Jump to content


Photo
- - - - -

Backdoor.Trace and slow internet buffering


  • This topic is locked This topic is locked
15 replies to this topic

#1 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 29 February 2012 - 06:21 AM

Hello!!

I noticed that my internet buffering is so slow.
I just scanned my pc and got this virus called "Backdoor.Trace" and it's location was in the registry (I forgot where it is) so I removed it using malwarebytes but my buffering is STILL SLOW. Im guessing this might be a RAT.

DDS.txt



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by barok at 19:17:00 on 2012-02-29
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.63.1033.18.1917.265 [GMT 8:00]
.
AV: Sunbelt VIPRE *Enabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Enabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\notepad.exe
C:\Users\barok\Desktop\Tata's Files\openkore Phishing Payon\start.exe
C:\Windows\system32\conhost.exe
C:\Users\barok\Desktop\Tata's Files\openkore Phishing alberta\start.exe
C:\Windows\system32\conhost.exe
C:\Users\barok\Desktop\Tata's Files\Openkore phishing pront\start.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_PH&c=94&bd=Pavilion&pf=cndt
BHO: AutorunsDisabled - No File
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
uPolicies-explorer: DisableThumbnailsOnNetworkFolders = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableStartupSound = 1 (0x1)
mPolicies-system: DisableStatusMessages = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{6852BE8E-2573-4EB2-AE15-6D94F1CC0CBA} : DhcpNameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{8558561B-0AF9-40FA-BFE4-6DA101706666} : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{9D4AEC3F-99C4-4B61-97ED-D496587182D2} : DhcpNameServer = 192.168.254.254
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\barok\appdata\roaming\mozilla\firefox\profiles\9pxlbsm7.default\
FF - prefs.js: network.proxy.http - 203.177.193.102
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\barok\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\barok\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 nltdi;nltdi;c:\program files\netlimiter 3\nltdi.sys [2011-3-21 5281672]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2010-10-14 92216]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-26 89888]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-2 652360]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2011-3-18 46680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-1 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-2-29 40776]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-11 381032]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]
S2 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-30 29184]
S2 SetupARService;SetupARService;c:\program files\realtek\audio\SetupAfterRebootService.exe [2011-5-11 24576]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-15 136176]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys [2011-3-21 5230088]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2011-4-19 36928]
.
=============== Created Last 30 ================
.
2012-02-29 10:31:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-29 02:35:49 -------- d-----w- c:\users\barok\appdata\local\ElevatedDiagnostics
2012-02-08 17:57:29 -------- d-----w- c:\program files\iTunes
2012-02-08 17:39:38 -------- d-----w- c:\users\barok\appdata\roaming\WindSolutions
2012-02-08 17:39:37 -------- d-----w- c:\programdata\WindSolutions
.
==================== Find3M ====================
.
2012-02-08 11:32:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 05:49:17 48128 ----a-w- c:\users\barok\appdata\roaming\msvcp101.dll
2012-01-14 04:43:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-26 08:26:04 866604 ----a-w- c:\windows\ASD.HS4L
2011-12-18 09:50:11 1467200 ----a-w- c:\windows\system32\msvcr100d.dll
2011-12-14 16:02:12 21504 ----a-w- c:\users\barok\appdata\roaming\msvcp110.dll
2011-12-10 07:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:17:13.18 ===============




Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2010 6:58:13 PM
System Uptime: 2/29/2012 6:29:09 PM (1 hours ago)
.
Motherboard: FOXCONN | | ETON
Processor: Intel® Core™2 Quad CPU Q8400 @ 2.66GHz | CPU 1 | 2670/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 244.011 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 1.404 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ĀµTorrent
001 Joiner
ActiveCheck component for HP Active Support Library
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player 11.5
Alcor Micro USB Card Reader
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.13 (Unicode)
Auslogics BoostSpeed
CCleaner
Cheat Engine 6.1
Compatibility Pack for the 2007 Office system
Components Setup
CopyTrans Suite Remove Only
DirectX for Managed Code Update (Summer 2004)
Driver Reviver
Facebook Video Calling 1.0.0.8714
Facebook Video Calling 1.0.0.8953
Facebook Video Calling 1.1.0.13
Facebook Video Calling 1.1.1.1
Fiddler2
FileZilla Client 3.5.0
FLV to MP3 Converter
Game Booster 3
Garena - Heroes of Newerth
Garena Classic 2011
Garena Plus
Google Chrome
Google Update Helper
Hardware Diagnostic Tools
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
Human Japanese 2.0
HxD Hex Editor version 1.7.7.0
IM Magician
Intel® Graphics Media Accelerator Driver
Interlok driver setup x32
Internet Download Manager
Java Auto Updater
Java™ 6 Update 22
LabelPrint
LAME v3.98.3 for Audacity
LightScribe System Software
Malwarebytes Anti-Malware version 1.60.1.1000
MediaInfo 0.7.53
Microsoft Office 2003 Web Components
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office XP Web Components
Microsoft Silverlight
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox 9.0.1 (x86 en-US)
Mp3tag v2.49
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetLimiter 3
OpenOffice.org 3.3
plist Editor for Windows 1.0.2
Power2Go
PowerDirector
PowerRecover
Process Hacker 2.22
Proxifier version 2.91
PunkBuster Services
QuickTime
QuickTime Alternative 1.81
RagnarokOnline-Valkyrie
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S4 League_EU
SIMetrix Intro
SIMetrix/SIMPLIS Intro
Switch Sound File Converter
System Requirements Lab CYRI
Ubisoft Game Launcher
VC 9.0 Runtime
VirtualCloneDrive
VLC media player 1.1.5
Windows Movie Maker 2.6
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
2/29/2012 6:31:55 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
2/29/2012 6:29:54 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
2/29/2012 6:29:35 PM, Error: Service Control Manager [7000] - The altio service failed to start due to the following error: The system cannot find the path specified.
2/29/2012 6:25:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
2/29/2012 6:24:39 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Workstation service, but this action failed with the following error: An instance of the service is already running.
2/29/2012 6:24:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
2/29/2012 6:24:10 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/29/2012 6:23:44 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:23:39 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/29/2012 6:22:10 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================





MalwareBytes Scan log:

Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.29.02

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
barok :: BAROK-PC [administrator]

Protection: Enabled

2/29/2012 6:33:33 PM
mbam-log-2012-02-29 (18-33-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 176349
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 03:03 AM

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 07:39 AM

My Combofix stucks on the "Preparing the log report"
I'm currently trying to run it again

20:30:44.0919 2588 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
20:30:45.0621 2588 ============================================================
20:30:45.0621 2588 Current date / time: 2012/03/01 20:30:45.0621
20:30:45.0621 2588 SystemInfo:
20:30:45.0621 2588
20:30:45.0621 2588 OS Version: 6.1.7600 ServicePack: 0.0
20:30:45.0621 2588 Product type: Workstation
20:30:45.0621 2588 ComputerName: BAROK-PC
20:30:45.0621 2588 UserName: barok
20:30:45.0621 2588 Windows directory: C:\Windows
20:30:45.0621 2588 System windows directory: C:\Windows
20:30:45.0621 2588 Processor architecture: Intel x86
20:30:45.0621 2588 Number of processors: 4
20:30:45.0621 2588 Page size: 0x1000
20:30:45.0621 2588 Boot type: Normal boot
20:30:45.0621 2588 ============================================================
20:30:46.0510 2588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:30:46.0510 2588 \Device\Harddisk0\DR0:
20:30:46.0510 2588 MBR used
20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x23F8C7C1
20:30:46.0510 2588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23FBF800, BlocksNum 0x146E800
20:30:46.0573 2588 Initialize success
20:30:46.0573 2588 ============================================================
20:30:48.0336 3804 ============================================================
20:30:48.0336 3804 Scan started
20:30:48.0336 3804 Mode: Manual;
20:30:48.0336 3804 ============================================================
20:30:49.0552 3804 1394hub - ok
20:30:49.0630 3804 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
20:30:49.0630 3804 1394ohci - ok
20:30:49.0662 3804 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
20:30:49.0662 3804 ACPI - ok
20:30:49.0677 3804 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
20:30:49.0693 3804 AcpiPmi - ok
20:30:49.0724 3804 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
20:30:49.0724 3804 adp94xx - ok
20:30:49.0755 3804 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
20:30:49.0755 3804 adpahci - ok
20:30:49.0771 3804 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
20:30:49.0771 3804 adpu320 - ok
20:30:49.0818 3804 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
20:30:49.0818 3804 AFD - ok
20:30:49.0880 3804 AgereSoftModem (75e3fec5a4aac46fff76ac794c8340ea) C:\Windows\system32\DRIVERS\AGRSM.sys
20:30:49.0911 3804 AgereSoftModem - ok
20:30:49.0927 3804 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
20:30:49.0942 3804 agp440 - ok
20:30:49.0974 3804 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
20:30:49.0974 3804 aic78xx - ok
20:30:50.0005 3804 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
20:30:50.0005 3804 aliide - ok
20:30:50.0052 3804 altio - ok
20:30:50.0067 3804 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
20:30:50.0067 3804 amdagp - ok
20:30:50.0083 3804 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
20:30:50.0083 3804 amdide - ok
20:30:50.0130 3804 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
20:30:50.0130 3804 AmdK8 - ok
20:30:50.0130 3804 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
20:30:50.0130 3804 AmdPPM - ok
20:30:50.0176 3804 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
20:30:50.0176 3804 amdsata - ok
20:30:50.0192 3804 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
20:30:50.0192 3804 amdsbs - ok
20:30:50.0208 3804 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
20:30:50.0208 3804 amdxata - ok
20:30:50.0239 3804 AmUStor (755d74bed450f7342f9d0ab01efcf1aa) C:\Windows\system32\drivers\AmUStor.SYS
20:30:50.0239 3804 AmUStor - ok
20:30:50.0270 3804 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
20:30:50.0270 3804 AppID - ok
20:30:50.0348 3804 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
20:30:50.0348 3804 arc - ok
20:30:50.0348 3804 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
20:30:50.0364 3804 arcsas - ok
20:30:50.0379 3804 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
20:30:50.0379 3804 AsyncMac - ok
20:30:50.0410 3804 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
20:30:50.0410 3804 atapi - ok
20:30:50.0473 3804 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
20:30:50.0473 3804 b06bdrv - ok
20:30:50.0488 3804 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
20:30:50.0488 3804 b57nd60x - ok
20:30:50.0520 3804 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
20:30:50.0520 3804 Beep - ok
20:30:50.0551 3804 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
20:30:50.0551 3804 blbdrive - ok
20:30:50.0582 3804 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
20:30:50.0582 3804 bowser - ok
20:30:50.0598 3804 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:30:50.0598 3804 BrFiltLo - ok
20:30:50.0613 3804 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:30:50.0613 3804 BrFiltUp - ok
20:30:50.0629 3804 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
20:30:50.0629 3804 BridgeMP - ok
20:30:50.0676 3804 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
20:30:50.0676 3804 Brserid - ok
20:30:50.0691 3804 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
20:30:50.0691 3804 BrSerWdm - ok
20:30:50.0707 3804 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:30:50.0707 3804 BrUsbMdm - ok
20:30:50.0722 3804 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
20:30:50.0722 3804 BrUsbSer - ok
20:30:50.0754 3804 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
20:30:50.0754 3804 BTHMODEM - ok
20:30:50.0832 3804 catchme - ok
20:30:50.0910 3804 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
20:30:50.0910 3804 cdfs - ok
20:30:50.0972 3804 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
20:30:50.0972 3804 cdrom - ok
20:30:51.0019 3804 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
20:30:51.0019 3804 circlass - ok
20:30:51.0050 3804 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
20:30:51.0050 3804 CLFS - ok
20:30:51.0159 3804 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
20:30:51.0159 3804 CmBatt - ok
20:30:51.0175 3804 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
20:30:51.0190 3804 cmdide - ok
20:30:51.0222 3804 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
20:30:51.0222 3804 CNG - ok
20:30:51.0237 3804 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
20:30:51.0237 3804 Compbatt - ok
20:30:51.0284 3804 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
20:30:51.0284 3804 CompositeBus - ok
20:30:51.0300 3804 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
20:30:51.0315 3804 crcdisk - ok
20:30:51.0502 3804 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
20:30:51.0502 3804 DfsC - ok
20:30:51.0518 3804 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
20:30:51.0518 3804 discache - ok
20:30:51.0549 3804 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
20:30:51.0565 3804 Disk - ok
20:30:51.0596 3804 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
20:30:51.0596 3804 drmkaud - ok
20:30:51.0643 3804 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
20:30:51.0658 3804 DXGKrnl - ok
20:30:51.0752 3804 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
20:30:51.0799 3804 ebdrv - ok
20:30:51.0924 3804 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
20:30:51.0924 3804 ElbyCDIO - ok
20:30:51.0970 3804 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
20:30:51.0970 3804 elxstor - ok
20:30:52.0002 3804 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
20:30:52.0002 3804 ErrDev - ok
20:30:52.0033 3804 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
20:30:52.0033 3804 exfat - ok
20:30:52.0048 3804 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
20:30:52.0048 3804 fastfat - ok
20:30:52.0080 3804 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
20:30:52.0080 3804 fdc - ok
20:30:52.0111 3804 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
20:30:52.0111 3804 FileInfo - ok
20:30:52.0126 3804 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
20:30:52.0126 3804 Filetrace - ok
20:30:52.0142 3804 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
20:30:52.0142 3804 flpydisk - ok
20:30:52.0173 3804 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
20:30:52.0173 3804 FltMgr - ok
20:30:52.0189 3804 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
20:30:52.0189 3804 FsDepends - ok
20:30:52.0220 3804 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
20:30:52.0220 3804 Fs_Rec - ok
20:30:52.0251 3804 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
20:30:52.0251 3804 fvevol - ok
20:30:52.0282 3804 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:30:52.0282 3804 gagp30kx - ok
20:30:52.0376 3804 GGSAFERDriver - ok
20:30:52.0454 3804 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
20:30:52.0454 3804 hcw85cir - ok
20:30:52.0501 3804 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
20:30:52.0501 3804 HdAudAddService - ok
20:30:52.0516 3804 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:30:52.0516 3804 HDAudBus - ok
20:30:52.0532 3804 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
20:30:52.0532 3804 HidBatt - ok
20:30:52.0548 3804 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
20:30:52.0548 3804 HidBth - ok
20:30:52.0563 3804 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
20:30:52.0579 3804 HidIr - ok
20:30:52.0594 3804 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
20:30:52.0594 3804 HidUsb - ok
20:30:52.0719 3804 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
20:30:52.0719 3804 HpSAMD - ok
20:30:52.0766 3804 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
20:30:52.0782 3804 HTTP - ok
20:30:52.0797 3804 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
20:30:52.0797 3804 hwpolicy - ok
20:30:52.0828 3804 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
20:30:52.0828 3804 i8042prt - ok
20:30:52.0860 3804 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
20:30:52.0860 3804 iaStorV - ok
20:30:52.0891 3804 IDMWFP (7fc796d62dbdf6d33f4792a3674da4c9) C:\Windows\system32\DRIVERS\idmwfp.sys
20:30:52.0891 3804 IDMWFP - ok
20:30:53.0016 3804 igfx (8828710129b835fd59e8be6615eb3786) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:30:53.0109 3804 igfx - ok
20:30:53.0125 3804 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
20:30:53.0140 3804 iirsp - ok
20:30:53.0218 3804 IntcAzAudAddService (345ac48d17f5c2f2aa1ee50d34c3978b) C:\Windows\system32\drivers\RTKVHDA.sys
20:30:53.0281 3804 IntcAzAudAddService - ok
20:30:53.0312 3804 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
20:30:53.0312 3804 intelide - ok
20:30:53.0343 3804 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
20:30:53.0343 3804 intelppm - ok
20:30:53.0359 3804 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:30:53.0374 3804 IpFilterDriver - ok
20:30:53.0406 3804 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
20:30:53.0406 3804 IPMIDRV - ok
20:30:53.0421 3804 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
20:30:53.0421 3804 IPNAT - ok
20:30:53.0452 3804 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
20:30:53.0452 3804 IRENUM - ok
20:30:53.0468 3804 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
20:30:53.0468 3804 isapnp - ok
20:30:53.0484 3804 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
20:30:53.0499 3804 iScsiPrt - ok
20:30:53.0530 3804 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
20:30:53.0530 3804 ivusb - ok
20:30:53.0577 3804 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:30:53.0577 3804 kbdclass - ok
20:30:53.0608 3804 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
20:30:53.0608 3804 kbdhid - ok
20:30:53.0624 3804 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
20:30:53.0624 3804 KSecDD - ok
20:30:53.0640 3804 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
20:30:53.0655 3804 KSecPkg - ok
20:30:53.0702 3804 libusb0 (d1598203b19b4922531a8bd6811547f7) C:\Windows\system32\DRIVERS\libusb0.sys
20:30:53.0702 3804 libusb0 - ok
20:30:53.0749 3804 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
20:30:53.0749 3804 lltdio - ok
20:30:53.0796 3804 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:30:53.0796 3804 LSI_FC - ok
20:30:53.0811 3804 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:30:53.0811 3804 LSI_SAS - ok
20:30:53.0827 3804 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:30:53.0827 3804 LSI_SAS2 - ok
20:30:53.0842 3804 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:30:53.0842 3804 LSI_SCSI - ok
20:30:53.0858 3804 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
20:30:53.0858 3804 luafv - ok
20:30:53.0952 3804 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:30:53.0952 3804 MBAMProtector - ok
20:30:53.0998 3804 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
20:30:53.0998 3804 megasas - ok
20:30:54.0030 3804 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
20:30:54.0030 3804 MegaSR - ok
20:30:54.0061 3804 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
20:30:54.0061 3804 Modem - ok
20:30:54.0092 3804 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
20:30:54.0092 3804 monitor - ok
20:30:54.0123 3804 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
20:30:54.0123 3804 mouclass - ok
20:30:54.0154 3804 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
20:30:54.0154 3804 mouhid - ok
20:30:54.0154 3804 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
20:30:54.0170 3804 mountmgr - ok
20:30:54.0186 3804 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
20:30:54.0186 3804 mpio - ok
20:30:54.0201 3804 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
20:30:54.0201 3804 mpsdrv - ok
20:30:54.0232 3804 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
20:30:54.0232 3804 MRxDAV - ok
20:30:54.0264 3804 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:30:54.0264 3804 mrxsmb - ok
20:30:54.0279 3804 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:30:54.0279 3804 mrxsmb10 - ok
20:30:54.0295 3804 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:30:54.0295 3804 mrxsmb20 - ok
20:30:54.0310 3804 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
20:30:54.0310 3804 msahci - ok
20:30:54.0326 3804 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
20:30:54.0326 3804 msdsm - ok
20:30:54.0373 3804 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
20:30:54.0373 3804 Msfs - ok
20:30:54.0388 3804 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
20:30:54.0388 3804 mshidkmdf - ok
20:30:54.0404 3804 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
20:30:54.0404 3804 msisadrv - ok
20:30:54.0451 3804 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
20:30:54.0451 3804 MSKSSRV - ok
20:30:54.0482 3804 msloop (ade6270c1003923e92a9bbba272133a9) C:\Windows\system32\DRIVERS\loop.sys
20:30:54.0498 3804 msloop - ok
20:30:54.0513 3804 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
20:30:54.0513 3804 MSPCLOCK - ok
20:30:54.0529 3804 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
20:30:54.0529 3804 MSPQM - ok
20:30:54.0544 3804 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
20:30:54.0544 3804 MsRPC - ok
20:30:54.0576 3804 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
20:30:54.0576 3804 mssmbios - ok
20:30:54.0607 3804 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
20:30:54.0607 3804 MSTEE - ok
20:30:54.0622 3804 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
20:30:54.0622 3804 MTConfig - ok
20:30:54.0654 3804 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
20:30:54.0654 3804 Mup - ok
20:30:54.0685 3804 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
20:30:54.0685 3804 NativeWifiP - ok
20:30:54.0732 3804 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
20:30:54.0747 3804 NDIS - ok
20:30:54.0778 3804 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
20:30:54.0778 3804 NdisCap - ok
20:30:54.0794 3804 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
20:30:54.0794 3804 NdisTapi - ok
20:30:54.0841 3804 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
20:30:54.0841 3804 Ndisuio - ok
20:30:54.0872 3804 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
20:30:54.0872 3804 NdisWan - ok
20:30:54.0888 3804 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
20:30:54.0888 3804 NDProxy - ok
20:30:54.0919 3804 Netaapl (1352e1648213551923a0a822e441553c) C:\Windows\system32\DRIVERS\netaapl.sys
20:30:54.0919 3804 Netaapl - ok
20:30:54.0950 3804 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
20:30:54.0950 3804 NetBIOS - ok
20:30:54.0966 3804 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
20:30:54.0966 3804 NetBT - ok
20:30:55.0012 3804 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
20:30:55.0012 3804 nfrd960 - ok
20:30:55.0137 3804 NLNdisMP (1b49b83747509b2b1d707cd4b09aa504) C:\Windows\system32\DRIVERS\nlndis.sys
20:30:55.0231 3804 NLNdisMP - ok
20:30:55.0324 3804 NLNdisPT (1b49b83747509b2b1d707cd4b09aa504) C:\Windows\system32\DRIVERS\nlndis.sys
20:30:55.0356 3804 NLNdisPT - ok
20:30:55.0496 3804 nltdi (6fe26694c94f1a63af066d7a557f69d3) C:\Program Files\NetLimiter 3\nltdi.sys
20:30:55.0574 3804 nltdi - ok
20:30:55.0636 3804 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
20:30:55.0636 3804 Npfs - ok
20:30:55.0730 3804 npkcrypt (aaf9b4df67938753cb21808ea3574242) C:\Program Files\Level Up Games\Ragnarok Online\npkcrypt.sys
20:30:55.0730 3804 npkcrypt - ok
20:30:55.0761 3804 npkcusb (3c956a5513a53e2244f0773104fa6d8f) C:\Program Files\Level Up Games\Ragnarok Online\npkcusb.sys
20:30:55.0761 3804 npkcusb - ok
20:30:55.0824 3804 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
20:30:55.0824 3804 nsiproxy - ok
20:30:55.0886 3804 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
20:30:55.0902 3804 Ntfs - ok
20:30:55.0917 3804 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
20:30:55.0917 3804 Null - ok
20:30:55.0980 3804 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
20:30:55.0980 3804 nvraid - ok
20:30:56.0011 3804 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
20:30:56.0011 3804 nvstor - ok
20:30:56.0042 3804 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
20:30:56.0042 3804 nv_agp - ok
20:30:56.0058 3804 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
20:30:56.0058 3804 ohci1394 - ok
20:30:56.0089 3804 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
20:30:56.0089 3804 Parport - ok
20:30:56.0104 3804 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
20:30:56.0104 3804 partmgr - ok
20:30:56.0120 3804 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
20:30:56.0136 3804 Parvdm - ok
20:30:56.0151 3804 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
20:30:56.0151 3804 pci - ok
20:30:56.0167 3804 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
20:30:56.0167 3804 pciide - ok
20:30:56.0198 3804 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
20:30:56.0198 3804 pcmcia - ok
20:30:56.0214 3804 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
20:30:56.0214 3804 pcw - ok
20:30:56.0245 3804 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
20:30:56.0260 3804 PEAUTH - ok
20:30:56.0307 3804 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
20:30:56.0307 3804 PptpMiniport - ok
20:30:56.0338 3804 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
20:30:56.0338 3804 Processor - ok
20:30:56.0370 3804 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
20:30:56.0370 3804 Psched - ok
20:30:56.0401 3804 PsSdk41 (0c234a4a2fbab98e5e1bafaf3e3e403a) C:\Windows\system32\Drivers\pssdk41.sys
20:30:56.0401 3804 PsSdk41 - ok
20:30:56.0448 3804 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
20:30:56.0479 3804 ql2300 - ok
20:30:56.0494 3804 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
20:30:56.0526 3804 ql40xx - ok
20:30:56.0557 3804 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
20:30:56.0557 3804 QWAVEdrv - ok
20:30:56.0572 3804 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
20:30:56.0572 3804 RasAcd - ok
20:30:56.0604 3804 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:30:56.0604 3804 RasAgileVpn - ok
20:30:56.0619 3804 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:30:56.0619 3804 Rasl2tp - ok
20:30:56.0650 3804 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
20:30:56.0650 3804 RasPppoe - ok
20:30:56.0682 3804 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
20:30:56.0682 3804 RasSstp - ok
20:30:56.0713 3804 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
20:30:56.0713 3804 rdbss - ok
20:30:56.0728 3804 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
20:30:56.0728 3804 rdpbus - ok
20:30:56.0744 3804 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:30:56.0760 3804 RDPCDD - ok
20:30:56.0775 3804 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
20:30:56.0775 3804 RDPENCDD - ok
20:30:56.0791 3804 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
20:30:56.0791 3804 RDPREFMP - ok
20:30:56.0822 3804 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
20:30:56.0822 3804 RDPWD - ok
20:30:56.0869 3804 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
20:30:56.0869 3804 rdyboost - ok
20:30:56.0916 3804 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
20:30:56.0916 3804 rspndr - ok
20:30:56.0947 3804 RTL8167 (3e7c3e75a40118e267db10fe4cbce0da) C:\Windows\system32\DRIVERS\Rt86win7.sys
20:30:56.0962 3804 RTL8167 - ok
20:30:56.0994 3804 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
20:30:56.0994 3804 sbp2port - ok
20:30:57.0009 3804 SBRE - ok
20:30:57.0040 3804 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
20:30:57.0040 3804 scfilter - ok
20:30:57.0072 3804 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:30:57.0072 3804 secdrv - ok
20:30:57.0103 3804 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
20:30:57.0103 3804 Serenum - ok
20:30:57.0118 3804 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
20:30:57.0118 3804 Serial - ok
20:30:57.0134 3804 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
20:30:57.0134 3804 sermouse - ok
20:30:57.0165 3804 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
20:30:57.0165 3804 sffdisk - ok
20:30:57.0181 3804 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
20:30:57.0181 3804 sffp_mmc - ok
20:30:57.0196 3804 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:30:57.0196 3804 sffp_sd - ok
20:30:57.0228 3804 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
20:30:57.0228 3804 sfloppy - ok
20:30:57.0259 3804 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
20:30:57.0259 3804 sisagp - ok
20:30:57.0290 3804 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:30:57.0290 3804 SiSRaid2 - ok
20:30:57.0306 3804 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
20:30:57.0306 3804 SiSRaid4 - ok
20:30:57.0337 3804 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
20:30:57.0337 3804 Smb - ok
20:30:57.0368 3804 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
20:30:57.0368 3804 spldr - ok
20:30:57.0446 3804 sptd (f42efefb765235f24b24e1d2b6f99f46) C:\Windows\System32\Drivers\sptd.sys
20:30:57.0446 3804 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: f42efefb765235f24b24e1d2b6f99f46
20:30:57.0446 3804 sptd ( LockedFile.Multi.Generic ) - warning
20:30:57.0446 3804 sptd - detected LockedFile.Multi.Generic (1)
20:30:57.0462 3804 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
20:30:57.0477 3804 srv - ok
20:30:57.0493 3804 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
20:30:57.0493 3804 srv2 - ok
20:30:57.0508 3804 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
20:30:57.0508 3804 srvnet - ok
20:30:57.0540 3804 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
20:30:57.0540 3804 stexstor - ok
20:30:57.0555 3804 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
20:30:57.0571 3804 swenum - ok
20:30:57.0664 3804 tap0901 (11d34fc869f5bda29949fe3858380894) C:\Windows\system32\DRIVERS\tap0901.sys
20:30:57.0664 3804 tap0901 - ok
20:30:57.0711 3804 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
20:30:57.0742 3804 Tcpip - ok
20:30:57.0774 3804 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
20:30:57.0774 3804 TCPIP6 - ok
20:30:57.0805 3804 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
20:30:57.0805 3804 tcpipreg - ok
20:30:57.0820 3804 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
20:30:57.0820 3804 TDPIPE - ok
20:30:57.0836 3804 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
20:30:57.0836 3804 TDTCP - ok
20:30:57.0852 3804 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
20:30:57.0852 3804 tdx - ok
20:30:57.0867 3804 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
20:30:57.0883 3804 TermDD - ok
20:30:57.0930 3804 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\Windows\system32\drivers\TPkd.sys
20:30:57.0930 3804 TPkd - ok
20:30:57.0961 3804 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:30:57.0961 3804 tssecsrv - ok
20:30:57.0992 3804 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
20:30:57.0992 3804 tunnel - ok
20:30:58.0023 3804 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
20:30:58.0023 3804 uagp35 - ok
20:30:58.0054 3804 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
20:30:58.0054 3804 udfs - ok
20:30:58.0086 3804 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
20:30:58.0101 3804 uliagpkx - ok
20:30:58.0117 3804 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
20:30:58.0132 3804 umbus - ok
20:30:58.0164 3804 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
20:30:58.0164 3804 UmPass - ok
20:30:58.0195 3804 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
20:30:58.0195 3804 USBAAPL - ok
20:30:58.0242 3804 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
20:30:58.0242 3804 usbaudio - ok
20:30:58.0273 3804 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
20:30:58.0273 3804 usbccgp - ok
20:30:58.0304 3804 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
20:30:58.0304 3804 usbcir - ok
20:30:58.0320 3804 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\drivers\usbehci.sys
20:30:58.0320 3804 usbehci - ok
20:30:58.0351 3804 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
20:30:58.0351 3804 usbhub - ok
20:30:58.0382 3804 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
20:30:58.0382 3804 usbohci - ok
20:30:58.0413 3804 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
20:30:58.0413 3804 usbprint - ok
20:30:58.0460 3804 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\drivers\USBSTOR.SYS
20:30:58.0460 3804 USBSTOR - ok
20:30:58.0476 3804 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
20:30:58.0476 3804 usbuhci - ok
20:30:58.0538 3804 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
20:30:58.0538 3804 usbvideo - ok
20:30:58.0569 3804 VClone (1cdaa48cb2f7744b8d25650e050766a5) C:\Windows\system32\DRIVERS\VClone.sys
20:30:58.0569 3804 VClone - ok
20:30:58.0585 3804 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
20:30:58.0585 3804 vdrvroot - ok
20:30:58.0616 3804 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
20:30:58.0632 3804 vga - ok
20:30:58.0647 3804 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
20:30:58.0647 3804 VgaSave - ok
20:30:58.0663 3804 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
20:30:58.0663 3804 vhdmp - ok
20:30:58.0694 3804 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
20:30:58.0710 3804 viaagp - ok
20:30:58.0725 3804 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
20:30:58.0725 3804 ViaC7 - ok
20:30:58.0725 3804 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
20:30:58.0725 3804 viaide - ok
20:30:58.0741 3804 VMnetAdapter - ok
20:30:58.0756 3804 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
20:30:58.0772 3804 volmgr - ok
20:30:58.0788 3804 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
20:30:58.0788 3804 volmgrx - ok
20:30:58.0803 3804 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
20:30:58.0819 3804 volsnap - ok
20:30:58.0850 3804 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
20:30:58.0850 3804 vsmraid - ok
20:30:58.0866 3804 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
20:30:58.0866 3804 vwifibus - ok
20:30:58.0881 3804 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
20:30:58.0881 3804 WacomPen - ok
20:30:58.0912 3804 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:30:58.0912 3804 WANARP - ok
20:30:58.0928 3804 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
20:30:58.0928 3804 Wanarpv6 - ok
20:30:58.0959 3804 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
20:30:58.0959 3804 Wd - ok
20:30:58.0975 3804 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:30:58.0990 3804 Wdf01000 - ok
20:30:59.0037 3804 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
20:30:59.0037 3804 WfpLwf - ok
20:30:59.0068 3804 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
20:30:59.0084 3804 WIMMount - ok
20:30:59.0162 3804 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
20:30:59.0162 3804 WinUsb - ok
20:30:59.0193 3804 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:30:59.0193 3804 WmiAcpi - ok
20:30:59.0224 3804 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
20:30:59.0224 3804 ws2ifsl - ok
20:30:59.0256 3804 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
20:30:59.0256 3804 WudfPf - ok
20:30:59.0302 3804 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:30:59.0302 3804 WUDFRd - ok
20:30:59.0334 3804 XDva391 - ok
20:30:59.0380 3804 MBR (0x1B8) (467b76a6cd2b7793e362988385ebcaa9) \Device\Harddisk0\DR0
20:30:59.0536 3804 \Device\Harddisk0\DR0 - ok
20:30:59.0552 3804 Boot (0x1200) (c77f94d43fb62c439efbdff13d7f63c6) \Device\Harddisk0\DR0\Partition0
20:30:59.0552 3804 \Device\Harddisk0\DR0\Partition0 - ok
20:30:59.0552 3804 Boot (0x1200) (34f304914f3ef036c2263247552cf744) \Device\Harddisk0\DR0\Partition1
20:30:59.0568 3804 \Device\Harddisk0\DR0\Partition1 - ok
20:30:59.0599 3804 Boot (0x1200) (4b679ed851901d1d467133c07f72a2f5) \Device\Harddisk0\DR0\Partition2
20:30:59.0599 3804 \Device\Harddisk0\DR0\Partition2 - ok
20:30:59.0599 3804 ============================================================
20:30:59.0599 3804 Scan finished
20:30:59.0599 3804 ============================================================
20:30:59.0599 3448 Detected object count: 1
20:30:59.0599 3448 Actual detected object count: 1
20:31:10.0176 3448 C:\Windows\System32\Drivers\sptd.sys - copied to quarantine
20:31:10.0191 3448 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
20:31:10.0238 3448 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
20:31:10.0254 3448 C:\Windows\System32\Drivers\sptd.sys - will be deleted on reboot
20:31:10.0254 3448 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
20:31:13.0062 3184 Deinitialize success

#4 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 07:48 AM

Just give it some more time, it may sometimes take quite some time before it pops up.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#5 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 08:01 AM

Seems like it's stucked for an hour already.

#6 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 08:28 AM

My combofix can only produce this log

ComboFix 12-03-01.01 - barok 03/01/2012 21:06:38.3.4 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.63.1033.18.1917.920 [GMT 8:00]
Running from: C:\Users\barok\Downloads\broni.com
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))


2012-03-01 12:45:38 . 2012-03-01 13:05:47 -------- d-----w- C:\ComboFix
2012-03-01 12:31:10 . 2012-03-01 12:31:10 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-01 11:57:45 . 2012-03-01 13:12:43 -------- d-----w- C:\Users\barok\AppData\Local\temp
2012-02-29 12:11:36 . 2010-03-04 04:04:40 146304 ----a-w- C:\Windows\system32\drivers\usbvideo.sys
2012-02-29 12:11:35 . 2010-03-04 03:57:55 190976 ----a-w- C:\Windows\system32\drivers\ks.sys
2012-02-29 12:11:30 . 2010-09-14 06:07:14 276992 ----a-w- C:\Windows\system32\wcncsvc.dll
2012-02-29 08:50:38 . 2012-01-03 05:44:24 478208 ----a-w- C:\Windows\system32\timedate.cpl
2012-02-29 08:41:35 . 2012-01-14 03:48:30 2340864 ----a-w- C:\Windows\system32\win32k.sys
2012-02-08 17:57:29 . 2012-02-08 17:57:29 -------- d-----w- C:\Program Files\iTunes
2012-02-08 17:39:38 . 2012-02-08 17:57:35 -------- d-----w- C:\Users\barok\AppData\Roaming\WindSolutions
2012-02-08 17:39:37 . 2012-02-08 17:47:15 -------- d-----w- C:\ProgramData\WindSolutions
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-02-08 11:32:14 . 2011-08-14 13:45:32 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-01-14 04:43:17 . 2010-12-24 16:14:17 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2011-12-26 08:26:04 . 2011-12-26 15:28:55 866604 ----a-w- C:\Windows\ASD.HS4L
2011-12-18 09:50:11 . 2011-12-18 09:49:56 1467200 ----a-w- C:\Windows\system32\msvcr100d.dll
2011-12-10 07:24:06 . 2011-04-01 09:28:26 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-01-11 12:48:09 . 2011-12-08 10:23:46 121816 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 06:53:18 460872]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-10-17 07:13:56 11430504]
"Malwarebytes' Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 06:53:16 981680]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-09 18:41:12 49208]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-11-15 07:14:19 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableStartupSound"= 1 (0x1)
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"DisableThumbnailsOnNetworkFolders"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:D *\0sasnative32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\barok\AppData\Local\Google\Update\GoogleUpdate.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-09 18:41:12 49208 ----a-w- c:\Program Files\hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-29 16:14:08 1689144 ----a-w- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-07-08 06:39:16 567864 ----a-w- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-11-15 07:14:19 248552 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
2009-05-26 22:31:29 85160 ----a-w- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001

R1 SBRE;SBRE; [x]
R2 altio;altio;C:\Program Files\Altium Designer Summer 08\System\Drivers\altio.sys [x]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:12 136176]
R2 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\Windows\system32\DRIVERS\libusb0.sys [2006-05-29 23:53:18 29184]
R2 SetupARService;SetupARService;C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe [2011-05-11 15:42:27 24576]
R3 1394hub;1394 Enabled Hub;C:\Windows\System32\svchost.exe [2009-07-14 01:14:41 20992]
R3 GGSAFERDriver;GGSAFER Driver;C:\Program Files\Garena Plus\Room\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:12 136176]
R3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-28 16:25:02 25112]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl.sys [2011-08-02 09:38:44 18432]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 08:44:26 5230088]
R3 PsSdk41;PsSdk41;C:\Windows\system32\Drivers\pssdk41.sys [2011-05-04 03:48:25 36928]
R3 XDva391;XDva391;C:\Windows\system32\XDva391.sys [x]
S1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2011-03-21 08:44:24 5281672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 05:16:28 130384]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 09:27:38 92216]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 06:53:18 652360]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 05:36:18 46680]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2011-12-10 07:24:06 20464]
S3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys [2011-03-21 08:44:26 5230088]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-04-22 00:17:04 381032]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPService REG_MULTI_SZ HPSLPSVC

Contents of the 'Scheduled Tasks' folder

2012-02-29 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-212954980-3322440367-3007975221-1000Core.job
- C:\Users\barok\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 10:27:32 . 2011-10-21 11:08:13]

2012-02-29 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-212954980-3322440367-3007975221-1000UA.job
- C:\Users\barok\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-21 10:27:32 . 2011-10-21 11:08:13]

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:08 . 2011-11-15 07:28:12]

2012-03-01 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-11-15 07:28:08 . 2011-11-15 07:28:12]

2012-02-16 C:\Windows\Tasks\HPCeeScheduleForbarok.job
- C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-06 20:22:28 . 2009-10-06 20:22:28]

2010-10-22 C:\Windows\Tasks\PCDRScheduledMaintenance.job
- C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 23:14:32 . 2009-07-02 11:03:14]



It's not getting updated anymore after this.

#7 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 08:47 AM

Thats okay, most of it shows up. How are things running at this point?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#8 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 08:49 AM

Is it okay?? My combofix is still in "Preparing the log report"
My internet connection was faster a little
But I think its still not in the normal speed. I have 1mbps connection

#9 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 10:12 AM

Umm is my pc clean?

#10 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 11:08 AM

What exactly is being slow: the computer or the internet? 1 mbps isn't that fast (I think however you know best what is supposed to be a "normal" speed for your internet and what is not). :)
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#11 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 01 March 2012 - 11:16 AM

Well I was expecting more virus since I got sality back then and I used sality killer without consulting this forum. Might be clean if you see no more virus haha xD :D

#12 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 12:04 PM

Sality is an extremely nasty virus and to see if it is still present, best run the following scan.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#13 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 March 2012 - 07:33 AM

C:\Program Files\Cheat Engine 6.1\cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application cleaned by deleting - quarantined
C:\Program Files\Reviversoft\Driver Reviver\ASOHelper.dll a variant of Win32/RegistryReviver application cleaned by deleting - quarantined
C:\Users\barok\Desktop\Prototype Trainer.exe a variant of Win32/GameHack.F application cleaned by deleting - quarantined
C:\Windows\ASD.HS4L Win32/Packed.Autoit.H application deleted - quarantined
D:\Tata's Files\rPE.dll a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantined
D:\Tata's Files\rPE.exe a variant of Win32/HackTool.rPE.A application cleaned by deleting - quarantined
D:\Tata's Files\CS 1.6 hacks\SSWv7.0.dll Win32/HackTool.SuperSimpleWall application cleaned by deleting - quarantined
D:\Tata's Files\CS 1.6 hacks\SSWv7.0.exe Win32/HackTool.SuperSimpleWall application cleaned by deleting - quarantined
D:\Tata's Files\CS 1.6 hacks\ECC 5.2\ECC.exe Win32/PSW.OnLineGames.NTY trojan cleaned by deleting - quarantined
D:\Tata's Files\CS 1.6 hacks\Unreal-Stealth Public v6\Unreal-Stealth.exe Win32/HackTool.Unreal-Rage application cleaned by deleting - quarantined
D:\Tata's Files\Undetected Wpe Pro\wpepro.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
D:\Tata's Files\Undetected Wpe Pro\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined
D:\Tata's Files\WPE\wpe pro.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
D:\Tata's Files\WPE\wpespy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined
D:\Tata's Files\WPE 0.9\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
D:\Tata's Files\WPE 0.9\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined
D:\Tata's Files\wpe modified\WPE PRO - modified.exe a variant of Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
D:\Tata's Files\wpe modified\WpeSpy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined
D:\Tata's Files\wpe no delay\wpepro_0delay.exe Win32/Sniffer.WpePro.A trojan cleaned by deleting - quarantined
D:\Tata's Files\wpe no delay\wpespy.dll Win32/Sniffer.WpePro.B trojan cleaned by deleting - quarantined



Seems like im clean.

#14 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 02 March 2012 - 07:45 AM

At this point, yes, but I think you see from what ESET detected that its not a good idea to continue to use questionable downloads as that will most assuredly reinfect your computer.

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#15 deviruchi

deviruchi

    New Member

  • Members
  • Pip
  • 10 posts

Posted 02 March 2012 - 09:52 AM

I appreciate your help for me. Thanks!! ^_^

#16 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 02 March 2012 - 10:32 AM

You are most welcome. :)

I will request this topic to be closed.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users