Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Zeroaccess, Ping.exe, Backdoor Trojan etc.


  • This topic is locked This topic is locked
39 replies to this topic

#1 traubs

traubs

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 13 December 2011 - 11:05 PM

Hi,

Starting yesterday morning, Task Manager showed ping.exe using high % cpu and browser was getting redirected to incorrect web sites on Google searches. Searched web for explanation and, before coming to bloopingcomputer, tried to self-resolve issue using Malwarebytes, TDSSkiller and ComboFix (sorry - rule violation but it was recommended on other websites and didn't know not to use until landing here). Ran ComboFix last night and it indicated problem was rootkit.zeroaccess in TCP/IP stack (have attached ComboFix log). After ComboFix, no longer have issue with ping.exe and redirects.

Thought maybe things were good to go - computer is running normal - but today have gotten several AVG resident shield pop-up windows saying "Trojan horse BackDoor.Generic14.CCGD;"c:\WINDOWS\system32\drivers\serial.sys".

Wondering if there may still be some bad stuff on computer and would like to know what to do to identify and remove remaining malware, trojans etc.

Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Michael at 14:42:06 on 2011-12-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.262 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: tdameritrade.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://remotecontrol.trendmicro.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163216967156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.madriverglen.com/webcam/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hbsalumni.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{8890BFE6-195A-47D1-A1A9-D15A2846609A} : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\ur9zkypx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michael\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg2012\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref('extensions.autoDisableScopes', 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 29400]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1793712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-4-5 15576]
.
=============== Created Last 30 ================
.
2011-12-13 03:48:27 -------- d-----w- c:\program files\COMODO
2011-12-13 03:46:17 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-12-13 03:45:30 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-12-13 01:31:22 -------- d-sha-r- C:\cmdcons
2011-12-13 01:22:11 256000 ----a-w- c:\windows\PEV.exe
2011-12-13 01:22:11 208896 ----a-w- c:\windows\MBR.exe
2011-12-13 01:22:10 98816 ----a-w- c:\windows\sed.exe
2011-12-13 01:22:10 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 22:50:22 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
2011-12-12 22:50:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-12 22:49:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 22:49:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 01:40:38 -------- d-----w- c:\program files\iPod
2011-12-08 22:19:07 -------- dc-h--w- c:\windows\ie8
2011-12-07 19:43:37 -------- d-----w- c:\documents and settings\michael\application data\.minecraft
.
==================== Find3M ====================
.
2011-11-14 13:37:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-30 22:22:46 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-07-20 12:25:44 4077184 ----a-w- c:\program files\winzip90.exe
.
============= FINISH: 14:44:25.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 18 December 2011 - 02:52 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 01:57 PM

Hola Gringo,

Thanks for helping out. I did as instructed and the logs are included below. First, a couple of things I encountered along the way.

When I ran defogger, I got an AVG Resident Shield Alert for C:/Windows/System32/drivers/serial.sys - Trojan horse Back Door.Generic14.CCGD. I clicked on ignore.

I had to run through the Defogger and DDS process twice to get the DDS logs. Comodo Cloud Scanner Alet did not like DDS and although I clicked on "enable" to allow DDS to run once - it didn't allow it - the black DDS window disappeared. I then disabled Comodo, Malware Bytes and enabled Windows firewall. On my second try - starting with Defogger (got the AVG alert again) the Comodo alert popped up once again (eventhough it should have been disabled) but I just ignored it and DDS produced the logs.

Thanks again for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Michael at 13:23:49 on 2011-12-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.364 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\AutoBackup\MemeoBackup.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDET.EXE"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\autoba~1.lnk - c:\program files\seagate\autobackup\MemeoLauncher.exe
StartupFolder: c:\docume~1\michael\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: tdameritrade.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://remotecontrol.trendmicro.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163216967156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://www.madriverglen.com/webcam/AxisCamControl.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://hbsalumni.webex.com/client/T27LB/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{8890BFE6-195A-47D1-A1A9-D15A2846609A} : DhcpNameServer = 208.59.247.45 208.59.247.46
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\michael\application data\mozilla\firefox\profiles\ur9zkypx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\michael\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg2012\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref('extensions.autoDisableScopes', 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-6-30 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-6-30 31704]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-6-30 1960584]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-12 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-11 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-12 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2005-4-5 15576]
.
=============== Created Last 30 ================
.
2011-12-14 02:46:15 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-13 03:48:27 -------- d-----w- c:\program files\COMODO
2011-12-13 03:46:17 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2011-12-13 03:45:30 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2011-12-13 01:31:22 -------- d-sha-r- C:\cmdcons
2011-12-13 01:22:11 256000 ----a-w- c:\windows\PEV.exe
2011-12-13 01:22:11 208896 ----a-w- c:\windows\MBR.exe
2011-12-13 01:22:10 98816 ----a-w- c:\windows\sed.exe
2011-12-13 01:22:10 518144 ----a-w- c:\windows\SWREG.exe
2011-12-12 22:50:22 -------- d-----w- c:\documents and settings\michael\application data\Malwarebytes
2011-12-12 22:50:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-12 22:49:55 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 22:49:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 01:40:38 -------- d-----w- c:\program files\iPod
2011-12-08 22:19:07 -------- dc-h--w- c:\windows\ie8
2011-12-07 19:43:37 -------- d-----w- c:\documents and settings\michael\application data\.minecraft
.
==================== Find3M ====================
.
2011-12-19 18:59:21 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59:20 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59:19 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58:55 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 13:37:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-30 22:22:46 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-07-20 12:25:44 4077184 ----a-w- c:\program files\winzip90.exe
.
============= FINISH: 13:26:28.82 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/3/2005 5:27:47 PM
System Uptime: 12/20/2011 1:02:09 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0M3918
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 21.418 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 699 GiB total, 621.808 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
==== System Restore Points ===================
.
RP1016: 9/22/2011 6:56:08 AM - System Checkpoint
RP1017: 9/22/2011 9:46:03 AM - Installed AVG 2012
RP1018: 9/22/2011 9:46:34 AM - Removed AVG 2011
RP1019: 9/22/2011 9:47:08 AM - Installed AVG 2012
RP1020: 9/22/2011 9:52:34 AM - Removed AVG 2011
RP1021: 9/23/2011 2:25:27 PM - Paint.NET v3.5.8
RP1022: 9/23/2011 2:45:12 PM - Configured Google Earth
RP1023: 9/23/2011 2:55:06 PM - Removed Google Earth.
RP1024: 9/24/2011 3:15:11 PM - System Checkpoint
RP1025: 9/25/2011 6:29:22 PM - System Checkpoint
RP1026: 9/26/2011 11:20:39 AM - Removed Google Earth.
RP1027: 9/27/2011 11:21:44 AM - Installed eFax Messenger
RP1028: 9/28/2011 5:50:10 PM - System Checkpoint
RP1029: 9/29/2011 12:18:25 AM - Software Distribution Service 3.0
RP1030: 9/30/2011 7:15:55 AM - System Checkpoint
RP1031: 10/2/2011 8:38:03 AM - System Checkpoint
RP1032: 10/3/2011 9:18:51 AM - System Checkpoint
RP1033: 10/4/2011 2:23:47 PM - System Checkpoint
RP1034: 10/5/2011 8:49:37 PM - System Checkpoint
RP1035: 10/6/2011 8:59:47 PM - System Checkpoint
RP1036: 10/8/2011 3:57:58 PM - System Checkpoint
RP1037: 10/9/2011 5:12:28 PM - System Checkpoint
RP1038: 10/10/2011 9:57:56 PM - System Checkpoint
RP1039: 10/12/2011 7:20:51 AM - Software Distribution Service 3.0
RP1040: 10/13/2011 7:50:32 PM - System Checkpoint
RP1041: 10/14/2011 10:00:28 PM - System Checkpoint
RP1042: 10/15/2011 10:57:48 PM - System Checkpoint
RP1043: 10/17/2011 8:33:00 AM - System Checkpoint
RP1044: 10/18/2011 5:35:41 PM - System Checkpoint
RP1045: 10/19/2011 9:11:03 PM - System Checkpoint
RP1046: 10/21/2011 7:16:14 AM - System Checkpoint
RP1047: 10/22/2011 2:25:00 PM - System Checkpoint
RP1048: 10/24/2011 7:51:32 AM - System Checkpoint
RP1049: 10/25/2011 5:44:27 PM - System Checkpoint
RP1050: 10/26/2011 6:04:23 PM - System Checkpoint
RP1051: 10/27/2011 6:28:23 PM - System Checkpoint
RP1052: 10/29/2011 11:48:23 AM - System Checkpoint
RP1053: 10/30/2011 12:09:47 PM - System Checkpoint
RP1054: 10/31/2011 1:55:38 PM - System Checkpoint
RP1055: 11/1/2011 9:55:29 PM - System Checkpoint
RP1056: 11/3/2011 8:50:03 AM - System Checkpoint
RP1057: 11/4/2011 11:28:44 AM - System Checkpoint
RP1058: 11/5/2011 12:15:14 PM - System Checkpoint
RP1059: 11/6/2011 2:58:23 PM - System Checkpoint
RP1060: 11/7/2011 3:43:51 PM - System Checkpoint
RP1061: 11/8/2011 6:00:51 PM - System Checkpoint
RP1062: 11/9/2011 9:09:50 PM - System Checkpoint
RP1063: 11/10/2011 3:00:25 AM - Software Distribution Service 3.0
RP1064: 11/10/2011 11:24:48 PM - Software Distribution Service 3.0
RP1065: 11/12/2011 7:15:57 AM - System Checkpoint
RP1066: 11/13/2011 2:20:46 PM - System Checkpoint
RP1067: 11/14/2011 3:25:23 PM - System Checkpoint
RP1068: 11/15/2011 3:48:01 PM - System Checkpoint
RP1069: 11/16/2011 7:11:36 PM - System Checkpoint
RP1070: 11/17/2011 9:17:29 PM - System Checkpoint
RP1071: 11/19/2011 11:55:08 AM - System Checkpoint
RP1072: 11/20/2011 9:19:05 PM - System Checkpoint
RP1073: 11/21/2011 9:51:50 PM - System Checkpoint
RP1074: 11/22/2011 11:18:11 PM - System Checkpoint
RP1075: 11/24/2011 1:33:01 PM - System Checkpoint
RP1076: 11/25/2011 1:38:56 PM - System Checkpoint
RP1077: 11/26/2011 1:55:45 PM - System Checkpoint
RP1078: 11/27/2011 8:49:16 PM - System Checkpoint
RP1079: 11/29/2011 7:46:27 AM - System Checkpoint
RP1080: 11/30/2011 8:43:29 AM - System Checkpoint
RP1081: 12/1/2011 3:59:28 PM - System Checkpoint
RP1082: 12/2/2011 6:16:07 PM - System Checkpoint
RP1083: 12/3/2011 6:26:23 PM - System Checkpoint
RP1084: 12/4/2011 8:11:15 PM - System Checkpoint
RP1085: 12/5/2011 8:23:03 PM - System Checkpoint
RP1086: 12/6/2011 9:18:21 PM - System Checkpoint
RP1087: 12/8/2011 6:52:11 AM - System Checkpoint
RP1088: 12/8/2011 4:08:53 PM - Removed Adobe Reader X (10.1.1).
RP1089: 12/8/2011 4:33:26 PM - Installed Adobe Reader X (10.1.1).
RP1090: 12/8/2011 5:20:36 PM - Installed Windows Internet Explorer 8.
RP1091: 12/8/2011 5:22:24 PM - Software Distribution Service 3.0
RP1092: 12/8/2011 10:58:13 PM - Software Distribution Service 3.0
RP1093: 12/10/2011 1:25:37 PM - System Checkpoint
RP1094: 12/11/2011 1:41:05 PM - System Checkpoint
RP1095: 12/11/2011 8:37:16 PM - Installed iTunes
RP1096: 12/12/2011 10:48:15 PM - Installed COMODO Internet Security
RP1097: 12/14/2011 10:53:22 AM - Installed AVG 2012
RP1098: 12/14/2011 10:56:17 AM - Removed AVG 2012
RP1099: 12/15/2011 9:27:16 AM - Software Distribution Service 3.0
RP1100: 12/16/2011 10:10:01 AM - System Checkpoint
RP1101: 12/17/2011 11:09:38 AM - System Checkpoint
RP1102: 12/19/2011 12:39:35 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoBackup
Autodesk DWF Viewer
AVG 2012
AVG PC Tuneup 2011
BlackBerry Device Software v4.5.0 for the BlackBerry 8310 smartphone
Bonjour
Brother BRAdmin Light 1.11
Brother HL-2170W
CCScore
CDBurnerXP
Clone Wars
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell ResourceCD
Download Updater (AOL LLC)
eFax Messenger
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
First Step Guide
Free Realms
FreeAgent Pro Tools
getPlus®_ocx
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.0.0.320
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImageMixer VCD2
Intel® 537EP V9x DF PCI Modem
Intel® PRO Network Connections Drivers
IntelliMover
iTunes
Java Auto Updater
Java™ 6 Update 24
Kodak EasyShare software
LEGO Universe
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Modem Event Monitor
Modem On Hold
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
netbrdg
New York Times - Times Reader
OfotoXMI
OGA Notifier 2.0.0048.0
Paint.NET v3.5.8
PDF reDirect (remove only)
PDFTools Version 1.2 (09/28/2006)
Picasa 3
Picture Package
Plants vs. Zombies
PocketMirror 3.1.7 (Standard Edition)
PowerDVD 5.3
QuickTime
QuoteTracker
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SFR
SHASTA
skin0001
SKINXSDK
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony USB Driver
Sound Blaster Audigy 2 ZS
staticcr
swMSM
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VoiceOver Kit
VPRINTOL
WebEx
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WIRELESS
Wizard101
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
12/19/2011 11:37:20 AM, error: Print [6161] - The document carsplat2[1].pdf owned by Michael failed to print on printer HP OfficeJet R80xi. Data type: NT EMF 1.008. Size of the spool file in bytes: 5701632. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OFFICEDESKTOP. Win32 error code returned by the print processor: 31 (0x1f).
12/16/2011 1:38:05 PM, error: Print [6161] - The document Microsoft Word - Lender Comparison.doc owned by Michael failed to print on printer HP OfficeJet R80xi. Data type: NT EMF 1.008. Size of the spool file in bytes: 592584. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\OFFICEDESKTOP. Win32 error code returned by the print processor: 31 (0x1f).
12/16/2011 1:36:58 PM, error: Print [6161] - The document Microsoft Word - Lender Comparison.doc owned by Michael failed to print on printer HP OfficeJet R80xi. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OFFICEDESKTOP. Win32 error code returned by the print processor: 31 (0x1f).
12/16/2011 1:34:22 PM, error: Print [6161] - The document Microsoft Word - Lender Comparison.doc owned by Michael failed to print on printer HP OfficeJet R80xi. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\OFFICEDESKTOP. Win32 error code returned by the print processor: 31 (0x1f).
12/14/2011 10:41:06 AM, error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error 3758162002 (0xE0010052).
12/13/2011 1:59:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
12/13/2011 1:57:58 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 20 December 2011 - 02:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 04:43 PM

Hi Gringo,

Below is the ComboFix log. Didn't have any issues although I needed to extend the AVG disable for an additional 15 minutes (total run time was approx. 28 minutes) while ComboFix was running. The computer seems to be running fine although I am wondering about the four items in the AVG virus vault and the item AVG resident shield had previously identified:

Trojan horse BackDoor.Generic14.CCGD;"c:\WINDOWS\system32\drivers\serial.sys";"Object is white-listed (critical/system file that should not be removed)";"12/20/2011, 1:14:49 PM";"file";"C:\Documents and Settings\Michael\Desktop\Defogger.exe"

Thanks very much.



ComboFix 11-12-20.04 - Michael 12/20/2011 15:52:19.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.473 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\cvuvou5f8wft3cai2ypk8k370q1c
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 16:55 . 2011-12-20 16:55 -------- d-sh--w- c:\documents and settings\Rita\IECompatCache
2011-12-20 16:52 . 2011-12-20 16:52 -------- d-sh--w- c:\documents and settings\Daniel\IECompatCache
2011-12-14 02:46 . 2011-12-19 18:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-13 03:48 . 2011-12-13 03:48 -------- d-----w- c:\program files\COMODO
2011-12-13 03:46 . 2011-12-13 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2011-12-13 03:45 . 2011-12-13 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2011-12-12 22:50 . 2011-12-12 22:50 -------- d-----w- c:\documents and settings\Michael\Application Data\Malwarebytes
2011-12-12 22:50 . 2011-12-12 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-12 22:49 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-12 22:49 . 2011-12-12 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-12 17:49 . 2011-12-12 17:49 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-12 01:40 . 2011-12-12 01:40 -------- d-----w- c:\program files\iPod
2011-12-08 22:19 . 2011-12-08 22:21 -------- dc-h--w- c:\windows\ie8
2011-12-07 19:43 . 2011-12-07 19:43 -------- d-----w- c:\documents and settings\Michael\Application Data\.minecraft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-19 18:59 . 2011-06-30 14:38 97760 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-06-30 14:38 31704 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-06-30 14:38 494816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-06-30 14:38 18056 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-06-30 14:37 301224 ----a-w- c:\windows\system32\guard32.dll
2011-11-23 13:25 . 2004-08-12 13:33 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 13:37 . 2011-05-16 13:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:20 . 2004-08-12 13:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-12 13:21 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-12 13:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-12 13:19 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-12 13:25 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-12 13:18 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2004-08-12 13:25 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2004-08-03 22:59 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-12 13:19 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2005-04-03 21:23 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23 . 2010-09-07 07:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2010-08-20 01:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-30 22:22 . 2011-09-30 22:22 1060864 ----a-w- c:\windows\system32\mfc71.dll
2011-09-28 07:06 . 2004-08-12 13:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-12 13:25 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-12 13:25 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2005-07-20 12:25 . 2005-07-20 12:25 4077184 ----a-w- c:\program files\winzip90.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-25 39408]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2010-07-02 95744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"StxTrayMenu"="c:\program files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 190008]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-19 6676808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\Michael\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2010-7-2 656896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-01-05 17:11 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2008-01-08 14:28 864256 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-25 11:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare Software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Brother\\BRAdmin Light\\BRAdmLight.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 3:27 PM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [6/30/2011 9:38 AM 494816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/30/2011 9:38 AM 31704]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/12/2011 5:50 PM 366152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/11/2007 10:46 AM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 8:42 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 8:42 PM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 8:42 PM 16720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/12/2011 5:49 PM 22216]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 5:37 AM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 5:37 AM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [4/5/2005 2:54 PM 15576]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 10:37]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-19 10:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: ameritrade.com
Trusted Zone: ameritrade.com\wwws
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: tdameritrade.com
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\ur9zkypx.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z206&ocid=zdhp&install_date=20111207
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z206&form=ZGAADF&install_date=20111207&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref('extensions.autoDisableScopes', 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 16:11
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1450960922-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\guard32.dll
.
Completion time: 2011-12-20 16:16:22
ComboFix-quarantined-files.txt 2011-12-20 21:16
.
Pre-Run: 22,916,395,008 bytes free
Post-Run: 22,897,188,864 bytes free
.
- - End Of File - - 69C7C13B7B082BF452E4B729E4ACA91B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 20 December 2011 - 05:05 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 05:31 PM

I ran TDSSKiller twice. First time it found nothing. Second time I went into "change parameters" and checked the two "additonal options" boxes ("Verify Driver Digital Signatures" and "Detect TDLFS file system") and it found 18 suspicious items. Here is the second log.

Thanks!

17:17:40.0609 2624 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
17:17:40.0843 2624 ============================================================
17:17:40.0843 2624 Current date / time: 2011/12/20 17:17:40.0843
17:17:40.0843 2624 SystemInfo:
17:17:40.0843 2624
17:17:40.0843 2624 OS Version: 5.1.2600 ServicePack: 3.0
17:17:40.0843 2624 Product type: Workstation
17:17:40.0843 2624 ComputerName: OFFICEDESKTOP
17:17:40.0843 2624 UserName: Michael
17:17:40.0843 2624 Windows directory: C:\WINDOWS
17:17:40.0843 2624 System windows directory: C:\WINDOWS
17:17:40.0843 2624 Processor architecture: Intel x86
17:17:40.0843 2624 Number of processors: 2
17:17:40.0843 2624 Page size: 0x1000
17:17:40.0843 2624 Boot type: Normal boot
17:17:40.0843 2624 ============================================================
17:17:42.0234 2624 Initialize success
17:17:51.0937 2644 ============================================================
17:17:51.0937 2644 Scan started
17:17:51.0937 2644 Mode: Manual; SigCheck; TDLFS;
17:17:51.0937 2644 ============================================================
17:17:52.0890 2644 Abiosdsk - ok
17:17:52.0937 2644 abp480n5 - ok
17:17:53.0015 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:17:54.0921 2644 ACPI - ok
17:17:55.0062 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:17:55.0234 2644 ACPIEC - ok
17:17:55.0328 2644 adpu160m - ok
17:17:55.0390 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:17:55.0562 2644 aec - ok
17:17:55.0593 2644 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:17:55.0687 2644 AFD - ok
17:17:55.0703 2644 Aha154x - ok
17:17:55.0734 2644 aic78u2 - ok
17:17:55.0750 2644 aic78xx - ok
17:17:55.0765 2644 AliIde - ok
17:17:55.0781 2644 amsint - ok
17:17:55.0828 2644 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:17:56.0000 2644 Arp1394 - ok
17:17:56.0015 2644 asc - ok
17:17:56.0015 2644 asc3350p - ok
17:17:56.0031 2644 asc3550 - ok
17:17:56.0078 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:17:56.0250 2644 AsyncMac - ok
17:17:56.0281 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:17:56.0453 2644 atapi - ok
17:17:56.0468 2644 Atdisk - ok
17:17:56.0531 2644 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:17:56.0593 2644 ati2mtag - ok
17:17:56.0656 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:17:56.0812 2644 Atmarpc - ok
17:17:56.0859 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:17:57.0031 2644 audstub - ok
17:17:57.0093 2644 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:17:57.0156 2644 AVGIDSDriver - ok
17:17:57.0218 2644 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:17:57.0234 2644 AVGIDSEH - ok
17:17:57.0281 2644 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:17:57.0296 2644 AVGIDSFilter - ok
17:17:57.0328 2644 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:17:57.0328 2644 AVGIDSShim - ok
17:17:57.0390 2644 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:17:57.0406 2644 Avgldx86 - ok
17:17:57.0421 2644 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:17:57.0437 2644 Avgmfx86 - ok
17:17:57.0500 2644 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:17:57.0515 2644 Avgrkx86 - ok
17:17:57.0609 2644 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:17:57.0625 2644 Avgtdix - ok
17:17:57.0703 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:17:58.0484 2644 Beep - ok
17:17:58.0578 2644 bvrp_pci (c945dc4eee3f624dfd07788ea7f0db0a) C:\WINDOWS\system32\drivers\bvrp_pci.sys
17:17:58.0609 2644 bvrp_pci ( UnsignedFile.Multi.Generic ) - warning
17:17:58.0609 2644 bvrp_pci - detected UnsignedFile.Multi.Generic (1)
17:17:58.0734 2644 catchme - ok
17:17:58.0765 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:17:59.0000 2644 cbidf2k - ok
17:17:59.0093 2644 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:17:59.0296 2644 CCDECODE - ok
17:17:59.0406 2644 cd20xrnt - ok
17:17:59.0515 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:17:59.0703 2644 Cdaudio - ok
17:17:59.0781 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:17:59.0968 2644 Cdfs - ok
17:18:00.0046 2644 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
17:18:00.0078 2644 cdrbsdrv ( UnsignedFile.Multi.Generic ) - warning
17:18:00.0078 2644 cdrbsdrv - detected UnsignedFile.Multi.Generic (1)
17:18:00.0250 2644 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:18:00.0328 2644 Cdrom - ok
17:18:00.0375 2644 Changer - ok
17:18:00.0515 2644 cmdGuard (a2c97b4f0db351930d58f467948dc51d) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
17:18:00.0578 2644 cmdGuard - ok
17:18:00.0640 2644 cmdHlp (a736f2263310fee1799de88cb50c1023) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
17:18:00.0656 2644 cmdHlp - ok
17:18:00.0718 2644 CmdIde - ok
17:18:00.0843 2644 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
17:18:00.0859 2644 COMMONFX.DLL - ok
17:18:00.0921 2644 Cpqarray - ok
17:18:01.0000 2644 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
17:18:01.0187 2644 CT20XUT.DLL - ok
17:18:01.0265 2644 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
17:18:01.0296 2644 ctac32k - ok
17:18:01.0343 2644 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
17:18:01.0390 2644 ctaud2k - ok
17:18:01.0453 2644 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
17:18:01.0531 2644 CTAUDFX.DLL - ok
17:18:01.0562 2644 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
17:18:01.0593 2644 ctdvda2k - ok
17:18:01.0625 2644 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
17:18:01.0671 2644 CTEAPSFX.DLL - ok
17:18:01.0718 2644 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
17:18:01.0781 2644 CTEDSPFX.DLL - ok
17:18:01.0812 2644 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
17:18:01.0859 2644 CTEDSPIO.DLL - ok
17:18:01.0921 2644 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
17:18:01.0984 2644 CTEDSPSY.DLL - ok
17:18:02.0000 2644 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
17:18:02.0062 2644 CTERFXFX.DLL - ok
17:18:02.0187 2644 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
17:18:02.0296 2644 CTEXFIFX.DLL - ok
17:18:02.0328 2644 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
17:18:02.0375 2644 CTHWIUT.DLL - ok
17:18:02.0421 2644 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
17:18:02.0453 2644 ctprxy2k - ok
17:18:02.0500 2644 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
17:18:02.0546 2644 CTSBLFX.DLL - ok
17:18:02.0578 2644 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
17:18:02.0593 2644 ctsfm2k - ok
17:18:02.0609 2644 dac2w2k - ok
17:18:02.0625 2644 dac960nt - ok
17:18:02.0671 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:18:02.0843 2644 Disk - ok
17:18:02.0890 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:18:03.0078 2644 dmboot - ok
17:18:03.0093 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:18:03.0250 2644 dmio - ok
17:18:03.0281 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:18:03.0453 2644 dmload - ok
17:18:03.0484 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:18:03.0656 2644 DMusic - ok
17:18:03.0734 2644 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
17:18:03.0906 2644 Dot4 - ok
17:18:03.0921 2644 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
17:18:04.0093 2644 Dot4Print - ok
17:18:04.0109 2644 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
17:18:04.0296 2644 Dot4Scan - ok
17:18:04.0312 2644 dpti2o - ok
17:18:04.0359 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:18:04.0531 2644 drmkaud - ok
17:18:04.0593 2644 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
17:18:04.0609 2644 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
17:18:04.0609 2644 drvmcdb - detected UnsignedFile.Multi.Generic (1)
17:18:04.0640 2644 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
17:18:04.0671 2644 drvnddm ( UnsignedFile.Multi.Generic ) - warning
17:18:04.0671 2644 drvnddm - detected UnsignedFile.Multi.Generic (1)
17:18:04.0718 2644 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:18:04.0796 2644 E100B - ok
17:18:04.0859 2644 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
17:18:04.0875 2644 emupia - ok
17:18:04.0968 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:18:05.0187 2644 Fastfat - ok
17:18:05.0218 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:18:05.0406 2644 Fdc - ok
17:18:05.0781 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:18:05.0984 2644 Fips - ok
17:18:06.0421 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:18:06.0593 2644 Flpydisk - ok
17:18:07.0062 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:18:07.0234 2644 FltMgr - ok
17:18:07.0562 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:18:07.0968 2644 Fs_Rec - ok
17:18:08.0093 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:18:08.0328 2644 Ftdisk - ok
17:18:08.0515 2644 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:18:08.0718 2644 gameenum - ok
17:18:09.0031 2644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:18:09.0046 2644 GEARAspiWDM - ok
17:18:09.0375 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:18:09.0546 2644 Gpc - ok
17:18:10.0156 2644 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
17:18:10.0234 2644 ha10kx2k - ok
17:18:10.0500 2644 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
17:18:10.0531 2644 hap16v2k - ok
17:18:10.0796 2644 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
17:18:10.0812 2644 hap17v2k - ok
17:18:11.0046 2644 hpn - ok
17:18:11.0171 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:18:11.0390 2644 HTTP - ok
17:18:11.0625 2644 i2omgmt - ok
17:18:11.0734 2644 i2omp - ok
17:18:11.0906 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:18:12.0078 2644 i8042prt - ok
17:18:12.0328 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:18:12.0500 2644 Imapi - ok
17:18:12.0796 2644 ini910u - ok
17:18:12.0953 2644 Inspect (456003490faa4a2361ceacbfb6409172) C:\WINDOWS\system32\DRIVERS\inspect.sys
17:18:12.0968 2644 Inspect - ok
17:18:13.0500 2644 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
17:18:13.0734 2644 IntelC51 - ok
17:18:14.0031 2644 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
17:18:14.0218 2644 IntelC52 - ok
17:18:14.0453 2644 IntelC53 (de2686c0e012e6ae24acd6e79eb7ff5d) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
17:18:14.0531 2644 IntelC53 - ok
17:18:14.0921 2644 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:18:15.0125 2644 IntelIde - ok
17:18:15.0218 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:18:15.0359 2644 intelppm - ok
17:18:15.0593 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:18:15.0796 2644 Ip6Fw - ok
17:18:16.0031 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:18:16.0265 2644 IpFilterDriver - ok
17:18:16.0500 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:18:16.0687 2644 IpInIp - ok
17:18:16.0765 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:18:16.0953 2644 IpNat - ok
17:18:17.0218 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:18:17.0437 2644 IPSec - ok
17:18:17.0531 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:18:17.0765 2644 IRENUM - ok
17:18:17.0843 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:18:18.0031 2644 isapnp - ok
17:18:18.0312 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:18:18.0500 2644 Kbdclass - ok
17:18:18.0750 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:18:18.0906 2644 kmixer - ok
17:18:19.0203 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:18:19.0359 2644 KSecDD - ok
17:18:19.0640 2644 lbrtfdc - ok
17:18:20.0140 2644 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:18:21.0000 2644 MBAMProtector - ok
17:18:21.0125 2644 MBAMSwissArmy - ok
17:18:21.0375 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:18:21.0593 2644 mnmdd - ok
17:18:21.0812 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:18:22.0000 2644 Modem - ok
17:18:22.0125 2644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
17:18:22.0343 2644 MODEMCSA - ok
17:18:22.0609 2644 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
17:18:22.0640 2644 mohfilt - ok
17:18:22.0718 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:18:22.0906 2644 Mouclass - ok
17:18:22.0984 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:18:23.0187 2644 MountMgr - ok
17:18:23.0343 2644 mraid35x - ok
17:18:23.0390 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:18:23.0656 2644 MRxDAV - ok
17:18:23.0718 2644 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:18:23.0812 2644 MRxSmb - ok
17:18:23.0906 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:18:24.0140 2644 Msfs - ok
17:18:24.0546 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:18:24.0750 2644 MSKSSRV - ok
17:18:24.0859 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:18:25.0062 2644 MSPCLOCK - ok
17:18:25.0281 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:18:25.0453 2644 MSPQM - ok
17:18:25.0750 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:18:25.0937 2644 mssmbios - ok
17:18:26.0171 2644 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:18:26.0359 2644 MSTEE - ok
17:18:26.0578 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:18:26.0734 2644 Mup - ok
17:18:26.0859 2644 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:18:27.0062 2644 NABTSFEC - ok
17:18:27.0265 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:18:27.0421 2644 NDIS - ok
17:18:27.0750 2644 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:18:27.0921 2644 NdisIP - ok
17:18:28.0140 2644 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:18:28.0343 2644 NdisTapi - ok
17:18:28.0656 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:18:28.0828 2644 Ndisuio - ok
17:18:29.0109 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:18:29.0296 2644 NdisWan - ok
17:18:29.0468 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:18:29.0656 2644 NDProxy - ok
17:18:29.0718 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:18:29.0937 2644 NetBIOS - ok
17:18:30.0062 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:18:30.0265 2644 NetBT - ok
17:18:30.0328 2644 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:18:30.0546 2644 NIC1394 - ok
17:18:30.0703 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:18:30.0890 2644 Npfs - ok
17:18:31.0046 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:18:31.0328 2644 Ntfs - ok
17:18:31.0359 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:18:31.0546 2644 Null - ok
17:18:31.0578 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:18:31.0828 2644 NwlnkFlt - ok
17:18:31.0843 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:18:32.0046 2644 NwlnkFwd - ok
17:18:32.0093 2644 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:18:32.0265 2644 ohci1394 - ok
17:18:32.0296 2644 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
17:18:32.0328 2644 OMCI ( UnsignedFile.Multi.Generic ) - warning
17:18:32.0328 2644 OMCI - detected UnsignedFile.Multi.Generic (1)
17:18:32.0375 2644 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
17:18:32.0406 2644 ossrv - ok
17:18:32.0437 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
17:18:32.0593 2644 Parport - ok
17:18:32.0625 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:18:32.0781 2644 PartMgr - ok
17:18:32.0812 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:18:32.0984 2644 ParVdm - ok
17:18:33.0031 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:18:33.0187 2644 PCI - ok
17:18:33.0203 2644 PCIDump - ok
17:18:33.0234 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:18:33.0406 2644 PCIIde - ok
17:18:33.0453 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:18:33.0625 2644 Pcmcia - ok
17:18:33.0640 2644 PDCOMP - ok
17:18:33.0656 2644 PDFRAME - ok
17:18:33.0671 2644 PDRELI - ok
17:18:33.0687 2644 PDRFRAME - ok
17:18:33.0703 2644 perc2 - ok
17:18:33.0718 2644 perc2hib - ok
17:18:33.0796 2644 PfModNT (6dabb70783ef470492adb7b9a6e60bf3) C:\WINDOWS\system32\drivers\PfModNT.sys
17:18:33.0812 2644 PfModNT - ok
17:18:33.0859 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:18:34.0031 2644 PptpMiniport - ok
17:18:34.0046 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:18:34.0218 2644 PSched - ok
17:18:34.0234 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:18:34.0421 2644 Ptilink - ok
17:18:34.0453 2644 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:18:34.0484 2644 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
17:18:34.0484 2644 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
17:18:34.0500 2644 ql1080 - ok
17:18:34.0515 2644 Ql10wnt - ok
17:18:34.0531 2644 ql12160 - ok
17:18:34.0546 2644 ql1240 - ok
17:18:34.0562 2644 ql1280 - ok
17:18:34.0593 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:18:34.0765 2644 RasAcd - ok
17:18:34.0812 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:18:34.0953 2644 Rasl2tp - ok
17:18:35.0000 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:18:35.0156 2644 RasPppoe - ok
17:18:35.0171 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:18:35.0359 2644 Raspti - ok
17:18:35.0390 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:18:35.0546 2644 Rdbss - ok
17:18:35.0578 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:18:35.0750 2644 RDPCDD - ok
17:18:35.0796 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:18:35.0937 2644 rdpdr - ok
17:18:36.0000 2644 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:18:36.0078 2644 RDPWD - ok
17:18:36.0125 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:18:36.0281 2644 redbook - ok
17:18:36.0312 2644 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
17:18:36.0390 2644 RimUsb - ok
17:18:36.0437 2644 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
17:18:36.0484 2644 RimVSerPort - ok
17:18:36.0546 2644 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
17:18:36.0750 2644 ROOTMODEM - ok
17:18:36.0812 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:18:36.0984 2644 Secdrv - ok
17:18:37.0031 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:18:37.0203 2644 serenum - ok
17:18:37.0250 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
17:18:37.0406 2644 Sfloppy - ok
17:18:37.0468 2644 Simbad - ok
17:18:37.0515 2644 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:18:37.0703 2644 SLIP - ok
17:18:37.0765 2644 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
17:18:37.0796 2644 sonypvs1 ( UnsignedFile.Multi.Generic ) - warning
17:18:37.0796 2644 sonypvs1 - detected UnsignedFile.Multi.Generic (1)
17:18:37.0828 2644 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:18:38.0000 2644 SONYPVU1 - ok
17:18:38.0015 2644 Sparrow - ok
17:18:38.0062 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:18:38.0218 2644 splitter - ok
17:18:38.0312 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:18:38.0484 2644 sr - ok
17:18:38.0515 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:18:38.0625 2644 Srv - ok
17:18:38.0656 2644 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
17:18:38.0671 2644 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
17:18:38.0671 2644 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
17:18:38.0750 2644 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
17:18:38.0781 2644 ssrtln ( UnsignedFile.Multi.Generic ) - warning
17:18:38.0781 2644 ssrtln - detected UnsignedFile.Multi.Generic (1)
17:18:38.0828 2644 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:18:38.0984 2644 streamip - ok
17:18:39.0031 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:18:39.0203 2644 swenum - ok
17:18:39.0265 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:18:39.0421 2644 swmidi - ok
17:18:39.0437 2644 symc810 - ok
17:18:39.0484 2644 symc8xx - ok
17:18:39.0500 2644 sym_hi - ok
17:18:39.0515 2644 sym_u3 - ok
17:18:39.0562 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:18:39.0734 2644 sysaudio - ok
17:18:39.0796 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:18:39.0875 2644 Tcpip - ok
17:18:39.0921 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:18:40.0078 2644 TDPIPE - ok
17:18:40.0125 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:18:40.0328 2644 TDTCP - ok
17:18:40.0359 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:18:40.0562 2644 TermDD - ok
17:18:40.0625 2644 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
17:18:40.0656 2644 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0656 2644 tfsnboio - detected UnsignedFile.Multi.Generic (1)
17:18:40.0687 2644 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
17:18:40.0687 2644 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0687 2644 tfsncofs - detected UnsignedFile.Multi.Generic (1)
17:18:40.0703 2644 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
17:18:40.0750 2644 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0750 2644 tfsndrct - detected UnsignedFile.Multi.Generic (1)
17:18:40.0765 2644 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
17:18:40.0781 2644 tfsndres ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0781 2644 tfsndres - detected UnsignedFile.Multi.Generic (1)
17:18:40.0796 2644 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
17:18:40.0812 2644 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0812 2644 tfsnifs - detected UnsignedFile.Multi.Generic (1)
17:18:40.0828 2644 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
17:18:40.0859 2644 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0859 2644 tfsnopio - detected UnsignedFile.Multi.Generic (1)
17:18:40.0875 2644 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
17:18:40.0875 2644 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0875 2644 tfsnpool - detected UnsignedFile.Multi.Generic (1)
17:18:40.0921 2644 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
17:18:40.0921 2644 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0921 2644 tfsnudf - detected UnsignedFile.Multi.Generic (1)
17:18:40.0937 2644 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
17:18:40.0953 2644 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
17:18:40.0953 2644 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
17:18:40.0984 2644 TosIde - ok
17:18:41.0031 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:18:41.0187 2644 Udfs - ok
17:18:41.0203 2644 ultra - ok
17:18:41.0265 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:18:41.0437 2644 Update - ok
17:18:41.0468 2644 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:18:41.0531 2644 USBAAPL - ok
17:18:41.0609 2644 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:18:41.0781 2644 usbaudio - ok
17:18:41.0843 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:18:42.0000 2644 usbccgp - ok
17:18:42.0031 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:18:42.0203 2644 usbehci - ok
17:18:42.0234 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:18:42.0406 2644 usbhub - ok
17:18:42.0421 2644 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:18:42.0593 2644 usbprint - ok
17:18:42.0640 2644 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:18:42.0796 2644 usbscan - ok
17:18:42.0828 2644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:18:42.0984 2644 USBSTOR - ok
17:18:43.0031 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:18:43.0187 2644 usbuhci - ok
17:18:43.0218 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:18:43.0437 2644 VgaSave - ok
17:18:43.0468 2644 ViaIde - ok
17:18:43.0500 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:18:43.0640 2644 VolSnap - ok
17:18:43.0718 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:18:43.0890 2644 Wanarp - ok
17:18:43.0906 2644 WDICA - ok
17:18:43.0937 2644 Wdm1 (2f4b3c0e58d4a7bd8e38d1cd9ca47691) C:\WINDOWS\system32\Drivers\usbbc.sys
17:18:44.0015 2644 Wdm1 - ok
17:18:44.0046 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:18:44.0218 2644 wdmaud - ok
17:18:44.0296 2644 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:18:44.0375 2644 WpdUsb - ok
17:18:44.0437 2644 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:18:44.0593 2644 WSTCODEC - ok
17:18:44.0656 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:18:44.0718 2644 WudfPf - ok
17:18:44.0734 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:18:44.0765 2644 WudfRd - ok
17:18:44.0828 2644 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:18:45.0031 2644 \Device\Harddisk0\DR0 - ok
17:18:45.0046 2644 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
17:18:45.0203 2644 \Device\Harddisk1\DR2 - ok
17:18:45.0218 2644 Boot (0x1200) (c669bdbb8b908cb0548014c5088ece4b) \Device\Harddisk0\DR0\Partition0
17:18:45.0218 2644 \Device\Harddisk0\DR0\Partition0 - ok
17:18:45.0218 2644 Boot (0x1200) (c3cefb8ec0773701ce47b634aa7bfac7) \Device\Harddisk1\DR2\Partition0
17:18:45.0218 2644 \Device\Harddisk1\DR2\Partition0 - ok
17:18:45.0218 2644 ============================================================
17:18:45.0218 2644 Scan finished
17:18:45.0218 2644 ============================================================
17:18:45.0328 2060 Detected object count: 18
17:18:45.0328 2060 Actual detected object count: 18
17:19:51.0796 2060 bvrp_pci ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0796 2060 bvrp_pci ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0796 2060 cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0796 2060 cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0796 2060 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0796 2060 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0796 2060 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0796 2060 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0812 2060 OMCI ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0812 2060 OMCI ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0812 2060 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0812 2060 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0812 2060 sonypvs1 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0812 2060 sonypvs1 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0812 2060 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0812 2060 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0812 2060 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0812 2060 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0828 2060 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0828 2060 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0828 2060 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0828 2060 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0828 2060 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0828 2060 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0828 2060 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0828 2060 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0828 2060 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0828 2060 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0843 2060 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0843 2060 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0843 2060 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0843 2060 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0843 2060 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0843 2060 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:19:51.0843 2060 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
17:19:51.0843 2060 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:21:43.0843 3588 Deinitialize success

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 20 December 2011 - 06:11 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 09:08 PM

Quick question before I run aswMBR. In the drop down menu, do I select "Quickscan", "C:\" or a different option? Thanks.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 20 December 2011 - 09:47 PM

is one set at default?

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 09:51 PM

Default is "Quickscan"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 20 December 2011 - 10:16 PM

do that one


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 20 December 2011 - 11:24 PM

Here is the aswMBR log.

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-20 21:50:15
-----------------------------
21:50:15.187 OS Version: Windows 5.1.2600 Service Pack 3
21:50:15.187 Number of processors: 2 586 0x401
21:50:15.187 ComputerName: OFFICEDESKTOP UserName: Michael
21:50:16.156 Initialize success
21:50:22.953 AVAST engine defs: 11122001
22:18:09.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
22:18:09.609 Disk 0 Vendor: ST3160023AS 8.12 Size: 152587MB BusType: 3
22:18:11.625 Disk 0 MBR read successfully
22:18:11.625 Disk 0 MBR scan
22:18:13.062 Disk 0 Windows XP default MBR code
22:18:13.078 Disk 0 scanning sectors +312480315
22:18:14.171 Disk 0 scanning C:\WINDOWS\system32\drivers
22:18:38.218 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Alureon-AOW [Rtk]
22:18:46.406 Service scanning
22:18:48.250 Modules scanning
22:18:52.390 Disk 0 trace - called modules:
22:18:52.406 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:18:52.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8757fab8]
22:18:52.921 3 CLASSPNP.SYS[f7672fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x87581d98]
22:18:53.765 AVAST engine scan C:\WINDOWS
22:19:23.375 AVAST engine scan C:\WINDOWS\system32
22:21:57.953 AVAST engine scan C:\WINDOWS\system32\drivers
22:22:09.968 File: C:\WINDOWS\system32\drivers\serial.sys **INFECTED** Win32:Alureon-AOW [Rtk]
22:22:16.218 AVAST engine scan C:\Documents and Settings\Michael
23:12:06.984 AVAST engine scan C:\Documents and Settings\All Users
23:18:32.609 Scan finished successfully
23:20:05.281 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
23:20:05.312 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:58 PM

Posted 21 December 2011 - 12:19 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:filefind
serial.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 traubs

traubs
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 21 December 2011 - 07:35 AM

Here is the SystemLook log. Thanks!

SystemLook 30.07.11 by jpshortstuff
Log created at 07:17 on 21/12/2011 by Michael
Administrator - Elevation successful

========== filefind ==========

Searching for "serial.sys"
C:\WINDOWS\$NtServicePackUninstall$\serial.sys -----c- 64896 bytes [04:09 28/06/2008] [13:28 12/08/2004] CD9404D115A00D249F70A371B46D5A26
C:\WINDOWS\ServicePackFiles\i386\serial.sys ------- 64512 bytes [03:58 28/06/2008] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\drivers\serial.sys --a---- 64512 bytes [13:28 12/08/2004] [19:15 13/04/2008] F88CADBCC8A0D0C40F9D4316467DE82C

-= EOF =-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users