Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Anti virus Failure, and Google Chrome!

Started by Spacelord11011 , Aug 04 2011 05:01 AM

  • This topic is locked This topic is locked

#16
maliprog
Posted 06 August 2011 - 12:15 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi Spacelord11011,

You have infected system file and TDSSKiller can't find replacement for it. Do you have Windows Vista Service Pack 1 installation disk?
  • 0

Advertisements

#17
Spacelord11011
Posted 06 August 2011 - 02:04 AM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 00:41:40
-----------------------------
00:41:40.783 OS Version: Windows 6.0.6001 Service Pack 1
00:41:40.783 Number of processors: 2 586 0x1706
00:41:40.784 ComputerName: SPENCE-PC UserName: Spence
00:41:41.919 Initialize success
00:43:26.746 AVAST engine defs: 11080501
00:43:38.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
00:43:38.647 Disk 0 Vendor: Hitachi_HDT721032SLA380 ST2OA31B Size: 305245MB BusType: 3
00:43:40.662 Disk 0 MBR read successfully
00:43:40.664 Disk 0 MBR scan
00:43:40.667 Disk 0 unknown MBR code
00:43:40.692 Disk 0 scanning sectors +625137345
00:43:40.774 Disk 0 scanning C:\Windows\system32\drivers
00:43:41.986 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-J [Rtk]
00:43:48.471 Service scanning
00:43:49.059 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
00:43:49.606 Modules scanning
00:43:56.269 Disk 0 trace - called modules:
00:43:56.286 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859391f8]<<
00:43:56.291 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8600b538]
00:43:56.295 3 CLASSPNP.SYS[8a9b1745] -> nt!IofCallDriver -> [0x85988918]
00:43:56.299 5 acpi.sys[805b26a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8597eba0]
00:43:56.303 \Driver\atapi[0x859ad5a8] -> IRP_MJ_CREATE -> 0x859391f8
00:43:56.903 AVAST engine scan C:\Windows
00:44:01.187 AVAST engine scan C:\Windows\system32
00:45:37.740 AVAST engine scan C:\Windows\system32\drivers
00:45:38.980 File: C:\Windows\system32\drivers\dfsc.sys **INFECTED** Win32:Sirefef-J [Rtk]
00:45:46.248 AVAST engine scan C:\Users\Spence
01:06:48.319 AVAST engine scan C:\ProgramData
01:08:51.433 Scan finished successfully
09:04:04.191 Disk 0 MBR has been saved successfully to "C:\Users\Spence\Desktop\MBR.dat"
09:04:04.197 The log file has been saved successfully to "C:\Users\Spence\Desktop\aswMBR.txt"
  • 0

#18
Spacelord11011
Posted 06 August 2011 - 05:10 AM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
No, I don't have the disk. All I got with the computer was th pre-installed software. Is there any way around that?
  • 0

#19
maliprog
Posted 06 August 2011 - 06:50 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
There is something we can try. If you have any important data please backup it now. We have ways to deal with it but sometimes things go bad.

Step 1

Please download MBRCheck.exe to your desktop.

After this step make sure you have MBR.txt created. Post that MBR.txt here to me then continue with other steps.

  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 1 ( [1] Dump the MBR of a physical disk to file.) and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Enter Filename to dump to:, write MBR.txt as filename
  • The program will create MBR.txt file at the same directory where program is.
  • Type -1 to exit MBRCheck
  • Attach MBR.txt here for me please.

Step 2

Please download Microsoft HotFix.

Run it and install HotFix on your machine. If you fail from Normal mode try to install it in Safe Mode.

Step 3

Re-Run aswMBR

  • Click Scan
  • On completion of the scan
  • Click the FIXMBR Button
  • Save the log as before and post in your next reply

Step 4

Run TDSSKiller just like last time and post log after the scan.

Step 5

Please don't forget to include these items in your reply:

  • MBR.txt log
  • aswMBR log
  • TDSSKiller log
It would be helpful if you could post each log in separate post
  • 0

#20
Spacelord11011
Posted 06 August 2011 - 12:44 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
not getting the options for MBR as you stated, its just runs then says done.
Please see attached file

Attached Thumbnails

  • mbr.jpg

  • 0

#21
maliprog
Posted 06 August 2011 - 12:52 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I forget about one thing. Instead MBR.txt from MBRCheck please ZIP and upload

C:\Users\Spence\Desktop\MBR.dat

After this continue with the steps.
  • 0

#22
maliprog
Posted 06 August 2011 - 01:00 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I see this is Acer notebook. Do you have recovery partition on it?
  • 0

#23
Spacelord11011
Posted 06 August 2011 - 01:09 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
MBR

Attached Files

  • Attached File  MBR1.zip   11.37KB   339 downloads

  • 0

#24
Spacelord11011
Posted 06 August 2011 - 01:10 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
First think I checked was the recovery console but it said nothing was there, and I'm 100% that there was something before the infection.
  • 0

#25
maliprog
Posted 06 August 2011 - 01:16 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. If you don't have it now it might be because of infection. Entering Recovery console is close related with manufacture MBR and all I see is that your MBR is infected.

I just wanted to be sure. Please continue with the steps now.
  • 0

Advertisements

#26
Spacelord11011
Posted 06 August 2011 - 01:54 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-06 20:24:04
-----------------------------
20:24:04.127 OS Version: Windows 6.0.6001 Service Pack 1
20:24:04.127 Number of processors: 2 586 0x1706
20:24:04.128 ComputerName: SPENCE-PC UserName: Spence
20:24:07.258 Initialize success
20:24:21.012 AVAST engine defs: 11080501
20:24:39.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
20:24:39.721 Disk 0 Vendor: Hitachi_HDT721032SLA380 ST2OA31B Size: 305245MB BusType: 3
20:24:41.761 Disk 0 MBR read successfully
20:24:41.763 Disk 0 MBR scan
20:24:41.766 Disk 0 unknown MBR code
20:24:41.853 Disk 0 scanning sectors +625137345
20:24:42.190 Disk 0 scanning C:\Windows\system32\drivers
20:25:08.001 Service scanning
20:25:09.031 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:25:09.581 Modules scanning
20:25:22.705 Disk 0 trace - called modules:
20:25:22.742 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859391f8]<<
20:25:22.745 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b132a8]
20:25:22.749 3 CLASSPNP.SYS[8a9b2745] -> nt!IofCallDriver -> [0x859978f0]
20:25:22.752 5 acpi.sys[807c26a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x85995ba0]
20:25:22.756 \Driver\atapi[0x859c54b8] -> IRP_MJ_CREATE -> 0x859391f8
20:25:24.085 AVAST engine scan C:\Windows
20:25:40.966 AVAST engine scan C:\Windows\system32
20:27:48.319 AVAST engine scan C:\Windows\system32\drivers
20:27:57.427 AVAST engine scan C:\Users\Spence
20:49:16.046 AVAST engine scan C:\ProgramData
20:51:39.027 Scan finished successfully
20:54:17.190 Verifying
20:54:27.195 Disk 0 Windows 600 MBR fixed successfully
20:54:43.160 Disk 0 MBR has been saved successfully to "C:\Users\Spence\Desktop\MBR.dat"
20:54:43.164 The log file has been saved successfully to "C:\Users\Spence\Desktop\aswMBR234.txt"
  • 0

#27
Spacelord11011
Posted 06 August 2011 - 01:59 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
2011/08/06 20:56:39.0603 2592 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 20:56:39.0867 2592 ================================================================================
2011/08/06 20:56:39.0867 2592 SystemInfo:
2011/08/06 20:56:39.0867 2592
2011/08/06 20:56:39.0867 2592 OS Version: 6.0.6001 ServicePack: 1.0
2011/08/06 20:56:39.0867 2592 Product type: Workstation
2011/08/06 20:56:39.0867 2592 ComputerName: SPENCE-PC
2011/08/06 20:56:39.0868 2592 UserName: Spence
2011/08/06 20:56:39.0868 2592 Windows directory: C:\Windows
2011/08/06 20:56:39.0868 2592 System windows directory: C:\Windows
2011/08/06 20:56:39.0868 2592 Processor architecture: Intel x86
2011/08/06 20:56:39.0868 2592 Number of processors: 2
2011/08/06 20:56:39.0868 2592 Page size: 0x1000
2011/08/06 20:56:39.0868 2592 Boot type: Normal boot
2011/08/06 20:56:39.0868 2592 ================================================================================
2011/08/06 20:56:40.0661 2592 Initialize success
2011/08/06 20:56:58.0318 3268 ================================================================================
2011/08/06 20:56:58.0318 3268 Scan started
2011/08/06 20:56:58.0318 3268 Mode: Manual;
2011/08/06 20:56:58.0318 3268 ================================================================================
2011/08/06 20:56:59.0217 3268 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/08/06 20:56:59.0406 3268 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/06 20:56:59.0520 3268 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/06 20:56:59.0612 3268 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/06 20:56:59.0755 3268 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/06 20:56:59.0925 3268 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
2011/08/06 20:57:00.0038 3268 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/06 20:57:00.0150 3268 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/06 20:57:00.0249 3268 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/06 20:57:00.0443 3268 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/06 20:57:00.0589 3268 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/06 20:57:00.0687 3268 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/06 20:57:00.0725 3268 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/06 20:57:00.0899 3268 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/06 20:57:01.0026 3268 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/06 20:57:01.0155 3268 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\Windows\system32\drivers\ASPI32.sys
2011/08/06 20:57:01.0337 3268 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/06 20:57:01.0495 3268 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/08/06 20:57:01.0580 3268 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/06 20:57:01.0711 3268 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/06 20:57:01.0901 3268 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/06 20:57:02.0012 3268 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/06 20:57:02.0128 3268 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/06 20:57:02.0242 3268 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/06 20:57:02.0425 3268 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/06 20:57:02.0488 3268 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/06 20:57:02.0526 3268 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/06 20:57:02.0600 3268 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/06 20:57:02.0843 3268 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/06 20:57:02.0960 3268 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/06 20:57:03.0215 3268 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/06 20:57:03.0303 3268 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/08/06 20:57:03.0715 3268 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/06 20:57:03.0852 3268 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/08/06 20:57:04.0077 3268 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/06 20:57:04.0181 3268 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/06 20:57:04.0334 3268 DfsC (e20fb30d720810646ed24fb7ca9899a2) C:\Windows\system32\Drivers\dfsc.sys
2011/08/06 20:57:04.0479 3268 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/08/06 20:57:04.0584 3268 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/06 20:57:05.0132 3268 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/08/06 20:57:05.0626 3268 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/06 20:57:05.0730 3268 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/06 20:57:05.0898 3268 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/08/06 20:57:06.0050 3268 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/06 20:57:06.0237 3268 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/06 20:57:06.0520 3268 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/08/06 20:57:06.0624 3268 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/08/06 20:57:06.0828 3268 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/06 20:57:07.0062 3268 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/06 20:57:07.0134 3268 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/06 20:57:07.0173 3268 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/06 20:57:07.0239 3268 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/08/06 20:57:07.0370 3268 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
2011/08/06 20:57:07.0461 3268 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/06 20:57:07.0647 3268 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/06 20:57:07.0787 3268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/06 20:57:08.0363 3268 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/06 20:57:08.0577 3268 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/06 20:57:08.0772 3268 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/06 20:57:08.0870 3268 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/06 20:57:09.0020 3268 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/06 20:57:09.0221 3268 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/06 20:57:09.0373 3268 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/08/06 20:57:09.0535 3268 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/06 20:57:09.0649 3268 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/06 20:57:09.0798 3268 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/06 20:57:09.0913 3268 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/06 20:57:10.0074 3268 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/08/06 20:57:10.0503 3268 IntcAzAudAddService (febdd0310fba3da13f56ede2e9f7b5dc) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/06 20:57:10.0656 3268 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/06 20:57:10.0814 3268 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/06 20:57:11.0148 3268 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/06 20:57:11.0566 3268 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/06 20:57:11.0764 3268 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/06 20:57:11.0961 3268 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/06 20:57:12.0211 3268 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/06 20:57:12.0389 3268 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/06 20:57:12.0508 3268 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/06 20:57:12.0655 3268 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/06 20:57:13.0196 3268 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/06 20:57:13.0295 3268 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/06 20:57:13.0762 3268 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/06 20:57:14.0579 3268 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/06 20:57:15.0364 3268 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/06 20:57:15.0480 3268 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/06 20:57:15.0573 3268 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/06 20:57:15.0714 3268 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/06 20:57:16.0029 3268 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/08/06 20:57:16.0213 3268 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/06 20:57:16.0413 3268 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/06 20:57:16.0642 3268 mfeavfk (c97cbfd71c1c215150a3b3e55f77a7a3) C:\Windows\system32\drivers\mfeavfk.sys
2011/08/06 20:57:17.0148 3268 mfebopk (5447338b83a1a2354fb2fea7604387fd) C:\Windows\system32\drivers\mfebopk.sys
2011/08/06 20:57:17.0410 3268 mfehidk (6c9a6ed60b8fc3baf72fe1b1d096445b) C:\Windows\system32\drivers\mfehidk.sys
2011/08/06 20:57:17.0573 3268 mferkdk (a551154b51d6a93fccf70fc4e8eaf4bd) C:\Windows\system32\drivers\mferkdk.sys
2011/08/06 20:57:17.0915 3268 mfesmfk (299a86b780c9627aaa24e74292363ed2) C:\Windows\system32\drivers\mfesmfk.sys
2011/08/06 20:57:18.0049 3268 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/06 20:57:18.0216 3268 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/06 20:57:18.0414 3268 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/06 20:57:18.0556 3268 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/06 20:57:18.0664 3268 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/06 20:57:18.0940 3268 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/08/06 20:57:19.0115 3268 MPFP (96cf5286bc370b558735a7b891232d92) C:\Windows\system32\Drivers\Mpfp.sys
2011/08/06 20:57:19.0223 3268 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/06 20:57:19.0428 3268 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/08/06 20:57:19.0462 3268 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/06 20:57:19.0891 3268 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/06 20:57:19.0970 3268 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/08/06 20:57:20.0025 3268 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/06 20:57:20.0123 3268 mrxsmb10 (cf6e972f8e0d0f2970360a17572b366b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/06 20:57:20.0168 3268 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/06 20:57:20.0266 3268 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/06 20:57:20.0294 3268 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/06 20:57:20.0398 3268 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/06 20:57:20.0486 3268 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/06 20:57:20.0593 3268 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/06 20:57:20.0701 3268 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/06 20:57:20.0726 3268 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/06 20:57:20.0816 3268 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/08/06 20:57:20.0873 3268 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/06 20:57:20.0918 3268 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/06 20:57:20.0969 3268 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/08/06 20:57:21.0020 3268 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/06 20:57:21.0118 3268 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/08/06 20:57:21.0211 3268 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/06 20:57:21.0288 3268 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/06 20:57:21.0390 3268 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/06 20:57:21.0483 3268 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/06 20:57:21.0544 3268 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/06 20:57:21.0599 3268 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/06 20:57:21.0714 3268 netr73 (fbbdcacbc128670983cca59345be5454) C:\Windows\system32\DRIVERS\netr73.sys
2011/08/06 20:57:21.0769 3268 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/06 20:57:21.0875 3268 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/08/06 20:57:21.0979 3268 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/08/06 20:57:22.0081 3268 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/06 20:57:22.0125 3268 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/08/06 20:57:22.0218 3268 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/08/06 20:57:22.0255 3268 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/06 20:57:22.0320 3268 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/06 20:57:22.0373 3268 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/08/06 20:57:22.0649 3268 nvlddmkm (89a8b4a677669cd68b182862943ba8a7) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/06 20:57:22.0899 3268 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/06 20:57:22.0928 3268 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/06 20:57:23.0120 3268 nvstor32 (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
2011/08/06 20:57:23.0232 3268 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/06 20:57:23.0384 3268 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/06 20:57:23.0504 3268 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/08/06 20:57:23.0563 3268 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/08/06 20:57:23.0618 3268 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/06 20:57:23.0736 3268 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
2011/08/06 20:57:23.0773 3268 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/08/06 20:57:23.0870 3268 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/06 20:57:23.0954 3268 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/06 20:57:24.0062 3268 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/08/06 20:57:24.0169 3268 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/06 20:57:24.0307 3268 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/06 20:57:24.0408 3268 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/06 20:57:24.0517 3268 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/06 20:57:24.0540 3268 PSDFilter (628321c8dd76ad369b362b202e655a68) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/08/06 20:57:24.0631 3268 PSDNServ (79d7117e62709c7690cf3dd55acead37) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/08/06 20:57:24.0723 3268 psdvdisk (cae5e82827990cf4bd4a49576bde3a43) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/08/06 20:57:24.0878 3268 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/06 20:57:24.0983 3268 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/06 20:57:25.0078 3268 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/06 20:57:25.0129 3268 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/06 20:57:25.0213 3268 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/06 20:57:25.0385 3268 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/06 20:57:25.0408 3268 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/06 20:57:25.0492 3268 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/06 20:57:25.0569 3268 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/06 20:57:25.0604 3268 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/06 20:57:25.0685 3268 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/06 20:57:25.0721 3268 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/08/06 20:57:25.0849 3268 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/06 20:57:26.0164 3268 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/06 20:57:26.0264 3268 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\Windows\system32\drivers\SBREdrv.sys
2011/08/06 20:57:26.0369 3268 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\Windows\system32\drivers\SCDEmu.sys
2011/08/06 20:57:26.0415 3268 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/06 20:57:26.0502 3268 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/06 20:57:26.0533 3268 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/08/06 20:57:26.0622 3268 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/06 20:57:26.0754 3268 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/06 20:57:26.0779 3268 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/06 20:57:26.0872 3268 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/06 20:57:26.0893 3268 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/06 20:57:27.0004 3268 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/06 20:57:27.0027 3268 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/06 20:57:27.0121 3268 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/06 20:57:27.0158 3268 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/08/06 20:57:27.0256 3268 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/06 20:57:27.0376 3268 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2011/08/06 20:57:27.0376 3268 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2011/08/06 20:57:27.0383 3268 sptd - detected LockedFile.Multi.Generic (1)
2011/08/06 20:57:27.0484 3268 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
2011/08/06 20:57:27.0536 3268 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/06 20:57:27.0637 3268 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/06 20:57:27.0690 3268 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/08/06 20:57:27.0837 3268 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/08/06 20:57:27.0867 3268 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/08/06 20:57:28.0011 3268 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/06 20:57:28.0050 3268 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/06 20:57:28.0149 3268 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/06 20:57:28.0249 3268 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/06 20:57:28.0333 3268 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/08/06 20:57:28.0458 3268 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/06 20:57:28.0557 3268 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/06 20:57:28.0651 3268 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/06 20:57:28.0685 3268 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/06 20:57:28.0772 3268 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/06 20:57:28.0808 3268 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/06 20:57:28.0937 3268 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/06 20:57:29.0027 3268 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/06 20:57:29.0061 3268 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/06 20:57:29.0161 3268 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\Windows\system32\drivers\tvicport.sys
2011/08/06 20:57:29.0207 3268 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/06 20:57:29.0309 3268 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/08/06 20:57:29.0347 3268 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/06 20:57:29.0460 3268 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/06 20:57:29.0629 3268 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/06 20:57:29.0745 3268 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/06 20:57:29.0846 3268 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/06 20:57:29.0935 3268 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/06 20:57:30.0029 3268 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/06 20:57:30.0083 3268 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/06 20:57:30.0238 3268 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/06 20:57:30.0287 3268 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/06 20:57:30.0384 3268 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/06 20:57:30.0406 3268 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/06 20:57:30.0486 3268 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/06 20:57:30.0533 3268 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/06 20:57:30.0617 3268 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/06 20:57:30.0664 3268 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/06 20:57:30.0791 3268 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/06 20:57:30.0883 3268 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/06 20:57:30.0917 3268 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/06 20:57:31.0014 3268 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/06 20:57:31.0038 3268 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/06 20:57:31.0121 3268 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/06 20:57:31.0152 3268 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/08/06 20:57:31.0245 3268 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/08/06 20:57:31.0340 3268 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/06 20:57:31.0384 3268 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/06 20:57:31.0484 3268 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 20:57:31.0501 3268 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 20:57:31.0609 3268 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/06 20:57:31.0994 3268 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/06 20:57:32.0144 3268 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/06 20:57:32.0259 3268 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/06 20:57:32.0297 3268 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/06 20:57:32.0405 3268 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/06 20:57:32.0530 3268 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\Windows\system32\drivers\zntport.sys
2011/08/06 20:57:32.0584 3268 MBR (0x1B8) (239841e1ae8e4843c0676f3681a7d6be) \Device\Harddisk0\DR0
2011/08/06 20:57:32.0614 3268 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
2011/08/06 20:57:32.0647 3268 Boot (0x1200) (0fb338194689206495244d5ff17925f2) \Device\Harddisk0\DR0\Partition0
2011/08/06 20:57:32.0689 3268 Boot (0x1200) (0b020f6f0adc11f9632a4a2f58ee300d) \Device\Harddisk0\DR0\Partition1
2011/08/06 20:57:32.0699 3268 Boot (0x1200) (191029dbb14cca863e30f373d3ea2b8a) \Device\Harddisk2\DR2\Partition0
2011/08/06 20:57:32.0706 3268 ================================================================================
2011/08/06 20:57:32.0706 3268 Scan finished
2011/08/06 20:57:32.0706 3268 ================================================================================
2011/08/06 20:57:32.0716 3476 Detected object count: 1
2011/08/06 20:57:32.0716 3476 Actual detected object count: 1
2011/08/06 20:58:36.0816 3476 LockedFile.Multi.Generic(sptd) - User select action: Skip
  • 0

#28
maliprog
Posted 06 August 2011 - 02:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
This looks better. Much better. Please run Combofix one more time and post log. Please note to me if you see warning for ZeroAccess infection.
  • 0

#29
Spacelord11011
Posted 06 August 2011 - 02:16 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
hing about zeroaccess

ComboFix 11-08-05.02 - Spence 06/08/2011 21:08:18.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3071.1966 [GMT 1:00]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_MSIL\desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))
.
.
2011-08-06 20:13 . 2011-08-06 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-06 19:12 . 2011-08-06 19:13 -------- d-----w- C:\hotfix1
2011-08-06 19:08 . 2011-08-06 19:08 -------- d-----w- c:\users\Spence\AppData\Local\WinZip
2011-08-06 19:07 . 2011-08-06 19:16 -------- d-----w- c:\users\Spence\AppData\Local\OpenCandy
2011-08-06 19:07 . 2011-08-06 19:07 -------- d-----w- c:\users\Spence\AppData\Roaming\OpenCandy
2011-08-06 19:06 . 2011-08-06 19:08 -------- d-----w- c:\programdata\WinZip
2011-08-05 06:03 . 2011-07-20 08:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9A1F779B-21E2-468F-B3B4-9A774ED12388}\mpengine.dll
2011-08-04 22:14 . 2011-08-05 16:30 -------- d-----w- c:\programdata\AVAST Software
2011-08-04 22:14 . 2011-08-04 22:14 -------- d-----w- c:\program files\AVAST Software
2011-08-04 11:14 . 2011-08-04 11:14 -------- d-----w- C:\_OTM
2011-08-04 11:12 . 2011-08-04 11:12 -------- d-----w- c:\program files\ERUNT
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\users\Spence\AppData\Roaming\SUPERAntiSpyware.com
2011-08-04 10:53 . 2011-08-04 10:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-04 10:48 . 2010-11-09 13:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-08-04 10:48 . 2010-11-09 13:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-08-04 10:48 . 2011-08-04 10:48 -------- d-----w- C:\VIPRERESCUE
2011-08-04 10:40 . 2011-08-04 10:40 -------- d--h--w- c:\windows\PIF
2011-08-04 10:38 . 2011-08-04 10:38 -------- d-----w- c:\users\Spence\AppData\Roaming\Malwarebytes
2011-08-04 10:31 . 2011-08-04 10:31 -------- d-----w- c:\programdata\Malwarebytes
2011-08-04 10:31 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-04 10:31 . 2011-08-04 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-04 10:31 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-04 08:26 . 2011-08-04 08:32 -------- d-----w- c:\users\Spence\AppData\Roaming\BoneTown
2011-08-03 15:22 . 2011-08-03 20:49 -------- d-----w- c:\users\Spence\AppData\Local\Canon Easy-PhotoPrint EX
2011-08-03 15:17 . 2011-08-03 15:17 -------- d--h--w- c:\programdata\CanonIJEPPEX
2011-08-03 13:34 . 2011-08-03 13:34 -------- d-----w- c:\program files\VirtualFem
2011-08-03 13:18 . 2011-08-03 13:35 -------- d-----w- c:\program files\VirtuaGirl HD
2011-08-03 13:14 . 2011-08-03 13:47 -------- d-----w- c:\program files\Digamour
2011-08-02 20:42 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5E6DB64-7C2F-49CF-8541-EE8F621FB698}\mpengine.dll
2011-07-31 15:48 . 2011-07-31 15:48 -------- d-----w- c:\program files\iPod
2011-07-31 15:48 . 2011-07-31 15:49 -------- d-----w- c:\program files\iTunes
2011-07-31 15:43 . 2011-07-31 15:43 -------- d-----w- c:\program files\Bonjour
2011-07-31 11:13 . 2011-07-31 11:13 -------- d-----w- c:\program files\Apple Software Update
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2011-07-22 11:09 . 2011-07-22 11:09 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2011-07-22 11:09 . 2011-08-03 20:49 -------- d-----w- c:\programdata\CanonIJPLM
2011-07-22 10:40 . 2011-07-22 10:40 -------- d--h--w- c:\programdata\CanonBJ
2011-07-22 10:39 . 2009-10-22 04:00 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPA4.DLL
2011-07-22 10:39 . 2009-10-22 04:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDA4.DLL
2011-07-22 10:38 . 2011-07-22 10:38 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2011-07-22 10:37 . 2009-10-22 04:00 276992 ----a-w- c:\windows\system32\CNMLMA4.DLL
2011-07-22 10:36 . 2009-09-10 09:00 179200 ----a-w- c:\windows\system32\CNMIUA4.DLL
2011-07-22 10:35 . 2011-07-22 11:09 -------- d-----w- c:\program files\Canon
2011-07-15 08:23 . 2011-06-15 10:46 11342848 ----a-w- C:\AAEdit.exe
2011-07-13 16:34 . 2011-06-02 12:59 2042368 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 16:34 . 2011-04-20 14:47 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 16:34 . 2011-04-20 14:44 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-12 13:29 . 2011-07-12 13:29 -------- d-----w- c:\program files\Illusion Registry Fixer
2011-07-12 10:20 . 2011-07-12 10:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 10:20 . 2011-07-12 10:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 10:20 . 2011-07-12 10:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 10:20 . 2011-07-12 10:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-11 13:32 . 2011-07-12 15:19 -------- d-----w- c:\users\Spence\.dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 03:39 . 2010-12-07 23:39 6881616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-28 06:08 . 2011-06-16 11:43 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 11:43 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 11:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 11:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 11:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 11:43 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 11:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 11:43 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2010-12-07 16:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 07:06 . 2011-05-10 07:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 07:06 . 2011-05-10 07:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2006-03-30 19:40 . 2010-03-16 12:32 26792 ----a-w- c:\program files\REFLEXIVE UNIVERSAL PATCHER v1.0.EXE
2010-06-28 06:54 . 2009-11-16 15:10 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-14 68856]
"BitComet"="c:\program files\BitLord\BitLord.exe" [2005-05-07 2224128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-06-02 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-06-02 319488]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-28 30192]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-12-23 148888]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\users\Spence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-5-3 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-6-29 1838904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 cftizlhu;cftizlhu;c:\windows\system32\drivers\cftizlhu.sys [x]
R1 cmmjaehg;cmmjaehg;c:\windows\system32\drivers\cmmjaehg.sys [x]
R1 dsexgbsj;dsexgbsj;c:\windows\system32\drivers\dsexgbsj.sys [x]
R1 fsqpmebn;fsqpmebn;c:\windows\system32\drivers\fsqpmebn.sys [x]
R1 fuviiifb;fuviiifb;c:\windows\system32\drivers\fuviiifb.sys [x]
R1 gdexchwm;gdexchwm;c:\windows\system32\drivers\gdexchwm.sys [x]
R1 ggpgprkl;ggpgprkl;c:\windows\system32\drivers\ggpgprkl.sys [x]
R1 hyfvhuok;hyfvhuok;c:\windows\system32\drivers\hyfvhuok.sys [x]
R1 iotwuurk;iotwuurk;c:\windows\system32\drivers\iotwuurk.sys [x]
R1 jftgjils;jftgjils;c:\windows\system32\drivers\jftgjils.sys [x]
R1 jsxaljga;jsxaljga;c:\windows\system32\drivers\jsxaljga.sys [x]
R1 kgawzwbu;kgawzwbu;c:\windows\system32\drivers\kgawzwbu.sys [x]
R1 lceausqi;lceausqi;c:\windows\system32\drivers\lceausqi.sys [x]
R1 lnxlxgat;lnxlxgat;c:\windows\system32\drivers\lnxlxgat.sys [x]
R1 maxkikeu;maxkikeu;c:\windows\system32\drivers\maxkikeu.sys [x]
R1 MpKsl2e4b308b;MpKsl2e4b308b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83411E90-3336-4ED5-8E35-5B17F2E8E653}\MpKsl2e4b308b.sys [x]
R1 nvikhtvq;nvikhtvq;c:\windows\system32\drivers\nvikhtvq.sys [x]
R1 nwuvskgn;nwuvskgn;c:\windows\system32\drivers\nwuvskgn.sys [x]
R1 ooghdnur;ooghdnur;c:\windows\system32\drivers\ooghdnur.sys [x]
R1 qdwsihqk;qdwsihqk;c:\windows\system32\drivers\qdwsihqk.sys [x]
R1 rojeiyqg;rojeiyqg;c:\windows\system32\drivers\rojeiyqg.sys [x]
R1 SASDIFSV;SASDIFSV;c:\users\Spence\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Spence\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]
R1 sutoagam;sutoagam;c:\windows\system32\drivers\sutoagam.sys [x]
R1 tebreigu;tebreigu;c:\windows\system32\drivers\tebreigu.sys [x]
R1 tixrgzfn;tixrgzfn;c:\windows\system32\drivers\tixrgzfn.sys [x]
R1 vdfdpxyl;vdfdpxyl;c:\windows\system32\drivers\vdfdpxyl.sys [x]
R1 wbpcqbxx;wbpcqbxx;c:\windows\system32\drivers\wbpcqbxx.sys [x]
R1 wgvmanym;wgvmanym;c:\windows\system32\drivers\wgvmanym.sys [x]
R1 wxdwxsfp;wxdwxsfp;c:\windows\system32\drivers\wxdwxsfp.sys [x]
R1 xzzpdirg;xzzpdirg;c:\windows\system32\drivers\xzzpdirg.sys [x]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 135168]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-07-15 36608]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 135664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 netr73;Belkin Wireless G Plus MIMO USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2007-11-12 468480]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-07-07 717296]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 98392]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-05-03 218688]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 85243035
*Deregistered* - 85243035
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:53]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000Core.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3015068568-3040374585-1810929627-1000UA.job
- c:\users\Spence\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 19:24]
.
2011-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-14 12:32]
.
2011-08-06 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-05-21 14:40]
.
2011-08-06 c:\windows\Tasks\User_Feed_Synchronization-{B76032BB-D0B0-421D-A822-E7A46C595341}.job
- c:\windows\system32\msfeedssync.exe [2011-06-16 04:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Spence\AppData\Roaming\Mozilla\Firefox\Profiles\hqctc2k2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=9568
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|http://search.babylon.com/home?AF=9568
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: IE Tab: {77b819fa-95ad-4f2c-ac7c-486b356188a9} - %profile%\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Conduit Engine : [email protected] - %profile%\extensions\[email protected]
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Babylon: [email protected] - %profile%\extensions\[email protected]
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 21:13
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\G*e*n*i*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\Spence\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\downloads\\FMGenie93\\FMGenie93\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:0000003d
"GraphStep"=dword:00000000
"SkinName"="Champions League"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="55-8280-E46F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*-N‡eW[U^áÿ#WÎW‰ªn\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3015068568-3040374585-1810929627-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:86,c8,a2,1f,e9,45,48,50,15,f6,61,21,00,0e,29,2e,54,85,60,80,64,
14,f2,c4,c4,5d,c8,ae,b2,06,77,93,d0,75,62,55,db,0c,e8,6e,56,8b,78,34,53,78,\
"rkeysecu"=hex:9a,3d,11,0a,ae,4b,4b,73,70,49,bd,1a,cb,8e,32,29
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-08-06 21:15:48
ComboFix-quarantined-files.txt 2011-08-06 20:15
ComboFix2.txt 2011-08-05 19:38
.
Pre-Run: 27,865,006,080 bytes free
Post-Run: 28,090,773,504 bytes free
.
- - End Of File - - A9B3270A1404CAA46F57D50B00A56B35
  • 0

#30
Spacelord11011
Posted 06 August 2011 - 02:18 PM

Spacelord11011

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
*nothing
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP