Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware attack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware attack

Unread postby Barry07601 » December 29th, 2011, 11:02 pm

Yes Deltalima that is correct.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm
Advertisement
Register to Remove

Re: Malware attack

Unread postby Barry07601 » December 29th, 2011, 11:04 pm

deltalima wrote:And if you open the shortcut again, is the Run with different credentials box still unticked?


Yes, the box is still unchecked.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » December 30th, 2011, 3:13 pm

Hi Barry07601,

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 1st, 2012, 3:46 pm

C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\110923132819782.rsc a variant of Win32/InstallCore.D application
C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\111213172712546.rsc a variant of Win32/Kryptik.XGF trojan
C:\Documents and Settings\Barry\Application Data\AVG\Rescue\PC Tuneup 2011\111219024139593.rsc multiple threats
C:\Program Files\Common Files\ZugoInstaller.exe a variant of Win32/Toolbar.Zugo application
C:\RECYCLER\S-1-5-21-2052111302-507921405-839522115-1003\Dc12.exe a variant of Win32/InstallCore.D application
C:\RECYCLER\S-1-5-21-2052111302-507921405-839522115-1003\Dc4.exe multiple threats
H:\Seagate Backup\E510\History\Level2\C\Program Files\Mozilla Firefox\plugins\NPMySrch.dll Win32/Toolbar.MyWebSearch application
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » January 1st, 2012, 4:55 pm

Hi Barry07601,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    :files
    C:\Program Files\Common Files\ZugoInstaller.exe
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [RESETHOSTS]
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 2nd, 2012, 1:37 am

OK, followed your instructions to the letter and the computer hangs.. I had to do a hard reset.

Did not run Rootkit Unhooker yet.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » January 2nd, 2012, 9:08 am

Hi Barry07601,

Pleased run the OTL fix (using the previous instructions) with the following script and post the log in your next reply.

Code: Select all
:processes
killallprocesses
:otl
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
:files
C:\Program Files\Common Files\ZugoInstaller.exe
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 2nd, 2012, 5:43 pm

OK, I pasted the new custom code into OTL and the exact same thing happens... the computer freezes and I'm forced to do a hard reset.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » January 2nd, 2012, 5:50 pm

Hi Barry07601,

I pasted the new custom code into OTL and the exact same thing happens


It's looking like the infection has damaged the operating system and the only way to sort the problem will be to reformat.

Let's try another approach to find the problem.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 2nd, 2012, 7:56 pm

18:54:56.0406 4836 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:54:56.0937 4836 ============================================================
18:54:56.0937 4836 Current date / time: 2012/01/02 18:54:56.0937
18:54:56.0937 4836 SystemInfo:
18:54:56.0937 4836
18:54:56.0937 4836 OS Version: 5.1.2600 ServicePack: 3.0
18:54:56.0937 4836 Product type: Workstation
18:54:56.0937 4836 ComputerName: E510
18:54:56.0937 4836 UserName: Barry
18:54:56.0937 4836 Windows directory: C:\WINDOWS
18:54:56.0937 4836 System windows directory: C:\WINDOWS
18:54:56.0937 4836 Processor architecture: Intel x86
18:54:56.0937 4836 Number of processors: 2
18:54:56.0937 4836 Page size: 0x1000
18:54:56.0937 4836 Boot type: Normal boot
18:54:56.0937 4836 ============================================================
18:54:58.0828 4836 Initialize success
18:55:16.0734 6112 ============================================================
18:55:16.0734 6112 Scan started
18:55:16.0734 6112 Mode: Manual;
18:55:16.0734 6112 ============================================================
18:55:17.0765 6112 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
18:55:17.0765 6112 61883 - ok
18:55:17.0843 6112 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys
18:55:17.0859 6112 Aavmker4 - ok
18:55:17.0859 6112 Abiosdsk - ok
18:55:17.0875 6112 abp480n5 - ok
18:55:17.0953 6112 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:55:17.0953 6112 ACPI - ok
18:55:18.0000 6112 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:55:18.0015 6112 ACPIEC - ok
18:55:18.0015 6112 adpu160m - ok
18:55:18.0062 6112 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:55:18.0078 6112 aec - ok
18:55:18.0109 6112 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:55:18.0109 6112 AFD - ok
18:55:18.0125 6112 Aha154x - ok
18:55:18.0140 6112 aic78u2 - ok
18:55:18.0156 6112 aic78xx - ok
18:55:18.0187 6112 akS56USB (1ef4524bafb3bfd6a2c6022ba1af12a3) C:\WINDOWS\system32\Drivers\akS56USB.sys
18:55:18.0187 6112 akS56USB - ok
18:55:18.0203 6112 AliIde - ok
18:55:18.0218 6112 amsint - ok
18:55:18.0250 6112 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:55:18.0250 6112 Arp1394 - ok
18:55:18.0265 6112 asc - ok
18:55:18.0281 6112 asc3350p - ok
18:55:18.0296 6112 asc3550 - ok
18:55:18.0328 6112 aswFsBlk - ok
18:55:18.0343 6112 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys
18:55:18.0343 6112 aswMon2 - ok
18:55:18.0375 6112 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys
18:55:18.0375 6112 aswRdr - ok
18:55:18.0421 6112 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys
18:55:18.0421 6112 aswSnx - ok
18:55:18.0468 6112 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys
18:55:18.0468 6112 aswSP - ok
18:55:18.0500 6112 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys
18:55:18.0500 6112 aswTdi - ok
18:55:18.0546 6112 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:55:18.0546 6112 AsyncMac - ok
18:55:18.0578 6112 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:55:18.0578 6112 atapi - ok
18:55:18.0593 6112 Atdisk - ok
18:55:18.0718 6112 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:55:18.0796 6112 ati2mtag - ok
18:55:18.0968 6112 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:55:18.0984 6112 Atmarpc - ok
18:55:19.0031 6112 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:55:19.0031 6112 audstub - ok
18:55:19.0078 6112 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
18:55:19.0078 6112 Avc - ok
18:55:19.0109 6112 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys
18:55:19.0109 6112 AVCSTRM - ok
18:55:19.0125 6112 Avgfwdx - ok
18:55:19.0140 6112 Avgfwfd - ok
18:55:19.0187 6112 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:55:19.0187 6112 Beep - ok
18:55:19.0250 6112 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
18:55:19.0296 6112 CamDrL - ok
18:55:19.0328 6112 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:55:19.0328 6112 cbidf2k - ok
18:55:19.0359 6112 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:55:19.0375 6112 CCDECODE - ok
18:55:19.0375 6112 cd20xrnt - ok
18:55:19.0421 6112 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:55:19.0421 6112 Cdaudio - ok
18:55:19.0468 6112 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:55:19.0468 6112 Cdfs - ok
18:55:19.0515 6112 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
18:55:19.0531 6112 cercsr6 - ok
18:55:19.0546 6112 CEUSBAUD (42291a123cad3914ead8d73169e13661) C:\WINDOWS\system32\Drivers\CEUSBAUD.sys
18:55:19.0562 6112 CEUSBAUD - ok
18:55:19.0562 6112 Changer - ok
18:55:19.0593 6112 CmdIde - ok
18:55:19.0625 6112 Cpqarray - ok
18:55:19.0671 6112 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
18:55:19.0671 6112 ctsfm2k - ok
18:55:19.0687 6112 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
18:55:19.0703 6112 CTUSFSYN - ok
18:55:19.0843 6112 dac2w2k - ok
18:55:19.0875 6112 dac960nt - ok
18:55:19.0937 6112 DigiFilter (74dd46d49809c5f689f24ccdd0d18a4e) C:\WINDOWS\system32\drivers\DigiFilt.sys
18:55:19.0937 6112 DigiFilter - ok
18:55:20.0000 6112 DigiNet (8cdade100463fba648a04e02411c68ad) C:\WINDOWS\system32\DRIVERS\diginet.sys
18:55:20.0000 6112 DigiNet - ok
18:55:20.0031 6112 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:55:20.0046 6112 Disk - ok
18:55:20.0093 6112 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:55:20.0125 6112 dmboot - ok
18:55:20.0187 6112 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:55:20.0187 6112 dmio - ok
18:55:20.0203 6112 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:55:20.0203 6112 dmload - ok
18:55:20.0250 6112 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:55:20.0265 6112 DMusic - ok
18:55:20.0281 6112 dpti2o - ok
18:55:20.0328 6112 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:55:20.0328 6112 drmkaud - ok
18:55:20.0359 6112 DVC150B (2d24997563e25a09046ebb5752fffdff) C:\WINDOWS\system32\Drivers\dvc150b.SYS
18:55:20.0375 6112 DVC150B - ok
18:55:20.0406 6112 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
18:55:20.0421 6112 E100B - ok
18:55:20.0500 6112 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:55:20.0515 6112 Fastfat - ok
18:55:20.0562 6112 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:55:20.0562 6112 Fdc - ok
18:55:20.0609 6112 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:55:20.0609 6112 Fips - ok
18:55:20.0640 6112 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:55:20.0640 6112 Flpydisk - ok
18:55:20.0687 6112 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:55:20.0703 6112 FltMgr - ok
18:55:20.0765 6112 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:55:20.0765 6112 Fs_Rec - ok
18:55:20.0828 6112 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:55:20.0828 6112 Ftdisk - ok
18:55:21.0015 6112 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:55:21.0031 6112 GEARAspiWDM - ok
18:55:21.0093 6112 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:55:21.0093 6112 Gpc - ok
18:55:21.0203 6112 HabuFltr (828b3fd539b77d69fcce0c710101e91e) C:\WINDOWS\system32\drivers\habu.sys
18:55:21.0203 6112 HabuFltr - ok
18:55:21.0390 6112 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:55:21.0390 6112 HDAudBus - ok
18:55:21.0437 6112 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:55:21.0437 6112 hidusb - ok
18:55:21.0453 6112 hpn - ok
18:55:21.0500 6112 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:55:21.0515 6112 HTTP - ok
18:55:21.0531 6112 i2omgmt - ok
18:55:21.0546 6112 i2omp - ok
18:55:21.0609 6112 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
18:55:21.0609 6112 iLokDrvr - ok
18:55:21.0625 6112 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:55:21.0640 6112 Imapi - ok
18:55:21.0656 6112 ini910u - ok
18:55:21.0671 6112 IntelIde - ok
18:55:21.0734 6112 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:55:21.0734 6112 intelppm - ok
18:55:21.0765 6112 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:55:21.0781 6112 Ip6Fw - ok
18:55:21.0812 6112 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:55:21.0828 6112 IpFilterDriver - ok
18:55:21.0859 6112 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:55:21.0859 6112 IpInIp - ok
18:55:21.0890 6112 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:55:21.0906 6112 IpNat - ok
18:55:21.0937 6112 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:55:21.0953 6112 IPSec - ok
18:55:21.0984 6112 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:55:21.0984 6112 IRENUM - ok
18:55:22.0046 6112 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:55:22.0046 6112 isapnp - ok
18:55:22.0234 6112 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:55:22.0250 6112 Kbdclass - ok
18:55:22.0265 6112 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:55:22.0265 6112 kbdhid - ok
18:55:22.0328 6112 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:55:22.0328 6112 kmixer - ok
18:55:22.0359 6112 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:55:22.0359 6112 KSecDD - ok
18:55:22.0375 6112 lbrtfdc - ok
18:55:22.0484 6112 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
18:55:22.0531 6112 LVcKap - ok
18:55:22.0609 6112 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
18:55:22.0625 6112 LVMVDrv - ok
18:55:22.0656 6112 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
18:55:22.0671 6112 LVPr2Mon - ok
18:55:22.0703 6112 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
18:55:22.0703 6112 LVUSBSta - ok
18:55:22.0750 6112 MAFW (c1d028531ed173ff164f660ff03eb090) C:\WINDOWS\system32\DRIVERS\mafw.sys
18:55:22.0765 6112 MAFW - ok
18:55:22.0812 6112 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
18:55:22.0812 6112 MarvinBus - ok
18:55:22.0843 6112 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:55:22.0843 6112 MBAMProtector - ok
18:55:22.0890 6112 MBAMSwissArmy - ok
18:55:22.0906 6112 MCSTRM - ok
18:55:22.0953 6112 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:55:22.0968 6112 mnmdd - ok
18:55:23.0000 6112 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:55:23.0000 6112 Modem - ok
18:55:23.0187 6112 motubus (f6414aad75ed005af5634be28f78c69b) C:\WINDOWS\system32\drivers\MotuBus.sys
18:55:23.0187 6112 motubus - ok
18:55:23.0281 6112 MotuMidi (009dd91d2c1980653fb07c92f4bf6f4b) C:\WINDOWS\system32\drivers\MotuMidi.sys
18:55:23.0281 6112 MotuMidi - ok
18:55:23.0312 6112 MotuUsb (fc47df19c9bd8f591e3643006a502add) C:\WINDOWS\system32\Drivers\MotuUsb.sys
18:55:23.0328 6112 MotuUsb - ok
18:55:23.0390 6112 MotuUsbIoDriver (68895a89e031260a208e3d6b99b63dda) C:\WINDOWS\system32\Drivers\MotUsbIo.sys
18:55:23.0406 6112 MotuUsbIoDriver - ok
18:55:23.0437 6112 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:55:23.0437 6112 Mouclass - ok
18:55:23.0484 6112 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:55:23.0484 6112 mouhid - ok
18:55:23.0546 6112 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:55:23.0562 6112 MountMgr - ok
18:55:23.0562 6112 mraid35x - ok
18:55:23.0625 6112 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:55:23.0625 6112 MRxDAV - ok
18:55:23.0718 6112 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:55:23.0734 6112 MRxSmb - ok
18:55:23.0765 6112 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:55:23.0796 6112 Msfs - ok
18:55:23.0859 6112 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:55:23.0859 6112 MSKSSRV - ok
18:55:23.0890 6112 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:55:23.0906 6112 MSPCLOCK - ok
18:55:23.0921 6112 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:55:23.0921 6112 MSPQM - ok
18:55:23.0968 6112 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:55:23.0968 6112 mssmbios - ok
18:55:24.0015 6112 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys
18:55:24.0015 6112 MSTAPE - ok
18:55:24.0046 6112 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:55:24.0046 6112 MSTEE - ok
18:55:24.0218 6112 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:55:24.0234 6112 Mup - ok
18:55:24.0265 6112 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:55:24.0281 6112 NABTSFEC - ok
18:55:24.0312 6112 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:55:24.0312 6112 NDIS - ok
18:55:24.0343 6112 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:55:24.0343 6112 NdisIP - ok
18:55:24.0390 6112 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:55:24.0390 6112 NdisTapi - ok
18:55:24.0406 6112 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:55:24.0421 6112 Ndisuio - ok
18:55:24.0453 6112 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:55:24.0453 6112 NdisWan - ok
18:55:24.0484 6112 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:55:24.0500 6112 NDProxy - ok
18:55:24.0531 6112 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:55:24.0531 6112 NetBIOS - ok
18:55:24.0562 6112 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:55:24.0562 6112 NetBT - ok
18:55:24.0625 6112 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:55:24.0625 6112 NIC1394 - ok
18:55:24.0640 6112 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:55:24.0656 6112 Npfs - ok
18:55:24.0718 6112 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:55:24.0734 6112 Ntfs - ok
18:55:24.0796 6112 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:55:24.0796 6112 Null - ok
18:55:24.0843 6112 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:55:24.0843 6112 NwlnkFlt - ok
18:55:24.0859 6112 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:55:24.0859 6112 NwlnkFwd - ok
18:55:24.0875 6112 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:55:24.0890 6112 ohci1394 - ok
18:55:24.0921 6112 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
18:55:24.0921 6112 OMCI - ok
18:55:24.0953 6112 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
18:55:24.0968 6112 ossrv - ok
18:55:25.0140 6112 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
18:55:25.0140 6112 Parport - ok
18:55:25.0187 6112 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:55:25.0187 6112 PartMgr - ok
18:55:25.0218 6112 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:55:25.0234 6112 ParVdm - ok
18:55:25.0265 6112 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:55:25.0281 6112 PCI - ok
18:55:25.0281 6112 PCIDump - ok
18:55:25.0296 6112 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:55:25.0312 6112 PCIIde - ok
18:55:25.0343 6112 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:55:25.0343 6112 Pcmcia - ok
18:55:25.0359 6112 PDCOMP - ok
18:55:25.0390 6112 PDFRAME - ok
18:55:25.0406 6112 PDRELI - ok
18:55:25.0406 6112 PDRFRAME - ok
18:55:25.0421 6112 perc2 - ok
18:55:25.0453 6112 perc2hib - ok
18:55:25.0515 6112 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
18:55:25.0515 6112 pfc - ok
18:55:25.0562 6112 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:55:25.0562 6112 PptpMiniport - ok
18:55:25.0593 6112 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:55:25.0593 6112 PSched - ok
18:55:25.0640 6112 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:55:25.0640 6112 Ptilink - ok
18:55:25.0703 6112 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys
18:55:25.0703 6112 pxrts - ok
18:55:25.0718 6112 ql1080 - ok
18:55:25.0734 6112 Ql10wnt - ok
18:55:25.0750 6112 ql12160 - ok
18:55:25.0765 6112 ql1240 - ok
18:55:25.0781 6112 ql1280 - ok
18:55:25.0953 6112 RapportCerberus_34302 (6b6f0a77365667912360ff1d5e984f25) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys
18:55:25.0953 6112 RapportCerberus_34302 - ok
18:55:26.0093 6112 RapportEI (e72edf9410fa365c0c383f7366fbf7c9) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
18:55:26.0093 6112 RapportEI - ok
18:55:26.0125 6112 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
18:55:26.0125 6112 RapportIaso - ok
18:55:26.0281 6112 RapportKELL (541bb19a74b1c28279a204c417321e52) C:\WINDOWS\system32\Drivers\RapportKELL.sys
18:55:26.0281 6112 RapportKELL - ok
18:55:26.0312 6112 RapportPG (0773fab5c2bd7342ba248b3c8cdef3c3) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
18:55:26.0328 6112 RapportPG - ok
18:55:26.0375 6112 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:55:26.0406 6112 RasAcd - ok
18:55:26.0453 6112 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:55:26.0468 6112 Rasl2tp - ok
18:55:26.0484 6112 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:55:26.0515 6112 RasPppoe - ok
18:55:26.0578 6112 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:55:26.0578 6112 Raspti - ok
18:55:26.0625 6112 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:55:26.0625 6112 Rdbss - ok
18:55:26.0671 6112 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:55:26.0671 6112 RDPCDD - ok
18:55:26.0703 6112 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:55:26.0703 6112 rdpdr - ok
18:55:26.0750 6112 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:55:26.0765 6112 RDPWD - ok
18:55:26.0781 6112 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:55:26.0796 6112 redbook - ok
18:55:26.0890 6112 SC247XU (354fa662afe5bc44c86ef79124d73e17) C:\WINDOWS\system32\DRIVERS\SC247XU.sys
18:55:26.0890 6112 SC247XU - ok
18:55:26.0968 6112 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:55:26.0984 6112 Secdrv - ok
18:55:27.0031 6112 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
18:55:27.0031 6112 Serial - ok
18:55:27.0078 6112 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:55:27.0078 6112 Sfloppy - ok
18:55:27.0156 6112 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
18:55:27.0203 6112 sigfilt - ok
18:55:27.0359 6112 Simbad - ok
18:55:27.0390 6112 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:55:27.0406 6112 SLIP - ok
18:55:27.0421 6112 Sparrow - ok
18:55:27.0453 6112 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:55:27.0453 6112 splitter - ok
18:55:27.0562 6112 sptd (c4bb8a12843d9cbb65f5ff617f389bbd) C:\WINDOWS\system32\Drivers\sptd.sys
18:55:27.0578 6112 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: c4bb8a12843d9cbb65f5ff617f389bbd
18:55:27.0578 6112 sptd ( LockedFile.Multi.Generic ) - warning
18:55:27.0578 6112 sptd - detected LockedFile.Multi.Generic (1)
18:55:27.0593 6112 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:55:27.0593 6112 sr - ok
18:55:27.0687 6112 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:55:27.0687 6112 Srv - ok
18:55:27.0765 6112 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
18:55:27.0765 6112 STHDA - ok
18:55:27.0796 6112 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:55:27.0796 6112 streamip - ok
18:55:27.0828 6112 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:55:27.0828 6112 swenum - ok
18:55:27.0875 6112 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:55:27.0875 6112 swmidi - ok
18:55:27.0890 6112 symc810 - ok
18:55:27.0906 6112 symc8xx - ok
18:55:27.0921 6112 sym_hi - ok
18:55:27.0953 6112 sym_u3 - ok
18:55:27.0968 6112 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:55:27.0984 6112 sysaudio - ok
18:55:28.0031 6112 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:55:28.0062 6112 Tcpip - ok
18:55:28.0265 6112 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:55:28.0265 6112 TDPIPE - ok
18:55:28.0359 6112 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:55:28.0359 6112 TDTCP - ok
18:55:28.0406 6112 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:55:28.0406 6112 TermDD - ok
18:55:28.0437 6112 TosIde - ok
18:55:28.0500 6112 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
18:55:28.0515 6112 TPkd - ok
18:55:28.0562 6112 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:55:28.0578 6112 Udfs - ok
18:55:28.0578 6112 ultra - ok
18:55:28.0625 6112 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:55:28.0640 6112 Update - ok
18:55:28.0703 6112 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:55:28.0703 6112 USBAAPL - ok
18:55:28.0750 6112 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:55:28.0750 6112 usbaudio - ok
18:55:28.0765 6112 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:55:28.0781 6112 usbccgp - ok
18:55:28.0812 6112 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:55:28.0828 6112 usbehci - ok
18:55:28.0843 6112 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:55:28.0859 6112 usbhub - ok
18:55:28.0906 6112 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:55:28.0906 6112 usbprint - ok
18:55:28.0937 6112 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:55:28.0953 6112 usbscan - ok
18:55:28.0968 6112 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:55:28.0984 6112 USBSTOR - ok
18:55:29.0015 6112 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:55:29.0031 6112 usbuhci - ok
18:55:29.0062 6112 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:55:29.0062 6112 VgaSave - ok
18:55:29.0218 6112 ViaIde - ok
18:55:29.0250 6112 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:55:29.0250 6112 VolSnap - ok
18:55:29.0312 6112 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:55:29.0312 6112 Wanarp - ok
18:55:29.0328 6112 WDICA - ok
18:55:29.0375 6112 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:55:29.0390 6112 wdmaud - ok
18:55:29.0546 6112 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:55:29.0546 6112 WSTCODEC - ok
18:55:29.0593 6112 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:55:29.0593 6112 WudfPf - ok
18:55:29.0625 6112 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:55:29.0625 6112 WudfRd - ok
18:55:29.0703 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:55:30.0343 6112 \Device\Harddisk0\DR0 - ok
18:55:30.0359 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:55:30.0359 6112 \Device\Harddisk1\DR1 - ok
18:55:30.0375 6112 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR4
18:55:30.0375 6112 \Device\Harddisk2\DR4 - ok
18:55:30.0390 6112 Boot (0x1200) (c19c5b03743284d43e9223977baa2e0f) \Device\Harddisk0\DR0\Partition0
18:55:30.0390 6112 \Device\Harddisk0\DR0\Partition0 - ok
18:55:30.0390 6112 Boot (0x1200) (fb02f2024cf79a82f9bfe52d71e46c1c) \Device\Harddisk2\DR4\Partition0
18:55:30.0406 6112 \Device\Harddisk2\DR4\Partition0 - ok
18:55:30.0406 6112 ============================================================
18:55:30.0406 6112 Scan finished
18:55:30.0406 6112 ============================================================
18:55:30.0421 1900 Detected object count: 1
18:55:30.0421 1900 Actual detected object count: 1
18:56:16.0328 1900 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
18:56:16.0375 1900 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine
18:56:26.0968 5992 Deinitialize success
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » January 3rd, 2012, 6:08 am

Hi Barry07601,

Pleased run the OTL fix with the following script and post the log in your next reply.

Code: Select all
:otl
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 3rd, 2012, 3:27 pm

Process complete

However the fix log doesn't pop up I suspect because I can't open notepad normally without the "Run as" box popping up.
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby deltalima » January 3rd, 2012, 3:36 pm

Hi Barry07601,

Pleased run the OTL fix with the following script and post the log in your next reply.

Code: Select all
:otl
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2052111302-507921405-839522115-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
:files
C:\Program Files\Common Files\ZugoInstaller.exe



However the fix log doesn't pop up I suspect because I can't open notepad normally without the "Run as" box popping up.


Please navigate to the folder C:\_OTL\MovedFiles

In that folder there should be a log file for each fix run, the format of the file is mmddyyyy_hhmmss.log where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Please post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware attack

Unread postby Barry07601 » January 3rd, 2012, 4:11 pm

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01032012_142620
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm

Re: Malware attack

Unread postby Barry07601 » January 3rd, 2012, 4:11 pm

========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.

OTL by OldTimer - Version 3.2.31.0 log created on 01032012_142506
Barry07601
Regular Member
 
Posts: 20
Joined: December 22nd, 2011, 5:30 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 111 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware