdisMP - ok

20:30:55.0324 3804 NLNdisPT (1b49b83747509b2b1d707cd4b09aa504) C:\Windows\system32\DRIVERS\nlndis.sys

20:30:55.0356 3804 NLNdisPT - ok

20:30:55.0496 3804 nltdi (6fe26694c94f1a63af066d7a557f69d3) C:\Program Files\NetLimiter 3\nltdi.sys

20:30:55.0574 3804 nltdi - ok

20:30:55.0636 3804 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

20:30:55.0636 3804 Npfs - ok

20:30:55.0730 3804 npkcrypt (aaf9b4df67938753cb21808ea3574242) C:\Program Files\Level Up Games\Ragnarok Online\npkcrypt.sys

20:30:55.0730 3804 npkcrypt - ok

20:30:55.0761 3804 npkcusb (3c956a5513a53e2244f0773104fa6d8f) C:\Program Files\Level Up Games\Ragnarok Online\npkcusb.sys

20:30:55.0761 3804 npkcusb - ok

20:30:55.0824 3804 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

20:30:55.0824 3804 nsiproxy - ok

20:30:55.0886 3804 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys

20:30:55.0902 3804 Ntfs - ok

20:30:55.0917 3804 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

20:30:55.0917 3804 Null - ok

20:30:55.0980 3804 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys

20:30:55.0980 3804 nvraid - ok

20:30:56.0011 3804 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys

20:30:56.0011 3804 nvstor - ok

20:30:56.0042 3804 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

20:30:56.0042 3804 nv_agp - ok

20:30:56.0058 3804 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

20:30:56.0058 3804 ohci1394 - ok

20:30:56.0089 3804 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

20:30:56.0089 3804 Parport - ok

20:30:56.0104 3804 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

20:30:56.0104 3804 partmgr - ok

20:30:56.0120 3804 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

20:30:56.0136 3804 Parvdm - ok

20:30:56.0151 3804 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

20:30:56.0151 3804 pci - ok

20:30:56.0167 3804 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

20:30:56.0167 3804 pciide - ok

20:30:56.0198 3804 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

20:30:56.0198 3804 pcmcia - ok

20:30:56.0214 3804 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

20:30:56.0214 3804 pcw - ok

20:30:56.0245 3804 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

20:30:56.0260 3804 PEAUTH - ok

20:30:56.0307 3804 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

20:30:56.0307 3804 PptpMiniport - ok

20:30:56.0338 3804 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

20:30:56.0338 3804 Processor - ok

20:30:56.0370 3804 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

20:30:56.0370 3804 Psched - ok

20:30:56.0401 3804 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys

20:30:56.0401 3804 PsSdk41 - ok

20:30:56.0448 3804 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

20:30:56.0479 3804 ql2300 - ok

20:30:56.0494 3804 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

20:30:56.0526 3804 ql40xx - ok

20:30:56.0557 3804 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

20:30:56.0557 3804 QWAVEdrv - ok

20:30:56.0572 3804 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

20:30:56.0572 3804 RasAcd - ok

20:30:56.0604 3804 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:30:56.0604 3804 RasAgileVpn - ok

20:30:56.0619 3804 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:30:56.0619 3804 Rasl2tp - ok

20:30:56.0650 3804 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

20:30:56.0650 3804 RasPppoe - ok

20:30:56.0682 3804 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

20:30:56.0682 3804 RasSstp - ok

20:30:56.0713 3804 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

20:30:56.0713 3804 rdbss - ok

20:30:56.0728 3804 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

20:30:56.0728 3804 rdpbus - ok

20:30:56.0744 3804 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:30:56.0760 3804 RDPCDD - ok

20:30:56.0775 3804 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

20:30:56.0775 3804 RDPENCDD - ok

20:30:56.0791 3804 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

20:30:56.0791 3804 RDPREFMP - ok

20:30:56.0822 3804 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

20:30:56.0822 3804 RDPWD - ok

20:30:56.0869 3804 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

20:30:56.0869 3804 rdyboost - ok

20:30:56.0916 3804 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

20:30:56.0916 3804 rspndr - ok

20:30:56.0947 3804 RTL8167 (3e7c3e75a40118e267db10fe4cbce0da) C:\Windows\system32\DRIVERS\Rt86win7.sys

20:30:56.0962 3804 RTL8167 - ok

20:30:56.0994 3804 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

20:30:56.0994 3804 sbp2port - ok

20:30:57.0009 3804 SBRE - ok

20:30:57.0040 3804 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

20:30:57.0040 3804 scfilter - ok

20:30:57.0072 3804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

20:30:57.0072 3804 secdrv - ok

20:30:57.0103 3804 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

20:30:57.0103 3804 Serenum - ok

20:30:57.0118 3804 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

20:30:57.0118 3804 Serial - ok

20:30:57.0134 3804 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

20:30:57.0134 3804 sermouse - ok

20:30:57.0165 3804 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

20:30:57.0165 3804 sffdisk - ok

20:30:57.0181 3804 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

20:30:57.0181 3804 sffp_mmc - ok

20:30:57.0196 3804 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:30:57.0196 3804 sffp_sd - ok

20:30:57.0228 3804 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

20:30:57.0228 3804 sfloppy - ok

20:30:57.0259 3804 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

20:30:57.0259 3804 sisagp - ok

20:30:57.0290 3804 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:30:57.0290 3804 SiSRaid2 - ok

20:30:57.0306 3804 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

20:30:57.0306 3804 SiSRaid4 - ok

20:30:57.0337 3804 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

20:30:57.0337 3804 Smb - ok

20:30:57.0368 3804 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

20:30:57.0368 3804 spldr - ok

20:30:57.0446 3804 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys

20:30:57.0446 3804 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46

20:30:57.0446 3804 sptd ( LockedFile.Multi.Generic ) - warning

20:30:57.0446 3804 sptd - detected LockedFile.Multi.Generic (1)

20:30:57.0462 3804 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

20:30:57.0477 3804 srv - ok

20:30:57.0493 3804 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

20:30:57.0493 3804 srv2 - ok

20:30:57.0508 3804 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

20:30:57.0508 3804 srvnet - ok

20:30:57.0540 3804 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

20:30:57.0540 3804 stexstor - ok

20:30:57.0555 3804 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

20:30:57.0571 3804 swenum - ok

20:30:57.0664 3804 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys

20:30:57.0664 3804 tap0901 - ok

20:30:57.0711 3804 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys

20:30:57.0742 3804 Tcpip - ok

20:30:57.0774 3804 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys

20:30:57.0774 3804 TCPIP6 - ok

20:30:57.0805 3804 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

20:30:57.0805 3804 tcpipreg - ok

20:30:57.0820 3804 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

20:30:57.0820 3804 TDPIPE - ok

20:30:57.0836 3804 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

20:30:57.0836 3804 TDTCP - ok

20:30:57.0852 3804 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

20:30:57.0852 3804 tdx - ok

20:30:57.0867 3804 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

20:30:57.0883 3804 TermDD - ok

20:30:57.0930 3804 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys

20:30:57.0930 3804 TPkd - ok

20:30:57.0961 3804 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:30:57.0961 3804 tssecsrv - ok

20:30:57.0992 3804 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

20:30:57.0992 3804 tunnel - ok

20:30:58.0023 3804 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

20:30:58.0023 3804 uagp35 - ok

20:30:58.0054 3804 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

20:30:58.0054 3804 udfs - ok

20:30:58.0086 3804 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

20:30:58.0101 3804 uliagpkx - ok

20:30:58.0117 3804 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

20:30:58.0132 3804 umbus - ok

20:30:58.0164 3804 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

20:30:58.0164 3804 UmPass - ok

20:30:58.0195 3804 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

20:30:58.0195 3804 USBAAPL - ok

20:30:58.0242 3804 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys

20:30:58.0242 3804 usbaudio - ok

20:30:58.0273 3804 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys

20:30:58.0273 3804 usbccgp - ok

20:30:58.0304 3804 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

20:30:58.0304 3804 usbcir - ok

20:30:58.0320 3804 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys

20:30:58.0320 3804 usbehci - ok

20:30:58.0351 3804 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys

20:30:58.0351 3804 usbhub - ok

20:30:58.0382 3804 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys

20:30:58.0382 3804 usbohci - ok

20:30:58.0413 3804 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

20:30:58.0413 3804 usbprint - ok

20:30:58.0460 3804 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\drivers\USBSTOR.SYS

20:30:58.0460 3804 USBSTOR - ok

20:30:58.0476 3804 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys

20:30:58.0476 3804 usbuhci - ok

20:30:58.0538 3804 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys

20:30:58.0538 3804 usbvideo - ok

20:30:58.0569 3804 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys

20:30:58.0569 3804 VClone - ok

20:30:58.0585 3804 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

20:30:58.0585 3804 vdrvroot - ok

20:30:58.0616 3804 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

20:30:58.0632 3804 vga - ok

20:30:58.0647 3804 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

20:30:58.0647 3804 VgaSave - ok

20:30:58.0663 3804 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

20:30:58.0663 3804 vhdmp - ok

20:30:58.0694 3804 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

20:30:58.0710 3804 viaagp - ok

20:30:58.0725 3804 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

20:30:58.0725 3804 ViaC7 - ok

20:30:58.0725 3804 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

20:30:58.0725 3804 viaide - ok

20:30:58.0741 3804 VMnetAdapter - ok

20:30:58.0756 3804 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

20:30:58.0772 3804 volmgr - ok

20:30:58.0788 3804 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

20:30:58.0788 3804 volmgrx - ok

20:30:58.0803 3804 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

20:30:58.0819 3804 volsnap - ok

20:30:58.0850 3804 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

20:30:58.0850 3804 vsmraid - ok

20:30:58.0866 3804 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

20:30:58.0866 3804 vwifibus - ok

20:30:58.0881 3804 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

20:30:58.0881 3804 WacomPen - ok

20:30:58.0912 3804 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:30:58.0912 3804 WANARP - ok

20:30:58.0928 3804 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

20:30:58.0928 3804 Wanarpv6 - ok

20:30:58.0959 3804 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

20:30:58.0959 3804 Wd - ok

20:30:58.0975 3804 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

20:30:58.0990 3804 Wdf01000 - ok

20:30:59.0037 3804 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

20:30:59.0037 3804 WfpLwf - ok

20:30:59.0068 3804 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

20:30:59.0084 3804 WIMMount - ok

20:30:59.0162 3804 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

20:30:59.0162 3804 WinUsb - ok

20:30:59.0193 3804 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:30:59.0193 3804 WmiAcpi - ok

20:30:59.0224 3804 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

20:30:59.0224 3804 ws2ifsl - ok

20:30:59.0256 3804 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

20:30:59.0256 3804 WudfPf - ok

20:30:59.0302 3804 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:30:59.0302 3804 WUDFRd - ok

20:30:59.0334 3804 XDva391 - ok

20:30:59.0380 3804 MBR (0x1B8) (467b76a6cd2b7793e362988385ebcaa9) \Device\Harddisk0\DR0

20:30:59.0536 3804 \Device\Harddisk0\DR0 - ok

20:30:59.0552 3804 Boot (0x1200) (c77f94d43fb62c439efbdff13d7f63c6) \Device\Harddisk0\DR0\Partition0

20:30:59.0552 3804 \Device\Harddisk0\DR0\Partition0 - ok

20:30:59.0552 3804 Boot (0x1200) (34f304914f3ef036c2263247552cf744) \Device\Harddisk0\DR0\Partition1

20:30:59.0568 3804 \Device\Harddisk0\DR0\Partition1 - ok

20:30:59.0599 3804 Boot (0x1200) (4b679ed851901d1d467133c07f72a2f5) \Device\Harddisk0\DR0\Partition2

20:30:59.0599 3804 \Device\Harddisk0\DR0\Partition2 - ok

20:30:59.0599 3804 ============================================================

20:30:59.0599 3804 Scan finished

20:30:59.0599 3804 ============================================================

20:30:59.0599 3448 Detected object count: 1

20:30:59.0599 3448 Actual detected object count: 1

20:31:10.0176 3448 C:\Windows\System32\Drivers\sptd.sys - copied to quarantine

20:31:10.0191 3448 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot

20:31:10.0238 3448 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot

20:31:10.0254 3448 C:\Windows\System32\Drivers\sptd.sys - will be deleted on reboot

20:31:10.0254 3448 sptd ( LockedFile.Multi.Generic ) - User select action: Delete

20:31:13.0062 3184 Deinitialize success

Elise · March 1, 2012

Just give it some more time, it may sometimes take quite some time before it pops up.

deviruchi · March 1, 2012

Seems like it's stucked for an hour already.

deviruchi · March 1, 2012

My combofix can only produce this log

ComboFix 12-03-01.01 - barok 03/01/2012 21:06:38.3.4 - x86

Microsoft Windows 7 Home Basic 6.1.7600.0.1252.63.1033.18.1917.920 [GMT 8:00]

Running from: C:\Users\barok\Downloads\broni.com

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))

2012-03-01 12:45:38 . 2012-03-01 13:05:47 -------- d-----w- C:\ComboFix

2012-03-01 12:31:10 . 2012-03-01 12:31:10 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-01 11:57:45 . 2012-03-01 13:12:43 -------- d-----w- C:\Users\barok\AppData\Local\temp

2012-02-29 12:11:36 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys

2012-02-29 12:11:35 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys

2012-02-29 12:11:30 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll

2012-02-29 08:50:38 . 2012-01-03 05:44:24 478208 ----a-w- C:\Windows\system32\timedate.cpl

2012-02-29 08:41:35 . 2012-01-14 03:48:30 2340864 ----a-w- C:\Windows\system32\win32k.sys

2012-02-08 17:57:29 . 2012-02-08 17:57:29 -------- d-----w- C:\Program Files\iTunes

2012-02-08 17:39:38 . 2012-02-08 17:57:35 -------- d-----w- C:\Users\barok\AppData\Roaming\WindSolutions

2012-02-08 17:39:37 . 2012-02-08 17:47:15 -------- d-----w- C:\ProgramData\WindSolutions

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-08 11:32:14 . 2011-08-14 13:45:32 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2012-01-14 04:43:17 . 2010-12-24 16:14:17 472808 ----a-w- C:\Windows\system32\deployJava1.dll

2011-12-26 08:26:04 . 2011-12-26 15:28:55 866604 ----a-w- C:\Windows\ASD.HS4L

2011-12-18 09:50:11 . 2011-12-18 09:49:56 1467200 ----a-w- C:\Windows\system32\msvcr100d.dll

2011-12-10 07:24:06 . 2011-04-01 09:28:26 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-01-11 12:48:09 . 2011-12-08 10:23:46 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 06:53:18 460872]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 07:13:56 11430504]

"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 06:53:16 981680]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 18:41:12 49208]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-11-15 07:14:19 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableStartupSound"= 1 (0x1)

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoThumbnailCache"= 1 (0x1)

"DisableThumbnailsOnNetworkFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /k:D *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Users\barok\AppData\Local\Google\Update\GoogleUpdate.exe [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2011-05-09 18:41:12 49208 ----a-w- c:\Program Files\hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]

2010-06-29 16:14:08 1689144 ----a-w- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]

2009-07-08 06:39:16 567864 ----a-w- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-11-15 07:14:19 248552 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

2009-05-26 22:31:29 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

R1 SBRE;SBRE; [x]

R2 altio;altio;C:\Program Files\Altium Designer Summer 08\System\Drivers\altio.sys [x]

R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:12 136176]

R2 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\Windows\system32\DRIVERS\libusb0.sys [2006-05-29 23:53:18 29184]

R2 SetupARService;SetupARService;C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [2011-05-11 15:42:27 24576]

R3 1394hub;1394 Enabled Hub;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]

R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files\Garena Plus\Room\safedrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:12 136176]

R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 16:25:02 25112]

R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [2011-08-02 09:38:44 18432]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 08:44:26 5230088]

R3 PsSdk41;PsSdk41;C:\Windows\system32\Drivers\pssdk41.sys [2011-05-04 03:48:25 36928]

R3 XDva391;XDva391;C:\Windows\system32\XDva391.sys [x]

S1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 08:44:24 5281672]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 05:16:28 130384]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 09:27:38 92216]

S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 06:53:18 652360]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 05:36:18 46680]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-12-10 07:24:06 20464]

S3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 08:44:26 5230088]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-04-22 00:17:04 381032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc

HPService REG_MULTI_SZ HPSLPSVC

Contents of the 'Scheduled Tasks' folder

2012-02-29 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-212954980-3322440367-3007975221-1000Core.job

- C:\Users\barok\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 10:27:32 . 2011-10-21 11:08:13]

2012-02-29 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-212954980-3322440367-3007975221-1000UA.job

- C:\Users\barok\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 10:27:32 . 2011-10-21 11:08:13]

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:08 . 2011-11-15 07:28:12]

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:08 . 2011-11-15 07:28:12]

2012-02-16 C:\Windows\Tasks\HPCeeScheduleForbarok.job

- C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22:28 . 2009-10-06 20:22:28]

2010-10-22 C:\Windows\Tasks\PCDRScheduledMaintenance.job

- C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 23:14:32 . 2009-07-02 11:03:14]

It's not getting updated anymore after this.

Elise · March 1, 2012

Thats okay, most of it shows up. How are things running at this point?

deviruchi · March 1, 2012

Is it okay?? My combofix is still in "Preparing the log report"

My internet connection was faster a little

But I think its still not in the normal speed. I have 1mbps connection

deviruchi · March 1, 2012

Umm is my pc clean?

Elise · March 1, 2012

What exactly is being slow: the computer or the internet? 1 mbps isn't that fast (I think however you know best what is supposed to be a "normal" speed for your internet and what is not).

deviruchi · March 1, 2012

Well I was expecting more virus since I got sality back then and I used sality killer without consulting this forum. Might be clean if you see no more virus haha xD

Elise · March 1, 2012

Sality is an extremely nasty virus and to see if it is still present, best run the following scan.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3. Double click on the
  icon on your desktop.
4. Check "YES, I accept the Terms of Use."
5. Click the Start button.
6. Accept any security warnings from your browser.
7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
  - Scan potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

deviruchi · March 2, 2012

C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined

C:\Program Files\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application cleaned by deleting - quarantined

C:\Users\barok\Desktop\Prototype Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined

C:\Windows\ASD.HS4L Win32/Packed.Autoit.H application deleted - quarantined

D:\Tata's Files\rPE.dll a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantined

D:\Tata's Files\rPE.exe a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantined

D:\Tata's Files\CS 1.6 hacks\SSWv7.0.dll Win32/HackTool.SuperSimpleWall application cleaned by deleting - quarantined

D:\Tata's Files\CS 1.6 hacks\SSWv7.0.exe Win32/HackTool.SuperSimpleWall application cleaned by deleting - quarantined

D:\Tata's Files\CS 1.6 hacks\ECC 5.2\ECC.exe Win32/PSW.OnLineGames.NTY trojan cleaned by deleting - quarantined

D:\Tata's Files\CS 1.6 hacks\Unreal-Stealth Public v6\Unreal-Stealth.exe Win32/HackTool.Unreal-Rage application cleaned by deleting - quarantined

D:\Tata's Files\Undetected Wpe Pro\wpepro.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined

D:\Tata's Files\Undetected Wpe Pro\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined

D:\Tata's Files\WPE\wpe pro.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined

D:\Tata's Files\WPE\wpespy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined

D:\Tata's Files\WPE 0.9\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined

D:\Tata's Files\WPE 0.9\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined

D:\Tata's Files\wpe modified\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined

D:\Tata's Files\wpe modified\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined

D:\Tata's Files\wpe no delay\wpepro_0delay.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined

D:\Tata's Files\wpe no delay\wpespy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined

Seems like im clean.

Elise · March 2, 2012

At this point, yes, but I think you see from what ESET detected that its not a good idea to continue to use questionable downloads as that will most assuredly reinfect your computer.

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Download the latest version of Java Runtime Environment (JRE) Version 7u3.
Look for "JDK 7u3 (JDK or JRE).
Click the "Download JRE" button at the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
[*]Save it to your desktop
[*]Close any programs you may have running - especially your web browser.
[*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
[*]Reboot your computer once all Java components are removed.
[*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

deviruchi · March 2, 2012

I appreciate your help for me. Thanks!!

Elise · March 2, 2012

You are most welcome.

I will request this topic to be closed.

Backdoor.Trace and slow internet buffering

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information