chimeria
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by chimeria
-
-
This is the log:
ComboFix 12-10-17.05 - User 10/17/2012 18:14:49.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Files\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
c:\program files\dvdvideosofttb\prxtbDVD0.dll
c:\windows\system32\Desktop_.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-09-17 to 2012-10-17 )))))))))))))))))))))))))))))))
.
.
2012-10-17 22:11 . 2012-10-17 22:11 -------- d-----w- c:\program files\Common Files\Java
2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 19:32 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-07 21:04 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?]
S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel
IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-17 18:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-17 18:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0,
75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\
"??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6,
bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\
"rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-10-17 18:24:36
ComboFix-quarantined-files.txt 2012-10-17 22:24
ComboFix2.txt 2012-10-16 22:37
.
Pre-Run: 13,688,877,056 bytes free
Post-Run: 13,693,468,672 bytes free
.
- - End Of File - - 18557CE617DFD9CD67594C8213F0338A
-
Hi
Couldn't install recovery console, it said Boot partition fails to enumberate. But I still continued ...
(this program also gave me a blue screen od death, this log was created a second time)
ComboFix 12-10-16.02 - User 10/16/2012 18:28:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2538 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\Files\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20111123.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.txt
c:\documents and settings\User\Application Data\PriceGong\Data\407.txt
c:\documents and settings\User\Application Data\PriceGong\Data\4256.txt
c:\documents and settings\User\Application Data\PriceGong\Data\a.txt
c:\documents and settings\User\Application Data\PriceGong\Data\b.txt
c:\documents and settings\User\Application Data\PriceGong\Data\c.txt
c:\documents and settings\User\Application Data\PriceGong\Data\d.txt
c:\documents and settings\User\Application Data\PriceGong\Data\e.txt
c:\documents and settings\User\Application Data\PriceGong\Data\f.txt
c:\documents and settings\User\Application Data\PriceGong\Data\g.txt
c:\documents and settings\User\Application Data\PriceGong\Data\h.txt
c:\documents and settings\User\Application Data\PriceGong\Data\i.txt
c:\documents and settings\User\Application Data\PriceGong\Data\j.txt
c:\documents and settings\User\Application Data\PriceGong\Data\k.txt
c:\documents and settings\User\Application Data\PriceGong\Data\l.txt
c:\documents and settings\User\Application Data\PriceGong\Data\m.txt
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.txt
c:\documents and settings\User\Application Data\PriceGong\Data\o.txt
c:\documents and settings\User\Application Data\PriceGong\Data\p.txt
c:\documents and settings\User\Application Data\PriceGong\Data\q.txt
c:\documents and settings\User\Application Data\PriceGong\Data\r.txt
c:\documents and settings\User\Application Data\PriceGong\Data\s.txt
c:\documents and settings\User\Application Data\PriceGong\Data\t.txt
c:\documents and settings\User\Application Data\PriceGong\Data\u.txt
c:\documents and settings\User\Application Data\PriceGong\Data\v.txt
c:\documents and settings\User\Application Data\PriceGong\Data\w.txt
c:\documents and settings\User\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\User\Application Data\PriceGong\Data\x.txt
c:\documents and settings\User\Application Data\PriceGong\Data\y.txt
c:\documents and settings\User\Application Data\PriceGong\Data\z.txt
c:\documents and settings\User\My Documents\TEMP_PRJ.TMP
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\303ca02d15f90324.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\aef0891022d6fa28.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\ebf6f5787a3d9993.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\msstdfmt.dll
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 00:24 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 22:39 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?]
S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?]
S3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel
IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-16 18:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0,
75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\
"??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6,
bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\
"rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-10-16 18:37:52
ComboFix-quarantined-files.txt 2012-10-16 22:37
.
Pre-Run: 14,196,944,896 bytes free
Post-Run: 14,231,109,632 bytes free
.
- - End Of File - - 2A978E0DBD0F04EBDC614DED047CD90E
-
It's very tempting to move it to quarantine, you know.
-
The TDSSKiller Scan:
22:27:30.0703 1348 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
22:27:31.0000 1348 ============================================================
22:27:31.0000 1348 Current date / time: 2012/10/15 22:27:31.0000
22:27:31.0000 1348 SystemInfo:
22:27:31.0000 1348
22:27:31.0000 1348 OS Version: 5.1.2600 ServicePack: 3.0
22:27:31.0000 1348 Product type: Workstation
22:27:31.0000 1348 ComputerName: USER-PC1
22:27:31.0000 1348 UserName: User
22:27:31.0000 1348 Windows directory: C:\windows
22:27:31.0000 1348 System windows directory: C:\windows
22:27:31.0000 1348 Processor architecture: Intel x86
22:27:31.0000 1348 Number of processors: 2
22:27:31.0000 1348 Page size: 0x1000
22:27:31.0000 1348 Boot type: Normal boot
22:27:31.0000 1348 ============================================================
22:27:32.0859 1348 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:27:32.0859 1348 ============================================================
22:27:32.0859 1348 \Device\Harddisk0\DR0:
22:27:32.0859 1348 MBR partitions:
22:27:32.0859 1348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
22:27:32.0859 1348 ============================================================
22:27:32.0890 1348 C: <-> \Device\Harddisk0\DR0\Partition1
22:27:32.0890 1348 ============================================================
22:27:32.0890 1348 Initialize success
22:27:32.0890 1348 ============================================================
22:27:49.0593 2532 ============================================================
22:27:49.0593 2532 Scan started
22:27:49.0593 2532 Mode: Manual; TDLFS;
22:27:49.0593 2532 ============================================================
22:27:50.0515 2532 ================ Scan system memory ========================
22:27:50.0515 2532 System memory - ok
22:27:50.0515 2532 ================ Scan services =============================
22:27:50.0609 2532 Abiosdsk - ok
22:27:50.0625 2532 abp480n5 - ok
22:27:50.0687 2532 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
22:27:50.0687 2532 ACPI - ok
22:27:50.0718 2532 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\windows\system32\DRIVERS\ACPIEC.sys
22:27:50.0718 2532 ACPIEC - ok
22:27:50.0796 2532 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:50.0812 2532 AdobeFlashPlayerUpdateSvc - ok
22:27:50.0812 2532 adpu160m - ok
22:27:50.0859 2532 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\windows\system32\drivers\aec.sys
22:27:50.0875 2532 aec - ok
22:27:50.0921 2532 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\windows\System32\drivers\afd.sys
22:27:50.0921 2532 AFD - ok
22:27:50.0968 2532 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
22:27:50.0984 2532 AgereModemAudio - ok
22:27:51.0031 2532 [ D31D1A92479BD8C0D050A6FFBDD410D9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
22:27:51.0062 2532 AgereSoftModem - ok
22:27:51.0078 2532 Aha154x - ok
22:27:51.0078 2532 aic78u2 - ok
22:27:51.0093 2532 aic78xx - ok
22:27:51.0125 2532 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\windows\system32\alrsvc.dll
22:27:51.0125 2532 Alerter - ok
22:27:51.0156 2532 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\windows\System32\alg.exe
22:27:51.0156 2532 ALG - ok
22:27:51.0156 2532 AliIde - ok
22:27:51.0250 2532 [ 267FC636801EDC5AB28E14036349E3BE ] Ambfilt C:\windows\system32\drivers\Ambfilt.sys
22:27:51.0296 2532 Ambfilt - ok
22:27:51.0296 2532 amsint - ok
22:27:51.0328 2532 [ D1151A660321DE683E13FD16029092EA ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
22:27:51.0343 2532 ApfiltrService - ok
22:27:51.0390 2532 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\windows\System32\appmgmts.dll
22:27:51.0390 2532 AppMgmt - ok
22:27:51.0421 2532 [ 6D5F95602B8D0D994D31A864872B38EF ] AR5211 C:\windows\system32\DRIVERS\ar5211.sys
22:27:51.0437 2532 AR5211 - ok
22:27:51.0546 2532 [ C413E2E549488A5F1969DECB5B03187A ] AR5416 C:\windows\system32\DRIVERS\athw.sys
22:27:51.0625 2532 AR5416 - ok
22:27:51.0640 2532 asc - ok
22:27:51.0640 2532 asc3350p - ok
22:27:51.0656 2532 asc3550 - ok
22:27:51.0812 2532 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:27:51.0828 2532 aspnet_state - ok
22:27:51.0828 2532 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
22:27:51.0843 2532 AsyncMac - ok
22:27:51.0859 2532 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\windows\system32\DRIVERS\atapi.sys
22:27:51.0859 2532 atapi - ok
22:27:51.0875 2532 Atdisk - ok
22:27:51.0906 2532 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\windows\system32\DRIVERS\atmarpc.sys
22:27:51.0906 2532 Atmarpc - ok
22:27:51.0953 2532 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\windows\System32\audiosrv.dll
22:27:51.0953 2532 AudioSrv - ok
22:27:52.0000 2532 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\windows\system32\DRIVERS\audstub.sys
22:27:52.0000 2532 audstub - ok
22:27:52.0312 2532 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
22:27:52.0468 2532 AVGIDSAgent - ok
22:27:52.0515 2532 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys
22:27:52.0515 2532 AVGIDSDriver - ok
22:27:52.0546 2532 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys
22:27:52.0546 2532 AVGIDSFilter - ok
22:27:52.0562 2532 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys
22:27:52.0562 2532 AVGIDSHX - ok
22:27:52.0593 2532 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys
22:27:52.0593 2532 AVGIDSShim - ok
22:27:52.0625 2532 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys
22:27:52.0640 2532 Avgldx86 - ok
22:27:52.0640 2532 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys
22:27:52.0640 2532 Avgmfx86 - ok
22:27:52.0656 2532 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys
22:27:52.0656 2532 Avgrkx86 - ok
22:27:52.0718 2532 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys
22:27:52.0718 2532 Avgtdix - ok
22:27:52.0765 2532 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\windows\system32\drivers\avgtpx86.sys
22:27:52.0765 2532 avgtp - ok
22:27:52.0796 2532 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
22:27:52.0796 2532 avgwd - ok
22:27:52.0843 2532 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\windows\system32\DRIVERS\b57xp32.sys
22:27:52.0859 2532 b57w2k - ok
22:27:52.0921 2532 [ E22ABCAA7B6FF580FEB0D49545DC4263 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
22:27:52.0953 2532 BCM43XX - ok
22:27:52.0984 2532 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\windows\system32\drivers\Beep.sys
22:27:52.0984 2532 Beep - ok
22:27:53.0062 2532 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
22:27:53.0062 2532 BITS - ok
22:27:53.0125 2532 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\windows\System32\browser.dll
22:27:53.0125 2532 Browser - ok
22:27:53.0171 2532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\windows\system32\drivers\cbidf2k.sys
22:27:53.0171 2532 cbidf2k - ok
22:27:53.0203 2532 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\windows\system32\DRIVERS\CCDECODE.sys
22:27:53.0203 2532 CCDECODE - ok
22:27:53.0203 2532 cd20xrnt - ok
22:27:53.0234 2532 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\windows\system32\drivers\Cdaudio.sys
22:27:53.0234 2532 Cdaudio - ok
22:27:53.0250 2532 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\windows\system32\drivers\Cdfs.sys
22:27:53.0250 2532 Cdfs - ok
22:27:53.0265 2532 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\windows\system32\DRIVERS\cdrom.sys
22:27:53.0265 2532 Cdrom - ok
22:27:53.0265 2532 Changer - ok
22:27:53.0296 2532 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\windows\system32\cisvc.exe
22:27:53.0296 2532 CiSvc - ok
22:27:53.0328 2532 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\windows\system32\clipsrv.exe
22:27:53.0328 2532 ClipSrv - ok
22:27:53.0406 2532 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:53.0421 2532 clr_optimization_v2.0.50727_32 - ok
22:27:53.0468 2532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:53.0484 2532 clr_optimization_v4.0.30319_32 - ok
22:27:53.0515 2532 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
22:27:53.0515 2532 CmBatt - ok
22:27:53.0531 2532 CmdIde - ok
22:27:53.0531 2532 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
22:27:53.0531 2532 Compbatt - ok
22:27:53.0546 2532 COMSysApp - ok
22:27:53.0546 2532 Cpqarray - ok
22:27:53.0578 2532 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\windows\System32\cryptsvc.dll
22:27:53.0578 2532 CryptSvc - ok
22:27:53.0593 2532 dac2w2k - ok
22:27:53.0593 2532 dac960nt - ok
22:27:53.0656 2532 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\windows\system32\rpcss.dll
22:27:53.0671 2532 DcomLaunch - ok
22:27:53.0687 2532 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\windows\System32\dhcpcsvc.dll
22:27:53.0687 2532 Dhcp - ok
22:27:53.0687 2532 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\windows\system32\DRIVERS\disk.sys
22:27:53.0687 2532 Disk - ok
22:27:53.0734 2532 [ 060DB81DFB79C8244EB65D10B6C7873F ] DKbFltr C:\windows\system32\DRIVERS\DKbFltr.sys
22:27:53.0750 2532 DKbFltr - ok
22:27:53.0750 2532 dmadmin - ok
22:27:53.0796 2532 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\windows\system32\drivers\dmboot.sys
22:27:53.0812 2532 dmboot - ok
22:27:53.0828 2532 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\windows\system32\drivers\dmio.sys
22:27:53.0828 2532 dmio - ok
22:27:53.0843 2532 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\windows\system32\drivers\dmload.sys
22:27:53.0843 2532 dmload - ok
22:27:53.0859 2532 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\windows\System32\dmserver.dll
22:27:53.0859 2532 dmserver - ok
22:27:53.0890 2532 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\windows\system32\drivers\DMusic.sys
22:27:53.0890 2532 DMusic - ok
22:27:53.0921 2532 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\windows\System32\dnsrslvr.dll
22:27:53.0921 2532 Dnscache - ok
22:27:53.0937 2532 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\windows\System32\dot3svc.dll
22:27:53.0937 2532 Dot3svc - ok
22:27:53.0953 2532 dpti2o - ok
22:27:53.0968 2532 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
22:27:53.0968 2532 drmkaud - ok
22:27:54.0000 2532 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\windows\System32\eapsvc.dll
22:27:54.0000 2532 EapHost - ok
22:27:54.0015 2532 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\windows\System32\ersvc.dll
22:27:54.0015 2532 ERSvc - ok
22:27:54.0078 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\windows\system32\services.exe
22:27:54.0078 2532 Eventlog - ok
22:27:54.0140 2532 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
22:27:54.0140 2532 EventSystem - ok
22:27:54.0203 2532 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\windows\system32\drivers\Fastfat.sys
22:27:54.0203 2532 Fastfat - ok
22:27:54.0250 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\windows\System32\shsvcs.dll
22:27:54.0265 2532 FastUserSwitchingCompatibility - ok
22:27:54.0265 2532 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\windows\system32\drivers\Fdc.sys
22:27:54.0265 2532 Fdc - ok
22:27:54.0281 2532 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\windows\system32\drivers\Fips.sys
22:27:54.0281 2532 Fips - ok
22:27:54.0312 2532 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\windows\system32\drivers\Flpydisk.sys
22:27:54.0312 2532 Flpydisk - ok
22:27:54.0343 2532 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
22:27:54.0359 2532 FltMgr - ok
22:27:54.0406 2532 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:27:54.0406 2532 FontCache3.0.0.0 - ok
22:27:54.0421 2532 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
22:27:54.0421 2532 Fs_Rec - ok
22:27:54.0453 2532 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\windows\system32\DRIVERS\ftdisk.sys
22:27:54.0453 2532 Ftdisk - ok
22:27:54.0500 2532 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\windows\system32\DRIVERS\msgpc.sys
22:27:54.0500 2532 Gpc - ok
22:27:54.0515 2532 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
22:27:54.0515 2532 HDAudBus - ok
22:27:54.0593 2532 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:27:54.0593 2532 helpsvc - ok
22:27:54.0593 2532 HidServ - ok
22:27:54.0625 2532 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
22:27:54.0625 2532 HidUsb - ok
22:27:54.0671 2532 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\windows\System32\kmsvc.dll
22:27:54.0671 2532 hkmsvc - ok
22:27:54.0671 2532 hpn - ok
22:27:54.0718 2532 [ 6A5C4732D6803F84E2987EDD8E4359CE ] HSFHWAZL C:\windows\system32\DRIVERS\HSFHWAZL.sys
22:27:54.0718 2532 HSFHWAZL - ok
22:27:54.0765 2532 [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7 ] HSF_DPV C:\windows\system32\DRIVERS\HSX_DPV.sys
22:27:54.0796 2532 HSF_DPV - ok
22:27:54.0828 2532 [ 194BC52FC0F53E540FAF9DE8A9C05255 ] HSXHWAZL C:\windows\system32\DRIVERS\HSXHWAZL.sys
22:27:54.0828 2532 HSXHWAZL - ok
22:27:54.0875 2532 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\windows\system32\Drivers\HTTP.sys
22:27:54.0890 2532 HTTP - ok
22:27:54.0937 2532 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\windows\System32\w3ssl.dll
22:27:54.0937 2532 HTTPFilter - ok
22:27:54.0937 2532 i2omgmt - ok
22:27:54.0953 2532 i2omp - ok
22:27:55.0000 2532 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
22:27:55.0000 2532 i8042prt - ok
22:27:55.0250 2532 [ 9ACB03875CFE068D5CC0E98FB2CF7017 ] ialm C:\windows\system32\DRIVERS\igxpmp32.sys
22:27:55.0437 2532 ialm - ok
22:27:55.0531 2532 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:27:55.0531 2532 IDriverT - ok
22:27:55.0593 2532 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:27:55.0625 2532 idsvc - ok
22:27:55.0640 2532 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\windows\system32\DRIVERS\imapi.sys
22:27:55.0640 2532 Imapi - ok
22:27:55.0687 2532 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:27:55.0687 2532 ImapiService - ok
22:27:55.0703 2532 ini910u - ok
22:27:55.0953 2532 [ 4517FD80B6D734D99AC4B1578443D1D9 ] IntcAzAudAddService C:\windows\system32\drivers\RtkHDAud.sys
22:27:56.0156 2532 IntcAzAudAddService - ok
22:27:56.0156 2532 IntelIde - ok
22:27:56.0218 2532 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
22:27:56.0218 2532 intelppm - ok
22:27:56.0265 2532 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\windows\system32\drivers\ip6fw.sys
22:27:56.0265 2532 Ip6Fw - ok
22:27:56.0296 2532 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
22:27:56.0296 2532 IpFilterDriver - ok
22:27:56.0312 2532 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\windows\system32\DRIVERS\ipinip.sys
22:27:56.0328 2532 IpInIp - ok
22:27:56.0359 2532 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\windows\system32\DRIVERS\ipnat.sys
22:27:56.0359 2532 IpNat - ok
22:27:56.0406 2532 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\windows\system32\DRIVERS\ipsec.sys
22:27:56.0406 2532 IPSec - ok
22:27:56.0437 2532 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\windows\system32\DRIVERS\irenum.sys
22:27:56.0437 2532 IRENUM - ok
22:27:56.0468 2532 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
22:27:56.0468 2532 isapnp - ok
22:27:56.0562 2532 [ 0E410EDC8D0527801B899CF29E60597C ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
22:27:56.0562 2532 JavaQuickStarterService - ok
22:27:56.0578 2532 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
22:27:56.0578 2532 Kbdclass - ok
22:27:56.0640 2532 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\windows\system32\drivers\kmixer.sys
22:27:56.0640 2532 kmixer - ok
22:27:56.0671 2532 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\windows\system32\drivers\KSecDD.sys
22:27:56.0671 2532 KSecDD - ok
22:27:56.0687 2532 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\windows\System32\srvsvc.dll
22:27:56.0687 2532 lanmanserver - ok
22:27:56.0718 2532 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\windows\System32\wkssvc.dll
22:27:56.0734 2532 lanmanworkstation - ok
22:27:56.0734 2532 lbrtfdc - ok
22:27:56.0781 2532 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\windows\System32\lmhsvc.dll
22:27:56.0781 2532 LmHosts - ok
22:27:56.0875 2532 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
22:27:56.0875 2532 MDM - ok
22:27:56.0921 2532 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\windows\system32\DRIVERS\mdmxsdk.sys
22:27:56.0921 2532 mdmxsdk - ok
22:27:56.0968 2532 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\windows\System32\msgsvc.dll
22:27:56.0968 2532 Messenger - ok
22:27:57.0015 2532 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\windows\system32\drivers\mnmdd.sys
22:27:57.0015 2532 mnmdd - ok
22:27:57.0046 2532 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:27:57.0046 2532 mnmsrvc - ok
22:27:57.0093 2532 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\windows\system32\drivers\Modem.sys
22:27:57.0093 2532 Modem - ok
22:27:57.0171 2532 [ C7D9F9717916B34C1B00DD4834AF485C ] Monfilt C:\windows\system32\drivers\Monfilt.sys
22:27:57.0218 2532 Monfilt - ok
22:27:57.0234 2532 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\windows\system32\DRIVERS\mouclass.sys
22:27:57.0250 2532 Mouclass - ok
22:27:57.0296 2532 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
22:27:57.0296 2532 mouhid - ok
22:27:57.0312 2532 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\windows\system32\drivers\MountMgr.sys
22:27:57.0312 2532 MountMgr - ok
22:27:57.0375 2532 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:27:57.0375 2532 MozillaMaintenance - ok
22:27:57.0375 2532 mraid35x - ok
22:27:57.0406 2532 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\windows\system32\DRIVERS\mrxdav.sys
22:27:57.0421 2532 MRxDAV - ok
22:27:57.0453 2532 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\windows\system32\DRIVERS\mrxsmb.sys
22:27:57.0468 2532 MRxSmb - ok
22:27:57.0515 2532 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:27:57.0515 2532 MSDTC - ok
22:27:57.0562 2532 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\windows\system32\drivers\Msfs.sys
22:27:57.0562 2532 Msfs - ok
22:27:57.0562 2532 MSIServer - ok
22:27:57.0578 2532 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
22:27:57.0578 2532 MSKSSRV - ok
22:27:57.0609 2532 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
22:27:57.0609 2532 MSPCLOCK - ok
22:27:57.0625 2532 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\windows\system32\drivers\MSPQM.sys
22:27:57.0625 2532 MSPQM - ok
22:27:57.0656 2532 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
22:27:57.0656 2532 mssmbios - ok
22:27:57.0687 2532 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\windows\system32\drivers\MSTEE.sys
22:27:57.0687 2532 MSTEE - ok
22:27:57.0703 2532 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\windows\system32\drivers\Mup.sys
22:27:57.0718 2532 Mup - ok
22:27:57.0734 2532 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\windows\system32\DRIVERS\NABTSFEC.sys
22:27:57.0734 2532 NABTSFEC - ok
22:27:57.0765 2532 [ 0102140028FAD045756796E1C685D695 ] napagent C:\windows\System32\qagentrt.dll
22:27:57.0765 2532 napagent - ok
22:27:57.0859 2532 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:27:57.0890 2532 NBService - ok
22:27:57.0937 2532 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\windows\system32\drivers\NDIS.sys
22:27:57.0937 2532 NDIS - ok
22:27:57.0968 2532 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\windows\system32\DRIVERS\NdisIP.sys
22:27:57.0968 2532 NdisIP - ok
22:27:58.0000 2532 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
22:27:58.0000 2532 NdisTapi - ok
22:27:58.0015 2532 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
22:27:58.0015 2532 Ndisuio - ok
22:27:58.0031 2532 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
22:27:58.0031 2532 NdisWan - ok
22:27:58.0046 2532 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\windows\system32\drivers\NDProxy.sys
22:27:58.0046 2532 NDProxy - ok
22:27:58.0062 2532 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
22:27:58.0062 2532 NetBIOS - ok
22:27:58.0078 2532 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\windows\system32\DRIVERS\netbt.sys
22:27:58.0078 2532 NetBT - ok
22:27:58.0140 2532 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\windows\system32\netdde.exe
22:27:58.0140 2532 NetDDE - ok
22:27:58.0140 2532 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\windows\system32\netdde.exe
22:27:58.0156 2532 NetDDEdsdm - ok
22:27:58.0187 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\windows\system32\lsass.exe
22:27:58.0187 2532 Netlogon - ok
22:27:58.0234 2532 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\windows\System32\netman.dll
22:27:58.0250 2532 Netman - ok
22:27:58.0296 2532 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:27:58.0296 2532 NetTcpPortSharing - ok
22:27:58.0343 2532 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\windows\System32\mswsock.dll
22:27:58.0343 2532 Nla - ok
22:27:58.0468 2532 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
22:27:58.0468 2532 NMIndexingService - ok
22:27:58.0500 2532 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\windows\system32\drivers\Npfs.sys
22:27:58.0500 2532 Npfs - ok
22:27:58.0531 2532 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
22:27:58.0531 2532 Ntfs - ok
22:27:58.0546 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\windows\system32\lsass.exe
22:27:58.0546 2532 NtLmSsp - ok
22:27:58.0593 2532 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\windows\system32\ntmssvc.dll
22:27:58.0609 2532 NtmsSvc - ok
22:27:58.0640 2532 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\windows\system32\drivers\Null.sys
22:27:58.0640 2532 Null - ok
22:27:58.0671 2532 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\windows\system32\DRIVERS\nwlnkflt.sys
22:27:58.0671 2532 NwlnkFlt - ok
22:27:58.0703 2532 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\windows\system32\DRIVERS\nwlnkfwd.sys
22:27:58.0703 2532 NwlnkFwd - ok
22:27:58.0734 2532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:27:58.0750 2532 ose - ok
22:27:58.0796 2532 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\windows\system32\drivers\Parport.sys
22:27:58.0796 2532 Parport - ok
22:27:58.0812 2532 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\windows\system32\drivers\PartMgr.sys
22:27:58.0812 2532 PartMgr - ok
22:27:58.0843 2532 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\windows\system32\drivers\ParVdm.sys
22:27:58.0843 2532 ParVdm - ok
22:27:58.0859 2532 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\windows\system32\DRIVERS\pci.sys
22:27:58.0859 2532 PCI - ok
22:27:58.0859 2532 PCIDump - ok
22:27:58.0890 2532 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\windows\system32\DRIVERS\pciide.sys
22:27:58.0890 2532 PCIIde - ok
22:27:58.0921 2532 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\windows\system32\drivers\Pcmcia.sys
22:27:58.0921 2532 Pcmcia - ok
22:27:58.0921 2532 PDCOMP - ok
22:27:58.0921 2532 PDFRAME - ok
22:27:58.0937 2532 PDRELI - ok
22:27:58.0937 2532 PDRFRAME - ok
22:27:58.0953 2532 perc2 - ok
22:27:58.0953 2532 perc2hib - ok
22:27:59.0015 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\windows\system32\services.exe
22:27:59.0015 2532 PlugPlay - ok
22:27:59.0031 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\windows\system32\lsass.exe
22:27:59.0031 2532 PolicyAgent - ok
22:27:59.0046 2532 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
22:27:59.0046 2532 PptpMiniport - ok
22:27:59.0046 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\windows\system32\lsass.exe
22:27:59.0046 2532 ProtectedStorage - ok
22:27:59.0046 2532 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\windows\system32\DRIVERS\psched.sys
22:27:59.0062 2532 PSched - ok
22:27:59.0062 2532 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\windows\system32\DRIVERS\ptilink.sys
22:27:59.0062 2532 Ptilink - ok
22:27:59.0093 2532 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
22:27:59.0109 2532 PxHelp20 - ok
22:27:59.0109 2532 ql1080 - ok
22:27:59.0109 2532 Ql10wnt - ok
22:27:59.0125 2532 ql12160 - ok
22:27:59.0125 2532 ql1240 - ok
22:27:59.0140 2532 ql1280 - ok
22:27:59.0171 2532 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
22:27:59.0171 2532 RasAcd - ok
22:27:59.0218 2532 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\windows\System32\rasauto.dll
22:27:59.0218 2532 RasAuto - ok
22:27:59.0250 2532 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
22:27:59.0250 2532 Rasl2tp - ok
22:27:59.0265 2532 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\windows\System32\rasmans.dll
22:27:59.0281 2532 RasMan - ok
22:27:59.0281 2532 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
22:27:59.0281 2532 RasPppoe - ok
22:27:59.0296 2532 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\windows\system32\DRIVERS\raspti.sys
22:27:59.0296 2532 Raspti - ok
22:27:59.0312 2532 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\windows\system32\DRIVERS\rdbss.sys
22:27:59.0312 2532 Rdbss - ok
22:27:59.0328 2532 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
22:27:59.0328 2532 RDPCDD - ok
22:27:59.0328 2532 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\windows\system32\DRIVERS\rdpdr.sys
22:27:59.0343 2532 rdpdr - ok
22:27:59.0375 2532 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
22:27:59.0390 2532 RDPWD - ok
22:27:59.0406 2532 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:27:59.0406 2532 RDSessMgr - ok
22:27:59.0437 2532 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\windows\system32\DRIVERS\redbook.sys
22:27:59.0437 2532 redbook - ok
22:27:59.0468 2532 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\windows\System32\mprdim.dll
22:27:59.0468 2532 RemoteAccess - ok
22:27:59.0500 2532 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\windows\system32\regsvc.dll
22:27:59.0500 2532 RemoteRegistry - ok
22:27:59.0609 2532 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:27:59.0609 2532 RichVideo - ok
22:27:59.0640 2532 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\windows\system32\locator.exe
22:27:59.0640 2532 RpcLocator - ok
22:27:59.0671 2532 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\windows\system32\rpcss.dll
22:27:59.0687 2532 RpcSs - ok
22:27:59.0734 2532 [ 0E11B35E972796042044BC27CE13B065 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
22:27:59.0734 2532 rspndr - ok
22:27:59.0781 2532 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\windows\system32\rsvp.exe
22:27:59.0781 2532 RSVP - ok
22:27:59.0812 2532 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\windows\system32\lsass.exe
22:27:59.0812 2532 SamSs - ok
22:27:59.0843 2532 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\windows\System32\SCardSvr.exe
22:27:59.0859 2532 SCardSvr - ok
22:27:59.0875 2532 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\windows\system32\schedsvc.dll
22:27:59.0890 2532 Schedule - ok
22:27:59.0937 2532 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\windows\system32\DRIVERS\secdrv.sys
22:27:59.0937 2532 Secdrv - ok
22:27:59.0953 2532 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\windows\System32\seclogon.dll
22:27:59.0968 2532 seclogon - ok
22:27:59.0984 2532 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\windows\system32\sens.dll
22:27:59.0984 2532 SENS - ok
22:28:00.0031 2532 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\windows\system32\drivers\Serial.sys
22:28:00.0031 2532 Serial - ok
22:28:00.0125 2532 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\windows\system32\drivers\Sfloppy.sys
22:28:00.0125 2532 Sfloppy - ok
22:28:00.0171 2532 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\windows\System32\ipnathlp.dll
22:28:00.0187 2532 SharedAccess - ok
22:28:00.0187 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\windows\System32\shsvcs.dll
22:28:00.0187 2532 ShellHWDetection - ok
22:28:00.0203 2532 Simbad - ok
22:28:00.0281 2532 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:28:00.0281 2532 SkypeUpdate - ok
22:28:00.0312 2532 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\windows\system32\DRIVERS\SLIP.sys
22:28:00.0312 2532 SLIP - ok
22:28:00.0328 2532 Sparrow - ok
22:28:00.0359 2532 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\windows\system32\drivers\splitter.sys
22:28:00.0359 2532 splitter - ok
22:28:00.0421 2532 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\windows\system32\spoolsv.exe
22:28:00.0421 2532 Spooler - ok
22:28:00.0500 2532 [ 71E276F6D189413266EA22171806597B ] sptd C:\windows\system32\Drivers\sptd.sys
22:28:00.0500 2532 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
22:28:00.0500 2532 sptd ( LockedFile.Multi.Generic ) - warning
22:28:00.0500 2532 sptd - detected LockedFile.Multi.Generic (1)
22:28:00.0531 2532 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\windows\system32\DRIVERS\sr.sys
22:28:00.0531 2532 sr - ok
22:28:00.0546 2532 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
22:28:00.0562 2532 srservice - ok
22:28:00.0578 2532 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\windows\system32\DRIVERS\srv.sys
22:28:00.0578 2532 Srv - ok
22:28:00.0625 2532 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
22:28:00.0625 2532 SSDPSRV - ok
22:28:00.0687 2532 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\windows\system32\wiaservc.dll
22:28:00.0703 2532 stisvc - ok
22:28:00.0750 2532 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\windows\system32\DRIVERS\StreamIP.sys
22:28:00.0750 2532 streamip - ok
22:28:00.0781 2532 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\windows\system32\DRIVERS\swenum.sys
22:28:00.0781 2532 swenum - ok
22:28:00.0781 2532 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\windows\system32\drivers\swmidi.sys
22:28:00.0781 2532 swmidi - ok
22:28:00.0781 2532 SwPrv - ok
22:28:00.0796 2532 symc810 - ok
22:28:00.0796 2532 symc8xx - ok
22:28:00.0812 2532 sym_hi - ok
22:28:00.0812 2532 sym_u3 - ok
22:28:00.0859 2532 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\windows\system32\drivers\sysaudio.sys
22:28:00.0859 2532 sysaudio - ok
22:28:00.0890 2532 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\windows\system32\smlogsvc.exe
22:28:00.0890 2532 SysmonLog - ok
22:28:00.0921 2532 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\windows\System32\tapisrv.dll
22:28:00.0921 2532 TapiSrv - ok
22:28:00.0953 2532 [ D9F19E78F98834CB411D6AD3C68D181A ] Tcpip C:\windows\system32\DRIVERS\tcpip.sys
22:28:00.0953 2532 Tcpip - ok
22:28:00.0984 2532 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\windows\system32\drivers\TDPIPE.sys
22:28:00.0984 2532 TDPIPE - ok
22:28:01.0000 2532 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\windows\system32\drivers\TDTCP.sys
22:28:01.0000 2532 TDTCP - ok
22:28:01.0031 2532 [ 88155247177638048422893737429D9E ] TermDD C:\windows\system32\DRIVERS\termdd.sys
22:28:01.0031 2532 TermDD - ok
22:28:01.0062 2532 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\windows\System32\termsrv.dll
22:28:01.0078 2532 TermService - ok
22:28:01.0093 2532 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\windows\System32\shsvcs.dll
22:28:01.0093 2532 Themes - ok
22:28:01.0140 2532 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:28:01.0140 2532 TlntSvr - ok
22:28:01.0156 2532 TosIde - ok
22:28:01.0171 2532 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\windows\system32\trkwks.dll
22:28:01.0171 2532 TrkWks - ok
22:28:01.0187 2532 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\windows\system32\drivers\Udfs.sys
22:28:01.0187 2532 Udfs - ok
22:28:01.0203 2532 ultra - ok
22:28:01.0265 2532 [ D0CB75386D9E89C864D808D64EC9160F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
22:28:01.0265 2532 UnlockerDriver5 - ok
22:28:01.0312 2532 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\windows\system32\DRIVERS\update.sys
22:28:01.0328 2532 Update - ok
22:28:01.0359 2532 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\windows\System32\upnphost.dll
22:28:01.0359 2532 upnphost - ok
22:28:01.0375 2532 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\windows\System32\ups.exe
22:28:01.0375 2532 UPS - ok
22:28:01.0421 2532 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
22:28:01.0421 2532 usbccgp - ok
22:28:01.0437 2532 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
22:28:01.0437 2532 usbehci - ok
22:28:01.0437 2532 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
22:28:01.0437 2532 usbhub - ok
22:28:01.0468 2532 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
22:28:01.0468 2532 USBSTOR - ok
22:28:01.0500 2532 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
22:28:01.0515 2532 usbuhci - ok
22:28:01.0515 2532 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
22:28:01.0515 2532 usbvideo - ok
22:28:01.0562 2532 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\windows\System32\drivers\vga.sys
22:28:01.0562 2532 VgaSave - ok
22:28:01.0562 2532 ViaIde - ok
22:28:01.0578 2532 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\windows\system32\drivers\VolSnap.sys
22:28:01.0578 2532 VolSnap - ok
22:28:01.0609 2532 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\windows\System32\vssvc.exe
22:28:01.0609 2532 VSS - ok
22:28:01.0718 2532 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
22:28:01.0750 2532 vToolbarUpdater12.2.6 - ok
22:28:01.0812 2532 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
22:28:01.0812 2532 W32Time - ok
22:28:01.0875 2532 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\windows\system32\DRIVERS\w39n51.sys
22:28:01.0921 2532 w39n51 - ok
22:28:01.0937 2532 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\windows\system32\DRIVERS\wanarp.sys
22:28:01.0937 2532 Wanarp - ok
22:28:01.0937 2532 WDICA - ok
22:28:01.0968 2532 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\windows\system32\drivers\wdmaud.sys
22:28:01.0984 2532 wdmaud - ok
22:28:02.0000 2532 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\windows\System32\webclnt.dll
22:28:02.0000 2532 WebClient - ok
22:28:02.0046 2532 [ C9C63410D8CF98F621B9CC62243FB877 ] winachsf C:\windows\system32\DRIVERS\HSX_CNXT.sys
22:28:02.0062 2532 winachsf - ok
22:28:02.0187 2532 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\windows\system32\wbem\WMIsvc.dll
22:28:02.0203 2532 winmgmt - ok
22:28:02.0265 2532 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\windows\system32\WsmSvc.dll
22:28:02.0296 2532 WinRM - ok
22:28:02.0328 2532 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
22:28:02.0343 2532 WmdmPmSN - ok
22:28:02.0390 2532 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\windows\System32\advapi32.dll
22:28:02.0406 2532 Wmi - ok
22:28:02.0421 2532 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
22:28:02.0421 2532 WmiAcpi - ok
22:28:02.0453 2532 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:28:02.0453 2532 WmiApSrv - ok
22:28:02.0546 2532 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
22:28:02.0578 2532 WMPNetworkSvc - ok
22:28:02.0656 2532 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:28:02.0671 2532 WPFFontCache_v0400 - ok
22:28:02.0718 2532 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\windows\System32\drivers\ws2ifsl.sys
22:28:02.0718 2532 WS2IFSL - ok
22:28:02.0765 2532 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\windows\system32\wscsvc.dll
22:28:02.0765 2532 wscsvc - ok
22:28:02.0796 2532 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\windows\system32\DRIVERS\WSTCODEC.SYS
22:28:02.0812 2532 WSTCODEC - ok
22:28:02.0843 2532 [ D29AD7484B98279ED21877DE051A180F ] wuauserv C:\windows\system32\wuauserv.dll
22:28:02.0843 2532 wuauserv - ok
22:28:02.0890 2532 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\windows\system32\DRIVERS\WudfPf.sys
22:28:02.0890 2532 WudfPf - ok
22:28:02.0906 2532 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\windows\system32\DRIVERS\wudfrd.sys
22:28:02.0906 2532 WudfRd - ok
22:28:02.0921 2532 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\windows\System32\WUDFSvc.dll
22:28:02.0921 2532 WudfSvc - ok
22:28:02.0984 2532 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\windows\System32\wzcsvc.dll
22:28:03.0000 2532 WZCSVC - ok
22:28:03.0046 2532 [ 2E579520E114A9CA309F13BF40AD8292 ] XAudio C:\windows\system32\DRIVERS\xaudio.sys
22:28:03.0046 2532 XAudio - ok
22:28:03.0078 2532 [ F82FC2C30A19442B95AE554215837C46 ] XAudioService C:\windows\system32\DRIVERS\xaudio.exe
22:28:03.0078 2532 XAudioService - ok
22:28:03.0093 2532 XDva310 - ok
22:28:03.0093 2532 XDva321 - ok
22:28:03.0140 2532 XDva323 - ok
22:28:03.0140 2532 XDva327 - ok
22:28:03.0156 2532 XDva337 - ok
22:28:03.0156 2532 XDva341 - ok
22:28:03.0156 2532 XDva342 - ok
22:28:03.0171 2532 XDva345 - ok
22:28:03.0171 2532 XDva346 - ok
22:28:03.0187 2532 XDva347 - ok
22:28:03.0187 2532 XDva349 - ok
22:28:03.0203 2532 XDva352 - ok
22:28:03.0203 2532 XDva358 - ok
22:28:03.0203 2532 XDva359 - ok
22:28:03.0218 2532 XDva361 - ok
22:28:03.0218 2532 XDva362 - ok
22:28:03.0234 2532 XDva366 - ok
22:28:03.0234 2532 XDva367 - ok
22:28:03.0250 2532 XDva368 - ok
22:28:03.0250 2532 XDva370 - ok
22:28:03.0250 2532 XDva372 - ok
22:28:03.0265 2532 XDva374 - ok
22:28:03.0265 2532 XDva375 - ok
22:28:03.0281 2532 XDva377 - ok
22:28:03.0281 2532 XDva379 - ok
22:28:03.0296 2532 XDva380 - ok
22:28:03.0296 2532 XDva382 - ok
22:28:03.0296 2532 XDva383 - ok
22:28:03.0312 2532 XDva384 - ok
22:28:03.0312 2532 XDva385 - ok
22:28:03.0328 2532 XDva386 - ok
22:28:03.0328 2532 XDva387 - ok
22:28:03.0343 2532 XDva388 - ok
22:28:03.0343 2532 XDva389 - ok
22:28:03.0343 2532 XDva390 - ok
22:28:03.0359 2532 XDva391 - ok
22:28:03.0359 2532 XDva392 - ok
22:28:03.0375 2532 XDva393 - ok
22:28:03.0375 2532 XDva394 - ok
22:28:03.0390 2532 XDva397 - ok
22:28:03.0390 2532 XDva398 - ok
22:28:03.0390 2532 XDva399 - ok
22:28:03.0406 2532 XDva400 - ok
22:28:03.0468 2532 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\windows\System32\xmlprov.dll
22:28:03.0468 2532 xmlprov - ok
22:28:03.0500 2532 [ 9278A9870D9E919B20EBC17299FBB107 ] yukonwxp C:\windows\system32\DRIVERS\yk51x86.sys
22:28:03.0515 2532 yukonwxp - ok
22:28:03.0546 2532 ================ Scan global ===============================
22:28:03.0578 2532 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\windows\system32\basesrv.dll
22:28:03.0640 2532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
22:28:03.0656 2532 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\windows\system32\winsrv.dll
22:28:03.0718 2532 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\windows\system32\services.exe
22:28:03.0718 2532 [Global] - ok
22:28:03.0718 2532 ================ Scan MBR ==================================
22:28:03.0750 2532 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:28:04.0046 2532 \Device\Harddisk0\DR0 - ok
22:28:04.0046 2532 ================ Scan VBR ==================================
22:28:04.0062 2532 [ 5E245051DE2D2190368D36E1F745FCAC ] \Device\Harddisk0\DR0\Partition1
22:28:04.0062 2532 \Device\Harddisk0\DR0\Partition1 - ok
22:28:04.0062 2532 ============================================================
22:28:04.0062 2532 Scan finished
22:28:04.0062 2532 ============================================================
22:28:04.0078 3804 Detected object count: 1
22:28:04.0078 3804 Actual detected object count: 1
22:28:20.0625 3804 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:28:20.0625 3804 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
-
Did a rescan just to be sure.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 21:40:24
-----------------------------
21:40:24.062 OS Version: Windows 5.1.2600 Service Pack 3
21:40:24.062 Number of processors: 2 586 0xF0D
21:40:24.062 ComputerName: USER-PC1 UserName: User
21:40:25.312 Initialize success
21:40:34.656 AVAST engine defs: 12101501
21:40:37.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:40:37.078 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
21:40:37.140 Disk 0 MBR read successfully
21:40:37.140 Disk 0 MBR scan
21:40:37.140 Disk 0 Windows XP default MBR code
21:40:37.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
21:40:37.156 Disk 0 scanning sectors +488392065
21:40:37.281 Disk 0 scanning C:\windows\system32\drivers
21:40:55.656 Service scanning
21:41:09.218 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:13.375 Modules scanning
21:41:34.359 Disk 0 trace - called modules:
21:41:34.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppy.sys >>UNKNOWN [0x8b1e6938]<<
21:41:34.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b15fab8]
21:41:34.390 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8b1619e8]
21:41:34.390 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b14b940]
21:41:35.546 AVAST engine scan C:\windows
21:42:02.625 AVAST engine scan C:\windows\system32
21:48:33.171 AVAST engine scan C:\windows\system32\drivers
21:49:33.828 AVAST engine scan C:\Documents and Settings\User
22:17:46.125 AVAST engine scan C:\Documents and Settings\All Users
22:24:16.906 Scan finished successfully
22:25:59.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
22:25:59.015 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
-
Here's the aswMBR report
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-15 21:03:25
-----------------------------
21:03:25.671 OS Version: Windows 5.1.2600 Service Pack 3
21:03:25.671 Number of processors: 2 586 0xF0D
21:03:25.671 ComputerName: USER-PC1 UserName: User
21:03:26.609 Initialize success
21:05:30.859 AVAST engine defs: 12101501
21:05:37.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
21:05:37.640 Disk 0 Vendor: WDC_WD2500BEVS-22UST0 01.01A01 Size: 238475MB BusType: 3
21:05:37.703 Disk 0 MBR read successfully
21:05:37.703 Disk 0 MBR scan
21:05:37.750 Disk 0 Windows XP default MBR code
21:05:37.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
21:05:37.765 Disk 0 scanning sectors +488392065
21:05:37.890 Disk 0 scanning C:\windows\system32\drivers
21:05:51.562 Service scanning
21:06:05.468 Service sptd C:\windows\System32\Drivers\sptd.sys **LOCKED** 32
21:06:09.750 Modules scanning
21:06:14.437 Disk 0 trace - called modules:
21:06:14.468 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sppy.sys >>UNKNOWN [0x8b1e6938]<<
21:06:14.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b15fab8]
21:06:14.468 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8b1619e8]
21:06:14.468 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b14b940]
21:06:15.890 AVAST engine scan C:\windows
21:06:21.781 AVAST engine scan C:\windows\system32
21:09:52.937 AVAST engine scan C:\windows\system32\drivers
21:10:18.703 AVAST engine scan C:\Documents and Settings\User
21:13:53.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\User\Desktop\MBR.dat"
21:13:53.906 The log file has been saved successfully to "C:\Documents and Settings\User\Desktop\aswMBR.txt"
-
Here's the DDS and Attach.txt. What am I looking for?
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35
Run by User at 20:58:44 on 2012-10-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2314 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\windows\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\windows\system32\wuauclt.exe
C:\DOCUME~1\User\LOCALS~1\Temp\RtkBtMnt.exe
C:\windows\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\dvdvideosofttb\prxtbDVD0.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [ROC_ROC_JULY_P1] "c:\program files\avg secure search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - <no file>
IE: Free YouTube to Mp3 Converter - c:\documents and settings\user\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} - hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227385088917
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CBC1FC40-FCE0-4287-BC3C-473CFCA9CBD7} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\user\application data\mozilla\firefox\profiles\3mh48l0x.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.6\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npOGPPlugin.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25:36
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 27496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-9-3 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-12-12 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 115168]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva310;XDva310;\??\c:\windows\system32\xdva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\xdva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\xdva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\xdva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\xdva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\xdva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva342;XDva342;\??\c:\windows\system32\xdva342.sys --> c:\windows\system32\XDva342.sys [?]
S3 XDva345;XDva345;\??\c:\windows\system32\xdva345.sys --> c:\windows\system32\XDva345.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\xdva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\xdva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\xdva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\xdva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\xdva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\xdva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\xdva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\xdva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\xdva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\xdva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\xdva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\xdva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\xdva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\xdva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\xdva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\xdva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\xdva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\xdva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\xdva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\xdva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\xdva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\xdva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\xdva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\xdva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\xdva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\xdva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\xdva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\c:\windows\system32\xdva398.sys --> c:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\xdva399.sys --> c:\windows\system32\XDva399.sys [?]
S3 XDva400;XDva400;\??\c:\windows\system32\xdva400.sys --> c:\windows\system32\XDva400.sys [?]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2012-10-15 00:41:40 -------- d-----w- c:\documents and settings\all users\application data\IBUpdaterService
2012-10-15 00:16:20 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2012-09-27 21:02:58 511328 ----a-w- c:\program files\common files\microsoft shared\capicom\CAPICOM.DLL
2012-09-27 21:00:07 -------- d-----w- c:\documents and settings\all users\application data\iolo
2012-09-27 20:57:16 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2012-10-08 23:42:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-08 23:42:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-04 01:08:40 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 22:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 19:43:18 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21:30 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 20:59:50.07 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/15/2007 5:34:43 AM
System Uptime: 10/15/2012 8:53:09 PM (0 hours ago)
.
Motherboard: Acer | | Acadia
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | uPGA-478 | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 13.766 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1074: 7/18/2012 8:22:41 AM - System Checkpoint
RP1075: 7/20/2012 11:02:26 AM - System Checkpoint
RP1076: 7/22/2012 11:30:13 AM - System Checkpoint
RP1077: 7/26/2012 2:52:32 PM - System Checkpoint
RP1078: 7/27/2012 4:51:03 PM - System Checkpoint
RP1079: 7/31/2012 9:15:05 AM - System Checkpoint
RP1080: 8/1/2012 9:38:51 AM - System Checkpoint
RP1081: 8/3/2012 2:24:18 PM - System Checkpoint
RP1082: 8/6/2012 10:55:11 PM - System Checkpoint
RP1083: 8/8/2012 5:39:36 PM - System Checkpoint
RP1084: 8/12/2012 11:41:35 AM - System Checkpoint
RP1085: 8/13/2012 12:09:23 PM - System Checkpoint
RP1086: 8/15/2012 9:34:47 AM - System Checkpoint
RP1087: 8/15/2012 11:03:09 PM - Software Distribution Service 3.0
RP1088: 8/18/2012 7:50:59 AM - System Checkpoint
RP1089: 8/20/2012 6:25:48 AM - System Checkpoint
RP1090: 8/23/2012 5:57:50 AM - System Checkpoint
RP1091: 8/24/2012 3:26:05 PM - System Checkpoint
RP1092: 8/26/2012 6:54:24 PM - System Checkpoint
RP1093: 8/30/2012 5:23:11 PM - System Checkpoint
RP1094: 9/1/2012 8:15:46 PM - Installed Java 6 Update 35
RP1095: 9/4/2012 6:03:59 PM - System Checkpoint
RP1096: 9/5/2012 6:45:48 PM - System Checkpoint
RP1097: 9/6/2012 8:21:24 PM - System Checkpoint
RP1098: 9/8/2012 1:46:43 PM - System Checkpoint
RP1099: 9/9/2012 6:02:35 PM - System Checkpoint
RP1100: 9/11/2012 6:35:23 PM - System Checkpoint
RP1101: 9/11/2012 8:10:40 PM - Software Distribution Service 3.0
RP1102: 9/15/2012 5:48:36 PM - System Checkpoint
RP1103: 9/22/2012 12:54:58 PM - System Checkpoint
RP1104: 9/25/2012 11:27:23 PM - Software Distribution Service 3.0
RP1105: 9/27/2012 5:55:36 PM - System Checkpoint
RP1106: 9/30/2012 1:03:08 PM - System Checkpoint
RP1107: 10/3/2012 3:47:49 PM - System Checkpoint
RP1108: 10/6/2012 12:10:18 PM - System Checkpoint
RP1109: 10/7/2012 2:17:11 PM - System Checkpoint
RP1110: 10/10/2012 12:41:57 AM - System Checkpoint
RP1111: 10/10/2012 10:21:59 PM - Software Distribution Service 3.0
RP1112: 10/13/2012 12:48:28 PM - System Checkpoint
RP1113: 10/14/2012 4:28:33 PM - System Checkpoint
RP1114: 10/14/2012 8:16:01 PM - Installed Sophos Virus Removal Tool.
RP1115: 10/14/2012 8:24:50 PM - Removed Sophos Virus Removal Tool.
.
==== Installed Programs ======================
.
µTorrent
Acer Crystal Eye webcam
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Agere Systems HDA Modem
ALPS Touch Pad Driver
Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program
AVG 2012
Bass Audio Decoder (remove only)
CCleaner
CD Audio Reader Filter (remove only)
Combined Community Codec Pack 2011-07-30
Cross Fire En
DCoder Image Source (remove only)
DirectVobSub (remove only)
DVD Suite
DVDVideoSoftTB Toolbar
FFMPEG Core Files (remove only)
Free YouTube to MP3 Converter version 3.11.19.412
Gabest MPEG Splitter (remove only)
Haali Media Splitter
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java 6 Update 35
Junk Mail filter update
Launch Manager
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Digital Image Standard 2006 Update
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nero 7 Essentials
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
PowerDVD
PowerProducer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Segoe UI
SHOUTcast Source (remove only)
Skype™ 5.10
Software Update for Web Folders
System Requirements Lab
Unlocker 1.8.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB971029)
WeatherEye
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
Works Upgrade
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 6:03:59 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001FE2A93501 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
10/14/2012 8:17:57 PM, error: Service Control Manager [7034] - The Sophos Virus Removal Tool service terminated unexpectedly. It has done this 1 time(s).
10/12/2012 4:09:24 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
10/11/2012 3:28:10 PM, error: Service Control Manager [7000] - The XAudioService service failed to start due to the following error: %1 is not a valid Win32 application.
.
==== End Of File ===========================
-
Just did a full scan from Malwarebytes, now it's constantly picking up multiple "adware.gameplaylabs"
still didn't feel any effect on computer performance as of yet but I deleted them and they are still popping up.
Help please.
Thank you.
-
Hi,
I'm trying to figure out if this is a real file or not. Since my last windows update, AVG has been detecting this file
windows\system32\drivers\spxp.sys as a rootkit, and yet when I ran malwarebytes, there wasn't any. Searching the file name on google didn't turned up anything concrete. Is this an actual system file or a malware? If so, how can I remove it? It doesn't seem to be affecting the system or web browsing, but I'm worried it might be a potential time bomb.
Thanks for the help.
does not detect what AVG did
in Resolved Malware Removal Logs
Posted
ComboFix 12-10-18.03 - User 10/18/2012 17:17:49.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2483 [GMT -4:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-17 22:11 . 2012-10-17 22:11 -------- d-----w- c:\program files\Common Files\Java
2012-10-16 02:31 . 2012-10-16 02:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-15 00:41 . 2012-10-15 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\IBUpdaterService
2012-10-15 00:16 . 2012-10-15 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2012-09-27 21:05 . 2012-09-27 21:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2012-09-27 21:02 . 2012-04-17 12:25 511328 ----a-w- c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-09-27 21:00 . 2012-09-27 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2012-09-27 20:57 . 2012-09-27 20:57 -------- d-----w- c:\program files\CCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 23:42 . 2012-04-11 16:55 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 23:42 . 2011-05-20 13:05 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2009-11-08 17:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-24 19:32 . 2012-06-22 01:15 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 19:32 . 2010-09-28 20:26 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 17:51 . 2012-06-22 01:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-04 01:08 . 2012-09-04 01:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-28 15:14 . 2007-09-20 04:59 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-09-20 04:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2007-09-20 04:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-09-20 04:58 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 19:43 . 2010-11-10 03:20 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-24 13:53 . 2004-08-03 23:56 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2007-09-20 04:49 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2007-07-19 12:40 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-26 07:21 . 2010-09-07 08:48 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-10-12 01:28 . 2012-10-12 01:28 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-05-22 834320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-17 19722344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Z8Games\\CrossFire\\CF_G4box.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 31952]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/21/2008 5:59 PM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/9/2010 11:20 PM 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/3/2012 9:08 PM 27496]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [9/3/2012 9:08 PM 722528]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
R3 XDva400;XDva400;\??\c:\windows\system32\XDva400.sys --> c:\windows\system32\XDva400.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 3:24 AM 5167736]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\flash\FlashPlayerUpdateService.exe [4/11/2012 12:55 PM 250808]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2010 5:12 PM 1691480]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:17 PM 115168]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
S3 XDva341;XDva341;\??\c:\windows\system32\XDva341.sys --> c:\windows\system32\XDva341.sys [?]
S3 XDva342;XDva342;\??\c:\windows\system32\XDva342.sys --> c:\windows\system32\XDva342.sys [?]
S3 XDva345;XDva345;\??\c:\windows\system32\XDva345.sys --> c:\windows\system32\XDva345.sys [?]
S3 XDva346;XDva346;\??\c:\windows\system32\XDva346.sys --> c:\windows\system32\XDva346.sys [?]
S3 XDva347;XDva347;\??\c:\windows\system32\XDva347.sys --> c:\windows\system32\XDva347.sys [?]
S3 XDva349;XDva349;\??\c:\windows\system32\XDva349.sys --> c:\windows\system32\XDva349.sys [?]
S3 XDva352;XDva352;\??\c:\windows\system32\XDva352.sys --> c:\windows\system32\XDva352.sys [?]
S3 XDva358;XDva358;\??\c:\windows\system32\XDva358.sys --> c:\windows\system32\XDva358.sys [?]
S3 XDva359;XDva359;\??\c:\windows\system32\XDva359.sys --> c:\windows\system32\XDva359.sys [?]
S3 XDva361;XDva361;\??\c:\windows\system32\XDva361.sys --> c:\windows\system32\XDva361.sys [?]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 XDva366;XDva366;\??\c:\windows\system32\XDva366.sys --> c:\windows\system32\XDva366.sys [?]
S3 XDva367;XDva367;\??\c:\windows\system32\XDva367.sys --> c:\windows\system32\XDva367.sys [?]
S3 XDva368;XDva368;\??\c:\windows\system32\XDva368.sys --> c:\windows\system32\XDva368.sys [?]
S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?]
S3 XDva372;XDva372;\??\c:\windows\system32\XDva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva374;XDva374;\??\c:\windows\system32\XDva374.sys --> c:\windows\system32\XDva374.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\XDva377.sys --> c:\windows\system32\XDva377.sys [?]
S3 XDva379;XDva379;\??\c:\windows\system32\XDva379.sys --> c:\windows\system32\XDva379.sys [?]
S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S3 XDva384;XDva384;\??\c:\windows\system32\XDva384.sys --> c:\windows\system32\XDva384.sys [?]
S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?]
S3 XDva386;XDva386;\??\c:\windows\system32\XDva386.sys --> c:\windows\system32\XDva386.sys [?]
S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?]
S3 XDva388;XDva388;\??\c:\windows\system32\XDva388.sys --> c:\windows\system32\XDva388.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
S3 XDva393;XDva393;\??\c:\windows\system32\XDva393.sys --> c:\windows\system32\XDva393.sys [?]
S3 XDva394;XDva394;\??\c:\windows\system32\XDva394.sys --> c:\windows\system32\XDva394.sys [?]
S3 XDva397;XDva397;\??\c:\windows\system32\XDva397.sys --> c:\windows\system32\XDva397.sys [?]
S3 XDva398;XDva398;\??\c:\windows\system32\XDva398.sys --> c:\windows\system32\XDva398.sys [?]
S3 XDva399;XDva399;\??\c:\windows\system32\XDva399.sys --> c:\windows\system32\XDva399.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 23:42]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel
IE: Free YouTube to Mp3 Converter - c:\documents and settings\User\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\3mh48l0x.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2012-09-01 20:16; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-10-17 18:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8501f9000000000000001fe2a93501
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15341
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:25
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-18 17:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a9,c3,31,3c,73,3c,71,03,db,2d,5a,ac,c1,56,e4,e3,a0,7e,40,d6,fd,70,b0,
75,da,16,be,27,18,d8,d5,ff,81,6f,77,96,a7,58,d8,0f,02,2d,f1,9d,09,c6,80,55,\
"??"=hex:f2,37,ce,c3,e6,ea,48,de,37,4f,50,61,1e,8a,0b,2c
.
[HKEY_USERS\S-1-5-21-1757981266-1580818891-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:d9,ea,61,cc,0d,00,6a,14,2d,d2,20,80,d8,17,1d,9b,8e,95,64,a3,d6,
bc,fc,d9,6c,cc,87,b5,68,ba,37,3a,0f,c6,f5,5f,69,9e,71,d2,8e,6c,bf,de,bd,89,\
"rkeysecu"=hex:78,c1,96,fa,58,0d,34,dc,bd,02,2b,b3,3d,ad,e4,99
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(19788)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-10-18 17:26:05
ComboFix-quarantined-files.txt 2012-10-18 21:26
ComboFix2.txt 2012-10-17 22:24
ComboFix3.txt 2012-10-16 22:37
.
Pre-Run: 16,198,496,256 bytes free
Post-Run: 16,191,676,416 bytes free
.
- - End Of File - - 44B404A4E7BD182CC32CD104496D0ADA