Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
Malware Removal Instructions
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
by Barry07601 » December 29th, 2011, 11:02 pm
Yes Deltalima that is correct.
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by Barry07601 » December 29th, 2011, 11:04 pm
deltalima wrote: And if you open the shortcut again, is the Run with different credentials box still unticked ?
Yes, the box is still unchecked.
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » December 30th, 2011, 3:13 pm
Hi Barry07601,
ESET Online Scanner: Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read
here .
Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select
Run as Administrator from the context menu.
Please go here to run the scan.Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on: When prompted allow the Add-On/Active X to install. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked. Now click on Advanced Settings and select the following: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Now click on: The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. When completed the Online Scan will begin automatically. Do no t touch either the Mouse or keyboard during the scan otherwise it may stall.When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! Now click on: Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt . Copy and paste that log as a reply to this topic. Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 1st, 2012, 3:46 pm
C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\110923132819782.rsc a variant of Win32/InstallCore.D application C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\111213172712546.rsc a variant of Win32/Kryptik.XGF trojan C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\111219024139593.rsc multiple threats C:\Program Files\Common Files\ZugoInstaller.exe a variant of Win32/Toolbar.Zugo application C:\RECYCLER\S-1-5-21-2052111302-507921405-839522115-1003\Dc12.exe a variant of Win32/InstallCore.D application C:\RECYCLER\S-1-5-21-2052111302-507921405-839522115-1003\Dc4.exe multiple threats H:\Seagate Backup\E510\History\Level2\C\Program Files\Mozilla Firefox\plugins\NPMySrch.dll Win32/Toolbar.MyWebSearch application
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » January 1st, 2012, 4:55 pm
Hi Barry07601,
Run OTL Script Double-click OTL.exe to start the program. Copy and Paste the following code into the textbox. Do not include the word Code Code: Select all
:processes
killallprocesses
:otl
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
:files
C:\Program Files\Common Files\ZugoInstaller.exe
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
[RESETHOSTS]
[CREATERESTOREPOINT]
[REBOOT]
Then click the Run Fix button at the top. Click .OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply. Scan With RKUnHooker Please Download Rootkit Unhooker Save it to your desktop. Now double-click on RKUnhookerLE.exe to run it. Click the Report tab, then click Scan . Check (Tick) Drivers, Stealth, Files, Code Hooks . Uncheck the rest. then Click OK . Wait till the scanner has finished and then click File, Save Report . Save the report somewhere where you can find it. Click Close . Copy the entire contents of the report and paste it in a reply here.
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 2nd, 2012, 1:37 am
OK, followed your instructions to the letter and the computer hangs.. I had to do a hard reset. Did not run Rootkit Unhooker yet.
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » January 2nd, 2012, 9:08 am
Hi Barry07601,
Pleased run the OTL fix (using the previous instructions) with the following script and post the log in your next reply.
Code: Select all
:processes
killallprocesses
:otl
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
:files
C:\Program Files\Common Files\ZugoInstaller.exe
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 2nd, 2012, 5:43 pm
OK, I pasted the new custom code into OTL and the exact same thing happens... the computer freezes and I'm forced to do a hard reset.
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » January 2nd, 2012, 5:50 pm
Hi Barry07601,
I pasted the new custom code into OTL and the exact same thing happens
It's looking like the infection has damaged the operating system and the only way to sort the problem will be to reformat.
Let's try another approach to find the problem.
TDSSKiller Please Download TDSSKiller.zip and save it on your desktop . Extract (unzip) its contents to your Desktop . Double-click the TDSSKiller Folder on your desktop. Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop. Important!: Run this fix once and once only .Double click the TDSSKiller icon on you're desktop then click Start scan. A box will appear saying System scan completed . If any Malicious objects are found click Cure > Continue > Reboot now. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010 . To find the log click Start > Computer > C: . Please post the contents of that log in your next reply.
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 2nd, 2012, 7:56 pm
18:54:56.0406 4836 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16 18:54:56.0937 4836 ============================================================ 18:54:56.0937 4836 Current date / time: 2012/01/02 18:54:56.0937 18:54:56.0937 4836 SystemInfo: 18:54:56.0937 4836 18:54:56.0937 4836 OS Version: 5.1.2600 ServicePack: 3.0 18:54:56.0937 4836 Product type: Workstation 18:54:56.0937 4836 ComputerName: E510 18:54:56.0937 4836 UserName: Barry 18:54:56.0937 4836 Windows directory: C:\WINDOWS 18:54:56.0937 4836 System windows directory: C:\WINDOWS 18:54:56.0937 4836 Processor architecture: Intel x86 18:54:56.0937 4836 Number of processors: 2 18:54:56.0937 4836 Page size: 0x1000 18:54:56.0937 4836 Boot type: Normal boot 18:54:56.0937 4836 ============================================================ 18:54:58.0828 4836 Initialize success 18:55:16.0734 6112 ============================================================ 18:55:16.0734 6112 Scan started 18:55:16.0734 6112 Mode: Manual; 18:55:16.0734 6112 ============================================================ 18:55:17.0765 6112 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys 18:55:17.0765 6112 61883 - ok 18:55:17.0843 6112 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys 18:55:17.0859 6112 Aavmker4 - ok 18:55:17.0859 6112 Abiosdsk - ok 18:55:17.0875 6112 abp480n5 - ok 18:55:17.0953 6112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 18:55:17.0953 6112 ACPI - ok 18:55:18.0000 6112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 18:55:18.0015 6112 ACPIEC - ok 18:55:18.0015 6112 adpu160m - ok 18:55:18.0062 6112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 18:55:18.0078 6112 aec - ok 18:55:18.0109 6112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 18:55:18.0109 6112 AFD - ok 18:55:18.0125 6112 Aha154x - ok 18:55:18.0140 6112 aic78u2 - ok 18:55:18.0156 6112 aic78xx - ok 18:55:18.0187 6112 akS56USB (1ef4524bafb3bfd6a2c6022ba1af12a3) C:\WINDOWS\system32\Drivers\akS56USB.sys 18:55:18.0187 6112 akS56USB - ok 18:55:18.0203 6112 AliIde - ok 18:55:18.0218 6112 amsint - ok 18:55:18.0250 6112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 18:55:18.0250 6112 Arp1394 - ok 18:55:18.0265 6112 asc - ok 18:55:18.0281 6112 asc3350p - ok 18:55:18.0296 6112 asc3550 - ok 18:55:18.0328 6112 aswFsBlk - ok 18:55:18.0343 6112 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys 18:55:18.0343 6112 aswMon2 - ok 18:55:18.0375 6112 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys 18:55:18.0375 6112 aswRdr - ok 18:55:18.0421 6112 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys 18:55:18.0421 6112 aswSnx - ok 18:55:18.0468 6112 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys 18:55:18.0468 6112 aswSP - ok 18:55:18.0500 6112 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys 18:55:18.0500 6112 aswTdi - ok 18:55:18.0546 6112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 18:55:18.0546 6112 AsyncMac - ok 18:55:18.0578 6112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 18:55:18.0578 6112 atapi - ok 18:55:18.0593 6112 Atdisk - ok 18:55:18.0718 6112 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 18:55:18.0796 6112 ati2mtag - ok 18:55:18.0968 6112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 18:55:18.0984 6112 Atmarpc - ok 18:55:19.0031 6112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 18:55:19.0031 6112 audstub - ok 18:55:19.0078 6112 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys 18:55:19.0078 6112 Avc - ok 18:55:19.0109 6112 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys 18:55:19.0109 6112 AVCSTRM - ok 18:55:19.0125 6112 Avgfwdx - ok 18:55:19.0140 6112 Avgfwfd - ok 18:55:19.0187 6112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 18:55:19.0187 6112 Beep - ok 18:55:19.0250 6112 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys 18:55:19.0296 6112 CamDrL - ok 18:55:19.0328 6112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 18:55:19.0328 6112 cbidf2k - ok 18:55:19.0359 6112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 18:55:19.0375 6112 CCDECODE - ok 18:55:19.0375 6112 cd20xrnt - ok 18:55:19.0421 6112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 18:55:19.0421 6112 Cdaudio - ok 18:55:19.0468 6112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 18:55:19.0468 6112 Cdfs - ok 18:55:19.0515 6112 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys 18:55:19.0531 6112 cercsr6 - ok 18:55:19.0546 6112 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys 18:55:19.0562 6112 CEUSBAUD - ok 18:55:19.0562 6112 Changer - ok 18:55:19.0593 6112 CmdIde - ok 18:55:19.0625 6112 Cpqarray - ok 18:55:19.0671 6112 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 18:55:19.0671 6112 ctsfm2k - ok 18:55:19.0687 6112 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys 18:55:19.0703 6112 CTUSFSYN - ok 18:55:19.0843 6112 dac2w2k - ok 18:55:19.0875 6112 dac960nt - ok 18:55:19.0937 6112 DigiFilter (74dd46d49809c5f689f24ccdd0d18a4e) C:\WINDOWS\system32\drivers\DigiFilt.sys 18:55:19.0937 6112 DigiFilter - ok 18:55:20.0000 6112 DigiNet (8cdade100463fba648a04e02411c68ad) C:\WINDOWS\system32\DRIVERS\diginet.sys 18:55:20.0000 6112 DigiNet - ok 18:55:20.0031 6112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 18:55:20.0046 6112 Disk - ok 18:55:20.0093 6112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 18:55:20.0125 6112 dmboot - ok 18:55:20.0187 6112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 18:55:20.0187 6112 dmio - ok 18:55:20.0203 6112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 18:55:20.0203 6112 dmload - ok 18:55:20.0250 6112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 18:55:20.0265 6112 DMusic - ok 18:55:20.0281 6112 dpti2o - ok 18:55:20.0328 6112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 18:55:20.0328 6112 drmkaud - ok 18:55:20.0359 6112 DVC150B (2d24997563e25a09046ebb5752fffdff) C:\WINDOWS\system32\Drivers\dvc150b.SYS 18:55:20.0375 6112 DVC150B - ok 18:55:20.0406 6112 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 18:55:20.0421 6112 E100B - ok 18:55:20.0500 6112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 18:55:20.0515 6112 Fastfat - ok 18:55:20.0562 6112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 18:55:20.0562 6112 Fdc - ok 18:55:20.0609 6112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 18:55:20.0609 6112 Fips - ok 18:55:20.0640 6112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 18:55:20.0640 6112 Flpydisk - ok 18:55:20.0687 6112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 18:55:20.0703 6112 FltMgr - ok 18:55:20.0765 6112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 18:55:20.0765 6112 Fs_Rec - ok 18:55:20.0828 6112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 18:55:20.0828 6112 Ftdisk - ok 18:55:21.0015 6112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 18:55:21.0031 6112 GEARAspiWDM - ok 18:55:21.0093 6112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 18:55:21.0093 6112 Gpc - ok 18:55:21.0203 6112 HabuFltr (828b3fd539b77d69fcce0c710101e91e) C:\WINDOWS\system32\drivers\habu.sys 18:55:21.0203 6112 HabuFltr - ok 18:55:21.0390 6112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 18:55:21.0390 6112 HDAudBus - ok 18:55:21.0437 6112 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 18:55:21.0437 6112 hidusb - ok 18:55:21.0453 6112 hpn - ok 18:55:21.0500 6112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 18:55:21.0515 6112 HTTP - ok 18:55:21.0531 6112 i2omgmt - ok 18:55:21.0546 6112 i2omp - ok 18:55:21.0609 6112 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys 18:55:21.0609 6112 iLokDrvr - ok 18:55:21.0625 6112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 18:55:21.0640 6112 Imapi - ok 18:55:21.0656 6112 ini910u - ok 18:55:21.0671 6112 IntelIde - ok 18:55:21.0734 6112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 18:55:21.0734 6112 intelppm - ok 18:55:21.0765 6112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 18:55:21.0781 6112 Ip6Fw - ok 18:55:21.0812 6112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 18:55:21.0828 6112 IpFilterDriver - ok 18:55:21.0859 6112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 18:55:21.0859 6112 IpInIp - ok 18:55:21.0890 6112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 18:55:21.0906 6112 IpNat - ok 18:55:21.0937 6112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 18:55:21.0953 6112 IPSec - ok 18:55:21.0984 6112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 18:55:21.0984 6112 IRENUM - ok 18:55:22.0046 6112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 18:55:22.0046 6112 isapnp - ok 18:55:22.0234 6112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 18:55:22.0250 6112 Kbdclass - ok 18:55:22.0265 6112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 18:55:22.0265 6112 kbdhid - ok 18:55:22.0328 6112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 18:55:22.0328 6112 kmixer - ok 18:55:22.0359 6112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 18:55:22.0359 6112 KSecDD - ok 18:55:22.0375 6112 lbrtfdc - ok 18:55:22.0484 6112 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys 18:55:22.0531 6112 LVcKap - ok 18:55:22.0609 6112 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys 18:55:22.0625 6112 LVMVDrv - ok 18:55:22.0656 6112 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 18:55:22.0671 6112 LVPr2Mon - ok 18:55:22.0703 6112 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys 18:55:22.0703 6112 LVUSBSta - ok 18:55:22.0750 6112 MAFW (c1d028531ed173ff164f660ff03eb090) C:\WINDOWS\system32\DRIVERS\mafw.sys 18:55:22.0765 6112 MAFW - ok 18:55:22.0812 6112 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys 18:55:22.0812 6112 MarvinBus - ok 18:55:22.0843 6112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 18:55:22.0843 6112 MBAMProtector - ok 18:55:22.0890 6112 MBAMSwissArmy - ok 18:55:22.0906 6112 MCSTRM - ok 18:55:22.0953 6112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 18:55:22.0968 6112 mnmdd - ok 18:55:23.0000 6112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 18:55:23.0000 6112 Modem - ok 18:55:23.0187 6112 motubus (f6414aad75ed005af5634be28f78c69b) C:\WINDOWS\system32\drivers\MotuBus.sys 18:55:23.0187 6112 motubus - ok 18:55:23.0281 6112 MotuMidi (009dd91d2c1980653fb07c92f4bf6f4b) C:\WINDOWS\system32\drivers\MotuMidi.sys 18:55:23.0281 6112 MotuMidi - ok 18:55:23.0312 6112 MotuUsb (fc47df19c9bd8f591e3643006a502add) C:\WINDOWS\system32\Drivers\MotuUsb.sys 18:55:23.0328 6112 MotuUsb - ok 18:55:23.0390 6112 MotuUsbIoDriver (68895a89e031260a208e3d6b99b63dda) C:\WINDOWS\system32\Drivers\MotUsbIo.sys 18:55:23.0406 6112 MotuUsbIoDriver - ok 18:55:23.0437 6112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 18:55:23.0437 6112 Mouclass - ok 18:55:23.0484 6112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 18:55:23.0484 6112 mouhid - ok 18:55:23.0546 6112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 18:55:23.0562 6112 MountMgr - ok 18:55:23.0562 6112 mraid35x - ok 18:55:23.0625 6112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 18:55:23.0625 6112 MRxDAV - ok 18:55:23.0718 6112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 18:55:23.0734 6112 MRxSmb - ok 18:55:23.0765 6112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 18:55:23.0796 6112 Msfs - ok 18:55:23.0859 6112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 18:55:23.0859 6112 MSKSSRV - ok 18:55:23.0890 6112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 18:55:23.0906 6112 MSPCLOCK - ok 18:55:23.0921 6112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 18:55:23.0921 6112 MSPQM - ok 18:55:23.0968 6112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 18:55:23.0968 6112 mssmbios - ok 18:55:24.0015 6112 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys 18:55:24.0015 6112 MSTAPE - ok 18:55:24.0046 6112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 18:55:24.0046 6112 MSTEE - ok 18:55:24.0218 6112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 18:55:24.0234 6112 Mup - ok 18:55:24.0265 6112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 18:55:24.0281 6112 NABTSFEC - ok 18:55:24.0312 6112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 18:55:24.0312 6112 NDIS - ok 18:55:24.0343 6112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 18:55:24.0343 6112 NdisIP - ok 18:55:24.0390 6112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 18:55:24.0390 6112 NdisTapi - ok 18:55:24.0406 6112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 18:55:24.0421 6112 Ndisuio - ok 18:55:24.0453 6112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 18:55:24.0453 6112 NdisWan - ok 18:55:24.0484 6112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 18:55:24.0500 6112 NDProxy - ok 18:55:24.0531 6112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 18:55:24.0531 6112 NetBIOS - ok 18:55:24.0562 6112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 18:55:24.0562 6112 NetBT - ok 18:55:24.0625 6112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 18:55:24.0625 6112 NIC1394 - ok 18:55:24.0640 6112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 18:55:24.0656 6112 Npfs - ok 18:55:24.0718 6112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 18:55:24.0734 6112 Ntfs - ok 18:55:24.0796 6112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 18:55:24.0796 6112 Null - ok 18:55:24.0843 6112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 18:55:24.0843 6112 NwlnkFlt - ok 18:55:24.0859 6112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 18:55:24.0859 6112 NwlnkFwd - ok 18:55:24.0875 6112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 18:55:24.0890 6112 ohci1394 - ok 18:55:24.0921 6112 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS 18:55:24.0921 6112 OMCI - ok 18:55:24.0953 6112 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 18:55:24.0968 6112 ossrv - ok 18:55:25.0140 6112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 18:55:25.0140 6112 Parport - ok 18:55:25.0187 6112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 18:55:25.0187 6112 PartMgr - ok 18:55:25.0218 6112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 18:55:25.0234 6112 ParVdm - ok 18:55:25.0265 6112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 18:55:25.0281 6112 PCI - ok 18:55:25.0281 6112 PCIDump - ok 18:55:25.0296 6112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 18:55:25.0312 6112 PCIIde - ok 18:55:25.0343 6112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 18:55:25.0343 6112 Pcmcia - ok 18:55:25.0359 6112 PDCOMP - ok 18:55:25.0390 6112 PDFRAME - ok 18:55:25.0406 6112 PDRELI - ok 18:55:25.0406 6112 PDRFRAME - ok 18:55:25.0421 6112 perc2 - ok 18:55:25.0453 6112 perc2hib - ok 18:55:25.0515 6112 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 18:55:25.0515 6112 pfc - ok 18:55:25.0562 6112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 18:55:25.0562 6112 PptpMiniport - ok 18:55:25.0593 6112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 18:55:25.0593 6112 PSched - ok 18:55:25.0640 6112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 18:55:25.0640 6112 Ptilink - ok 18:55:25.0703 6112 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys 18:55:25.0703 6112 pxrts - ok 18:55:25.0718 6112 ql1080 - ok 18:55:25.0734 6112 Ql10wnt - ok 18:55:25.0750 6112 ql12160 - ok 18:55:25.0765 6112 ql1240 - ok 18:55:25.0781 6112 ql1280 - ok 18:55:25.0953 6112 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys 18:55:25.0953 6112 RapportCerberus_34302 - ok 18:55:26.0093 6112 RapportEI (e72edf9410fa365c0c383f7366fbf7c9) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 18:55:26.0093 6112 RapportEI - ok 18:55:26.0125 6112 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys 18:55:26.0125 6112 RapportIaso - ok 18:55:26.0281 6112 RapportKELL (541bb19a74b1c28279a204c417321e52) C:\WINDOWS\system32\Drivers\RapportKELL.sys 18:55:26.0281 6112 RapportKELL - ok 18:55:26.0312 6112 RapportPG (0773fab5c2bd7342ba248b3c8cdef3c3) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 18:55:26.0328 6112 RapportPG - ok 18:55:26.0375 6112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 18:55:26.0406 6112 RasAcd - ok 18:55:26.0453 6112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 18:55:26.0468 6112 Rasl2tp - ok 18:55:26.0484 6112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 18:55:26.0515 6112 RasPppoe - ok 18:55:26.0578 6112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 18:55:26.0578 6112 Raspti - ok 18:55:26.0625 6112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 18:55:26.0625 6112 Rdbss - ok 18:55:26.0671 6112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 18:55:26.0671 6112 RDPCDD - ok 18:55:26.0703 6112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 18:55:26.0703 6112 rdpdr - ok 18:55:26.0750 6112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 18:55:26.0765 6112 RDPWD - ok 18:55:26.0781 6112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 18:55:26.0796 6112 redbook - ok 18:55:26.0890 6112 SC247XU (354fa662afe5bc44c86ef79124d73e17) C:\WINDOWS\system32\DRIVERS\SC247XU.sys 18:55:26.0890 6112 SC247XU - ok 18:55:26.0968 6112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 18:55:26.0984 6112 Secdrv - ok 18:55:27.0031 6112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 18:55:27.0031 6112 Serial - ok 18:55:27.0078 6112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 18:55:27.0078 6112 Sfloppy - ok 18:55:27.0156 6112 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys 18:55:27.0203 6112 sigfilt - ok 18:55:27.0359 6112 Simbad - ok 18:55:27.0390 6112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 18:55:27.0406 6112 SLIP - ok 18:55:27.0421 6112 Sparrow - ok 18:55:27.0453 6112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 18:55:27.0453 6112 splitter - ok 18:55:27.0562 6112 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys 18:55:27.0578 6112 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd 18:55:27.0578 6112 sptd ( LockedFile.Multi.Generic ) - warning 18:55:27.0578 6112 sptd - detected LockedFile.Multi.Generic (1) 18:55:27.0593 6112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 18:55:27.0593 6112 sr - ok 18:55:27.0687 6112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 18:55:27.0687 6112 Srv - ok 18:55:27.0765 6112 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys 18:55:27.0765 6112 STHDA - ok 18:55:27.0796 6112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 18:55:27.0796 6112 streamip - ok 18:55:27.0828 6112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 18:55:27.0828 6112 swenum - ok 18:55:27.0875 6112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 18:55:27.0875 6112 swmidi - ok 18:55:27.0890 6112 symc810 - ok 18:55:27.0906 6112 symc8xx - ok 18:55:27.0921 6112 sym_hi - ok 18:55:27.0953 6112 sym_u3 - ok 18:55:27.0968 6112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 18:55:27.0984 6112 sysaudio - ok 18:55:28.0031 6112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 18:55:28.0062 6112 Tcpip - ok 18:55:28.0265 6112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 18:55:28.0265 6112 TDPIPE - ok 18:55:28.0359 6112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 18:55:28.0359 6112 TDTCP - ok 18:55:28.0406 6112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 18:55:28.0406 6112 TermDD - ok 18:55:28.0437 6112 TosIde - ok 18:55:28.0500 6112 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys 18:55:28.0515 6112 TPkd - ok 18:55:28.0562 6112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 18:55:28.0578 6112 Udfs - ok 18:55:28.0578 6112 ultra - ok 18:55:28.0625 6112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 18:55:28.0640 6112 Update - ok 18:55:28.0703 6112 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 18:55:28.0703 6112 USBAAPL - ok 18:55:28.0750 6112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 18:55:28.0750 6112 usbaudio - ok 18:55:28.0765 6112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 18:55:28.0781 6112 usbccgp - ok 18:55:28.0812 6112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 18:55:28.0828 6112 usbehci - ok 18:55:28.0843 6112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 18:55:28.0859 6112 usbhub - ok 18:55:28.0906 6112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 18:55:28.0906 6112 usbprint - ok 18:55:28.0937 6112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 18:55:28.0953 6112 usbscan - ok 18:55:28.0968 6112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 18:55:28.0984 6112 USBSTOR - ok 18:55:29.0015 6112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 18:55:29.0031 6112 usbuhci - ok 18:55:29.0062 6112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 18:55:29.0062 6112 VgaSave - ok 18:55:29.0218 6112 ViaIde - ok 18:55:29.0250 6112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 18:55:29.0250 6112 VolSnap - ok 18:55:29.0312 6112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 18:55:29.0312 6112 Wanarp - ok 18:55:29.0328 6112 WDICA - ok 18:55:29.0375 6112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 18:55:29.0390 6112 wdmaud - ok 18:55:29.0546 6112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 18:55:29.0546 6112 WSTCODEC - ok 18:55:29.0593 6112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 18:55:29.0593 6112 WudfPf - ok 18:55:29.0625 6112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 18:55:29.0625 6112 WudfRd - ok 18:55:29.0703 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 18:55:30.0343 6112 \Device\Harddisk0\DR0 - ok 18:55:30.0359 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 18:55:30.0359 6112 \Device\Harddisk1\DR1 - ok 18:55:30.0375 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4 18:55:30.0375 6112 \Device\Harddisk2\DR4 - ok 18:55:30.0390 6112 Boot (0x1200) (c19c5b03743284d43e9223977baa2e0f) \Device\Harddisk0\DR0\Partition0 18:55:30.0390 6112 \Device\Harddisk0\DR0\Partition0 - ok 18:55:30.0390 6112 Boot (0x1200) (fb02f2024cf79a82f9bfe52d71e46c1c) \Device\Harddisk2\DR4\Partition0 18:55:30.0406 6112 \Device\Harddisk2\DR4\Partition0 - ok 18:55:30.0406 6112 ============================================================ 18:55:30.0406 6112 Scan finished 18:55:30.0406 6112 ============================================================ 18:55:30.0421 1900 Detected object count: 1 18:55:30.0421 1900 Actual detected object count: 1 18:56:16.0328 1900 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine 18:56:16.0375 1900 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine 18:56:26.0968 5992 Deinitialize success
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » January 3rd, 2012, 6:08 am
Hi Barry07601,
Pleased run the OTL fix with the following script and post the log in your next reply.
Code: Select all
:otl
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 3rd, 2012, 3:27 pm
Process complete However the fix log doesn't pop up I suspect because I can't open notepad normally without the "Run as" box popping up.
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by deltalima » January 3rd, 2012, 3:36 pm
Hi Barry07601,
Pleased run the OTL fix with the following script and post the log in your next reply.
Code: Select all
:otl
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
:files
C:\Program Files\Common Files\ZugoInstaller.exe
However the fix log doesn't pop up I suspect because I can't open notepad normally without the "Run as" box popping up.
Please navigate to the folder
C:\_OTL\MovedFiles In that folder there should be a log file for each fix run, the format of the file is
mmddyyyy_hhmmss.log where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.
Please post the log in your next reply.
deltalima
Admin/Teacher
Posts: 7614Joined: February 28th, 2009, 4:38 pmLocation: UK
by Barry07601 » January 3rd, 2012, 4:11 pm
========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found. OTL by OldTimer - Version 3.2.31.0 log created on 01032012_142620
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
by Barry07601 » January 3rd, 2012, 4:11 pm
========== OTL ========== Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found. OTL by OldTimer - Version 3.2.31.0 log created on 01032012_142506
Barry07601
Regular Member
Posts: 20Joined: December 22nd, 2011, 5:30 pm
Malware attack on my windows 10
by jessicabrobert » December 10th, 2019, 9:59 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
59766
by pgmigg
December 10th, 2019, 11:14 am
PHP.exe hijacked to attack Sites (mostly Worpress)
by FlamminBacon » October 15th, 2019, 3:58 am
in Infected? Virus, malware, adware, ransomware, oh my!
5
33194
by mAL_rEm018
October 24th, 2019, 6:52 pm
Is this malware?
by Sbrener » September 22nd, 2020, 7:57 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
88609
by Gary R
September 22nd, 2020, 5:27 pm
I think i have malware.
by Ilya » March 23rd, 2020, 5:29 am
in Infected? Virus, malware, adware, ransomware, oh my!
17
169148
by pgmigg
March 28th, 2020, 3:46 pm
Malware!!!!
by kaka » April 2nd, 2019, 10:16 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
84326
by pgmigg
April 2nd, 2019, 10:39 am
Wordpress-malware
by sigma-213 » June 3rd, 2018, 7:03 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
48230
by Gary R
June 4th, 2018, 1:33 am
Malware report
by TomPolish » September 15th, 2018, 1:20 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
44712
by mAL_rEm018
September 15th, 2018, 5:13 am
Need help with checking if this is malware
by denis-z12 » August 11th, 2019, 4:52 pm
in Infected? Virus, malware, adware, ransomware, oh my!
5
60900
by Gary R
August 13th, 2019, 12:49 am
Malware infection? HELP
by kiaikidobcn » March 9th, 2023, 7:35 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
42987
by pgmigg
March 11th, 2023, 1:13 am
Help me, malware problem.
by alexypm » March 19th, 2021, 12:27 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
63999
by pgmigg
March 19th, 2021, 12:49 am
Return to Infected? Virus, malware, adware, ransomware, oh my!
Who is online
Users browsing this forum: No registered users and 243 guests
Contact us: forum@malwareremoval.com
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware