Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Multiple threat detection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Multiple threat detection

Unread postby maiki » November 25th, 2010, 4:23 pm

I'm getting Multiple threat detection from AVG (for example "c:\Windows\System32\wininit.exe";"Virus found Win32/Patched";"Object is white-listed (critical/system file that should not be removed)". Also blue screen appeared several times.
Already tried Adaware, Spybot and AVG but nothing seems to remove it.

HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:49 PM, on 11/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\sttray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Siim\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
C:\Users\Siim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Siim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Siim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Siim\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Siim\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ee/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/defau ... l=en&s=bsd
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: certificateRemover - {57C571FD-3CE1-4699-9AE3-22C129EE35AD} - C:\Windows\system32\idcertremoval.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Siim\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [YouSendIt.exe] C:\Program Files\YouSendIt\Express\YouSendIt.exe -ui none
O4 - HKCU\..\Run: [Google Update] "C:\Users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2637077607-2722662537-2985405444-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Metropolis] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'Default user')
O4 - Startup: Registration Driver Parallel Lines.LNK = C:\Program Files\Ubisoft\Driver Parallel Lines\Register\RegistrationReminder.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PokerStars.ee - {BFBE0C3A-BD72-4d5e-8058-E9494F00C005} - C:\Program Files\PokerStars.EE\PokerStarsUpdate.exe
O9 - Extra button: TrioBet - {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\triobetMPP\MPPoker.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{21B2A37A-B9E1-401E-97F9-4AC0D8E37E82}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{21B2A37A-B9E1-401E-97F9-4AC0D8E37E82}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMService - Unknown owner - C:\Windows\TEMP\xqhj\setup.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EasyViz Automatic Update - Unknown owner - C:\Program Files\EasyViz 3.0\evauh.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: kroover - Unknown owner - C:\Windows\system32\drivers\kroover.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Blaze Media Pro\NMSAccess32.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 9997 bytes

Uninstall list:

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS2
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Photoshop Lightroom 3.2
Adobe Reader 8.1.3
Adobe Setup
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
ConvertXtoDVD 3.3.4.106e
D3DX10
Dell Resource CD
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
DigiDoc Client
EasyViz 3.0
Finale 2007
Futuremark SystemInfo
Garritan Ambiance Installer
GOM Player
Google Earth
GRID
Holdem Indicator 2.0.6
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ID-kaardi tarkvara Firefoxile v0.8.7
ID-kaart
InterVideo WinDVD 8
iTunes
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Juniper Networks Setup Client Activex Control
Junk Mail filter update
Logitech Gaming Software 5.02
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.12)
MstGrid ActiveX Control 2.5.0
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Finale GPO 2.0
Nero 7 Essentials
neroxml
Olympic Poker
OpenAL
OpenOffice.org 3.0
PDF Settings
PDFCreator
PhotoExpress 3
Photomatix Pro version 2.5
PixiePack Codec Pack
Poker Academy Pro 2
PokerStars.ee
PokerStove version 1.23
PokerTracker 3 (remove only)
PostgreSQL 8.3
PowerISO
Qtracker
QuickTime
RealPlayer
Security Task Manager 1.7g
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Shockwave
SigmaTel Audio
SmartMusic 9
Sonic Activation Module
Sony Media Manager 2.2
Sony Vegas 7.0a
Spybot - Search & Destroy
Spyder3Express
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
System Requirements Lab
TableNinja
Tournament Indicator 1.5.4
TrioBet
Unreal Tournament 2004
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
VLC media player 1.0.0
Winamp
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm
Advertisement
Register to Remove

Re: Multiple threat detection

Unread postby askey127 » November 28th, 2010, 6:18 pm

Hi maiki,
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are 4 different versions. If one of them won't run then download and try to run one of the other ones.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools, ignore them or shutdown your antivirus.
Please download Rkill from one of the following links and save to your Desktop:
Rkill.exe
RKill.com
RKill.scr
Rkill.pif
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If ir does not, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe.
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » November 29th, 2010, 5:53 am

Hi askey127,

Thank you for your reply. Please let me know if I still should follow the steps advised by you or can I ignore them if:

I downloaded Microsoft Secuirty Essentials. Scanned and removed all threats it found. After that my Windows wasn't able to start, so I booted it from CD. It works now and I scanned my computer with AVG again and it didn't find the the win32/patched trojan any more. It found some other threats but AVG was able to remove them.

Please let me know if I totally got it wrong or is it possible that I don't have the problem any more?

Thank you in advance
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » November 29th, 2010, 8:34 am

maiki
This may be a very difficult, dangerous infection called Bamital. We will see.
Please do not do any more scans or any kind of "cleaning" unless I ask. Also please do not install or remove anything unless I ask.

First, if you still have BOTH AVG and Microsoft Security Essentials installed, uninstall AVG as follows:
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

AVG Free 9.0

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
------------------------------------------
Scan with ESET online scanner:
  • Open Internet Explorer by right-clicking the IE icon (on the Start menu or quick launch) and selecting Run as administrator
  • NOTE: Internet Explorer will temporarily have administrator privileges, this is required for the scan but dangerous for normal surfing so do NOT open any other websites in IE until after the scan has finished and this window has been closed.
  • Open the ESET Online Scanner in Internet Explorer
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start, copy/paste the following command into the search box and press Enter:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.
  • Please be sure to close this Internet Explorer window before continuing.

After you post the ESET log,
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    explorer.exe
    explorer.dat
    winlogon.exe
    winlogon.dat
    hlp.dat
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 1st, 2010, 8:17 pm

Hi askey127,

I wasn't able to open the log with the command provided but I took it from the location in the command. I hope this is the same log. ESET Log is as follows (System Look will be in the next post):

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5d54f8ec2d972e4b8741e4de21aafd65
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-12-01 11:48:01
# local_time=2010-12-02 01:48:01 (+0200, FLE Standard Time)
# country="Estonia"
# lang=9
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 505456 505456 0 0
# compatibility_mode=5892 16776573 100 100 18314335 128767649 0 0
# compatibility_mode=8192 67108863 100 0 3786 3786 0 0
# scanned=275122
# found=228
# cleaned=0
# scan_time=12359
C:\Program Files\Mozilla Firefox\repairsetup.exe Win32/Adware.ErrorRepairPro application 00000000000000000000000000000000 I
C:\ProgramData\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application 00000000000000000000000000000000 I
C:\Users\All Users\ReviverSoft\RegistryReviver\InstallCache\{E31E4E05-4B6B-42A5-8623-EB530F8147F5}\RegistryReviver.msi a variant of Win32/SlowPCfighter application 00000000000000000000000000000000 I
C:\Users\Siim\AppData\Roaming\OpenCandy\OpenCandy_ABF5EBE928304ACC843FC0A08E780BF2\AFIRegistryReviverSetup_silent.exe a variant of Win32/SlowPCfighter application 00000000000000000000000000000000 I
C:\Users\Siim\AppData\Roaming\OpenCandy\OpenCandy_ABF5EBE928304ACC843FC0A08E780BF2\AFIRegRevSilent_p2v1.exe a variant of Win32/SlowPCfighter application 00000000000000000000000000000000 I
M:\Amsterdam\Amsterdam 2010\Film\Filmi muusika\01 Feeling Good.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\01 Isaga draakonil.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\02 Teine Kadriorg.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\03 Miisu.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\04 Silmalaud.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\05 Öövalges.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\06 Sinihabe.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\07 Vaadake paremat poolt.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\08 Kabaree.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\09 Kaks takti ette.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\10 Ahmed.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Dagö - Hiired Tuules\11 Hiired tuules.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\02 Watermelon Man.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\03 Fever.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\04 Mercy, Mercy, Mercy.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\05 Work Song.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\06 Cantaloupe Island.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\07 Killer Joe.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\08 The 'In' Crowd.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\09 Lullaby of Birdland.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\10 Mack the Knife.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\11 Take Five.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\12 Cute.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\13 Caravan.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\14 Walk, Don't Run.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\15 Bluesette.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Greatest Jazz Hits\16 A Night in Tunisia.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\01 Feeling Good.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\02 A Foggy Day (In London Town).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\03 You Don't Know Me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\04 Quando, Quando, Quando.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\05 Home.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\06 Can't Buy Me Love.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\07 The More I See You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\08 Save the Last Dance for Me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\09 Try a Little Tenderness.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\10 How Sweet It Is.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\11 Song for You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\12 I've Got You Under My Skin.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Michael Bublé - It's Time\13 You and I.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\01 Track 1.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\02 Track 2.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\03 Track 3.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\04 Track 4.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\05 Track 5.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\06 Track 6.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\07 Track 7.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\08 Track 8.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\09 Track 9.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\10 Track 10.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\11 Track 11.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\12 Track 12.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\13 Track 13.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\14 Track 14.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu\15 Track 15.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\01 Good Old A Capella.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\02 Relight My Fire.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\03 võõras mees.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\04 Follow Me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\05 ja nii see läeb.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\06 sexual healing.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\07 aeg teeb selgeks kõik.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\08 Rohelised Niidud.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\09 Georgia On My Mind.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\10 back in the ussr.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\11 Seak Kus Silmapiir.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Noorkuu - Vocapella\12 WEe Will Rock You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\01 Don't Know Why.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\02 Seven Years.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\03 Cold, Cold Heart.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\04 Feelin' the Same Way.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\05 Come Away With Me.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\06 Shoot the Moon.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\07 Turn Me On.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\08 Lonestar.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\09 I've Got to See You Again.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\10 Painter Song.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\11 One Flight Down.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\12 Nightingale.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\13 The Long Day Is Over.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\ALBUMID\Norah Jones - Come Away with Me\14 The Nearness of You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\01 Track 1.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\02 Track 2.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\03 Track 3.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\04 Track 4.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\05 Track 5.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\06 Track 6.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\07 Track 7.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\08 Track 8.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\09 Track 9.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\10 Track 10.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\11 Track 11.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\EESTI\Liisi Koikson\12 Track 12.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Bring It With You When You Come - Siegal-Schwall.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Charlotte Church -Can't Help Lovin' Dat Man.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Devil May Care - Diana Krall.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Etta Baker - Railroad Bill .wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Julie London - Black Coffee.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\River Boogie.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Eric Clapton\17 Track 17.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\01 Lee Ritenour - Road Song.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\02 Chris Botti - Drive Time.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\03 Mystic Voyage.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\04 Cast Your Fate To The Wind.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\05 All Around The World.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\06 Feels Like Heaven.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\07 Wes' Coast Swing.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\08 Bumpin' On Sunset.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\09 Groovin'.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\10 Cadillac Jack.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\11 High Steppin'.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\12 See See Rider.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\13 Bright Lights.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\14 Brooklyn Breezes.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\15 Ain't No Stoppin'.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Jazz For The Road\16 Miles Away.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JAZZ'N'BLUES\Norah Jones - Feel like home\Norah Jones - Toes.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\01 Tooge tuppa kuusekene.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\02 Päkapikumaa.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\03 Armas jõuluvanake.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\04 Päkapiku polka.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\05 Jõulumees on meie juurde teel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\06 Jõulumaal.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\07 Tip-top päkapikk.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\08 Päkapiku töö.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\09 Pisike päkapikk.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\10 Päkapiku jutt.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\11 Jõuluvanale.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\12 Tasa, tasa jõulukellad.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\13 Jõulurõõm.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\14 Jõulukellad.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\15 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\16 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\17 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\18 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\19 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\20 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\21 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\22 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\23 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\24 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\25 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\26 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\27 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\JÕULUKAD\Päkapiku plaadivabriku parimad palad\28 Instrumentaal (Jõululaulude popurrii).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\01 Felix Mandre - Elurõõm dir A.Avarand.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\02 Priit Raik - Isamaale dir. A. Avarand.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\03 Priit Raik - Isamaale (Kontsert) dir P. Saan.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\04 Paul Karp - Kiigemäel dir. Leho Muldre.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\05 Hans Hindpere - Sõit suurele peole dir. A. Avarand.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\1999 ÜLP Puhkpilliorkestrite repertuaar - Esitab Kaitsejõudude Puhkpilliorkester\06 C. Telcke - Vanad sõbrad dir. H. Saade.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\Arvo Pärt - Alina\01 Spiegel Im Spiegel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\Arvo Pärt - Alina\02 Für Alina.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\Arvo Pärt - Alina\03 Spiegel Im Spiegel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\Arvo Pärt - Alina\04 Für Alina.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\Arvo Pärt - Alina\05 Spiegel Im Spiegel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\01 Aleksander Kunileid - Sind surmani.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\02 Aleksander Kunileid - Mu isamaa on minu arm.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\03 Friedrich Saebelmann - Ellerhein.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\04 Aleksander Thomson - Kannel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\05 Karl August Hermann - Isamaa mälestus.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\06 Karl August Hermann - Oh, laula ja hõiska.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\07 Miina Härma - Tuljak.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\08 Miina Härma - Lauliku lapsepõli.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\09 Miina Härma - Meeste laul.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\10 Konstatin Türnpu - Mull' lapsepõlves rääkis.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\11 Konstatin Türnpu - Kevade tunne.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\12 Konstatin Türnpu - Meil aia äärne tänavas.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\13 Aleksander Läte - Kuldrannake.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\14 Aleksander Läte - Pilvedele.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\15 Rudolf Tobias - Largo (Eks teie tea).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\16 Rudolf Tobias - Varas.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\17 Rudolf Tobias - Sanctus oratooriumist 'Joonase lähetamine'.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\18 Rudolf Tobias - Ööpala (III osa keelpillikvartetist nr. 2).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\19 Artur Kapp - Dramaatiline avamäng 'Don Carlos' .wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\20 Artur Kapp - Metsateel.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\21 Artur Kapp - Koor nr. 7 oratooriumist 'Hiiob'.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\22 Mart Saar - Põhjavaim.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\23 Mart Saar - Must lind (soololaul).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\EESTI MUUSIKA SEMINAR\Eesti Muusika CD 1\24 Mart Saar - Tuule hõlmas, luule hõlmas.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\VARIA\02 Track 2.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\VARIA\05 Track 5.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\VARIA\09 Track 9.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\VARIA\14 Track 14.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\KLASSIKALINE\VARIA\17-Debussy-Jardins sous la plue.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\01 Track 1.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\02 Track 2.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\03 Track 3.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\04 Track 4.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\05 Track 5.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\06 Track 6.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\07 Track 7.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\Listen and repeat. Inglise keele kursus - Business\08 Track 8.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Buratino, Malvina, Artemon ja Pierrot laulavad ERSO saatel\01 Buratino ja tema sõprade laul.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Buratino, Malvina, Artemon ja Pierrot laulavad ERSO saatel\13 Track 13.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Buratino, Malvina, Artemon ja Pierrot laulavad ERSO saatel\14 Track 14.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Buratino, Malvina, Artemon ja Pierrot laulavad ERSO saatel\15 Track 15.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Buratino, Malvina, Artemon ja Pierrot laulavad ERSO saatel\16 Buratino laul (O. Ehala, J. Viiding).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\01 Tahan olla öö I.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\02 'Pahade' ilmumine.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\03 Võõras maa I.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\04 Kõrge lend I.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\05 Ära karda mind.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\06 Visake mind minema.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\07 Võõras maa II.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\08 Kõrge lend II.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\09 Inimene, inimene.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\SOUNDTRACKID, FILMIMUUSIKA\Kaotajad\10 Tahan olla öö II.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Andero Ermel - Tahan olla öö I.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Buratino ja tema sõprade laul.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Buratino laul (O. Ehala, J. Viiding).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Charlotte Church -Can't Help Lovin' Dat Man.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Debussy - Jardins sous la plue.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Devil May Care - Diana Krall.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Etta Baker - Railroad Bill .wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Julie London - Black Coffee.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Lito Villareal - As Long as I Have You.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Michael Buble - Feeling Good.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Puu taga ilvest.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Siegal-Schwall - Bring It With You When You Come.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Tanel Padar & The Sun - Kuu on päike.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Wyclef Jean - Something About Mary.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
M:\SIIM\MUUSIKA\VARIA\Zetod - Kaara-Jaan.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby maiki » December 1st, 2010, 8:17 pm

Hi again,

Here is the SystemLook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 02:22 on 02/12/2010 by Siim
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2926592 bytes [17:23 20/10/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe --a---- 2923520 bytes [00:34 09/10/2008] [00:34 09/10/2008] 6D06CD98D954FE87FB2DB8108793B399
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [14:44 11/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe --a---- 2923520 bytes [00:34 09/10/2008] [00:34 09/10/2008] BD06F0BF753BC704B653C3A50F89D362
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [14:44 11/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [12:36 12/10/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9F
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [14:44 11/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [14:44 11/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E
C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [17:23 20/10/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253

Searching for "explorer.dat"
No files found.

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a---- 314368 bytes [17:23 20/10/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe --a---- 308224 bytes [08:44 02/11/2006] [09:45 02/11/2006] 9F75392B9128A91ABAFB044EA350BAAD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a---- 314880 bytes [12:35 12/10/2008] [07:33 19/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a---- 314368 bytes [17:23 20/10/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

Searching for "winlogon.dat"
No files found.

Searching for "hlp.dat"
C:\Users\Public\Documents\Server\hlp.dat --a---- 36221 bytes [17:23 20/10/2009] [06:28 11/04/2009] D06C7EAC3B18C2FE02AA5F09274A4B2C

-= EOF =-
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 2nd, 2010, 7:47 am

maiki,
Your M: drive is badly infected with a large number of trojan downloaders.
These are mostly music files, undoubtedly downloaded with P2P file sharing programs.
You need to disconnect the M: drive from the machine and don't use it again while we are trying to fix the machine.
Do not play any of those music files.

We can possibly de-contaminate the M: drive later.

------------------------------------------------------
You have an extremely dangerous infection on the machine. It is called Bamital.D
It is dangerous on two fronts.


First:
Warning - Compromised Data
Because the infection has had remote control access to all your Internet activities, you should assume that any data on it may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well. Use a clean PC (not this one) to make the changes.

Second:
Bamital.D is an infection, peddled by criminals, with an attitude that they will own your computer or they will trash it.
In the process, they have created an infection that is very risky to fix.
They have corrupted two critical Windows files, without which Windows will not boot.
The likelihood of a total PC failure while trying to "FIX" it is very real.

You most likely contracted it through the use of P2P programs, to get free downloads.

Now, what to do
Before we attack the infection, you should be absolutely clear about the following:
  • If the attempt to fix your machine fails, it will likely fail to boot.
  • You need to make backups of every important data file, document, etc. on the machine that is important to you. Save to CDs, DVDs, flash drives, or external hard drive. (In your case, DO NOT copy the M: drive files).
  • Get your User Guide and be SURE you know how to do a complete System Recovery. If fixing this infection fails, this is what you will need to do.
    This is usually done by hitting a certain Function key as the machine starts.
    This is the "drastic" recovery method that puts your machine's C: drive back to the exact state it was in when you purchased it. Any choice to do a "Repair Install" which leaves the programs intact, will fail.
    A full System Recovery would mean re-installing all programs over again, this time not using P2P programs to download anything.
    After Recovery, the system would need to be updated immediately by connecting to Microsoft and getting all the Updates.
  • If you do not have a commercial PC machine with a System Recovery, you will need to locate the CD with the Windows operating system on it, and your key code, because you will neee to reformat the drive and re-install Windows.
  • Locate any System Disks you have, from when you bought the machine.
  • You cannot continue with a machine controlled by criminals. They can send out spam, e-mails, and infections using your machine as the perpetrator.

So, please do your homework, tell me your status, and if/when you are ready to proceed.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 3rd, 2010, 2:53 pm

Hi!

I've copied all my important files to an external hard drive (not the M drive) and I also have CD with Windows operating system. I'm ready to proceed.
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 3rd, 2010, 4:10 pm

Maiki,
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE MICROSOFT SECURITY ESSENTIALS
    Right click the green MS Security Essentials "schoolhouse" icon in the lower right System tray, and click "Open".
    Click the "Settings" tab and in the left pane, then Click "Real Time Protection"
    In The Main Window UNCHECK the box for "Turn on real time protection(Recommended)"
    Then click "Save Changes".
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 5th, 2010, 3:48 pm

Hi here is the log from Combofix:


ComboFix 10-12-04.02 - Siim 12/05/2010 21:28:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1257.372.1033.18.2046.1155 [GMT 2:00]
Running from: c:\users\Siim\Desktop\zzz.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Public\Documents\Server\admin.txt
c:\users\Siim\AppData\Local\Microsoft\Windows\Temporary Internet Files\udRemove.exe
c:\users\Siim\AppData\Roaming\inst.exe
c:\users\Siim\AppData\Roaming\Microsoft\AdjMmsVista.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-05 to 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 19:37 . 2010-12-05 19:37 -------- d-----w- c:\users\postgres.Siim-PC\AppData\Local\temp
2010-12-05 19:37 . 2010-12-05 19:37 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-05 19:37 . 2010-12-05 19:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\ArcSoft
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\HP SimpleSave Application
2010-12-01 20:18 . 2010-12-01 20:18 -------- d-----w- c:\program files\ESET
2010-11-28 14:54 . 2010-11-28 14:54 -------- d-----w- c:\program files\Conduit
2010-11-28 14:53 . 2010-11-28 14:54 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 17:56 . 2010-11-26 17:56 -------- d-----w- c:\program files\Net Studio
2010-11-26 01:03 . 2010-11-26 01:03 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG10
2010-11-26 01:01 . 2010-11-26 01:01 -------- d--h--w- c:\programdata\Common Files
2010-11-26 00:59 . 2010-12-01 20:11 -------- d-----w- c:\programdata\AVG10
2010-11-26 00:50 . 2010-11-28 13:22 -------- d-----w- c:\programdata\MFAData
2010-11-26 00:43 . 2010-11-26 00:44 -------- d-----w- c:\users\Siim\AppData\Roaming\QuickScan
2010-11-26 00:39 . 2010-11-26 00:39 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG9
2010-11-25 12:00 . 2010-11-25 12:00 -------- d-----w- c:\users\Siim\AppData\Local\Installer2336
2010-11-25 03:13 . 2010-11-25 03:13 -------- d-----w- c:\users\Siim\POKKER
2010-11-24 23:24 . 2010-11-24 23:24 -------- d-----w- c:\users\Siim\Program Files
2010-11-24 14:42 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-11-24 14:42 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-11-24 14:42 . 2010-11-24 14:43 -------- d-----w- c:\program files\PDFCreator
2010-11-24 14:42 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-24 14:36 . 2010-11-24 14:36 -------- d-----w- c:\programdata\ReviverSoft
2010-11-24 14:35 . 2010-11-24 14:36 -------- d-----w- c:\users\Siim\AppData\Local\OpenCandy
2010-11-24 14:35 . 2010-11-24 14:35 -------- d-----w- c:\users\Siim\AppData\Roaming\OpenCandy
2010-11-24 14:33 . 2010-11-24 14:38 -------- d-----w- c:\program files\Acro Software
2010-11-23 07:05 . 2010-11-23 07:05 -------- d-----w- c:\program files\PokerStove
2010-11-22 15:59 . 2010-11-22 18:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-22 15:59 . 2010-11-22 15:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-15 14:06 . 2010-11-15 14:07 -------- d-----w- c:\users\Siim\AppData\Local\Installer1104
2010-11-15 12:33 . 2010-11-30 22:04 -------- d-----w- c:\program files\TableNinja
2010-11-15 09:59 . 2010-11-15 09:59 -------- d-----w- c:\users\Siim\AppData\Local\Installer5828
2010-11-14 15:29 . 2010-12-01 19:48 -------- d-----w- c:\users\Siim\Tracing
2010-11-14 11:06 . 2010-11-14 11:06 -------- d-----w- C:\PcSetup
2010-11-13 14:01 . 2010-11-13 14:01 229376 ----a-w- c:\windows\system32\drivers\sst5A89.sys
2010-11-13 14:01 . 2010-11-13 14:01 118784 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sst5A65.tmp
2010-11-13 14:01 . 2010-11-13 14:01 0 ----a-w- c:\windows\system32\drivers\sst5A89.tmp
2010-11-10 17:13 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 14:43 . 2010-11-08 14:46 -------- d-----w- C:\I

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 11:06 . 2009-04-07 18:15 47360 ----a-w- c:\users\Siim\AppData\Roaming\pcouffin.sys
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-14 12:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 12:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 12:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 12:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 12:18 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 12:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C571FD-3CE1-4699-9AE3-22C129EE35AD}]
2010-02-04 08:38 153056 ----a-w- c:\windows\System32\idcertremoval.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Google Update"="c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-26 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SigmatelSysTrayApp"="sttray.exe" [2010-05-04 303104]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-11-24 23:24 323392 ----a-w- c:\users\Siim\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 09:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 14:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 12:32 56080 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 aklmktks;aklmktks;c:\windows\system32\drivers\aklmktks.sys [x]
R1 cscllkfd;cscllkfd;c:\windows\system32\drivers\cscllkfd.sys [x]
R1 diqxquwj;diqxquwj;c:\windows\system32\drivers\diqxquwj.sys [x]
R1 gvzqshwl;gvzqshwl;c:\windows\system32\drivers\gvzqshwl.sys [x]
R1 hqckmixp;hqckmixp;c:\windows\system32\drivers\hqckmixp.sys [x]
R1 kplshmcg;kplshmcg;c:\windows\system32\drivers\kplshmcg.sys [x]
R1 qkzfskxq;qkzfskxq;c:\windows\system32\drivers\qkzfskxq.sys [x]
R1 rdtveihw;rdtveihw;c:\windows\system32\drivers\rdtveihw.sys [x]
R1 rengfkpj;rengfkpj;c:\windows\system32\drivers\rengfkpj.sys [x]
R1 sshgmxaq;sshgmxaq;c:\windows\system32\drivers\sshgmxaq.sys [x]
R1 xbkpptki;xbkpptki;c:\windows\system32\drivers\xbkpptki.sys [x]
R1 xpynmcif;xpynmcif;c:\windows\system32\drivers\xpynmcif.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 kroover;kroover;c:\windows\system32\drivers\kroover.exe [x]
R3 EasyViz Automatic Update;EasyViz Automatic Update;c:\program files\EasyViz 3.0\evauh.exe [2009-12-07 856728]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-11 717296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000Core.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000UA.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ee/
uInternet Settings,ProxyOverride = *.local
IE: {{BFBE0C3A-BD72-4d5e-8058-E9494F00C005} - c:\program files\PokerStars.EE\PokerStarsUpdate.exe
TCP: {21B2A37A-B9E1-401E-97F9-4AC0D8E37E82} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npidcard.dll
FF - plugin: c:\users\Siim\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-YouSendIt.exe - c:\program files\YouSendIt\Express\YouSendIt.exe
HKLM-Run-POEngine - (no file)
HKU-Default-Run-Metropolis - c:\windows\system32\sshnas21.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 21:39
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\users\Siim\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: Hitachi_ rev.P22O -> Harddisk0\DR0 ->

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x868E1446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x868e7504]; MOV EAX, [0x868e7580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82059962] -> \Device\Harddisk0\DR0[0x86243800]
3 CLASSPNP[0x883AC8B3] -> ntkrnlpa!IofCallDriver[0x82059962] -> [0x856D9150]
5 acpi[0x807456BC] -> ntkrnlpa!IofCallDriver[0x82059962] -> [0x852947F0]
\Driver\nvstor32[0x85B75328] -> IRP_MJ_CREATE -> 0x868E1446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000051 -> \??\SCSI#Disk&Ven_Hitachi&Prod_HDS721616PLA#4&2834dc4b&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
.
Completion time: 2010-12-05 21:42:56
ComboFix-quarantined-files.txt 2010-12-05 19:42

Pre-Run: 59,154,120,704 bytes free
Post-Run: 59,162,320,896 bytes free

- - End Of File - - 8019A31E5B66E69285EA36CF9F4E538A
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 5th, 2010, 4:46 pm

maiki,
Don't yet know if this machine can be fixed without Reformat and re-install.
It has 13 infected drivers we need to remove before we can check out the rootkit.
-------------------------------------------------------------
  • Open a new Notepad window (Start>All programs>accessories>notepad). Choose File, New.
  • Highlight the contents of the codebox below and press Ctrl+C to copy it to the clipboard. Do Not copy the word "Code".
    Code: Select all
    File::
    c:\windows\system32\drivers\aklmktks.sys
    c:\windows\system32\drivers\cscllkfd.sys
    c:\windows\system32\drivers\diqxquwj.sys
    c:\windows\system32\drivers\gvzqshwl.sys
    c:\windows\system32\drivers\hqckmixp.sys
    c:\windows\system32\drivers\kplshmcg.sys
    c:\windows\system32\drivers\qkzfskxq.sys
    c:\windows\system32\drivers\rdtveihw.sys
    c:\windows\system32\drivers\rengfkpj.sys
    c:\windows\system32\drivers\sshgmxaq.sys
    c:\windows\system32\drivers\xbkpptki.sys
    c:\windows\system32\drivers\xpynmcif.sys
    c:\windows\system32\drivers\kroover.exe
    
    Driver::
    aklmktks
    cscllkfd
    diqxquwj
    gvzqshwl
    hqckmixp
    kplshmcg
    qkzfskxq
    rdtveihw
    rengfkpj
    sshgmxaq
    xbkpptki
    xpynmcif
    kroover
    
  • Paste the contents of the clipboard into the Notepad window by pressing Ctrl+V or Edit, Paste
  • Save it to your desktop as CFScript.txt

    Image
  • Now drag and drop the CFScript.txt icon onto combofix.exe (zzz.exe) as in the picture above, and follow the prompts.
  • Then post the resultant log, C:\ComboFix.txt, in your next reply.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 5th, 2010, 7:31 pm

Hi,

When I did drag the CFScript.txt to the zzz.exe it started the scan normally but in few minutes my machine restarted and I got the Windows Error Recovery sreen. I started the widows normally. After that windows starts and I get a meesage: "Windows has recovered from an unexpected shutdown." There is no log available and also the CFScript.txt file has dissapeared from my desktop.

Thanks
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 5th, 2010, 7:47 pm

Please run the TDSSKiller routine .
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Multiple threat detection

Unread postby maiki » December 6th, 2010, 10:44 am

Log from the TDSSKiller



2010/12/06 16:33:52.0039 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 16:33:52.0039 ================================================================================
2010/12/06 16:33:52.0039 SystemInfo:
2010/12/06 16:33:52.0039
2010/12/06 16:33:52.0039 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/06 16:33:52.0039 Product type: Workstation
2010/12/06 16:33:52.0039 ComputerName: SIIM-PC
2010/12/06 16:33:52.0040 UserName: Siim
2010/12/06 16:33:52.0040 Windows directory: C:\Windows
2010/12/06 16:33:52.0040 System windows directory: C:\Windows
2010/12/06 16:33:52.0040 Processor architecture: Intel x86
2010/12/06 16:33:52.0040 Number of processors: 2
2010/12/06 16:33:52.0040 Page size: 0x1000
2010/12/06 16:33:52.0040 Boot type: Normal boot
2010/12/06 16:33:52.0040 ================================================================================
2010/12/06 16:33:56.0346 Initialize success
2010/12/06 16:34:11.0584 ================================================================================
2010/12/06 16:34:11.0584 Scan started
2010/12/06 16:34:11.0584 Mode: Manual;
2010/12/06 16:34:11.0584 ================================================================================
2010/12/06 16:34:12.0385 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/06 16:34:12.0520 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/06 16:34:12.0639 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/06 16:34:12.0669 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/06 16:34:12.0769 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/06 16:34:12.0898 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/06 16:34:13.0008 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2010/12/06 16:34:13.0040 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/06 16:34:13.0199 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
2010/12/06 16:34:13.0420 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2010/12/06 16:34:13.0483 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
2010/12/06 16:34:13.0527 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/06 16:34:13.0584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2010/12/06 16:34:13.0709 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/06 16:34:13.0751 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/06 16:34:13.0895 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/06 16:34:13.0936 atapi (9e7e85ec61d1c9c3171cc08427108863) C:\Windows\system32\drivers\atapi.sys
2010/12/06 16:34:14.0183 atikmdag (18f4c1c503f1cdd39ad006aa54b79ea8) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 16:34:14.0395 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2010/12/06 16:34:14.0491 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/06 16:34:14.0638 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/06 16:34:14.0700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/06 16:34:14.0757 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/06 16:34:14.0833 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/06 16:34:14.0903 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/06 16:34:14.0960 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/06 16:34:14.0988 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/06 16:34:15.0087 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/06 16:34:15.0356 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/06 16:34:15.0428 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/06 16:34:15.0525 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/06 16:34:15.0586 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/06 16:34:15.0705 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
2010/12/06 16:34:15.0743 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2010/12/06 16:34:15.0778 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/06 16:34:15.0855 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/06 16:34:16.0130 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/06 16:34:16.0326 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/06 16:34:16.0456 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/06 16:34:16.0547 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/12/06 16:34:16.0666 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2010/12/06 16:34:16.0729 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/06 16:34:16.0847 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2010/12/06 16:34:16.0895 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/06 16:34:17.0034 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/06 16:34:17.0106 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/06 16:34:17.0218 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
2010/12/06 16:34:17.0317 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/06 16:34:17.0403 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/06 16:34:17.0446 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/06 16:34:17.0547 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/06 16:34:17.0605 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/06 16:34:17.0705 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/06 16:34:17.0755 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/06 16:34:17.0868 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/06 16:34:17.0909 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/06 16:34:18.0014 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/06 16:34:18.0171 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/06 16:34:18.0341 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/06 16:34:18.0494 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/06 16:34:18.0525 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/06 16:34:18.0644 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/06 16:34:18.0694 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/06 16:34:18.0773 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/06 16:34:18.0876 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/06 16:34:18.0990 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/06 16:34:19.0026 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/06 16:34:19.0124 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/06 16:34:19.0176 intelide (1b16626beae3a52e611fc681cd796f86) C:\Windows\system32\drivers\intelide.sys
2010/12/06 16:34:19.0259 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/06 16:34:19.0346 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/06 16:34:19.0475 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/06 16:34:19.0524 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/06 16:34:19.0622 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/06 16:34:19.0663 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2010/12/06 16:34:19.0716 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/06 16:34:19.0800 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/06 16:34:19.0831 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/06 16:34:19.0935 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/06 16:34:19.0995 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/06 16:34:20.0140 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/06 16:34:20.0272 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/06 16:34:20.0369 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/06 16:34:20.0486 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/06 16:34:20.0531 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/06 16:34:20.0612 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/06 16:34:20.0666 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/06 16:34:20.0756 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/06 16:34:20.0820 LUsbFilt (ca26e46ec8891058c9e10363df4e4650) C:\Windows\system32\Drivers\LUsbFilt.Sys
2010/12/06 16:34:20.0924 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/06 16:34:20.0967 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/06 16:34:21.0005 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/06 16:34:21.0118 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/06 16:34:21.0156 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/06 16:34:21.0216 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/06 16:34:21.0349 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/06 16:34:21.0395 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/06 16:34:21.0509 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/06 16:34:21.0559 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/06 16:34:21.0663 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/06 16:34:21.0716 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/06 16:34:21.0813 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/06 16:34:21.0870 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
2010/12/06 16:34:21.0941 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/06 16:34:22.0017 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/06 16:34:22.0113 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/06 16:34:22.0177 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/06 16:34:22.0266 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/06 16:34:22.0334 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/06 16:34:22.0428 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/06 16:34:22.0497 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/06 16:34:22.0615 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/06 16:34:22.0665 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/06 16:34:22.0778 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/06 16:34:22.0922 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/06 16:34:23.0047 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/06 16:34:23.0109 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/06 16:34:23.0223 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/06 16:34:23.0265 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/06 16:34:23.0408 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/06 16:34:23.0554 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/06 16:34:23.0674 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/06 16:34:23.0768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/06 16:34:23.0845 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/06 16:34:23.0950 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/06 16:34:24.0065 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/06 16:34:24.0115 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/06 16:34:24.0388 nvlddmkm (b02587fa997723297384c95f424e78fa) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/06 16:34:24.0552 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/06 16:34:24.0604 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\DRIVERS\nvstor.sys
2010/12/06 16:34:24.0698 nvstor32 (615d79a1d2c98817ff2fdeb1b167d808) C:\Windows\system32\drivers\nvstor32.sys
2010/12/06 16:34:24.0769 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2010/12/06 16:34:24.0950 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2010/12/06 16:34:25.0086 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/06 16:34:25.0141 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/06 16:34:25.0234 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/06 16:34:25.0292 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/06 16:34:25.0386 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\drivers\pciide.sys
2010/12/06 16:34:25.0419 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/12/06 16:34:25.0570 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/12/06 16:34:25.0674 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/06 16:34:25.0841 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/06 16:34:25.0925 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/06 16:34:25.0995 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/06 16:34:26.0241 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/06 16:34:26.0458 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/06 16:34:26.0582 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/06 16:34:26.0698 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/06 16:34:26.0842 R300 (18f4c1c503f1cdd39ad006aa54b79ea8) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/12/06 16:34:26.0959 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/06 16:34:27.0006 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/06 16:34:27.0055 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/06 16:34:27.0163 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/06 16:34:27.0218 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/06 16:34:27.0332 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/06 16:34:27.0401 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2010/12/06 16:34:27.0524 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/06 16:34:27.0611 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/06 16:34:27.0746 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/06 16:34:27.0865 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\Windows\system32\DRIVERS\s616bus.sys
2010/12/06 16:34:27.0932 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/06 16:34:28.0061 SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\Windows\system32\drivers\SCDEmu.sys
2010/12/06 16:34:28.0120 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/06 16:34:28.0220 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/06 16:34:28.0275 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/06 16:34:28.0388 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/06 16:34:28.0490 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2010/12/06 16:34:28.0588 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/06 16:34:28.0632 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2010/12/06 16:34:28.0674 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/06 16:34:28.0784 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2010/12/06 16:34:28.0843 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/06 16:34:28.0911 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/06 16:34:29.0001 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/06 16:34:29.0101 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/06 16:34:29.0200 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/12/06 16:34:29.0200 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/06 16:34:29.0207 sptd - detected Locked file (1)
2010/12/06 16:34:29.0316 Spyder3 (1c63fe706ab797bc3c24813ff969b4de) C:\Windows\system32\DRIVERS\Spyder3.sys
2010/12/06 16:34:29.0375 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/06 16:34:29.0490 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/06 16:34:29.0512 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/06 16:34:29.0682 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2010/12/06 16:34:29.0807 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/06 16:34:29.0854 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/06 16:34:29.0944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/06 16:34:29.0982 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/06 16:34:30.0126 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/06 16:34:30.0284 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/06 16:34:30.0390 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/06 16:34:30.0435 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/06 16:34:30.0513 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/06 16:34:30.0577 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/06 16:34:30.0621 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/06 16:34:30.0772 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/06 16:34:30.0882 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/06 16:34:30.0919 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/06 16:34:30.0976 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/06 16:34:31.0091 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/06 16:34:31.0145 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/06 16:34:31.0243 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/06 16:34:31.0289 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/06 16:34:31.0506 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/06 16:34:31.0555 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/06 16:34:31.0678 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/06 16:34:31.0742 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
2010/12/06 16:34:31.0840 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/06 16:34:31.0900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/06 16:34:31.0978 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/06 16:34:32.0035 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2010/12/06 16:34:32.0120 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/06 16:34:32.0173 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/06 16:34:32.0228 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/06 16:34:32.0294 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/06 16:34:32.0378 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/06 16:34:32.0428 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2010/12/06 16:34:32.0490 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/06 16:34:32.0543 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
2010/12/06 16:34:32.0575 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/06 16:34:32.0698 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/06 16:34:32.0750 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/06 16:34:32.0845 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/06 16:34:32.0897 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/06 16:34:32.0943 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 16:34:32.0960 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/06 16:34:33.0073 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/06 16:34:33.0131 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/06 16:34:33.0378 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\Windows\system32\drivers\WmBEnum.sys
2010/12/06 16:34:33.0424 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\Windows\system32\drivers\WmFilter.sys
2010/12/06 16:34:33.0552 WmHidLo (be1951c6919efb86e95f8ef331e39c50) C:\Windows\system32\drivers\WmHidLo.sys
2010/12/06 16:34:33.0593 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/06 16:34:33.0720 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\Windows\system32\drivers\WmVirHid.sys
2010/12/06 16:34:33.0770 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\Windows\system32\drivers\WmXlCore.sys
2010/12/06 16:34:33.0873 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/06 16:34:33.0931 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/06 16:34:34.0053 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/06 16:34:34.0166 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/06 16:34:34.0172 ================================================================================
2010/12/06 16:34:34.0172 Scan finished
2010/12/06 16:34:34.0172 ================================================================================
2010/12/06 16:34:34.0189 Detected object count: 2
2010/12/06 16:36:07.0553 Locked file(sptd) - User select action: Skip
2010/12/06 16:36:07.0642 \HardDisk0 - will be cured after reboot
2010/12/06 16:36:07.0644 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/06 16:36:17.0903 Deinitialize success
maiki
Active Member
 
Posts: 13
Joined: November 25th, 2010, 4:13 pm

Re: Multiple threat detection

Unread postby askey127 » December 6th, 2010, 11:51 am

---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

Now please run RKill again.
When it finishes, try the Combofix (zzz.exe) Script again.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 284 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware