Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

svchost.exe spam [Solved]

Started by Vladimir90 , May 04 2012 12:04 PM

  • This topic is locked This topic is locked

#16
Vladimir90
Posted 05 May 2012 - 11:10 AM

Vladimir90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Report from Step 2:

19:03:26.0796 2180 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
19:03:28.0812 2180 ============================================================
19:03:28.0812 2180 Current date / time: 2012/05/05 19:03:28.0812
19:03:28.0812 2180 SystemInfo:
19:03:28.0812 2180
19:03:28.0812 2180 OS Version: 5.1.2600 ServicePack: 3.0
19:03:28.0812 2180 Product type: Workstation
19:03:28.0812 2180 ComputerName: HARRY
19:03:28.0812 2180 UserName: EndBringer
19:03:28.0812 2180 Windows directory: C:\WINDOWS
19:03:28.0812 2180 System windows directory: C:\WINDOWS
19:03:28.0812 2180 Processor architecture: Intel x86
19:03:28.0812 2180 Number of processors: 1
19:03:28.0812 2180 Page size: 0x1000
19:03:28.0812 2180 Boot type: Normal boot
19:03:28.0812 2180 ============================================================
19:03:30.0250 2180 Drive \Device\Harddisk0\DR0 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:03:30.0250 2180 ============================================================
19:03:30.0250 2180 \Device\Harddisk0\DR0:
19:03:30.0250 2180 MBR partitions:
19:03:30.0250 2180 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x521E8B1
19:03:30.0265 2180 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x521E92F, BlocksNum 0x46896BD
19:03:30.0265 2180 ============================================================
19:03:30.0296 2180 C: <-> \Device\Harddisk0\DR0\Partition0
19:03:30.0359 2180 D: <-> \Device\Harddisk0\DR0\Partition1
19:03:30.0359 2180 ============================================================
19:03:30.0359 2180 Initialize success
19:03:30.0359 2180 ============================================================
19:04:49.0421 5340 ============================================================
19:04:49.0421 5340 Scan started
19:04:49.0421 5340 Mode: Manual; SigCheck; TDLFS;
19:04:49.0421 5340 ============================================================
19:04:50.0359 5340 1394hub - ok
19:04:50.0375 5340 Abiosdsk - ok
19:04:50.0390 5340 abp480n5 - ok
19:04:50.0406 5340 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:04:51.0375 5340 ACPI - ok
19:04:51.0437 5340 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:04:51.0640 5340 ACPIEC - ok
19:04:51.0703 5340 Adobe LM Service (c1eb9968ec89fba5f3a264e2e57923ab) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
19:04:51.0718 5340 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:04:51.0718 5340 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:04:51.0796 5340 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:51.0968 5340 AdobeFlashPlayerUpdateSvc - ok
19:04:51.0984 5340 adpu160m - ok
19:04:52.0015 5340 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:04:52.0156 5340 aec - ok
19:04:52.0187 5340 AFD (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys
19:04:52.0281 5340 AFD - ok
19:04:52.0343 5340 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
19:04:52.0453 5340 AgereSoftModem - ok
19:04:52.0468 5340 Aha154x - ok
19:04:52.0484 5340 aic78u2 - ok
19:04:52.0500 5340 aic78xx - ok
19:04:52.0656 5340 ALCXWDM (8eaa98894a004a47964dcd84f57493c1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:04:52.0890 5340 ALCXWDM ( UnsignedFile.Multi.Generic ) - warning
19:04:52.0890 5340 ALCXWDM - detected UnsignedFile.Multi.Generic (1)
19:04:53.0000 5340 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
19:04:53.0109 5340 Alerter - ok
19:04:53.0140 5340 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
19:04:53.0203 5340 ALG - ok
19:04:53.0234 5340 AliIde - ok
19:04:53.0250 5340 alim1541 - ok
19:04:53.0250 5340 amsint - ok
19:04:53.0328 5340 AntiVirSchedulerService - ok
19:04:53.0328 5340 AntiVirService - ok
19:04:53.0375 5340 apf001 (7b4beb577c5d0171f9b66f390ec29284) C:\WINDOWS\system32\apf001.sys
19:04:54.0437 5340 apf001 - ok
19:04:54.0468 5340 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
19:04:54.0562 5340 AppMgmt - ok
19:04:54.0578 5340 asc - ok
19:04:54.0578 5340 asc3350p - ok
19:04:54.0593 5340 asc3550 - ok
19:04:54.0703 5340 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:04:54.0750 5340 aspnet_state - ok
19:04:54.0765 5340 asusgsb - ok
19:04:54.0781 5340 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:04:54.0906 5340 AsyncMac - ok
19:04:54.0921 5340 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:04:55.0062 5340 atapi - ok
19:04:55.0078 5340 Atdisk - ok
19:04:55.0093 5340 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:04:55.0250 5340 Atmarpc - ok
19:04:55.0265 5340 ATSWPDRV - ok
19:04:55.0281 5340 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
19:04:55.0437 5340 AudioSrv - ok
19:04:55.0468 5340 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:04:55.0609 5340 audstub - ok
19:04:55.0812 5340 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
19:04:56.0078 5340 AVGIDSAgent - ok
19:04:56.0187 5340 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
19:04:56.0203 5340 AVGIDSDriver - ok
19:04:56.0234 5340 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
19:04:56.0281 5340 AVGIDSFilter - ok
19:04:56.0328 5340 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
19:04:56.0359 5340 AVGIDSHX - ok
19:04:56.0359 5340 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
19:04:56.0375 5340 AVGIDSShim - ok
19:04:56.0421 5340 avgio - ok
19:04:56.0453 5340 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:04:56.0484 5340 Avgldx86 - ok
19:04:56.0515 5340 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:04:56.0531 5340 Avgmfx86 - ok
19:04:56.0562 5340 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:04:56.0578 5340 avgntflt - ok
19:04:56.0593 5340 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:04:56.0625 5340 Avgrkx86 - ok
19:04:56.0640 5340 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:04:56.0671 5340 Avgtdix - ok
19:04:56.0734 5340 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
19:04:56.0750 5340 avgwd - ok
19:04:56.0765 5340 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:04:56.0796 5340 avipbb - ok
19:04:56.0828 5340 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:04:56.0968 5340 Beep - ok
19:04:57.0000 5340 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
19:04:57.0015 5340 BIOS ( UnsignedFile.Multi.Generic ) - warning
19:04:57.0015 5340 BIOS - detected UnsignedFile.Multi.Generic (1)
19:04:57.0046 5340 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
19:04:57.0593 5340 BITS - ok
19:04:57.0625 5340 BlueletAudio (852a1bd08e7dfeb9e30b5440881c0501) C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
19:04:57.0640 5340 BlueletAudio - ok
19:04:57.0656 5340 BlueletSCOAudio (8fc27b12a02b43947787f0ef1885df9b) C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys
19:04:57.0687 5340 BlueletSCOAudio - ok
19:04:57.0718 5340 Browser (7e39a3edc13b076e70fdb9a6f6d7a4b4) C:\WINDOWS\System32\browser.dll
19:04:57.0765 5340 Browser - ok
19:04:57.0765 5340 BrPar - ok
19:04:57.0781 5340 BT (c5cce2b26f73f8cf7f3c82159e79aa08) C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
19:04:57.0796 5340 BT - ok
19:04:57.0828 5340 Btcsrusb (da473d279420234170da795f1cad4479) C:\WINDOWS\system32\Drivers\btcusb.sys
19:04:57.0859 5340 Btcsrusb - ok
19:04:57.0890 5340 BTHidEnum (ce643d0918123d76a5caab008fca9663) C:\WINDOWS\system32\Drivers\vbtenum.sys
19:04:57.0906 5340 BTHidEnum - ok
19:04:57.0921 5340 BTHidMgr (dfca4fe4c8aec786b4d0f432eb730f48) C:\WINDOWS\system32\Drivers\BTHidMgr.sys
19:04:57.0937 5340 BTHidMgr - ok
19:04:57.0968 5340 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
19:04:58.0000 5340 BTNetFilter - ok
19:04:58.0000 5340 btnhnd - ok
19:04:58.0015 5340 bufserv - ok
19:04:58.0031 5340 catchme - ok
19:04:58.0062 5340 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:04:58.0187 5340 cbidf2k - ok
19:04:58.0203 5340 cd20xrnt - ok
19:04:58.0218 5340 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:04:58.0359 5340 Cdaudio - ok
19:04:58.0375 5340 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:04:58.0515 5340 Cdfs - ok
19:04:58.0531 5340 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:04:58.0593 5340 Cdrom - ok
19:04:58.0609 5340 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
19:04:58.0640 5340 CEUSBAUD ( UnsignedFile.Multi.Generic ) - warning
19:04:58.0640 5340 CEUSBAUD - detected UnsignedFile.Multi.Generic (1)
19:04:58.0640 5340 Changer - ok
19:04:58.0656 5340 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
19:04:58.0781 5340 CiSvc - ok
19:04:58.0812 5340 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
19:04:58.0953 5340 ClipSrv - ok
19:04:59.0031 5340 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:59.0109 5340 clr_optimization_v2.0.50727_32 - ok
19:04:59.0109 5340 CmdIde - ok
19:04:59.0125 5340 COMSysApp - ok
19:04:59.0156 5340 Cpqarray - ok
19:04:59.0171 5340 cpqrcmc - ok
19:04:59.0203 5340 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
19:04:59.0234 5340 cpuz135 - ok
19:04:59.0250 5340 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
19:04:59.0375 5340 CryptSvc - ok
19:04:59.0375 5340 dac2w2k - ok
19:04:59.0390 5340 dac960nt - ok
19:04:59.0406 5340 db2ntsecserver - ok
19:04:59.0453 5340 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
19:04:59.0515 5340 DcomLaunch - ok
19:04:59.0546 5340 Dhcp (c51de19619d50cbd03708647aca10e70) C:\WINDOWS\System32\dhcpcsvc.dll
19:04:59.0593 5340 Dhcp - ok
19:04:59.0625 5340 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
19:04:59.0671 5340 Disk - ok
19:04:59.0671 5340 dmadmin - ok
19:04:59.0718 5340 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:04:59.0906 5340 dmboot - ok
19:04:59.0921 5340 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:05:00.0046 5340 dmio - ok
19:05:00.0078 5340 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:05:00.0203 5340 dmload - ok
19:05:00.0218 5340 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
19:05:00.0375 5340 dmserver - ok
19:05:00.0406 5340 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:05:00.0546 5340 DMusic - ok
19:05:00.0578 5340 Dnscache (d977659ae4d8ece5286d99d1ed34614d) C:\WINDOWS\System32\dnsrslvr.dll
19:05:00.0640 5340 Dnscache - ok
19:05:00.0671 5340 Dot3svc (b4109c8c3d54c83246997a777724f318) C:\WINDOWS\System32\dot3svc.dll
19:05:00.0703 5340 Dot3svc - ok
19:05:00.0718 5340 dpti2o - ok
19:05:00.0734 5340 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:05:00.0875 5340 drmkaud - ok
19:05:00.0875 5340 EagleNT - ok
19:05:00.0890 5340 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
19:05:01.0031 5340 EapHost - ok
19:05:01.0046 5340 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
19:05:01.0171 5340 ERSvc - ok
19:05:01.0203 5340 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:01.0234 5340 Eventlog - ok
19:05:01.0265 5340 EventSystem (f17f6226bdc0cd5f0bef0daf84d29bec) C:\WINDOWS\system32\es.dll
19:05:01.0312 5340 EventSystem - ok
19:05:01.0343 5340 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
19:05:01.0375 5340 exFat - ok
19:05:01.0406 5340 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:05:01.0546 5340 Fastfat - ok
19:05:01.0578 5340 FastUserSwitchingCompatibility (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
19:05:01.0656 5340 FastUserSwitchingCompatibility - ok
19:05:01.0671 5340 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:05:01.0828 5340 Fdc - ok
19:05:01.0843 5340 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:05:01.0984 5340 Fips - ok
19:05:02.0000 5340 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:05:02.0125 5340 Flpydisk - ok
19:05:02.0171 5340 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:05:02.0531 5340 FltMgr - ok
19:05:02.0609 5340 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:05:02.0625 5340 FontCache3.0.0.0 - ok
19:05:02.0656 5340 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:05:02.0687 5340 Fs_Rec - ok
19:05:02.0718 5340 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:05:02.0843 5340 Ftdisk - ok
19:05:02.0875 5340 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:05:03.0015 5340 Gpc - ok
19:05:03.0031 5340 GT890x - ok
19:05:03.0078 5340 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:05:03.0218 5340 helpsvc - ok
19:05:03.0234 5340 HidServ - ok
19:05:03.0250 5340 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
19:05:03.0375 5340 hkmsvc - ok
19:05:03.0375 5340 hpn - ok
19:05:03.0375 5340 HSFHWICH - ok
19:05:03.0421 5340 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:05:03.0546 5340 HTTP - ok
19:05:03.0562 5340 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
19:05:03.0703 5340 HTTPFilter - ok
19:05:03.0718 5340 i2omgmt - ok
19:05:03.0734 5340 i2omp - ok
19:05:03.0765 5340 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:05:03.0890 5340 i8042prt - ok
19:05:03.0968 5340 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:05:04.0015 5340 idsvc - ok
19:05:04.0031 5340 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:05:04.0171 5340 Imapi - ok
19:05:04.0203 5340 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
19:05:04.0312 5340 ImapiService - ok
19:05:04.0328 5340 ini910u - ok
19:05:04.0343 5340 IntelIde - ok
19:05:04.0359 5340 iolodmv - ok
19:05:04.0390 5340 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:05:04.0546 5340 Ip6Fw - ok
19:05:04.0578 5340 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:05:04.0718 5340 IpFilterDriver - ok
19:05:04.0734 5340 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:05:04.0859 5340 IpInIp - ok
19:05:04.0875 5340 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:05:05.0000 5340 IpNat - ok
19:05:05.0015 5340 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:05:05.0140 5340 IPSec - ok
19:05:05.0187 5340 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:05:05.0234 5340 IRENUM - ok
19:05:05.0265 5340 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:05:05.0390 5340 isapnp - ok
19:05:05.0515 5340 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
19:05:05.0531 5340 JavaQuickStarterService - ok
19:05:05.0546 5340 k750mdfl - ok
19:05:05.0562 5340 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:05:05.0703 5340 Kbdclass - ok
19:05:05.0734 5340 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\WINDOWS\system32\DRIVERS\kl1.sys
19:05:05.0765 5340 KL1 - ok
19:05:05.0765 5340 kl2 (713576569667ac9e0f8556076004a96b) C:\WINDOWS\system32\DRIVERS\kl2.sys
19:05:05.0781 5340 kl2 - ok
19:05:05.0812 5340 KLIF (44ec6b3dbe167c7fa818f9918d2cbf22) C:\WINDOWS\system32\DRIVERS\klif.sys
19:05:05.0843 5340 KLIF - ok
19:05:05.0875 5340 klim5 (8d6e11bfa9927978d25b1b8029554f07) C:\WINDOWS\system32\DRIVERS\klim5.sys
19:05:05.0921 5340 klim5 - ok
19:05:05.0937 5340 klmouflt (3959530f69e19da56f1f24f2c89f1e2c) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
19:05:05.0937 5340 klmouflt - ok
19:05:05.0984 5340 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:05:06.0093 5340 kmixer - ok
19:05:06.0109 5340 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
19:05:06.0156 5340 KSecDD - ok
19:05:06.0203 5340 LanmanServer (f385f4b02c535bffe1d70cab80838123) C:\WINDOWS\System32\srvsvc.dll
19:05:06.0343 5340 LanmanServer - ok
19:05:06.0375 5340 lanmanworkstation (3b9324d60dd321bab7bf6f77931d3fd1) C:\WINDOWS\System32\wkssvc.dll
19:05:06.0453 5340 lanmanworkstation - ok
19:05:06.0453 5340 lbrtfdc - ok
19:05:06.0500 5340 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
19:05:06.0625 5340 LmHosts - ok
19:05:06.0625 5340 LoopBeMidi1 - ok
19:05:06.0640 5340 lvusbsta - ok
19:05:06.0656 5340 Maplom - ok
19:05:06.0687 5340 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
19:05:06.0828 5340 Messenger - ok
19:05:06.0890 5340 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:05:06.0906 5340 Microsoft Office Groove Audit Service - ok
19:05:06.0937 5340 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:05:07.0046 5340 mnmdd - ok
19:05:07.0078 5340 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
19:05:07.0187 5340 mnmsrvc - ok
19:05:07.0203 5340 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:05:07.0546 5340 Modem - ok
19:05:07.0578 5340 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:05:07.0703 5340 Mouclass - ok
19:05:07.0718 5340 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:05:07.0843 5340 MountMgr - ok
19:05:07.0843 5340 mraid35x - ok
19:05:07.0875 5340 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:05:07.0906 5340 MRxDAV - ok
19:05:07.0953 5340 MRxSmb (fb2fccc70f7174c7bf64f48e96d3adf4) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:05:08.0031 5340 MRxSmb - ok
19:05:08.0062 5340 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
19:05:08.0156 5340 MSDTC - ok
19:05:08.0171 5340 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:05:08.0312 5340 Msfs - ok
19:05:08.0312 5340 msfwsvc - ok
19:05:08.0328 5340 MSIServer - ok
19:05:08.0359 5340 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:05:08.0484 5340 MSKSSRV - ok
19:05:08.0515 5340 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:05:08.0625 5340 MSPCLOCK - ok
19:05:08.0656 5340 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:05:08.0781 5340 MSPQM - ok
19:05:08.0812 5340 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:05:08.0937 5340 mssmbios - ok
19:05:08.0968 5340 Mup (f7b1ad991491f02af6da70b00b8bf114) C:\WINDOWS\system32\drivers\Mup.sys
19:05:09.0000 5340 Mup - ok
19:05:09.0031 5340 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
19:05:09.0156 5340 napagent - ok
19:05:09.0187 5340 NDIS (887b5c139413f8a25f656849a5c0644e) C:\WINDOWS\system32\drivers\NDIS.sys
19:05:09.0203 5340 NDIS ( UnsignedFile.Multi.Generic ) - warning
19:05:09.0203 5340 NDIS - detected UnsignedFile.Multi.Generic (1)
19:05:09.0218 5340 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:05:09.0250 5340 NdisTapi - ok
19:05:09.0265 5340 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:05:09.0390 5340 Ndisuio - ok
19:05:09.0421 5340 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:05:09.0468 5340 NdisWan - ok
19:05:09.0515 5340 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:05:09.0546 5340 NDProxy - ok
19:05:09.0562 5340 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:05:09.0671 5340 NetBIOS - ok
19:05:09.0703 5340 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:05:09.0828 5340 NetBT - ok
19:05:09.0843 5340 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:09.0968 5340 NetDDE - ok
19:05:09.0968 5340 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
19:05:10.0093 5340 NetDDEdsdm - ok
19:05:10.0125 5340 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:10.0234 5340 Netlogon - ok
19:05:10.0265 5340 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
19:05:10.0406 5340 Netman - ok
19:05:10.0453 5340 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:05:10.0484 5340 NetTcpPortSharing - ok
19:05:10.0484 5340 NetwareWorkstation - ok
19:05:10.0531 5340 Nla (290c1a30defc723bbe10910ac2d6f6d0) C:\WINDOWS\System32\mswsock.dll
19:05:10.0578 5340 Nla - ok
19:05:10.0625 5340 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys
19:05:10.0656 5340 NPF - ok
19:05:10.0671 5340 npfmntor - ok
19:05:10.0718 5340 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:05:10.0843 5340 Npfs - ok
19:05:10.0843 5340 npggsvc - ok
19:05:10.0890 5340 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
19:05:10.0953 5340 Ntfs - ok
19:05:10.0968 5340 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:11.0078 5340 NtLmSsp - ok
19:05:11.0125 5340 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
19:05:11.0250 5340 NtmsSvc - ok
19:05:11.0265 5340 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:05:11.0390 5340 Null - ok
19:05:11.0640 5340 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:05:11.0984 5340 nv - ok
19:05:12.0062 5340 nv4 - ok
19:05:12.0109 5340 NVENETFD (720cc533eecb65553bd86b139ca04433) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:05:12.0140 5340 NVENETFD - ok
19:05:12.0156 5340 nvnetbus (5f9f545cc5904dd8765f84ee1d056406) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:05:12.0171 5340 nvnetbus ( UnsignedFile.Multi.Generic ) - warning
19:05:12.0171 5340 nvnetbus - detected UnsignedFile.Multi.Generic (1)
19:05:12.0203 5340 NVSvc (0c41c4acfe00d826db479c40c1d9edc8) C:\WINDOWS\system32\nvsvc32.exe
19:05:12.0218 5340 NVSvc - ok
19:05:12.0265 5340 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:05:12.0359 5340 NwlnkFlt - ok
19:05:12.0390 5340 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:05:12.0531 5340 NwlnkFwd - ok
19:05:12.0625 5340 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:05:12.0671 5340 odserv - ok
19:05:12.0671 5340 OEM02Afx - ok
19:05:12.0718 5340 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:05:12.0734 5340 ose - ok
19:05:12.0781 5340 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:05:12.0906 5340 Parport - ok
19:05:12.0921 5340 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:05:13.0046 5340 PartMgr - ok
19:05:13.0078 5340 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:05:13.0187 5340 ParVdm - ok
19:05:13.0203 5340 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:05:13.0328 5340 PCI - ok
19:05:13.0343 5340 PCIDump - ok
19:05:13.0375 5340 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:05:13.0484 5340 PCIIde - ok
19:05:13.0515 5340 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:05:13.0625 5340 Pcmcia - ok
19:05:13.0625 5340 PDCOMP - ok
19:05:13.0640 5340 PDFRAME - ok
19:05:13.0656 5340 PDRELI - ok
19:05:13.0671 5340 PDRFRAME - ok
19:05:13.0687 5340 pelmouse - ok
19:05:13.0703 5340 perc2 - ok
19:05:13.0718 5340 perc2hib - ok
19:05:13.0796 5340 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
19:05:13.0828 5340 PlugPlay - ok
19:05:13.0843 5340 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:13.0968 5340 PolicyAgent - ok
19:05:13.0984 5340 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:05:14.0109 5340 PptpMiniport - ok
19:05:14.0125 5340 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:05:14.0250 5340 Processor - ok
19:05:14.0265 5340 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:14.0375 5340 ProtectedStorage - ok
19:05:14.0406 5340 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:05:14.0515 5340 PSched - ok
19:05:14.0531 5340 PSI_SVC_2 - ok
19:05:14.0546 5340 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:05:14.0656 5340 Ptilink - ok
19:05:14.0671 5340 qbreminderflash - ok
19:05:14.0671 5340 ql1080 - ok
19:05:14.0687 5340 Ql10wnt - ok
19:05:14.0703 5340 ql12160 - ok
19:05:14.0718 5340 ql1240 - ok
19:05:14.0734 5340 ql1280 - ok
19:05:14.0750 5340 racsvc - ok
19:05:14.0781 5340 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:05:14.0890 5340 RasAcd - ok
19:05:14.0906 5340 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
19:05:15.0015 5340 RasAuto - ok
19:05:15.0046 5340 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:05:15.0171 5340 Rasl2tp - ok
19:05:15.0187 5340 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
19:05:15.0312 5340 RasMan - ok
19:05:15.0328 5340 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:05:15.0453 5340 RasPppoe - ok
19:05:15.0484 5340 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:05:15.0593 5340 Raspti - ok
19:05:15.0609 5340 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:05:15.0656 5340 Rdbss - ok
19:05:15.0687 5340 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:05:15.0796 5340 RDPCDD - ok
19:05:15.0843 5340 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:05:15.0890 5340 rdpdr - ok
19:05:15.0937 5340 RDPWD (2d293b720c206473a05950ce007db12a) C:\WINDOWS\system32\drivers\RDPWD.sys
19:05:15.0968 5340 RDPWD - ok
19:05:15.0984 5340 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
19:05:16.0109 5340 RDSessMgr - ok
19:05:16.0125 5340 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:05:16.0250 5340 redbook - ok
19:05:16.0265 5340 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
19:05:16.0390 5340 RemoteAccess - ok
19:05:16.0421 5340 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
19:05:16.0546 5340 RemoteRegistry - ok
19:05:16.0562 5340 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
19:05:16.0593 5340 Revoflt - ok
19:05:16.0609 5340 rimsptsk - ok
19:05:16.0640 5340 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
19:05:16.0765 5340 ROOTMODEM - ok
19:05:16.0828 5340 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files\WinPcap\rpcapd.exe
19:05:16.0875 5340 rpcapd - ok
19:05:16.0890 5340 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
19:05:17.0000 5340 RpcLocator - ok
19:05:17.0015 5340 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
19:05:17.0093 5340 RpcSs - ok
19:05:17.0125 5340 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
19:05:17.0187 5340 rspndr - ok
19:05:17.0203 5340 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
19:05:17.0609 5340 RSVP - ok
19:05:17.0625 5340 rtl8139 - ok
19:05:17.0687 5340 RUBotSrv (a0eea6f631349d0e0b7a6caa7e099cb0) C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
19:05:17.0734 5340 RUBotSrv - ok
19:05:17.0765 5340 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
19:05:17.0875 5340 SamSs - ok
19:05:17.0906 5340 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
19:05:18.0031 5340 SCardSvr - ok
19:05:18.0062 5340 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
19:05:18.0203 5340 Schedule - ok
19:05:18.0218 5340 SE2Dobex - ok
19:05:18.0234 5340 se44mgmt - ok
19:05:18.0234 5340 se58mdm - ok
19:05:18.0265 5340 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:05:18.0328 5340 Secdrv - ok
19:05:18.0343 5340 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
19:05:18.0453 5340 seclogon - ok
19:05:18.0468 5340 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
19:05:18.0609 5340 SENS - ok
19:05:18.0609 5340 sentinel - ok
19:05:18.0625 5340 ser2pl - ok
19:05:18.0640 5340 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:05:18.0781 5340 serenum - ok
19:05:18.0796 5340 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:05:18.0921 5340 Serial - ok
19:05:18.0937 5340 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:05:19.0046 5340 Sfloppy - ok
19:05:19.0093 5340 SharedAccess (4f10a2fa76b5bd54cd68afa94e8adb39) C:\WINDOWS\System32\ipnathlp.dll
19:05:19.0187 5340 SharedAccess - ok
19:05:19.0218 5340 ShellHWDetection (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
19:05:19.0250 5340 ShellHWDetection - ok
19:05:19.0265 5340 Simbad - ok
19:05:19.0312 5340 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
19:05:19.0343 5340 SkypeUpdate - ok
19:05:19.0359 5340 SndTDriverV32 - ok
19:05:19.0359 5340 sonypvu1 - ok
19:05:19.0375 5340 Sparrow - ok
19:05:19.0406 5340 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:05:19.0531 5340 splitter - ok
19:05:19.0578 5340 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:05:19.0640 5340 Spooler - ok
19:05:19.0687 5340 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
19:05:19.0687 5340 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
19:05:19.0703 5340 sptd ( LockedFile.Multi.Generic ) - warning
19:05:19.0703 5340 sptd - detected LockedFile.Multi.Generic (1)
19:05:19.0765 5340 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:05:19.0953 5340 sr - ok
19:05:19.0968 5340 srescan - ok
19:05:19.0984 5340 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
19:05:20.0062 5340 srservice - ok
19:05:20.0093 5340 Srv (e89b42b216bc86ada4345908284519cb) C:\WINDOWS\system32\DRIVERS\srv.sys
19:05:20.0156 5340 Srv - ok
19:05:20.0187 5340 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
19:05:20.0250 5340 SSDPSRV - ok
19:05:20.0296 5340 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:05:20.0312 5340 ssmdrv - ok
19:05:20.0390 5340 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
19:05:20.0406 5340 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
19:05:20.0406 5340 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
19:05:20.0437 5340 Steam Client Service - ok
19:05:20.0500 5340 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
19:05:20.0640 5340 stisvc - ok
19:05:20.0687 5340 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:05:20.0859 5340 swenum - ok
19:05:20.0906 5340 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:05:21.0062 5340 swmidi - ok
19:05:21.0062 5340 SwPrv - ok
19:05:21.0078 5340 symc810 - ok
19:05:21.0093 5340 symc8xx - ok
19:05:21.0109 5340 sym_hi - ok
19:05:21.0125 5340 sym_u3 - ok
19:05:21.0171 5340 SynasUSB (af9a16163545685856ffd8b17aaa5e0b) C:\WINDOWS\system32\drivers\SynasUSB.sys
19:05:21.0203 5340 SynasUSB - ok
19:05:21.0218 5340 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:05:21.0343 5340 sysaudio - ok
19:05:21.0375 5340 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
19:05:21.0500 5340 SysmonLog - ok
19:05:21.0531 5340 TapiSrv (e2b32b10acc5d97623275aafb67e5f03) C:\WINDOWS\System32\tapisrv.dll
19:05:21.0578 5340 TapiSrv - ok
19:05:21.0609 5340 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:05:21.0671 5340 Tcpip ( UnsignedFile.Multi.Generic ) - warning
19:05:21.0671 5340 Tcpip - detected UnsignedFile.Multi.Generic (1)
19:05:21.0703 5340 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:05:21.0828 5340 TDPIPE - ok
19:05:21.0843 5340 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:05:21.0968 5340 TDTCP - ok
19:05:21.0984 5340 teefer2 - ok
19:05:22.0000 5340 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:05:22.0140 5340 TermDD - ok
19:05:22.0156 5340 TermService (37981a741ad7b04258e87129ffe79ab9) C:\WINDOWS\System32\termsrv.dll
19:05:22.0453 5340 TermService - ok
19:05:22.0500 5340 Themes (888cd7b39c37e13a2419becfaaf0a28c) C:\WINDOWS\System32\shsvcs.dll
19:05:22.0531 5340 Themes - ok
19:05:22.0562 5340 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
19:05:22.0625 5340 TlntSvr - ok
19:05:22.0640 5340 TosIde - ok
19:05:22.0671 5340 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
19:05:22.0812 5340 TrkWks - ok
19:05:22.0828 5340 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:05:22.0953 5340 Udfs - ok
19:05:22.0984 5340 ultra - ok
19:05:23.0046 5340 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:05:23.0218 5340 Update - ok
19:05:23.0234 5340 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
19:05:23.0296 5340 upnphost - ok
19:05:23.0312 5340 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
19:05:23.0453 5340 UPS - ok
19:05:23.0500 5340 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
19:05:23.0656 5340 usbaudio - ok
19:05:23.0687 5340 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:05:23.0750 5340 usbccgp - ok
19:05:23.0781 5340 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:05:23.0812 5340 usbehci - ok
19:05:23.0843 5340 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:05:23.0968 5340 usbhub - ok
19:05:23.0984 5340 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:05:24.0015 5340 usbohci - ok
19:05:24.0046 5340 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:05:24.0171 5340 usbscan - ok
19:05:24.0203 5340 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:05:24.0359 5340 USBSTOR - ok
19:05:24.0375 5340 vaiomediaplatform-mobile-gateway - ok
19:05:24.0390 5340 VCAM - ok
19:05:24.0421 5340 VComm (51750b0539986186c6931fc40d171521) C:\WINDOWS\system32\DRIVERS\VComm.sys
19:05:24.0453 5340 VComm - ok
19:05:24.0468 5340 VcommMgr (6d9c891c0a761afed1f3609c2e56f2b9) C:\WINDOWS\system32\Drivers\VcommMgr.sys
19:05:24.0500 5340 VcommMgr - ok
19:05:24.0531 5340 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:05:24.0656 5340 VgaSave - ok
19:05:24.0671 5340 ViaIde - ok
19:05:24.0687 5340 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:05:24.0828 5340 VolSnap - ok
19:05:24.0828 5340 vproeventmonitor - ok
19:05:24.0875 5340 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
19:05:24.0953 5340 VSS - ok
19:05:24.0984 5340 W32Time (9f8a0d0cbb2fa265a754516128c00e22) C:\WINDOWS\system32\w32time.dll
19:05:25.0031 5340 W32Time - ok
19:05:25.0062 5340 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:05:25.0203 5340 Wanarp - ok
19:05:25.0218 5340 WDICA - ok
19:05:25.0250 5340 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:05:25.0375 5340 wdmaud - ok
19:05:25.0406 5340 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
19:05:25.0546 5340 WebClient - ok
19:05:25.0609 5340 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:05:25.0734 5340 winmgmt - ok
19:05:25.0765 5340 wlancig - ok
19:05:25.0843 5340 WLSetupSvc (f7753932bc154cb1eb76f3cd1db693fb) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
19:05:25.0875 5340 WLSetupSvc - ok
19:05:25.0906 5340 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
19:05:25.0968 5340 WmdmPmSN - ok
19:05:26.0031 5340 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
19:05:26.0093 5340 Wmi - ok
19:05:26.0125 5340 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:05:26.0250 5340 WmiApSrv - ok
19:05:26.0312 5340 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
19:05:26.0359 5340 WMPNetworkSvc - ok
19:05:26.0390 5340 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:05:26.0421 5340 WpdUsb - ok
19:05:26.0453 5340 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:05:26.0593 5340 WS2IFSL - ok
19:05:26.0625 5340 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
19:05:26.0765 5340 wscsvc - ok
19:05:26.0796 5340 wuauserv (aae1a6ffba2b0436e91795120f48c461) C:\WINDOWS\system32\wuauserv.dll
19:05:26.0859 5340 wuauserv - ok
19:05:26.0890 5340 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:05:26.0937 5340 WudfPf - ok
19:05:26.0953 5340 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:05:27.0000 5340 WudfRd - ok
19:05:27.0015 5340 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:05:27.0046 5340 WudfSvc - ok
19:05:27.0078 5340 WZCSVC (349b8d2bb755e8c3b0e3e82a87663e55) C:\WINDOWS\System32\wzcsvc.dll
19:05:27.0546 5340 WZCSVC - ok
19:05:27.0578 5340 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
19:05:27.0734 5340 xmlprov - ok
19:05:27.0750 5340 zdeviceservice - ok
19:05:27.0781 5340 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:05:27.0953 5340 \Device\Harddisk0\DR0 - ok
19:05:27.0968 5340 Boot (0x1200) (e60aa03d6a1ec25421d86b6b5bc286ee) \Device\Harddisk0\DR0\Partition0
19:05:27.0968 5340 \Device\Harddisk0\DR0\Partition0 - ok
19:05:28.0000 5340 Boot (0x1200) (ec7bc407af45ae35cebc3cef03ae4765) \Device\Harddisk0\DR0\Partition1
19:05:28.0000 5340 \Device\Harddisk0\DR0\Partition1 - ok
19:05:28.0000 5340 ============================================================
19:05:28.0000 5340 Scan finished
19:05:28.0000 5340 ============================================================
19:05:28.0140 1800 Detected object count: 9
19:05:28.0140 1800 Actual detected object count: 9
19:06:07.0546 1800 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0546 1800 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0546 1800 ALCXWDM ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0546 1800 ALCXWDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0546 1800 BIOS ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0546 1800 BIOS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0546 1800 CEUSBAUD ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0546 1800 CEUSBAUD ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0546 1800 NDIS ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0546 1800 NDIS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0562 1800 nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0562 1800 nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0562 1800 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:06:07.0562 1800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:06:07.0562 1800 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0562 1800 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:06:07.0562 1800 Tcpip ( UnsignedFile.Multi.Generic ) - skipped by user
19:06:07.0562 1800 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Skip
  • 0

Advertisements

#17
Essexboy
Posted 05 May 2012 - 11:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Darn the switch failed - could you confirm that fix.sys is still on the root C drive prior to running this


1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy::
C:\fix.sys | C:\WINDOWS\system32\drivers\ndis.sys
C:\fix.sys | C:\WINDOWS\system32\dllcache\ndis.sys

Save this as CFScript.txt, in the same location as ComboFix.exe
Posted Image

Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  • 0

#18
Vladimir90
Posted 05 May 2012 - 11:58 AM

Vladimir90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I think you have done it my friend, you have slain the beast! :)

ComboFix 12-05-05.06 - EndBringer 05/05/2012 19:32:01.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1023.674 [GMT 2:00]
Running from: c:\documents and settings\EndBringer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\EndBringer\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\fix.sys --> c:\WINDOWS\system32\drivers\ndis.sys
c:\fix.sys --> c:\WINDOWS\system32\dllcache\ndis.sys
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 16:41 . 2012-05-05 16:41 -------- d-----w- C:\_OTL
2012-05-05 16:37 . 2012-05-05 16:38 182656 ------w- C:\fix.sys
2012-05-04 18:22 . 2012-05-04 18:22 -------- d-----w- c:\program files\ESET
2012-05-04 15:14 . 2012-05-04 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2012-05-04 15:01 . 2012-05-04 15:02 -------- d-----w- c:\program files\WinPcap
2012-05-04 15:01 . 2012-05-04 15:01 -------- d-----w- c:\program files\Trend Micro
2012-05-03 17:54 . 2012-05-03 17:59 -------- d-----w- c:\documents and settings\EndBringer\Application Data\AVG
2012-05-03 16:58 . 2012-05-05 16:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-05-03 16:58 . 2012-05-03 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-05-03 16:58 . 2012-05-03 16:58 -------- d-----w- C:\$AVG
2012-05-03 16:58 . 2012-05-03 17:53 -------- d-----w- c:\program files\AVG
2012-05-03 15:26 . 2012-05-03 15:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-03 14:34 . 2012-05-03 14:34 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-05-03 14:33 . 2012-05-05 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 17:10 . 2012-04-18 17:10 -------- d-----w- c:\documents and settings\Administrator
2012-04-10 14:24 . 2012-05-05 16:39 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 16:39 . 2011-05-18 12:54 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 16:38 . 2009-02-12 15:30 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-04-04 15:23 . 2012-04-04 15:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-04 15:23 . 2010-04-22 18:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-19 03:17 . 2012-03-19 03:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-03-07 19:53 . 2012-03-07 23:32 2304 ----a-w- c:\windows\system32\HtsysmNT.sys
2012-02-22 03:25 . 2012-02-22 03:25 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-03-13 04:39 . 2012-03-22 14:39 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-02-12 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-02-12 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-05-16 1630208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Trend Micro RUBotted V2.0 Beta"="c:\program files\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-26 434528]
.
c:\documents and settings\EndBringer\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-5-17 661776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"Shell"= explorer.exe,RunDll32 "c:\program files\Common Files\mslsaet.dll",Init
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"DisableThumbnailCache"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Riot Games\\League of Legends\\lol.launcher.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Spiral Knights Announcement Trailer\\smp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58638:TCP"= 58638:TCP:Pando Media Booster
"58638:UDP"= 58638:UDP:Pando Media Booster
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6976:TCP"= 6976:TCP:League of Legends Launcher
"6976:UDP"= 6976:UDP:League of Legends Launcher
"6913:TCP"= 6913:TCP:League of Legends Launcher
"6913:UDP"= 6913:UDP:League of Legends Launcher
"6963:TCP"= 6963:TCP:League of Legends Launcher
"6963:UDP"= 6963:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6941:TCP"= 6941:TCP:League of Legends Launcher
"6941:UDP"= 6941:UDP:League of Legends Launcher
"6964:TCP"= 6964:TCP:League of Legends Launcher
"6964:UDP"= 6964:UDP:League of Legends Launcher
"6943:TCP"= 6943:TCP:League of Legends Launcher
"6943:UDP"= 6943:UDP:League of Legends Launcher
"6960:TCP"= 6960:TCP:League of Legends Launcher
"6960:UDP"= 6960:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/31/2012 4:46 AM 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/30/2010 3:59 PM 691696]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/22/2012 5:25 AM 235216]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/19/2012 5:17 AM 301248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/24/2010 8:43 PM 13696]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 4:43 PM 11352]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/8/2011 3:56 PM 21992]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 8:19 PM 50704]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 11:06 AM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 7:27 PM 19472]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\RUBotSrv.exe [5/4/2012 5:01 PM 439632]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S3 1394hub;1394 Enabled Hub;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 4:42 AM 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/10/2012 4:24 PM 257696]
S3 apf001;apf001;c:\windows\system32\apf001.sys [1/4/2012 11:50 PM 10872]
S3 CEUSBAUD;DigiTech RP355 USB MIDI Driver;c:\windows\system32\drivers\ceusbaud.sys [1/3/2012 4:49 PM 17920]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [11/9/2011 5:01 PM 27064]
S3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [1/2/2012 6:12 PM 23696]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 96721987
*Deregistered* - 96721987
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
sonypvu1
vproeventmonitor
ser2pl
LoopBeMidi1
msfwsvc
ghostsec
screadspool
Maplom
asusgsb
HSFHWICH
wlancig
se44mgmt
vxd
zdeviceservice
ATSWPDRV
PSI_SVC_2
VCAM
anio
npfmntor
iolodmv
db2ntsecserver
se58mdm
nv4
rimsptsk
alim1541
btnhnd
racsvc
SE2Dobex
srescan
UNDPX2A
bufserv
sentinel
BrPar
cpqrcmc
SndTDriverV32
rtl8139
lvusbsta
NetwareWorkstation
k750mdfl
OEM02Afx
teefer2
SNP2STD
tosrfnds
vaiomediaplatform-mobile-gateway
pelmouse
GT890x
qbreminderflash
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
Trusted Zone: kuaiche.com\software
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\EndBringer\Application Data\Mozilla\Firefox\Profiles\ltkujnvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 19:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(884)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-05 19:41:21
ComboFix-quarantined-files.txt 2012-05-05 17:41
ComboFix2.txt 2012-05-04 20:13
.
Pre-Run: 16,106,377,216 bytes free
Post-Run: 16,092,758,016 bytes free
.
- - End Of File - - 2E15E91695EA7E32D13EE89A1D56C4ED
  • 0

#19
Essexboy
Posted 05 May 2012 - 12:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that took a little more hammering than normal :cool:

How is the computer behaving now ?
  • 0

#20
Vladimir90
Posted 06 May 2012 - 09:48 AM

Vladimir90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
It's working fine, spamming has stopped and internet works great once again. Thank you sir, I bow to your wisdom. :thumbsup:

Is that all that was needed to be done?
  • 0

#21
Essexboy
Posted 06 May 2012 - 09:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep, just a matter of replacing the infected file

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#22
Essexboy
Posted 08 May 2012 - 12:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP