Jump to content

chimeria

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by chimeria

  1. chimeria
    ComboFix 12-10-18.03 - User 10/18/2012 17:17:49.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2483 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog . . ((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 ))))))))))))))))))))))))))))))) . . 2012-10-17 22:11 . 2012-10-17 22:11 -------- d-----w- c:\program files\Common Files\Java 2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService 2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo 2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL 2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-29 23:54 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-24 19:32 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 19:32 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 17:51 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232] R3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168] S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?] S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?] S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?] S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?] S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?] S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?] S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?] S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?] S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?] S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?] S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?] S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?] S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?] S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?] S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?] S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?] S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?] S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?] S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?] S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE . Contents of the 'Scheduled Tasks' folder . 2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42] . . ------- Supplementary Scan ------- . IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-17 18:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.autoDisableScopes - 14 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-18 17:24 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0, 75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\ "??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6, bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\ "rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1104) c:\windows\system32\igfxdev.dll . - - - - - - - > 'explorer.exe'(19788) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2012-10-18 17:26:05 ComboFix-quarantined-files.txt 2012-10-18 21:26 ComboFix2.txt 2012-10-17 22:24 ComboFix3.txt 2012-10-16 22:37 . Pre-Run: 16,198,496,256 bytes free Post-Run: 16,191,676,416 bytes free . - - End Of File - - 44B404A4E7BD182CC32CD104496D0ADA
  2. chimeria
    This is the log: ComboFix 12-10-17.05 - User 10/17/2012 18:14:49.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\Files\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll c:\program files\dvdvideosofttb\prxtbDVD0.dll c:\windows\system32\Desktop_.ini . . ((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))) . . 2012-10-17 22:11 . 2012-10-17 22:11 -------- d-----w- c:\program files\Common Files\Java 2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService 2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo 2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL 2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-24 19:32 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-24 19:32 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-24 17:51 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-07 21:04 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232] R3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168] S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?] S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?] S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?] S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?] S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?] S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?] S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?] S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?] S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?] S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?] S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?] S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?] S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?] S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?] S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?] S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?] S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?] S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?] S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?] S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - JAVAQUICKSTARTERSERVICE . Contents of the 'Scheduled Tasks' folder . 2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42] . . ------- Supplementary Scan ------- . IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - about:home FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-17 18:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.autoDisableScopes - 14 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-17 18:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0, 75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\ "??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6, bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\ "rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1104) c:\windows\system32\igfxdev.dll . Completion time: 2012-10-17 18:24:36 ComboFix-quarantined-files.txt 2012-10-17 22:24 ComboFix2.txt 2012-10-16 22:37 . Pre-Run: 13,688,877,056 bytes free Post-Run: 13,693,468,672 bytes free . - - End Of File - - 18557CE617DFD9CD67594C8213F0338A
  3. chimeria
    Hi Couldn't install recovery console, it said Boot partition fails to enumberate. But I still continued ... (this program also gave me a blue screen od death, this log was created a second time) ComboFix 12-10-16.02 - User 10/16/2012 18:28:50.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2538 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\Files\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\CFLog c:\cflog\CrashLog_20111123.txt c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\User\Application Data\PriceGong c:\documents and settings\User\Application Data\PriceGong\Data\1.txt c:\documents and settings\User\Application Data\PriceGong\Data\407.txt c:\documents and settings\User\Application Data\PriceGong\Data\4256.txt c:\documents and settings\User\Application Data\PriceGong\Data\a.txt c:\documents and settings\User\Application Data\PriceGong\Data\b.txt c:\documents and settings\User\Application Data\PriceGong\Data\c.txt c:\documents and settings\User\Application Data\PriceGong\Data\d.txt c:\documents and settings\User\Application Data\PriceGong\Data\e.txt c:\documents and settings\User\Application Data\PriceGong\Data\f.txt c:\documents and settings\User\Application Data\PriceGong\Data\g.txt c:\documents and settings\User\Application Data\PriceGong\Data\h.txt c:\documents and settings\User\Application Data\PriceGong\Data\i.txt c:\documents and settings\User\Application Data\PriceGong\Data\j.txt c:\documents and settings\User\Application Data\PriceGong\Data\k.txt c:\documents and settings\User\Application Data\PriceGong\Data\l.txt c:\documents and settings\User\Application Data\PriceGong\Data\m.txt c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml c:\documents and settings\User\Application Data\PriceGong\Data\n.txt c:\documents and settings\User\Application Data\PriceGong\Data\o.txt c:\documents and settings\User\Application Data\PriceGong\Data\p.txt c:\documents and settings\User\Application Data\PriceGong\Data\q.txt c:\documents and settings\User\Application Data\PriceGong\Data\r.txt c:\documents and settings\User\Application Data\PriceGong\Data\s.txt c:\documents and settings\User\Application Data\PriceGong\Data\t.txt c:\documents and settings\User\Application Data\PriceGong\Data\u.txt c:\documents and settings\User\Application Data\PriceGong\Data\v.txt c:\documents and settings\User\Application Data\PriceGong\Data\w.txt c:\documents and settings\User\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\User\Application Data\PriceGong\Data\x.txt c:\documents and settings\User\Application Data\PriceGong\Data\y.txt c:\documents and settings\User\Application Data\PriceGong\Data\z.txt c:\documents and settings\User\My Documents\TEMP_PRJ.TMP c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\303ca02d15f90324.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\aef0891022d6fa28.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\ebf6f5787a3d9993.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\msstdfmt.dll c:\windows\system32\SET93.tmp c:\windows\system32\SET94.tmp c:\windows\system32\SET95.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 ))))))))))))))))))))))))))))))) . . 2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService 2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos 2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo 2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL 2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-29 00:24 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-29 00:24 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 22:39 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] 2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984] "RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960] "ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952] R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168] S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?] S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?] S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?] S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?] S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?] S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?] S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?] S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?] S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?] S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?] S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?] S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?] S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?] S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?] S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?] S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?] S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?] S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?] S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?] S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?] S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?] S3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html TCP: DhcpNameServer = 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-16 18:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0, 75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\ "??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c . [HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*] "datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6, bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\ "rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2012-10-16 18:37:52 ComboFix-quarantined-files.txt 2012-10-16 22:37 . Pre-Run: 14,196,944,896 bytes free Post-Run: 14,231,109,632 bytes free . - - End Of File - - 2A978E0DBD0F04EBDC614DED047CD90E
  4. chimeria
    It's very tempting to move it to quarantine, you know.
  5. chimeria
    The TDSSKiller Scan: 22:27:30.0703 1348 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 22:27:31.0000 1348 ============================================================ 22:27:31.0000 1348 Current date / time: 2012/10/15 22:27:31.0000 22:27:31.0000 1348 SystemInfo: 22:27:31.0000 1348 22:27:31.0000 1348 OS Version: 5.1.2600 ServicePack: 3.0 22:27:31.0000 1348 Product type: Workstation 22:27:31.0000 1348 ComputerName: USER-PC1 22:27:31.0000 1348 UserName: User 22:27:31.0000 1348 Windows directory: C:\windows 22:27:31.0000 1348 System windows directory: C:\windows 22:27:31.0000 1348 Processor architecture: Intel x86 22:27:31.0000 1348 Number of processors: 2 22:27:31.0000 1348 Page size: 0x1000 22:27:31.0000 1348 Boot type: Normal boot 22:27:31.0000 1348 ============================================================ 22:27:32.0859 1348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 22:27:32.0859 1348 ============================================================ 22:27:32.0859 1348 \Device\Harddisk0\DR0: 22:27:32.0859 1348 MBR partitions: 22:27:32.0859 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542 22:27:32.0859 1348 ============================================================ 22:27:32.0890 1348 C: <-> \Device\Harddisk0\DR0\Partition1 22:27:32.0890 1348 ============================================================ 22:27:32.0890 1348 Initialize success 22:27:32.0890 1348 ============================================================ 22:27:49.0593 2532 ============================================================ 22:27:49.0593 2532 Scan started 22:27:49.0593 2532 Mode: Manual; TDLFS; 22:27:49.0593 2532 ============================================================ 22:27:50.0515 2532 ================ Scan system memory ======================== 22:27:50.0515 2532 System memory - ok 22:27:50.0515 2532 ================ Scan services ============================= 22:27:50.0609 2532 Abiosdsk - ok 22:27:50.0625 2532 abp480n5 - ok 22:27:50.0687 2532 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys 22:27:50.0687 2532 ACPI - ok 22:27:50.0718 2532 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\DRIVERS\ACPIEC.sys 22:27:50.0718 2532 ACPIEC - ok 22:27:50.0796 2532 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 22:27:50.0812 2532 AdobeFlashPlayerUpdateSvc - ok 22:27:50.0812 2532 adpu160m - ok 22:27:50.0859 2532 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys 22:27:50.0875 2532 aec - ok 22:27:50.0921 2532 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys 22:27:50.0921 2532 AFD - ok 22:27:50.0968 2532 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe 22:27:50.0984 2532 AgereModemAudio - ok 22:27:51.0031 2532 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys 22:27:51.0062 2532 AgereSoftModem - ok 22:27:51.0078 2532 Aha154x - ok 22:27:51.0078 2532 aic78u2 - ok 22:27:51.0093 2532 aic78xx - ok 22:27:51.0125 2532 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll 22:27:51.0125 2532 Alerter - ok 22:27:51.0156 2532 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe 22:27:51.0156 2532 ALG - ok 22:27:51.0156 2532 AliIde - ok 22:27:51.0250 2532 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\windows\system32\drivers\Ambfilt.sys 22:27:51.0296 2532 Ambfilt - ok 22:27:51.0296 2532 amsint - ok 22:27:51.0328 2532 [ D1151A660321DE683E13FD16029092EA ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys 22:27:51.0343 2532 ApfiltrService - ok 22:27:51.0390 2532 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll 22:27:51.0390 2532 AppMgmt - ok 22:27:51.0421 2532 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\windows\system32\DRIVERS\ar5211.sys 22:27:51.0437 2532 AR5211 - ok 22:27:51.0546 2532 [ C413E2E549488A5F1969DECB5B03187A ] AR5416 C:\windows\system32\DRIVERS\athw.sys 22:27:51.0625 2532 AR5416 - ok 22:27:51.0640 2532 asc - ok 22:27:51.0640 2532 asc3350p - ok 22:27:51.0656 2532 asc3550 - ok 22:27:51.0812 2532 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 22:27:51.0828 2532 aspnet_state - ok 22:27:51.0828 2532 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys 22:27:51.0843 2532 AsyncMac - ok 22:27:51.0859 2532 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys 22:27:51.0859 2532 atapi - ok 22:27:51.0875 2532 Atdisk - ok 22:27:51.0906 2532 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys 22:27:51.0906 2532 Atmarpc - ok 22:27:51.0953 2532 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll 22:27:51.0953 2532 AudioSrv - ok 22:27:52.0000 2532 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys 22:27:52.0000 2532 audstub - ok 22:27:52.0312 2532 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 22:27:52.0468 2532 AVGIDSAgent - ok 22:27:52.0515 2532 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys 22:27:52.0515 2532 AVGIDSDriver - ok 22:27:52.0546 2532 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys 22:27:52.0546 2532 AVGIDSFilter - ok 22:27:52.0562 2532 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys 22:27:52.0562 2532 AVGIDSHX - ok 22:27:52.0593 2532 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys 22:27:52.0593 2532 AVGIDSShim - ok 22:27:52.0625 2532 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys 22:27:52.0640 2532 Avgldx86 - ok 22:27:52.0640 2532 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys 22:27:52.0640 2532 Avgmfx86 - ok 22:27:52.0656 2532 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys 22:27:52.0656 2532 Avgrkx86 - ok 22:27:52.0718 2532 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys 22:27:52.0718 2532 Avgtdix - ok 22:27:52.0765 2532 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\windows\system32\drivers\avgtpx86.sys 22:27:52.0765 2532 avgtp - ok 22:27:52.0796 2532 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe 22:27:52.0796 2532 avgwd - ok 22:27:52.0843 2532 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\windows\system32\DRIVERS\b57xp32.sys 22:27:52.0859 2532 b57w2k - ok 22:27:52.0921 2532 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys 22:27:52.0953 2532 BCM43XX - ok 22:27:52.0984 2532 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys 22:27:52.0984 2532 Beep - ok 22:27:53.0062 2532 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 22:27:53.0062 2532 BITS - ok 22:27:53.0125 2532 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll 22:27:53.0125 2532 Browser - ok 22:27:53.0171 2532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys 22:27:53.0171 2532 cbidf2k - ok 22:27:53.0203 2532 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys 22:27:53.0203 2532 CCDECODE - ok 22:27:53.0203 2532 cd20xrnt - ok 22:27:53.0234 2532 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys 22:27:53.0234 2532 Cdaudio - ok 22:27:53.0250 2532 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys 22:27:53.0250 2532 Cdfs - ok 22:27:53.0265 2532 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys 22:27:53.0265 2532 Cdrom - ok 22:27:53.0265 2532 Changer - ok 22:27:53.0296 2532 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe 22:27:53.0296 2532 CiSvc - ok 22:27:53.0328 2532 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe 22:27:53.0328 2532 ClipSrv - ok 22:27:53.0406 2532 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:27:53.0421 2532 clr_optimization_v2.0.50727_32 - ok 22:27:53.0468 2532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:27:53.0484 2532 clr_optimization_v4.0.30319_32 - ok 22:27:53.0515 2532 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys 22:27:53.0515 2532 CmBatt - ok 22:27:53.0531 2532 CmdIde - ok 22:27:53.0531 2532 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys 22:27:53.0531 2532 Compbatt - ok 22:27:53.0546 2532 COMSysApp - ok 22:27:53.0546 2532 Cpqarray - ok 22:27:53.0578 2532 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll 22:27:53.0578 2532 CryptSvc - ok 22:27:53.0593 2532 dac2w2k - ok 22:27:53.0593 2532 dac960nt - ok 22:27:53.0656 2532 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll 22:27:53.0671 2532 DcomLaunch - ok 22:27:53.0687 2532 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll 22:27:53.0687 2532 Dhcp - ok 22:27:53.0687 2532 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys 22:27:53.0687 2532 Disk - ok 22:27:53.0734 2532 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\windows\system32\DRIVERS\DKbFltr.sys 22:27:53.0750 2532 DKbFltr - ok 22:27:53.0750 2532 dmadmin - ok 22:27:53.0796 2532 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys 22:27:53.0812 2532 dmboot - ok 22:27:53.0828 2532 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys 22:27:53.0828 2532 dmio - ok 22:27:53.0843 2532 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys 22:27:53.0843 2532 dmload - ok 22:27:53.0859 2532 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll 22:27:53.0859 2532 dmserver - ok 22:27:53.0890 2532 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys 22:27:53.0890 2532 DMusic - ok 22:27:53.0921 2532 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll 22:27:53.0921 2532 Dnscache - ok 22:27:53.0937 2532 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll 22:27:53.0937 2532 Dot3svc - ok 22:27:53.0953 2532 dpti2o - ok 22:27:53.0968 2532 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys 22:27:53.0968 2532 drmkaud - ok 22:27:54.0000 2532 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll 22:27:54.0000 2532 EapHost - ok 22:27:54.0015 2532 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll 22:27:54.0015 2532 ERSvc - ok 22:27:54.0078 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe 22:27:54.0078 2532 Eventlog - ok 22:27:54.0140 2532 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 22:27:54.0140 2532 EventSystem - ok 22:27:54.0203 2532 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys 22:27:54.0203 2532 Fastfat - ok 22:27:54.0250 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll 22:27:54.0265 2532 FastUserSwitchingCompatibility - ok 22:27:54.0265 2532 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys 22:27:54.0265 2532 Fdc - ok 22:27:54.0281 2532 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys 22:27:54.0281 2532 Fips - ok 22:27:54.0312 2532 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys 22:27:54.0312 2532 Flpydisk - ok 22:27:54.0343 2532 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys 22:27:54.0359 2532 FltMgr - ok 22:27:54.0406 2532 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 22:27:54.0406 2532 FontCache3.0.0.0 - ok 22:27:54.0421 2532 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys 22:27:54.0421 2532 Fs_Rec - ok 22:27:54.0453 2532 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys 22:27:54.0453 2532 Ftdisk - ok 22:27:54.0500 2532 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys 22:27:54.0500 2532 Gpc - ok 22:27:54.0515 2532 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys 22:27:54.0515 2532 HDAudBus - ok 22:27:54.0593 2532 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll 22:27:54.0593 2532 helpsvc - ok 22:27:54.0593 2532 HidServ - ok 22:27:54.0625 2532 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys 22:27:54.0625 2532 HidUsb - ok 22:27:54.0671 2532 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll 22:27:54.0671 2532 hkmsvc - ok 22:27:54.0671 2532 hpn - ok 22:27:54.0718 2532 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\windows\system32\DRIVERS\HSFHWAZL.sys 22:27:54.0718 2532 HSFHWAZL - ok 22:27:54.0765 2532 [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV C:\windows\system32\DRIVERS\HSX_DPV.sys 22:27:54.0796 2532 HSF_DPV - ok 22:27:54.0828 2532 [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL C:\windows\system32\DRIVERS\HSXHWAZL.sys 22:27:54.0828 2532 HSXHWAZL - ok 22:27:54.0875 2532 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys 22:27:54.0890 2532 HTTP - ok 22:27:54.0937 2532 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll 22:27:54.0937 2532 HTTPFilter - ok 22:27:54.0937 2532 i2omgmt - ok 22:27:54.0953 2532 i2omp - ok 22:27:55.0000 2532 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys 22:27:55.0000 2532 i8042prt - ok 22:27:55.0250 2532 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\windows\system32\DRIVERS\igxpmp32.sys 22:27:55.0437 2532 ialm - ok 22:27:55.0531 2532 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 22:27:55.0531 2532 IDriverT - ok 22:27:55.0593 2532 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 22:27:55.0625 2532 idsvc - ok 22:27:55.0640 2532 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys 22:27:55.0640 2532 Imapi - ok 22:27:55.0687 2532 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 22:27:55.0687 2532 ImapiService - ok 22:27:55.0703 2532 ini910u - ok 22:27:55.0953 2532 [ 4517FD80B6D734D99AC4B1578443D1D9 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys 22:27:56.0156 2532 IntcAzAudAddService - ok 22:27:56.0156 2532 IntelIde - ok 22:27:56.0218 2532 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys 22:27:56.0218 2532 intelppm - ok 22:27:56.0265 2532 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys 22:27:56.0265 2532 Ip6Fw - ok 22:27:56.0296 2532 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys 22:27:56.0296 2532 IpFilterDriver - ok 22:27:56.0312 2532 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys 22:27:56.0328 2532 IpInIp - ok 22:27:56.0359 2532 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys 22:27:56.0359 2532 IpNat - ok 22:27:56.0406 2532 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys 22:27:56.0406 2532 IPSec - ok 22:27:56.0437 2532 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys 22:27:56.0437 2532 IRENUM - ok 22:27:56.0468 2532 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys 22:27:56.0468 2532 isapnp - ok 22:27:56.0562 2532 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 22:27:56.0562 2532 JavaQuickStarterService - ok 22:27:56.0578 2532 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys 22:27:56.0578 2532 Kbdclass - ok 22:27:56.0640 2532 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys 22:27:56.0640 2532 kmixer - ok 22:27:56.0671 2532 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys 22:27:56.0671 2532 KSecDD - ok 22:27:56.0687 2532 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll 22:27:56.0687 2532 lanmanserver - ok 22:27:56.0718 2532 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll 22:27:56.0734 2532 lanmanworkstation - ok 22:27:56.0734 2532 lbrtfdc - ok 22:27:56.0781 2532 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll 22:27:56.0781 2532 LmHosts - ok 22:27:56.0875 2532 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 22:27:56.0875 2532 MDM - ok 22:27:56.0921 2532 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\windows\system32\DRIVERS\mdmxsdk.sys 22:27:56.0921 2532 mdmxsdk - ok 22:27:56.0968 2532 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll 22:27:56.0968 2532 Messenger - ok 22:27:57.0015 2532 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys 22:27:57.0015 2532 mnmdd - ok 22:27:57.0046 2532 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 22:27:57.0046 2532 mnmsrvc - ok 22:27:57.0093 2532 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys 22:27:57.0093 2532 Modem - ok 22:27:57.0171 2532 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\windows\system32\drivers\Monfilt.sys 22:27:57.0218 2532 Monfilt - ok 22:27:57.0234 2532 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys 22:27:57.0250 2532 Mouclass - ok 22:27:57.0296 2532 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys 22:27:57.0296 2532 mouhid - ok 22:27:57.0312 2532 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys 22:27:57.0312 2532 MountMgr - ok 22:27:57.0375 2532 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 22:27:57.0375 2532 MozillaMaintenance - ok 22:27:57.0375 2532 mraid35x - ok 22:27:57.0406 2532 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys 22:27:57.0421 2532 MRxDAV - ok 22:27:57.0453 2532 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys 22:27:57.0468 2532 MRxSmb - ok 22:27:57.0515 2532 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 22:27:57.0515 2532 MSDTC - ok 22:27:57.0562 2532 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys 22:27:57.0562 2532 Msfs - ok 22:27:57.0562 2532 MSIServer - ok 22:27:57.0578 2532 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys 22:27:57.0578 2532 MSKSSRV - ok 22:27:57.0609 2532 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys 22:27:57.0609 2532 MSPCLOCK - ok 22:27:57.0625 2532 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys 22:27:57.0625 2532 MSPQM - ok 22:27:57.0656 2532 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys 22:27:57.0656 2532 mssmbios - ok 22:27:57.0687 2532 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys 22:27:57.0687 2532 MSTEE - ok 22:27:57.0703 2532 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys 22:27:57.0718 2532 Mup - ok 22:27:57.0734 2532 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys 22:27:57.0734 2532 NABTSFEC - ok 22:27:57.0765 2532 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll 22:27:57.0765 2532 napagent - ok 22:27:57.0859 2532 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 22:27:57.0890 2532 NBService - ok 22:27:57.0937 2532 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys 22:27:57.0937 2532 NDIS - ok 22:27:57.0968 2532 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys 22:27:57.0968 2532 NdisIP - ok 22:27:58.0000 2532 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys 22:27:58.0000 2532 NdisTapi - ok 22:27:58.0015 2532 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys 22:27:58.0015 2532 Ndisuio - ok 22:27:58.0031 2532 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys 22:27:58.0031 2532 NdisWan - ok 22:27:58.0046 2532 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys 22:27:58.0046 2532 NDProxy - ok 22:27:58.0062 2532 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys 22:27:58.0062 2532 NetBIOS - ok 22:27:58.0078 2532 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys 22:27:58.0078 2532 NetBT - ok 22:27:58.0140 2532 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe 22:27:58.0140 2532 NetDDE - ok 22:27:58.0140 2532 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe 22:27:58.0156 2532 NetDDEdsdm - ok 22:27:58.0187 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe 22:27:58.0187 2532 Netlogon - ok 22:27:58.0234 2532 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll 22:27:58.0250 2532 Netman - ok 22:27:58.0296 2532 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:27:58.0296 2532 NetTcpPortSharing - ok 22:27:58.0343 2532 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll 22:27:58.0343 2532 Nla - ok 22:27:58.0468 2532 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 22:27:58.0468 2532 NMIndexingService - ok 22:27:58.0500 2532 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys 22:27:58.0500 2532 Npfs - ok 22:27:58.0531 2532 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys 22:27:58.0531 2532 Ntfs - ok 22:27:58.0546 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe 22:27:58.0546 2532 NtLmSsp - ok 22:27:58.0593 2532 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll 22:27:58.0609 2532 NtmsSvc - ok 22:27:58.0640 2532 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys 22:27:58.0640 2532 Null - ok 22:27:58.0671 2532 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys 22:27:58.0671 2532 NwlnkFlt - ok 22:27:58.0703 2532 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys 22:27:58.0703 2532 NwlnkFwd - ok 22:27:58.0734 2532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:27:58.0750 2532 ose - ok 22:27:58.0796 2532 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\drivers\Parport.sys 22:27:58.0796 2532 Parport - ok 22:27:58.0812 2532 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys 22:27:58.0812 2532 PartMgr - ok 22:27:58.0843 2532 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys 22:27:58.0843 2532 ParVdm - ok 22:27:58.0859 2532 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys 22:27:58.0859 2532 PCI - ok 22:27:58.0859 2532 PCIDump - ok 22:27:58.0890 2532 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys 22:27:58.0890 2532 PCIIde - ok 22:27:58.0921 2532 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys 22:27:58.0921 2532 Pcmcia - ok 22:27:58.0921 2532 PDCOMP - ok 22:27:58.0921 2532 PDFRAME - ok 22:27:58.0937 2532 PDRELI - ok 22:27:58.0937 2532 PDRFRAME - ok 22:27:58.0953 2532 perc2 - ok 22:27:58.0953 2532 perc2hib - ok 22:27:59.0015 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe 22:27:59.0015 2532 PlugPlay - ok 22:27:59.0031 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe 22:27:59.0031 2532 PolicyAgent - ok 22:27:59.0046 2532 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys 22:27:59.0046 2532 PptpMiniport - ok 22:27:59.0046 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe 22:27:59.0046 2532 ProtectedStorage - ok 22:27:59.0046 2532 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys 22:27:59.0062 2532 PSched - ok 22:27:59.0062 2532 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys 22:27:59.0062 2532 Ptilink - ok 22:27:59.0093 2532 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys 22:27:59.0109 2532 PxHelp20 - ok 22:27:59.0109 2532 ql1080 - ok 22:27:59.0109 2532 Ql10wnt - ok 22:27:59.0125 2532 ql12160 - ok 22:27:59.0125 2532 ql1240 - ok 22:27:59.0140 2532 ql1280 - ok 22:27:59.0171 2532 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys 22:27:59.0171 2532 RasAcd - ok 22:27:59.0218 2532 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll 22:27:59.0218 2532 RasAuto - ok 22:27:59.0250 2532 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys 22:27:59.0250 2532 Rasl2tp - ok 22:27:59.0265 2532 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll 22:27:59.0281 2532 RasMan - ok 22:27:59.0281 2532 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys 22:27:59.0281 2532 RasPppoe - ok 22:27:59.0296 2532 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys 22:27:59.0296 2532 Raspti - ok 22:27:59.0312 2532 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys 22:27:59.0312 2532 Rdbss - ok 22:27:59.0328 2532 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys 22:27:59.0328 2532 RDPCDD - ok 22:27:59.0328 2532 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys 22:27:59.0343 2532 rdpdr - ok 22:27:59.0375 2532 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys 22:27:59.0390 2532 RDPWD - ok 22:27:59.0406 2532 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 22:27:59.0406 2532 RDSessMgr - ok 22:27:59.0437 2532 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys 22:27:59.0437 2532 redbook - ok 22:27:59.0468 2532 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll 22:27:59.0468 2532 RemoteAccess - ok 22:27:59.0500 2532 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll 22:27:59.0500 2532 RemoteRegistry - ok 22:27:59.0609 2532 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe 22:27:59.0609 2532 RichVideo - ok 22:27:59.0640 2532 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe 22:27:59.0640 2532 RpcLocator - ok 22:27:59.0671 2532 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll 22:27:59.0687 2532 RpcSs - ok 22:27:59.0734 2532 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys 22:27:59.0734 2532 rspndr - ok 22:27:59.0781 2532 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe 22:27:59.0781 2532 RSVP - ok 22:27:59.0812 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe 22:27:59.0812 2532 SamSs - ok 22:27:59.0843 2532 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe 22:27:59.0859 2532 SCardSvr - ok 22:27:59.0875 2532 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll 22:27:59.0890 2532 Schedule - ok 22:27:59.0937 2532 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys 22:27:59.0937 2532 Secdrv - ok 22:27:59.0953 2532 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll 22:27:59.0968 2532 seclogon - ok 22:27:59.0984 2532 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll 22:27:59.0984 2532 SENS - ok 22:28:00.0031 2532 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\drivers\Serial.sys 22:28:00.0031 2532 Serial - ok 22:28:00.0125 2532 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys 22:28:00.0125 2532 Sfloppy - ok 22:28:00.0171 2532 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll 22:28:00.0187 2532 SharedAccess - ok 22:28:00.0187 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll 22:28:00.0187 2532 ShellHWDetection - ok 22:28:00.0203 2532 Simbad - ok 22:28:00.0281 2532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 22:28:00.0281 2532 SkypeUpdate - ok 22:28:00.0312 2532 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys 22:28:00.0312 2532 SLIP - ok 22:28:00.0328 2532 Sparrow - ok 22:28:00.0359 2532 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys 22:28:00.0359 2532 splitter - ok 22:28:00.0421 2532 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe 22:28:00.0421 2532 Spooler - ok 22:28:00.0500 2532 [ 71E276F6D189413266EA22171806597B ] sptd C:\windows\system32\Drivers\sptd.sys 22:28:00.0500 2532 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B 22:28:00.0500 2532 sptd ( LockedFile.Multi.Generic ) - warning 22:28:00.0500 2532 sptd - detected LockedFile.Multi.Generic (1) 22:28:00.0531 2532 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys 22:28:00.0531 2532 sr - ok 22:28:00.0546 2532 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 22:28:00.0562 2532 srservice - ok 22:28:00.0578 2532 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys 22:28:00.0578 2532 Srv - ok 22:28:00.0625 2532 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll 22:28:00.0625 2532 SSDPSRV - ok 22:28:00.0687 2532 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll 22:28:00.0703 2532 stisvc - ok 22:28:00.0750 2532 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys 22:28:00.0750 2532 streamip - ok 22:28:00.0781 2532 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys 22:28:00.0781 2532 swenum - ok 22:28:00.0781 2532 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys 22:28:00.0781 2532 swmidi - ok 22:28:00.0781 2532 SwPrv - ok 22:28:00.0796 2532 symc810 - ok 22:28:00.0796 2532 symc8xx - ok 22:28:00.0812 2532 sym_hi - ok 22:28:00.0812 2532 sym_u3 - ok 22:28:00.0859 2532 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys 22:28:00.0859 2532 sysaudio - ok 22:28:00.0890 2532 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe 22:28:00.0890 2532 SysmonLog - ok 22:28:00.0921 2532 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll 22:28:00.0921 2532 TapiSrv - ok 22:28:00.0953 2532 [ D9F19E78F98834CB411D6AD3C68D181A ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys 22:28:00.0953 2532 Tcpip - ok 22:28:00.0984 2532 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys 22:28:00.0984 2532 TDPIPE - ok 22:28:01.0000 2532 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys 22:28:01.0000 2532 TDTCP - ok 22:28:01.0031 2532 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys 22:28:01.0031 2532 TermDD - ok 22:28:01.0062 2532 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll 22:28:01.0078 2532 TermService - ok 22:28:01.0093 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll 22:28:01.0093 2532 Themes - ok 22:28:01.0140 2532 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 22:28:01.0140 2532 TlntSvr - ok 22:28:01.0156 2532 TosIde - ok 22:28:01.0171 2532 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll 22:28:01.0171 2532 TrkWks - ok 22:28:01.0187 2532 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys 22:28:01.0187 2532 Udfs - ok 22:28:01.0203 2532 ultra - ok 22:28:01.0265 2532 [ D0CB75386D9E89C864D808D64EC9160F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys 22:28:01.0265 2532 UnlockerDriver5 - ok 22:28:01.0312 2532 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys 22:28:01.0328 2532 Update - ok 22:28:01.0359 2532 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll 22:28:01.0359 2532 upnphost - ok 22:28:01.0375 2532 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe 22:28:01.0375 2532 UPS - ok 22:28:01.0421 2532 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys 22:28:01.0421 2532 usbccgp - ok 22:28:01.0437 2532 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys 22:28:01.0437 2532 usbehci - ok 22:28:01.0437 2532 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys 22:28:01.0437 2532 usbhub - ok 22:28:01.0468 2532 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS 22:28:01.0468 2532 USBSTOR - ok 22:28:01.0500 2532 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys 22:28:01.0515 2532 usbuhci - ok 22:28:01.0515 2532 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys 22:28:01.0515 2532 usbvideo - ok 22:28:01.0562 2532 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys 22:28:01.0562 2532 VgaSave - ok 22:28:01.0562 2532 ViaIde - ok 22:28:01.0578 2532 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys 22:28:01.0578 2532 VolSnap - ok 22:28:01.0609 2532 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe 22:28:01.0609 2532 VSS - ok 22:28:01.0718 2532 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe 22:28:01.0750 2532 vToolbarUpdater12.2.6 - ok 22:28:01.0812 2532 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 22:28:01.0812 2532 W32Time - ok 22:28:01.0875 2532 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\windows\system32\DRIVERS\w39n51.sys 22:28:01.0921 2532 w39n51 - ok 22:28:01.0937 2532 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys 22:28:01.0937 2532 Wanarp - ok 22:28:01.0937 2532 WDICA - ok 22:28:01.0968 2532 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys 22:28:01.0984 2532 wdmaud - ok 22:28:02.0000 2532 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll 22:28:02.0000 2532 WebClient - ok 22:28:02.0046 2532 [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf C:\windows\system32\DRIVERS\HSX_CNXT.sys 22:28:02.0062 2532 winachsf - ok 22:28:02.0187 2532 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll 22:28:02.0203 2532 winmgmt - ok 22:28:02.0265 2532 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\windows\system32\WsmSvc.dll 22:28:02.0296 2532 WinRM - ok 22:28:02.0328 2532 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll 22:28:02.0343 2532 WmdmPmSN - ok 22:28:02.0390 2532 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll 22:28:02.0406 2532 Wmi - ok 22:28:02.0421 2532 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys 22:28:02.0421 2532 WmiAcpi - ok 22:28:02.0453 2532 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 22:28:02.0453 2532 WmiApSrv - ok 22:28:02.0546 2532 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 22:28:02.0578 2532 WMPNetworkSvc - ok 22:28:02.0656 2532 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 22:28:02.0671 2532 WPFFontCache_v0400 - ok 22:28:02.0718 2532 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys 22:28:02.0718 2532 WS2IFSL - ok 22:28:02.0765 2532 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll 22:28:02.0765 2532 wscsvc - ok 22:28:02.0796 2532 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS 22:28:02.0812 2532 WSTCODEC - ok 22:28:02.0843 2532 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\windows\system32\wuauserv.dll 22:28:02.0843 2532 wuauserv - ok 22:28:02.0890 2532 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys 22:28:02.0890 2532 WudfPf - ok 22:28:02.0906 2532 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys 22:28:02.0906 2532 WudfRd - ok 22:28:02.0921 2532 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll 22:28:02.0921 2532 WudfSvc - ok 22:28:02.0984 2532 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll 22:28:03.0000 2532 WZCSVC - ok 22:28:03.0046 2532 [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio C:\windows\system32\DRIVERS\xaudio.sys 22:28:03.0046 2532 XAudio - ok 22:28:03.0078 2532 [ F82FC2C30A19442B95AE554215837C46 ] XAudioService C:\windows\system32\DRIVERS\xaudio.exe 22:28:03.0078 2532 XAudioService - ok 22:28:03.0093 2532 XDva310 - ok 22:28:03.0093 2532 XDva321 - ok 22:28:03.0140 2532 XDva323 - ok 22:28:03.0140 2532 XDva327 - ok 22:28:03.0156 2532 XDva337 - ok 22:28:03.0156 2532 XDva341 - ok 22:28:03.0156 2532 XDva342 - ok 22:28:03.0171 2532 XDva345 - ok 22:28:03.0171 2532 XDva346 - ok 22:28:03.0187 2532 XDva347 - ok 22:28:03.0187 2532 XDva349 - ok 22:28:03.0203 2532 XDva352 - ok 22:28:03.0203 2532 XDva358 - ok 22:28:03.0203 2532 XDva359 - ok 22:28:03.0218 2532 XDva361 - ok 22:28:03.0218 2532 XDva362 - ok 22:28:03.0234 2532 XDva366 - ok 22:28:03.0234 2532 XDva367 - ok 22:28:03.0250 2532 XDva368 - ok 22:28:03.0250 2532 XDva370 - ok 22:28:03.0250 2532 XDva372 - ok 22:28:03.0265 2532 XDva374 - ok 22:28:03.0265 2532 XDva375 - ok 22:28:03.0281 2532 XDva377 - ok 22:28:03.0281 2532 XDva379 - ok 22:28:03.0296 2532 XDva380 - ok 22:28:03.0296 2532 XDva382 - ok 22:28:03.0296 2532 XDva383 - ok 22:28:03.0312 2532 XDva384 - ok 22:28:03.0312 2532 XDva385 - ok 22:28:03.0328 2532 XDva386 - ok 22:28:03.0328 2532 XDva387 - ok 22:28:03.0343 2532 XDva388 - ok 22:28:03.0343 2532 XDva389 - ok 22:28:03.0343 2532 XDva390 - ok 22:28:03.0359 2532 XDva391 - ok 22:28:03.0359 2532 XDva392 - ok 22:28:03.0375 2532 XDva393 - ok 22:28:03.0375 2532 XDva394 - ok 22:28:03.0390 2532 XDva397 - ok 22:28:03.0390 2532 XDva398 - ok 22:28:03.0390 2532 XDva399 - ok 22:28:03.0406 2532 XDva400 - ok 22:28:03.0468 2532 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll 22:28:03.0468 2532 xmlprov - ok 22:28:03.0500 2532 [ 9278A9870D9E919B20EBC17299FBB107 ] yukonwxp C:\windows\system32\DRIVERS\yk51x86.sys 22:28:03.0515 2532 yukonwxp - ok 22:28:03.0546 2532 ================ Scan global =============================== 22:28:03.0578 2532 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll 22:28:03.0640 2532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll 22:28:03.0656 2532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll 22:28:03.0718 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe 22:28:03.0718 2532 [Global] - ok 22:28:03.0718 2532 ================ Scan MBR ================================== 22:28:03.0750 2532 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 22:28:04.0046 2532 \Device\Harddisk0\DR0 - ok 22:28:04.0046 2532 ================ Scan VBR ================================== 22:28:04.0062 2532 [ 5E245051DE2D2190368D36E1F745FCAC ] \Device\Harddisk0\DR0\Partition1 22:28:04.0062 2532 \Device\Harddisk0\DR0\Partition1 - ok 22:28:04.0062 2532 ============================================================ 22:28:04.0062 2532 Scan finished 22:28:04.0062 2532 ============================================================ 22:28:04.0078 3804 Detected object count: 1 22:28:04.0078 3804 Actual detected object count: 1 22:28:20.0625 3804 sptd ( LockedFile.Multi.Generic ) - skipped by user 22:28:20.0625 3804 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  6. chimeria
    Did a rescan just to be sure. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-15 21:40:24 ----------------------------- 21:40:24.062 OS Version: Windows 5.1.2600 Service Pack 3 21:40:24.062 Number of processors: 2 586 0xF0D 21:40:24.062 ComputerName: USER-PC1 UserName: User 21:40:25.312 Initialize success 21:40:34.656 AVAST engine defs: 12101501 21:40:37.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e 21:40:37.078 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3 21:40:37.140 Disk 0 MBR read successfully 21:40:37.140 Disk 0 MBR scan 21:40:37.140 Disk 0 Windows XP default MBR code 21:40:37.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63 21:40:37.156 Disk 0 scanning sectors +488392065 21:40:37.281 Disk 0 scanning C:\windows\system32\drivers 21:40:55.656 Service scanning 21:41:09.218 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32 21:41:13.375 Modules scanning 21:41:34.359 Disk 0 trace - called modules: 21:41:34.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppy.sys >>UNKNOWN [0x8b1e6938]<< 21:41:34.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b15fab8] 21:41:34.390 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8b1619e8] 21:41:34.390 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b14b940] 21:41:35.546 AVAST engine scan C:\windows 21:42:02.625 AVAST engine scan C:\windows\system32 21:48:33.171 AVAST engine scan C:\windows\system32\drivers 21:49:33.828 AVAST engine scan C:\Documents and Settings\User 22:17:46.125 AVAST engine scan C:\Documents and Settings\All Users 22:24:16.906 Scan finished successfully 22:25:59.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 22:25:59.015 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
  7. chimeria
    Here's the aswMBR report aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-10-15 21:03:25 ----------------------------- 21:03:25.671 OS Version: Windows 5.1.2600 Service Pack 3 21:03:25.671 Number of processors: 2 586 0xF0D 21:03:25.671 ComputerName: USER-PC1 UserName: User 21:03:26.609 Initialize success 21:05:30.859 AVAST engine defs: 12101501 21:05:37.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e 21:05:37.640 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3 21:05:37.703 Disk 0 MBR read successfully 21:05:37.703 Disk 0 MBR scan 21:05:37.750 Disk 0 Windows XP default MBR code 21:05:37.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63 21:05:37.765 Disk 0 scanning sectors +488392065 21:05:37.890 Disk 0 scanning C:\windows\system32\drivers 21:05:51.562 Service scanning 21:06:05.468 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32 21:06:09.750 Modules scanning 21:06:14.437 Disk 0 trace - called modules: 21:06:14.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppy.sys >>UNKNOWN [0x8b1e6938]<< 21:06:14.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b15fab8] 21:06:14.468 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8b1619e8] 21:06:14.468 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b14b940] 21:06:15.890 AVAST engine scan C:\windows 21:06:21.781 AVAST engine scan C:\windows\system32 21:09:52.937 AVAST engine scan C:\windows\system32\drivers 21:10:18.703 AVAST engine scan C:\Documents and Settings\User 21:13:53.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat" 21:13:53.906 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
  8. chimeria
    Here's the DDS and Attach.txt. What am I looking for? DDS (Ver_2012-10-14.05) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35 Run by User at 20:58:44 on 2012-10-15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\windows\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\ctfmon.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\windows\system32\wuauclt.exe C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe C:\windows\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\windows\System32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\svchost.exe -k LocalService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - <no file> IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227385088917 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{CBC1FC40-FCE0-4287-BC3C-473CFCA9CBD7} : DHCPNameServer = 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\plugins\np-mswmp.dll FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npOGPPlugin.dll FF - plugin: c:\windows\system32\npptools.dll FF - plugin: c:\windows\system32\npwmsdrm.dll FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} . ---- FIREFOX POLICIES ---- FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25:36 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . FF - user.js: extensions.autoDisableScopes - 14 . . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 237408] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 27496] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250808] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-12-12 1691480] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 115168] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 XDva310;XDva310;\??\c:\windows\system32\xdva310.sys --> c:\windows\system32\XDva310.sys [?] S3 XDva321;XDva321;\??\c:\windows\system32\xdva321.sys --> c:\windows\system32\XDva321.sys [?] S3 XDva323;XDva323;\??\c:\windows\system32\xdva323.sys --> c:\windows\system32\XDva323.sys [?] S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?] S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?] S3 XDva342;XDva342;\??\c:\windows\system32\xdva342.sys --> c:\windows\system32\XDva342.sys [?] S3 XDva345;XDva345;\??\c:\windows\system32\xdva345.sys --> c:\windows\system32\XDva345.sys [?] S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?] S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?] S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?] S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?] S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?] S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?] S3 XDva361;XDva361;\??\c:\windows\system32\xdva361.sys --> c:\windows\system32\XDva361.sys [?] S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?] S3 XDva366;XDva366;\??\c:\windows\system32\xdva366.sys --> c:\windows\system32\XDva366.sys [?] S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?] S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?] S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?] S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?] S3 XDva384;XDva384;\??\c:\windows\system32\xdva384.sys --> c:\windows\system32\XDva384.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?] S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?] S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?] S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?] S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?] S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?] S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?] S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?] S3 XDva399;XDva399;\??\c:\windows\system32\xdva399.sys --> c:\windows\system32\XDva399.sys [?] S3 XDva400;XDva400;\??\c:\windows\system32\xdva400.sys --> c:\windows\system32\XDva400.sys [?] . =============== File Associations =============== . ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1" . =============== Created Last 30 ================ . 2012-10-15 00:41:40 -------- d-----w- c:\documents and settings\all users\application data\IBUpdaterService 2012-10-15 00:16:20 -------- d-----w- c:\documents and settings\all users\application data\Sophos 2012-09-27 21:02:58 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL 2012-09-27 21:00:07 -------- d-----w- c:\documents and settings\all users\application data\iolo 2012-09-27 20:57:16 -------- d-----w- c:\program files\CCleaner . ==================== Find3M ==================== . 2012-10-08 23:42:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-08 23:42:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-04 01:08:40 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 22:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec 2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys . ============= FINISH: 20:59:50.07 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/15/2007 5:34:43 AM System Uptime: 10/15/2012 8:53:09 PM (0 hours ago) . Motherboard: Acer | | Acadia Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | uPGA-478 | 1862/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 233 GiB total, 13.766 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1074: 7/18/2012 8:22:41 AM - System Checkpoint RP1075: 7/20/2012 11:02:26 AM - System Checkpoint RP1076: 7/22/2012 11:30:13 AM - System Checkpoint RP1077: 7/26/2012 2:52:32 PM - System Checkpoint RP1078: 7/27/2012 4:51:03 PM - System Checkpoint RP1079: 7/31/2012 9:15:05 AM - System Checkpoint RP1080: 8/1/2012 9:38:51 AM - System Checkpoint RP1081: 8/3/2012 2:24:18 PM - System Checkpoint RP1082: 8/6/2012 10:55:11 PM - System Checkpoint RP1083: 8/8/2012 5:39:36 PM - System Checkpoint RP1084: 8/12/2012 11:41:35 AM - System Checkpoint RP1085: 8/13/2012 12:09:23 PM - System Checkpoint RP1086: 8/15/2012 9:34:47 AM - System Checkpoint RP1087: 8/15/2012 11:03:09 PM - Software Distribution Service 3.0 RP1088: 8/18/2012 7:50:59 AM - System Checkpoint RP1089: 8/20/2012 6:25:48 AM - System Checkpoint RP1090: 8/23/2012 5:57:50 AM - System Checkpoint RP1091: 8/24/2012 3:26:05 PM - System Checkpoint RP1092: 8/26/2012 6:54:24 PM - System Checkpoint RP1093: 8/30/2012 5:23:11 PM - System Checkpoint RP1094: 9/1/2012 8:15:46 PM - Installed Java 6 Update 35 RP1095: 9/4/2012 6:03:59 PM - System Checkpoint RP1096: 9/5/2012 6:45:48 PM - System Checkpoint RP1097: 9/6/2012 8:21:24 PM - System Checkpoint RP1098: 9/8/2012 1:46:43 PM - System Checkpoint RP1099: 9/9/2012 6:02:35 PM - System Checkpoint RP1100: 9/11/2012 6:35:23 PM - System Checkpoint RP1101: 9/11/2012 8:10:40 PM - Software Distribution Service 3.0 RP1102: 9/15/2012 5:48:36 PM - System Checkpoint RP1103: 9/22/2012 12:54:58 PM - System Checkpoint RP1104: 9/25/2012 11:27:23 PM - Software Distribution Service 3.0 RP1105: 9/27/2012 5:55:36 PM - System Checkpoint RP1106: 9/30/2012 1:03:08 PM - System Checkpoint RP1107: 10/3/2012 3:47:49 PM - System Checkpoint RP1108: 10/6/2012 12:10:18 PM - System Checkpoint RP1109: 10/7/2012 2:17:11 PM - System Checkpoint RP1110: 10/10/2012 12:41:57 AM - System Checkpoint RP1111: 10/10/2012 10:21:59 PM - Software Distribution Service 3.0 RP1112: 10/13/2012 12:48:28 PM - System Checkpoint RP1113: 10/14/2012 4:28:33 PM - System Checkpoint RP1114: 10/14/2012 8:16:01 PM - Installed Sophos Virus Removal Tool. RP1115: 10/14/2012 8:24:50 PM - Removed Sophos Virus Removal Tool. . ==== Installed Programs ====================== . µTorrent Acer Crystal Eye webcam Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Agere Systems HDA Modem ALPS Touch Pad Driver Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program AVG 2012 Bass Audio Decoder (remove only) CCleaner CD Audio Reader Filter (remove only) Combined Community Codec Pack 2011-07-30 Cross Fire En DCoder Image Source (remove only) DirectVobSub (remove only) DVD Suite DVDVideoSoftTB Toolbar FFMPEG Core Files (remove only) Free YouTube to MP3 Converter version 3.11.19.412 Gabest MPEG Splitter (remove only) Haali Media Splitter HDAUDIO Soft Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB2756822) Intel® Graphics Media Accelerator Driver Java Auto Updater Java 6 Update 35 Junk Mail filter update Launch Manager Macromedia Shockwave Player Malwarebytes Anti-Malware version 1.65.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Standard 2006 Editor Microsoft Digital Image Standard 2006 Library Microsoft Digital Image Standard 2006 Update Microsoft Office File Validation Add-In Microsoft Office Professional Edition 2003 Microsoft Reader Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft Works Suite 2006 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word MONOGRAM AMR Splitter/Decoder (remove only) Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 6 Service Pack 2 (KB954459) Nero 7 Essentials OpenSource AVI Splitter (remove only) OpenSource DTS/AC3/DD+ Source Filter (remove only) PowerDVD PowerProducer Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB2586448) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB2744842) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Internet Explorer 8 (KB974455) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2724197) Security Update for Windows XP (KB2731847) Segoe UI SHOUTcast Source (remove only) Skype™ 5.10 Software Update for Web Folders System Requirements Lab Unlocker 1.8.9 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB2362765) Update for Windows Internet Explorer 8 (KB2447568) Update for Windows Internet Explorer 8 (KB969497) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB976749) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB2641690) Update for Windows XP (KB2661254-v2) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB2749655) Update for Windows XP (KB971029) WeatherEye Windows Imaging Component Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer Windows Rights Management Client Backwards Compatibility SP2 Windows Rights Management Client with Service Pack 2 Windows XP Service Pack 3 WinRAR archiver Works Upgrade Xfire (remove only) . ==== Event Viewer Messages From Past Week ======== . 10/8/2012 6:03:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001FE2A93501 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). 10/14/2012 8:17:57 PM, error: Service Control Manager [7034] - The Sophos Virus Removal Tool service terminated unexpectedly. It has done this 1 time(s). 10/12/2012 4:09:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} 10/11/2012 3:28:10 PM, error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application. . ==== End Of File ===========================
  9. chimeria
    Just did a full scan from Malwarebytes, now it's constantly picking up multiple "adware.gameplaylabs" still didn't feel any effect on computer performance as of yet but I deleted them and they are still popping up. Help please. Thank you.
  10. chimeria
    Hi, I'm trying to figure out if this is a real file or not. Since my last windows update, AVG has been detecting this file windows\system32\drivers\spxp.sys as a rootkit, and yet when I ran malwarebytes, there wasn't any. Searching the file name on google didn't turned up anything concrete. Is this an actual system file or a malware? If so, how can I remove it? It doesn't seem to be affecting the system or web browsing, but I'm worried it might be a potential time bomb. Thanks for the help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.