Jump to content

ping.exe virus


Recommended Posts

I guess I should add this...

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27

Run by DRAFTING at 16:45:36 on 2011-12-13

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -8:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\AVG\AVG10\avgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 6.0\acrobat\AcroIEFavClient.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [POINTER] c:\program files\microsoft hardware\mouse\point32.exe

mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe

mRun: [AdobeVersionCue] c:\program files\adobe\adobe version cue\controlpanel\VersionCueTray.exe

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MFNetworkScanUtility] c:\program files\canon\canon mf network scan utility\CNMFSUT.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\adobe acrobat 6.0\distillr\acrotray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelc~1.lnk - c:\windows\installer\{a0b295c3-fd3c-11d4-a811-0090279106c3}\I_26dadCC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imager~1.lnk - p:\scanner\hta\receiver\MGS.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-system: DisableCAD = 1 (0x1)

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\windows\system32\wspwsp.dll

LSP: mswsock.dll

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab

DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37946.5196643519

DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{712C4C3B-D7EA-4A1D-9069-44FF0DC74B97} : NameServer = 192.168.0.20,206.13.29.12

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\drafting.draft-infotek\application data\mozilla\firefox\profiles\yvvjzkhr.default\

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2009-9-17 369952]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-22 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-22 133104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;c:\osgeo4w\apache\bin\httpd.exe [2011-12-6 24645]

.

=============== File Associations ===============

.

.scr=AutoCADLTScript

.

=============== Created Last 30 ================

.

2011-12-14 00:09:17 -------- d-----w- c:\windows\pss

2011-12-09 23:50:49 607260 ------r- c:\documents and settings\drafting.draft-infotek\dds.scr

2011-12-08 20:10:25 -------- d-----w- c:\documents and settings\drafting.draft-infotek\dwhelper

2011-12-06 22:28:19 -------- d-----w- C:\OSGeo4W

2011-11-29 23:23:19 -------- d-----w- c:\documents and settings\drafting.draft-infotek\local settings\application data\WinPath80

2011-11-21 19:10:46 -------- d-----w- c:\documents and settings\drafting.draft-infotek\grassdata

.

==================== Find3M ====================

.

2011-10-27 15:56:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 21:13:30 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-10 21:13:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-01-21 20:59:31 23510720 -c--a-w- c:\program files\dotnetfx.exe

2011-01-21 20:40:07 889416 -c--a-w- c:\program files\dotNetFx40_Full_setup.exe

2003-10-02 21:08:52 562160 -c--a-w- c:\program files\QuickTimeInstaller.exe

.

============= FINISH: 16:46:52.94 ===============

attach.zip

Link to post
Share on other sites

Thank you for your help

Farbar Service Scanner

Ran by DRAFTING (administrator) on 14-12-2011 at 09:51:51

Microsoft Windows XP Professional Service Pack 3 (X86)

********************************************************

Service Check:

==============

File Check:

===========

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe => MD5 is legit

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

Connection Status:

==================

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

**** End of log ****

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

MrC

Link to post
Share on other sites

Is ComboFix hung up?

Details:

Downloaded ComboFix and read directions

Copied it to the desktop of the infected system

Temporarily disabled AVG for 15mins (per instructions)

Started ComboFix - it found ZeroAccess rootkit in the TCP IP stack and said it needed a reboot

I allowed it to reboot

After reboot, ComboFix started with the message

Please wait.

ComboFix is preparing to run.

That was 25 mins ago. There has been a few (every 3-5 mins or so) disk accesses and it's gone to the screen saver twice but other than that, I see no other activity.

What should I do. Let it run - reboot??

PS - I am using my laptop for this communication

Link to post
Share on other sites

Delete your copy of ComboFix. Download a fresh copy and save it to your Desktop.

Before you save it, rename it to aceg.com

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown:

"%userprofile%\desktop\sega.com" /killall /nombr

Enter

See if it runs. MrC

Link to post
Share on other sites

12:59:46.0031 0112 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

12:59:46.0602 0112 ============================================================

12:59:46.0602 0112 Current date / time: 2011/12/14 12:59:46.0602

12:59:46.0602 0112 SystemInfo:

12:59:46.0602 0112

12:59:46.0602 0112 OS Version: 5.1.2600 ServicePack: 3.0

12:59:46.0602 0112 Product type: Workstation

12:59:46.0602 0112 ComputerName: DRAFT-INFOTEK

12:59:46.0602 0112 UserName: DRAFTING

12:59:46.0602 0112 Windows directory: C:\WINDOWS

12:59:46.0602 0112 System windows directory: C:\WINDOWS

12:59:46.0602 0112 Processor architecture: Intel x86

12:59:46.0602 0112 Number of processors: 1

12:59:46.0602 0112 Page size: 0x1000

12:59:46.0602 0112 Boot type: Normal boot

12:59:46.0602 0112 ============================================================

12:59:48.0294 0112 Initialize success

13:00:08.0844 2448 ============================================================

13:00:08.0844 2448 Scan started

13:00:08.0844 2448 Mode: Manual; SigCheck; TDLFS;

13:00:08.0844 2448 ============================================================

13:00:09.0274 2448 .netchrf - ok

13:00:09.0404 2448 Abiosdsk - ok

13:00:09.0545 2448 abp480n5 - ok

13:00:09.0745 2448 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

13:00:13.0240 2448 ac97intc - ok

13:00:13.0440 2448 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:00:13.0731 2448 ACPI - ok

13:00:13.0941 2448 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:00:14.0201 2448 ACPIEC - ok

13:00:14.0362 2448 adpu160m - ok

13:00:14.0532 2448 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:00:14.0782 2448 aec - ok

13:00:15.0003 2448 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:00:15.0083 2448 AFD - ok

13:00:15.0283 2448 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:00:15.0533 2448 agp440 - ok

13:00:15.0683 2448 Aha154x - ok

13:00:15.0834 2448 aic78u2 - ok

13:00:15.0974 2448 aic78xx - ok

13:00:16.0154 2448 ALCXWDM (815d53ada211cb3ea1337fbd93833bdc) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

13:00:16.0274 2448 ALCXWDM - ok

13:00:16.0445 2448 AliIde - ok

13:00:16.0575 2448 amsint - ok

13:00:16.0745 2448 asc - ok

13:00:16.0875 2448 asc3350p - ok

13:00:16.0995 2448 asc3550 - ok

13:00:17.0176 2448 ASPI32 - ok

13:00:17.0356 2448 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:00:17.0616 2448 AsyncMac - ok

13:00:17.0787 2448 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:00:18.0057 2448 atapi - ok

13:00:18.0177 2448 Atdisk - ok

13:00:18.0327 2448 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:00:18.0598 2448 Atmarpc - ok

13:00:18.0758 2448 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:00:19.0028 2448 audstub - ok

13:00:19.0219 2448 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

13:00:20.0070 2448 AVGIDSDriver - ok

13:00:20.0240 2448 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

13:00:20.0270 2448 AVGIDSEH - ok

13:00:20.0430 2448 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

13:00:20.0450 2448 AVGIDSFilter - ok

13:00:20.0601 2448 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

13:00:20.0631 2448 AVGIDSShim - ok

13:00:20.0811 2448 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

13:00:20.0841 2448 Avgldx86 - ok

13:00:21.0021 2448 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

13:00:21.0061 2448 Avgmfx86 - ok

13:00:21.0221 2448 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

13:00:21.0252 2448 Avgrkx86 - ok

13:00:21.0432 2448 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

13:00:21.0462 2448 Avgtdix - ok

13:00:21.0672 2448 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:00:21.0942 2448 Beep - ok

13:00:22.0123 2448 catchme - ok

13:00:22.0313 2448 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:00:22.0603 2448 cbidf2k - ok

13:00:22.0734 2448 cd20xrnt - ok

13:00:22.0904 2448 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:00:23.0184 2448 Cdaudio - ok

13:00:23.0345 2448 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:00:23.0605 2448 Cdfs - ok

13:00:23.0755 2448 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:00:24.0015 2448 Cdrom - ok

13:00:24.0156 2448 Changer - ok

13:00:24.0326 2448 CmdIde - ok

13:00:24.0486 2448 Cpqarray - ok

13:00:24.0656 2448 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

13:00:24.0937 2448 ctljystk - ok

13:00:25.0097 2448 dac2w2k - ok

13:00:25.0227 2448 dac960nt - ok

13:00:25.0407 2448 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:00:25.0668 2448 Disk - ok

13:00:25.0868 2448 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:00:26.0189 2448 dmboot - ok

13:00:26.0389 2448 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

13:00:26.0639 2448 dmio - ok

13:00:26.0820 2448 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:00:27.0100 2448 dmload - ok

13:00:27.0280 2448 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:00:27.0541 2448 DMusic - ok

13:00:27.0691 2448 dpti2o - ok

13:00:27.0871 2448 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:00:28.0131 2448 drmkaud - ok

13:00:28.0312 2448 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys

13:00:28.0342 2448 enodpl ( UnsignedFile.Multi.Generic ) - warning

13:00:28.0342 2448 enodpl - detected UnsignedFile.Multi.Generic (1)

13:00:28.0512 2448 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys

13:00:28.0782 2448 es1371 - ok

13:00:29.0003 2448 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:00:29.0273 2448 Fastfat - ok

13:00:29.0443 2448 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:00:29.0694 2448 Fdc - ok

13:00:29.0844 2448 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:00:30.0104 2448 Fips - ok

13:00:30.0264 2448 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:00:30.0515 2448 Flpydisk - ok

13:00:30.0695 2448 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:00:30.0955 2448 FltMgr - ok

13:00:31.0156 2448 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:00:31.0406 2448 Fs_Rec - ok

13:00:31.0536 2448 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:00:31.0817 2448 Ftdisk - ok

13:00:31.0967 2448 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

13:00:32.0227 2448 gameenum - ok

13:00:32.0408 2448 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:00:32.0648 2448 Gpc - ok

13:00:32.0848 2448 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:00:33.0109 2448 HidUsb - ok

13:00:33.0259 2448 hpn - ok

13:00:33.0389 2448 hpt3xx - ok

13:00:33.0589 2448 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:00:33.0659 2448 HTTP - ok

13:00:33.0830 2448 i2omgmt - ok

13:00:33.0970 2448 i2omp - ok

13:00:34.0150 2448 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:00:34.0410 2448 i8042prt - ok

13:00:34.0581 2448 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:00:34.0831 2448 Imapi - ok

13:00:34.0981 2448 ini910u - ok

13:00:35.0162 2448 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:00:35.0412 2448 IntelIde - ok

13:00:35.0562 2448 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:00:35.0822 2448 Ip6Fw - ok

13:00:36.0023 2448 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

13:00:36.0113 2448 IPFilter - ok

13:00:36.0293 2448 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:00:36.0564 2448 IpFilterDriver - ok

13:00:36.0704 2448 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:00:36.0964 2448 IpInIp - ok

13:00:37.0114 2448 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:00:37.0365 2448 IpNat - ok

13:00:37.0565 2448 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:00:37.0815 2448 IPSec - ok

13:00:37.0986 2448 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:00:38.0256 2448 IRENUM - ok

13:00:38.0456 2448 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:00:38.0697 2448 isapnp - ok

13:00:38.0847 2448 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:00:39.0117 2448 Kbdclass - ok

13:00:39.0277 2448 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:00:39.0528 2448 kmixer - ok

13:00:39.0688 2448 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:00:39.0778 2448 KSecDD - ok

13:00:39.0958 2448 lbrtfdc - ok

13:00:40.0199 2448 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:00:40.0499 2448 mnmdd - ok

13:00:40.0659 2448 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:00:40.0920 2448 Modem - ok

13:00:41.0080 2448 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:00:41.0330 2448 Mouclass - ok

13:00:41.0481 2448 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:00:41.0751 2448 mouhid - ok

13:00:41.0931 2448 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:00:42.0182 2448 MountMgr - ok

13:00:42.0312 2448 mraid35x - ok

13:00:42.0482 2448 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:00:42.0772 2448 MRxDAV - ok

13:00:42.0993 2448 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:00:43.0123 2448 MRxSmb - ok

13:00:43.0333 2448 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:00:43.0574 2448 Msfs - ok

13:00:43.0734 2448 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:00:43.0984 2448 MSKSSRV - ok

13:00:44.0134 2448 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:00:44.0405 2448 MSPCLOCK - ok

13:00:44.0565 2448 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:00:44.0815 2448 MSPQM - ok

13:00:44.0976 2448 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:00:45.0236 2448 mssmbios - ok

13:00:45.0426 2448 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

13:00:45.0707 2448 ms_mpu401 - ok

13:00:45.0877 2448 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:00:45.0957 2448 Mup - ok

13:00:46.0137 2448 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:00:46.0398 2448 NDIS - ok

13:00:46.0578 2448 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:00:46.0668 2448 NdisTapi - ok

13:00:46.0858 2448 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:00:47.0109 2448 Ndisuio - ok

13:00:47.0289 2448 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:00:47.0539 2448 NdisWan - ok

13:00:47.0710 2448 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:00:47.0770 2448 NDProxy - ok

13:00:47.0940 2448 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:00:48.0190 2448 NetBIOS - ok

13:00:48.0350 2448 NetBT (81615dc46b1a5af3ab639c8949dbebd9) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:00:48.0801 2448 NetBT ( Rootkit.Win32.ZAccess.h ) - infected

13:00:48.0801 2448 NetBT - detected Rootkit.Win32.ZAccess.h (0)

13:00:49.0082 2448 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:00:49.0322 2448 Npfs - ok

13:00:49.0492 2448 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:00:49.0783 2448 Ntfs - ok

13:00:50.0013 2448 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:00:50.0303 2448 Null - ok

13:00:50.0443 2448 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:00:50.0724 2448 NwlnkFlt - ok

13:00:50.0894 2448 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:00:51.0175 2448 NwlnkFwd - ok

13:00:51.0315 2448 ONSIO - ok

13:00:51.0485 2448 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:00:51.0735 2448 Parport - ok

13:00:51.0906 2448 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:00:52.0156 2448 PartMgr - ok

13:00:52.0326 2448 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:00:52.0587 2448 ParVdm - ok

13:00:52.0757 2448 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:00:53.0007 2448 PCI - ok

13:00:53.0137 2448 PCIDump - ok

13:00:53.0268 2448 PCIIde - ok

13:00:53.0418 2448 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:00:53.0658 2448 Pcmcia - ok

13:00:53.0798 2448 PDCOMP - ok

13:00:53.0969 2448 PDFRAME - ok

13:00:54.0109 2448 PDRELI - ok

13:00:54.0249 2448 PDRFRAME - ok

13:00:54.0379 2448 perc2 - ok

13:00:54.0539 2448 perc2hib - ok

13:00:54.0780 2448 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:00:55.0030 2448 PptpMiniport - ok

13:00:55.0200 2448 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

13:00:55.0451 2448 Processor - ok

13:00:55.0631 2448 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:00:55.0881 2448 PSched - ok

13:00:56.0052 2448 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:00:56.0332 2448 Ptilink - ok

13:00:56.0492 2448 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:00:56.0532 2448 PxHelp20 - ok

13:00:56.0672 2448 ql1080 - ok

13:00:56.0813 2448 Ql10wnt - ok

13:00:56.0943 2448 ql12160 - ok

13:00:57.0073 2448 ql1240 - ok

13:00:57.0213 2448 ql1280 - ok

13:00:57.0383 2448 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:00:57.0644 2448 RasAcd - ok

13:00:57.0824 2448 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:00:58.0084 2448 Rasl2tp - ok

13:00:58.0265 2448 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:00:58.0525 2448 RasPppoe - ok

13:00:58.0685 2448 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:00:58.0936 2448 Raspti - ok

13:00:59.0126 2448 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:00:59.0376 2448 Rdbss - ok

13:00:59.0587 2448 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:00:59.0857 2448 RDPCDD - ok

13:01:00.0047 2448 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:01:00.0318 2448 rdpdr - ok

13:01:00.0528 2448 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:01:00.0618 2448 RDPWD - ok

13:01:00.0808 2448 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:01:01.0069 2448 redbook - ok

13:01:01.0289 2448 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

13:01:01.0359 2448 RTL8023 - ok

13:01:01.0549 2448 RTL8023xp (2377f31cbb8277807c3351302cf133e9) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

13:01:01.0660 2448 RTL8023xp - ok

13:01:01.0850 2448 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

13:01:02.0090 2448 rtl8139 - ok

13:01:02.0291 2448 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:01:02.0561 2448 Secdrv - ok

13:01:02.0761 2448 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:01:03.0022 2448 serenum - ok

13:01:03.0192 2448 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:01:03.0442 2448 Serial - ok

13:01:03.0652 2448 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:01:03.0903 2448 Sfloppy - ok

13:01:04.0053 2448 Simbad - ok

13:01:04.0223 2448 SiS315 (fe6f7e8fc6309c97b260770ab1a3404c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

13:01:04.0303 2448 SiS315 - ok

13:01:04.0464 2448 SMPLSCSI - ok

13:01:04.0624 2448 Sparrow - ok

13:01:04.0804 2448 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:01:05.0054 2448 splitter - ok

13:01:05.0245 2448 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:01:05.0505 2448 sr - ok

13:01:05.0715 2448 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:01:05.0846 2448 Srv - ok

13:01:06.0046 2448 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

13:01:06.0326 2448 StillCam - ok

13:01:06.0507 2448 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:01:06.0757 2448 swenum - ok

13:01:06.0927 2448 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:01:07.0188 2448 swmidi - ok

13:01:07.0328 2448 symc810 - ok

13:01:07.0468 2448 symc8xx - ok

13:01:07.0598 2448 sym_hi - ok

13:01:07.0728 2448 sym_u3 - ok

13:01:07.0909 2448 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:01:08.0159 2448 sysaudio - ok

13:01:08.0329 2448 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys

13:01:08.0369 2448 tandpl ( UnsignedFile.Multi.Generic ) - warning

13:01:08.0369 2448 tandpl - detected UnsignedFile.Multi.Generic (1)

13:01:08.0570 2448 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:01:08.0700 2448 Tcpip - ok

13:01:08.0890 2448 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:01:09.0140 2448 TDPIPE - ok

13:01:09.0331 2448 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:01:09.0581 2448 TDTCP - ok

13:01:09.0791 2448 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:01:10.0052 2448 TermDD - ok

13:01:10.0262 2448 TosIde - ok

13:01:10.0482 2448 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:01:10.0743 2448 Udfs - ok

13:01:10.0903 2448 ultra - ok

13:01:11.0173 2448 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:01:11.0444 2448 Update - ok

13:01:11.0634 2448 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:01:11.0884 2448 usbhub - ok

13:01:12.0075 2448 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:01:12.0335 2448 usbprint - ok

13:01:12.0535 2448 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:01:12.0796 2448 usbscan - ok

13:01:13.0016 2448 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

13:01:13.0266 2448 usbser - ok

13:01:13.0467 2448 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:01:13.0717 2448 USBSTOR - ok

13:01:13.0927 2448 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:01:14.0188 2448 usbuhci - ok

13:01:14.0418 2448 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:01:14.0678 2448 VgaSave - ok

13:01:14.0859 2448 ViaIde - ok

13:01:15.0059 2448 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:01:15.0329 2448 VolSnap - ok

13:01:15.0610 2448 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:01:15.0870 2448 Wanarp - ok

13:01:16.0050 2448 WDICA - ok

13:01:16.0261 2448 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:01:16.0531 2448 wdmaud - ok

13:01:17.0112 2448 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:01:17.0212 2448 WudfPf - ok

13:01:17.0402 2448 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:01:17.0462 2448 WudfRd - ok

13:01:17.0562 2448 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:01:17.0783 2448 \Device\Harddisk0\DR0 - ok

13:01:17.0833 2448 Boot (0x1200) (9f2c98662a551e723fb2023a7a7156d8) \Device\Harddisk0\DR0\Partition0

13:01:17.0833 2448 \Device\Harddisk0\DR0\Partition0 - ok

13:01:17.0843 2448 ============================================================

13:01:17.0843 2448 Scan finished

13:01:17.0843 2448 ============================================================

13:01:17.0993 2176 Detected object count: 3

13:01:17.0993 2176 Actual detected object count: 3

13:01:50.0750 2176 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user

13:01:50.0750 2176 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:01:50.0920 2176 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813

13:01:51.0932 2176 Backup copy found, using it..

13:01:51.0962 2176 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot

13:02:01.0075 2176 NetBT ( Rootkit.Win32.ZAccess.h ) - User select action: Cure

13:02:01.0085 2176 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user

13:02:01.0085 2176 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:02:09.0647 2672 Deinitialize success

Link to post
Share on other sites

13:16:57.0868 2328 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

13:16:58.0589 2328 ============================================================

13:16:58.0589 2328 Current date / time: 2011/12/14 13:16:58.0589

13:16:58.0599 2328 SystemInfo:

13:16:58.0599 2328

13:16:58.0599 2328 OS Version: 5.1.2600 ServicePack: 3.0

13:16:58.0599 2328 Product type: Workstation

13:16:58.0599 2328 ComputerName: DRAFT-INFOTEK

13:16:58.0599 2328 UserName: DRAFTING

13:16:58.0599 2328 Windows directory: C:\WINDOWS

13:16:58.0599 2328 System windows directory: C:\WINDOWS

13:16:58.0599 2328 Processor architecture: Intel x86

13:16:58.0599 2328 Number of processors: 1

13:16:58.0599 2328 Page size: 0x1000

13:16:58.0599 2328 Boot type: Normal boot

13:16:58.0599 2328 ============================================================

13:17:00.0261 2328 Initialize success

13:17:09.0805 2720 ============================================================

13:17:09.0805 2720 Scan started

13:17:09.0805 2720 Mode: Manual; SigCheck; TDLFS;

13:17:09.0805 2720 ============================================================

13:17:10.0276 2720 .netchrf - ok

13:17:10.0416 2720 Abiosdsk - ok

13:17:10.0546 2720 abp480n5 - ok

13:17:10.0726 2720 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

13:17:14.0802 2720 ac97intc - ok

13:17:15.0002 2720 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

13:17:15.0323 2720 ACPI - ok

13:17:15.0503 2720 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

13:17:15.0763 2720 ACPIEC - ok

13:17:15.0944 2720 adpu160m - ok

13:17:16.0104 2720 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

13:17:16.0364 2720 aec - ok

13:17:16.0555 2720 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

13:17:16.0645 2720 AFD - ok

13:17:16.0835 2720 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

13:17:17.0115 2720 agp440 - ok

13:17:17.0236 2720 Aha154x - ok

13:17:17.0356 2720 aic78u2 - ok

13:17:17.0486 2720 aic78xx - ok

13:17:17.0666 2720 ALCXWDM (815d53ada211cb3ea1337fbd93833bdc) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

13:17:17.0766 2720 ALCXWDM - ok

13:17:17.0937 2720 AliIde - ok

13:17:18.0077 2720 amsint - ok

13:17:18.0237 2720 asc - ok

13:17:18.0377 2720 asc3350p - ok

13:17:18.0527 2720 asc3550 - ok

13:17:18.0708 2720 ASPI32 - ok

13:17:18.0888 2720 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

13:17:19.0178 2720 AsyncMac - ok

13:17:19.0339 2720 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

13:17:19.0589 2720 atapi - ok

13:17:19.0709 2720 Atdisk - ok

13:17:19.0879 2720 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

13:17:20.0160 2720 Atmarpc - ok

13:17:20.0330 2720 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

13:17:20.0580 2720 audstub - ok

13:17:20.0771 2720 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

13:17:20.0941 2720 AVGIDSDriver - ok

13:17:21.0131 2720 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

13:17:21.0161 2720 AVGIDSEH - ok

13:17:21.0331 2720 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

13:17:21.0351 2720 AVGIDSFilter - ok

13:17:21.0532 2720 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

13:17:21.0552 2720 AVGIDSShim - ok

13:17:21.0712 2720 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

13:17:21.0772 2720 Avgldx86 - ok

13:17:21.0962 2720 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

13:17:21.0982 2720 Avgmfx86 - ok

13:17:22.0163 2720 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

13:17:22.0183 2720 Avgrkx86 - ok

13:17:22.0373 2720 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

13:17:22.0403 2720 Avgtdix - ok

13:17:22.0613 2720 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

13:17:22.0884 2720 Beep - ok

13:17:23.0034 2720 catchme - ok

13:17:23.0234 2720 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

13:17:23.0525 2720 cbidf2k - ok

13:17:23.0675 2720 cd20xrnt - ok

13:17:23.0855 2720 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

13:17:24.0125 2720 Cdaudio - ok

13:17:24.0296 2720 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

13:17:24.0556 2720 Cdfs - ok

13:17:24.0716 2720 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

13:17:24.0977 2720 Cdrom - ok

13:17:25.0097 2720 Changer - ok

13:17:25.0267 2720 CmdIde - ok

13:17:25.0427 2720 Cpqarray - ok

13:17:25.0608 2720 ctljystk (71007bd2e1e26927fe3e4eb00c0beedf) C:\WINDOWS\system32\DRIVERS\ctljystk.sys

13:17:25.0888 2720 ctljystk - ok

13:17:26.0048 2720 dac2w2k - ok

13:17:26.0198 2720 dac960nt - ok

13:17:26.0379 2720 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

13:17:26.0629 2720 Disk - ok

13:17:26.0839 2720 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

13:17:27.0150 2720 dmboot - ok

13:17:27.0350 2720 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

13:17:27.0600 2720 dmio - ok

13:17:27.0801 2720 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

13:17:28.0081 2720 dmload - ok

13:17:28.0261 2720 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

13:17:28.0522 2720 DMusic - ok

13:17:28.0662 2720 dpti2o - ok

13:17:28.0812 2720 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

13:17:29.0053 2720 drmkaud - ok

13:17:29.0223 2720 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\WINDOWS\system32\drivers\enodpl.sys

13:17:29.0253 2720 enodpl ( UnsignedFile.Multi.Generic ) - warning

13:17:29.0253 2720 enodpl - detected UnsignedFile.Multi.Generic (1)

13:17:29.0423 2720 es1371 (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys

13:17:29.0693 2720 es1371 - ok

13:17:29.0894 2720 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

13:17:30.0144 2720 Fastfat - ok

13:17:30.0344 2720 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

13:17:30.0595 2720 Fdc - ok

13:17:30.0755 2720 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

13:17:31.0025 2720 Fips - ok

13:17:31.0176 2720 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

13:17:31.0426 2720 Flpydisk - ok

13:17:31.0576 2720 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

13:17:31.0827 2720 FltMgr - ok

13:17:32.0057 2720 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

13:17:32.0317 2720 Fs_Rec - ok

13:17:32.0487 2720 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

13:17:32.0768 2720 Ftdisk - ok

13:17:32.0938 2720 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

13:17:33.0209 2720 gameenum - ok

13:17:33.0359 2720 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

13:17:33.0629 2720 Gpc - ok

13:17:33.0849 2720 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

13:17:34.0100 2720 HidUsb - ok

13:17:34.0230 2720 hpn - ok

13:17:34.0370 2720 hpt3xx - ok

13:17:34.0550 2720 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

13:17:34.0631 2720 HTTP - ok

13:17:34.0791 2720 i2omgmt - ok

13:17:34.0931 2720 i2omp - ok

13:17:35.0101 2720 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

13:17:35.0342 2720 i8042prt - ok

13:17:35.0512 2720 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

13:17:35.0752 2720 Imapi - ok

13:17:35.0892 2720 ini910u - ok

13:17:36.0093 2720 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

13:17:36.0333 2720 IntelIde - ok

13:17:36.0463 2720 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

13:17:36.0714 2720 Ip6Fw - ok

13:17:36.0914 2720 IPFilter (d0b3dee109af605885c46a59bfc24cd2) C:\WINDOWS\system32\DRIVERS\IPFilter.sys

13:17:36.0994 2720 IPFilter - ok

13:17:37.0174 2720 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

13:17:37.0445 2720 IpFilterDriver - ok

13:17:37.0605 2720 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

13:17:37.0855 2720 IpInIp - ok

13:17:38.0025 2720 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

13:17:38.0266 2720 IpNat - ok

13:17:38.0456 2720 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

13:17:38.0706 2720 IPSec - ok

13:17:38.0847 2720 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

13:17:39.0147 2720 IRENUM - ok

13:17:39.0347 2720 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

13:17:39.0588 2720 isapnp - ok

13:17:39.0748 2720 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

13:17:40.0008 2720 Kbdclass - ok

13:17:40.0179 2720 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

13:17:40.0419 2720 kmixer - ok

13:17:40.0589 2720 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

13:17:40.0679 2720 KSecDD - ok

13:17:40.0860 2720 lbrtfdc - ok

13:17:41.0090 2720 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

13:17:41.0380 2720 mnmdd - ok

13:17:41.0530 2720 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

13:17:41.0791 2720 Modem - ok

13:17:41.0991 2720 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

13:17:42.0231 2720 Mouclass - ok

13:17:42.0382 2720 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

13:17:42.0662 2720 mouhid - ok

13:17:42.0832 2720 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

13:17:43.0083 2720 MountMgr - ok

13:17:43.0203 2720 mraid35x - ok

13:17:43.0393 2720 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

13:17:43.0654 2720 MRxDAV - ok

13:17:43.0864 2720 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

13:17:44.0044 2720 MRxSmb - ok

13:17:44.0264 2720 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

13:17:44.0505 2720 Msfs - ok

13:17:44.0665 2720 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

13:17:44.0915 2720 MSKSSRV - ok

13:17:45.0066 2720 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

13:17:45.0316 2720 MSPCLOCK - ok

13:17:45.0476 2720 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

13:17:45.0727 2720 MSPQM - ok

13:17:45.0897 2720 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

13:17:46.0147 2720 mssmbios - ok

13:17:46.0297 2720 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys

13:17:46.0558 2720 ms_mpu401 - ok

13:17:46.0758 2720 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

13:17:46.0888 2720 Mup - ok

13:17:47.0088 2720 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

13:17:47.0339 2720 NDIS - ok

13:17:47.0529 2720 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

13:17:47.0639 2720 NdisTapi - ok

13:17:47.0820 2720 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

13:17:48.0070 2720 Ndisuio - ok

13:17:48.0260 2720 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

13:17:48.0531 2720 NdisWan - ok

13:17:48.0711 2720 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

13:17:48.0771 2720 NDProxy - ok

13:17:48.0931 2720 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

13:17:49.0202 2720 NetBIOS - ok

13:17:49.0372 2720 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

13:17:49.0632 2720 NetBT - ok

13:17:49.0882 2720 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

13:17:50.0173 2720 Npfs - ok

13:17:50.0373 2720 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

13:17:50.0644 2720 Ntfs - ok

13:17:50.0854 2720 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

13:17:51.0144 2720 Null - ok

13:17:51.0315 2720 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

13:17:51.0595 2720 NwlnkFlt - ok

13:17:51.0765 2720 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

13:17:52.0036 2720 NwlnkFwd - ok

13:17:52.0166 2720 ONSIO - ok

13:17:52.0336 2720 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

13:17:52.0576 2720 Parport - ok

13:17:52.0757 2720 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

13:17:52.0997 2720 PartMgr - ok

13:17:53.0157 2720 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

13:17:53.0428 2720 ParVdm - ok

13:17:53.0588 2720 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

13:17:53.0828 2720 PCI - ok

13:17:53.0968 2720 PCIDump - ok

13:17:54.0109 2720 PCIIde - ok

13:17:54.0299 2720 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

13:17:54.0559 2720 Pcmcia - ok

13:17:54.0679 2720 PDCOMP - ok

13:17:54.0810 2720 PDFRAME - ok

13:17:54.0960 2720 PDRELI - ok

13:17:55.0090 2720 PDRFRAME - ok

13:17:55.0220 2720 perc2 - ok

13:17:55.0360 2720 perc2hib - ok

13:17:55.0591 2720 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

13:17:55.0811 2720 PptpMiniport - ok

13:17:56.0011 2720 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

13:17:56.0262 2720 Processor - ok

13:17:56.0432 2720 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

13:17:56.0672 2720 PSched - ok

13:17:56.0832 2720 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

13:17:57.0113 2720 Ptilink - ok

13:17:57.0273 2720 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

13:17:57.0323 2720 PxHelp20 - ok

13:17:57.0453 2720 ql1080 - ok

13:17:57.0594 2720 Ql10wnt - ok

13:17:57.0714 2720 ql12160 - ok

13:17:57.0854 2720 ql1240 - ok

13:17:57.0994 2720 ql1280 - ok

13:17:58.0154 2720 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

13:17:58.0415 2720 RasAcd - ok

13:17:58.0585 2720 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

13:17:58.0835 2720 Rasl2tp - ok

13:17:59.0026 2720 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

13:17:59.0276 2720 RasPppoe - ok

13:17:59.0426 2720 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

13:17:59.0697 2720 Raspti - ok

13:17:59.0867 2720 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

13:18:00.0127 2720 Rdbss - ok

13:18:00.0317 2720 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

13:18:00.0568 2720 RDPCDD - ok

13:18:00.0738 2720 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

13:18:00.0988 2720 rdpdr - ok

13:18:01.0169 2720 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

13:18:01.0279 2720 RDPWD - ok

13:18:01.0469 2720 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

13:18:01.0709 2720 redbook - ok

13:18:01.0910 2720 RTL8023 (31c3ebb3a71fe56b8109bfb4ed20ae69) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

13:18:02.0020 2720 RTL8023 - ok

13:18:02.0220 2720 RTL8023xp (2377f31cbb8277807c3351302cf133e9) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

13:18:02.0310 2720 RTL8023xp - ok

13:18:02.0491 2720 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

13:18:02.0721 2720 rtl8139 - ok

13:18:02.0931 2720 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

13:18:03.0222 2720 Secdrv - ok

13:18:03.0452 2720 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

13:18:03.0712 2720 serenum - ok

13:18:03.0883 2720 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

13:18:04.0133 2720 Serial - ok

13:18:04.0363 2720 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

13:18:04.0604 2720 Sfloppy - ok

13:18:04.0734 2720 Simbad - ok

13:18:04.0924 2720 SiS315 (fe6f7e8fc6309c97b260770ab1a3404c) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

13:18:05.0004 2720 SiS315 - ok

13:18:05.0164 2720 SMPLSCSI - ok

13:18:05.0325 2720 Sparrow - ok

13:18:05.0505 2720 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

13:18:05.0745 2720 splitter - ok

13:18:05.0926 2720 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

13:18:06.0186 2720 sr - ok

13:18:06.0376 2720 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

13:18:06.0566 2720 Srv - ok

13:18:06.0767 2720 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

13:18:06.0987 2720 StillCam - ok

13:18:07.0167 2720 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

13:18:07.0418 2720 swenum - ok

13:18:07.0578 2720 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

13:18:07.0818 2720 swmidi - ok

13:18:07.0968 2720 symc810 - ok

13:18:08.0099 2720 symc8xx - ok

13:18:08.0219 2720 sym_hi - ok

13:18:08.0359 2720 sym_u3 - ok

13:18:08.0549 2720 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

13:18:08.0800 2720 sysaudio - ok

13:18:08.0990 2720 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\WINDOWS\system32\drivers\tandpl.sys

13:18:09.0020 2720 tandpl ( UnsignedFile.Multi.Generic ) - warning

13:18:09.0020 2720 tandpl - detected UnsignedFile.Multi.Generic (1)

13:18:09.0210 2720 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

13:18:09.0360 2720 Tcpip - ok

13:18:09.0571 2720 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

13:18:09.0831 2720 TDPIPE - ok

13:18:09.0991 2720 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

13:18:10.0262 2720 TDTCP - ok

13:18:10.0462 2720 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

13:18:10.0712 2720 TermDD - ok

13:18:10.0873 2720 TosIde - ok

13:18:11.0083 2720 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

13:18:11.0333 2720 Udfs - ok

13:18:11.0464 2720 ultra - ok

13:18:11.0654 2720 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

13:18:11.0914 2720 Update - ok

13:18:12.0144 2720 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

13:18:12.0395 2720 usbhub - ok

13:18:12.0565 2720 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

13:18:12.0805 2720 usbprint - ok

13:18:12.0986 2720 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

13:18:13.0226 2720 usbscan - ok

13:18:13.0396 2720 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

13:18:13.0647 2720 usbser - ok

13:18:13.0837 2720 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

13:18:14.0087 2720 USBSTOR - ok

13:18:14.0248 2720 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

13:18:14.0498 2720 usbuhci - ok

13:18:14.0678 2720 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

13:18:14.0929 2720 VgaSave - ok

13:18:15.0069 2720 ViaIde - ok

13:18:15.0259 2720 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

13:18:15.0509 2720 VolSnap - ok

13:18:15.0720 2720 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

13:18:15.0970 2720 Wanarp - ok

13:18:16.0100 2720 WDICA - ok

13:18:16.0270 2720 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

13:18:16.0521 2720 wdmaud - ok

13:18:16.0891 2720 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

13:18:17.0011 2720 WudfPf - ok

13:18:17.0202 2720 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

13:18:17.0262 2720 WudfRd - ok

13:18:17.0352 2720 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

13:18:17.0582 2720 \Device\Harddisk0\DR0 - ok

13:18:17.0632 2720 Boot (0x1200) (9f2c98662a551e723fb2023a7a7156d8) \Device\Harddisk0\DR0\Partition0

13:18:17.0632 2720 \Device\Harddisk0\DR0\Partition0 - ok

13:18:17.0632 2720 ============================================================

13:18:17.0632 2720 Scan finished

13:18:17.0632 2720 ============================================================

13:18:17.0783 2712 Detected object count: 2

13:18:17.0783 2712 Actual detected object count: 2

13:18:30.0341 2712 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:30.0341 2712 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:30.0341 2712 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user

13:18:30.0341 2712 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:18:39.0704 1316 Deinitialize success

Link to post
Share on other sites

I figured that part out...and got it to run. It completed properly although AVG warned about it's .3xe files when the system came back up after the reboot (I let them go)

ComboFix 11-12-13.03 - DRAFTING 12/14/2011 13:57:42.1.1 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.807 [GMT -8:00]

Running from: c:\documents and settings\DRAFTING.DRAFT-INFOTEK\desktop\sega.com

Command switches used :: /killall/nombr

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\DRAFTING.DRAFT-INFOTEK\dds.scr

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_PASSWORD

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-08 20:10 . 2011-12-08 20:10 -------- d-----w- c:\documents and settings\DRAFTING.DRAFT-INFOTEK\dwhelper

2011-12-06 22:28 . 2011-12-06 22:35 -------- d-----w- C:\OSGeo4W

2011-11-29 23:23 . 2011-11-30 17:19 -------- d-----w- c:\documents and settings\DRAFTING.DRAFT-INFOTEK\Local Settings\Application Data\WinPath80

2011-11-21 19:10 . 2011-11-21 19:16 -------- d-----w- c:\documents and settings\DRAFTING.DRAFT-INFOTEK\grassdata

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 21:03 . 2001-08-23 12:00 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-10-27 15:56 . 2011-10-12 16:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-10 21:13 . 2011-10-10 21:13 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-10-10 21:13 . 2011-10-10 21:13 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22 . 2004-06-07 21:19 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06 . 2003-11-21 20:53 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 18:41 . 2010-03-18 18:09 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 18:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 18:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-01-21 20:59 . 2011-01-21 20:57 23510720 -c--a-w- c:\program files\dotnetfx.exe

2011-01-21 20:40 . 2011-01-21 20:40 889416 -c--a-w- c:\program files\dotNetFx40_Full_setup.exe

2003-10-02 21:08 . 2003-10-02 21:08 562160 -c--a-w- c:\program files\QuickTimeInstaller.exe

2011-09-03 06:01 . 2011-09-22 18:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"POINTER"="c:\program files\Microsoft Hardware\Mouse\point32.exe" [2001-08-24 167936]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-08-29 188416]

"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]

"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE" [2009-06-18 479232]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-1-7 110592]

CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2004-12-30 5222]

HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]

ImageReceiver.lnk - p:\scanner\HTA\Receiver\MGS.exe [2009-4-30 114688]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-6 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

"c:\\OSGeo4W\\apache\\bin\\httpd.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [3/16/2011 3:03 PM 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 248656]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4/4/2011 11:59 PM 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 12:33 AM 7390560]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 4:33 AM 269520]

R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [9/17/2009 1:03 AM 369952]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [4/14/2011 8:28 PM 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 27216]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/22/2009 3:15 PM 133104]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/22/2009 3:15 PM 133104]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 ApacheOSGeo4WWebServer;Apache OSGeo4W Web Server;c:\osgeo4w\apache\bin\httpd.exe [12/6/2011 2:32 PM 24645]

.

Contents of the 'Scheduled Tasks' folder

c:\windows\Tasks\At21.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\At45.job

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 23:15]

.

2011-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-22 23:15]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html

LSP: c:\windows\System32\wspwsp.dll

TCP: Interfaces\{712C4C3B-D7EA-4A1D-9069-44FF0DC74B97}: NameServer = 192.168.0.20,206.13.29.12

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\DRAFTING.DRAFT-INFOTEK\Application Data\Mozilla\Firefox\Profiles\yvvjzkhr.default\

.

.

------- File Associations -------

.

.scr=AutoCADLTScript

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-29738145.sys

AddRemove-Microsoft Proxy Client - c:\mspclnt\setupbin\setup

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-14 14:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3076)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG10\avgchsvx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\AVG\AVG10\avgnsx.exe

c:\progra~1\AVG\AVG10\avgrsx.exe

c:\program files\AVG\AVG10\avgcsrvx.exe

c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

.

**************************************************************************

.

Completion time: 2011-12-14 14:37:08 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-14 22:37

.

Pre-Run: 2,862,764,032 bytes free

Post-Run: 4,379,672,576 bytes free

.

- - End Of File - - 469DF4BEB6C1ECA73D58ED5056482322

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.