Jump to content

Recommended Posts

Recently started a new job, pc's have been neglected. Last virus scan on my pc was March. It has been disabled by trojan or virus.

I downloaded, updated and ran mbam. This reported removing a back door trojan however anti-virus is still reporting problems and IE will still redirect a google search.

I downloaded and ran DDS.scr, had to rename to dds.com

As you can see theres a lot of programs installed. There's a couple of other computers in the office which will probably need cleaning too. Will start a new thread for each one.

There is conflicting instructions between the output file attach.txt and the instructions post at the top of this forum section. How should logs be submitted?

Thanks for your help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by DSE Customer at 17:16:46 on 2011-12-01

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.865 [GMT 13:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-MalwareNEW\mbamservice.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Classic PhoneTools\CapFax.EXE

C:\Program Files\Icons\SetIcon.exe

C:\Program Files\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.nz/ig?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [uniPrint] c:\program files\uniprint\client\SetDfltSettings.exe

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\dse customer\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CapFax] c:\program files\classic phonetools\CapFax.EXE

mRun: [LandOnline] c:\program files\landonline printer driver\PrintManager.exe

mRun: [setIcon] c:\program files\icons\SetIcon.exe

mRun: [Panasonic Device Monitor Wakeup] c:\program files\panasonic\panasonic-dms\device monitor\DMWakeup.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [uniPrint] c:\program files\uniprint\client\SetDfltSettings.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malwarenew\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\panasonic-dms\port controller\Mfpscdl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\panasonic\panasonic-dms\network mfp utilities\status monitor\MfpStats.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~2.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute lite edition\vrie.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220405117421

DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autocad lt 2002\AcDcToday.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autocad lt 2002\InstBanr.ocx

DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autocad lt 2002\InstFred.ocx

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autocad lt 2002\AcPreview.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

TCP: Interfaces\{09170212-226D-46AF-9B67-F1E33C6B6B08} : DhcpNameServer = 192.168.7.1

TCP: Interfaces\{B6D3F7D9-CE86-43D7-89CB-841FBFE180E8} : NameServer = 202.27.158.40,202.27.156.72

TCP: Interfaces\{C70F77F1-D09E-4E5C-905F-1D7E1E0568B8} : NameServer = 202.27.158.40,202.27.156.72

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dse customer\application data\mozilla\firefox\profiles\s3ae5z1j.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2#inbox/1239e2b98265cb32|http://www.cantafly.com/joomla/|http://www.cutc.org.nz/forum/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c8828b4&v=7.008.031.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\dse customer\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dse customer\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\dse customer\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-11-9 65584]

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 577592]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7384840]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 261036]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malwarenew\mbamservice.exe [2011-12-1 366152]

R2 MGCSECP;MGCSECP;c:\windows\system32\drivers\Mgcsecp.sys [2001-10-25 99808]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [2006-2-13 52736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-21 22216]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 129784]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2133112]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-9-1 20160]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-1 938376]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-8 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 129784]

S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2006-7-4 12658]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [2010-8-19 9881]

S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2005-11-9 16384]

.

=============== File Associations ===============

.

.scr=AutoCADLTScriptFile

.

=============== Created Last 30 ================

.

2011-12-01 02:57:17 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareNEW

2011-11-29 23:34:49 -------- d-----w- c:\documents and settings\dse customer\local settings\application data\LogMeIn

2011-11-29 23:34:49 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn

.

==================== Find3M ====================

.

2011-12-01 02:47:11 42760 ----a-w- c:\windows\system32\brss01a.exe

2011-12-01 01:16:13 152552 ----a-w- c:\windows\system32\nvsvc32.exe

2011-12-01 01:16:11 54288 ----a-w- c:\windows\system32\brsvc01a.exe

2011-10-19 03:43:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-25 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-25 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-25 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2005-12-22 01:59:27 5254656 -c--a-w- c:\program files\converter.exe

2005-12-22 01:52:58 2063624 -c--a-w- c:\program files\CuteWriter.exe

2005-08-24 02:23:47 13235784 -c--a-w- c:\program files\avg70free_338a597.exe

.

============= FINISH: 17:17:47.89 ===============

attach.zip

Link to post
Share on other sites

Hello Driftah! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

In your next reply, please post the following log files:

  • TDSSKiller log
  • a new fresh DDS log with Attach.txt

Link to post
Share on other sites

08:34:32.0734 2856 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

08:34:33.0281 2856 ============================================================

08:34:33.0281 2856 Current date / time: 2011/12/02 08:34:33.0281

08:34:33.0281 2856 SystemInfo:

08:34:33.0281 2856

08:34:33.0281 2856 OS Version: 5.1.2600 ServicePack: 3.0

08:34:33.0281 2856 Product type: Workstation

08:34:33.0281 2856 ComputerName: BLACKY

08:34:33.0281 2856 UserName: DSE Customer

08:34:33.0281 2856 Windows directory: C:\WINDOWS

08:34:33.0281 2856 System windows directory: C:\WINDOWS

08:34:33.0281 2856 Processor architecture: Intel x86

08:34:33.0281 2856 Number of processors: 2

08:34:33.0281 2856 Page size: 0x1000

08:34:33.0281 2856 Boot type: Normal boot

08:34:33.0281 2856 ============================================================

08:34:33.0578 2856 Initialize success

08:35:26.0968 5312 ============================================================

08:35:26.0968 5312 Scan started

08:35:26.0968 5312 Mode: Manual; SigCheck; TDLFS;

08:35:26.0968 5312 ============================================================

08:35:27.0875 5312 Abiosdsk - ok

08:35:27.0906 5312 abp480n5 - ok

08:35:27.0968 5312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

08:35:28.0140 5312 ACPI - ok

08:35:28.0265 5312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

08:35:28.0437 5312 ACPIEC - ok

08:35:28.0500 5312 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS

08:35:28.0625 5312 ADM8511 - ok

08:35:28.0640 5312 adpu160m - ok

08:35:28.0687 5312 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

08:35:28.0718 5312 aeaudio - ok

08:35:28.0765 5312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

08:35:28.0890 5312 aec - ok

08:35:28.0953 5312 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

08:35:28.0984 5312 AFD - ok

08:35:29.0015 5312 Aha154x - ok

08:35:29.0031 5312 aic78u2 - ok

08:35:29.0062 5312 aic78xx - ok

08:35:29.0078 5312 AliIde - ok

08:35:29.0109 5312 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

08:35:29.0218 5312 AmdK7 - ok

08:35:29.0265 5312 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

08:35:29.0296 5312 AmdK8 - ok

08:35:29.0312 5312 amsint - ok

08:35:29.0328 5312 asc - ok

08:35:29.0343 5312 asc3350p - ok

08:35:29.0375 5312 asc3550 - ok

08:35:29.0390 5312 ASPI32 - ok

08:35:29.0437 5312 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

08:35:29.0546 5312 AsyncMac - ok

08:35:29.0593 5312 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

08:35:29.0703 5312 atapi - ok

08:35:29.0718 5312 Atdisk - ok

08:35:29.0750 5312 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

08:35:29.0875 5312 Atmarpc - ok

08:35:29.0921 5312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

08:35:30.0031 5312 audstub - ok

08:35:30.0093 5312 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

08:35:30.0140 5312 AVGIDSDriver - ok

08:35:30.0156 5312 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

08:35:30.0156 5312 AVGIDSEH - ok

08:35:30.0187 5312 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

08:35:30.0187 5312 AVGIDSFilter - ok

08:35:30.0250 5312 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

08:35:30.0265 5312 AVGIDSShim - ok

08:35:30.0343 5312 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

08:35:30.0359 5312 Avgldx86 - ok

08:35:30.0375 5312 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

08:35:30.0375 5312 Avgmfx86 - ok

08:35:30.0390 5312 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

08:35:30.0406 5312 Avgrkx86 - ok

08:35:30.0421 5312 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

08:35:30.0437 5312 Avgtdix - ok

08:35:30.0453 5312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

08:35:30.0578 5312 Beep - ok

08:35:30.0625 5312 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

08:35:30.0656 5312 BrScnUsb ( UnsignedFile.Multi.Generic ) - warning

08:35:30.0656 5312 BrScnUsb - detected UnsignedFile.Multi.Generic (1)

08:35:30.0671 5312 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys

08:35:30.0687 5312 BrSerIf ( UnsignedFile.Multi.Generic ) - warning

08:35:30.0687 5312 BrSerIf - detected UnsignedFile.Multi.Generic (1)

08:35:30.0703 5312 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

08:35:30.0734 5312 BrUsbSer ( UnsignedFile.Multi.Generic ) - warning

08:35:30.0734 5312 BrUsbSer - detected UnsignedFile.Multi.Generic (1)

08:35:30.0734 5312 catchme - ok

08:35:30.0781 5312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

08:35:30.0906 5312 cbidf2k - ok

08:35:30.0937 5312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

08:35:31.0062 5312 CCDECODE - ok

08:35:31.0062 5312 cd20xrnt - ok

08:35:31.0093 5312 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

08:35:31.0218 5312 Cdaudio - ok

08:35:31.0234 5312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

08:35:31.0375 5312 Cdfs - ok

08:35:31.0437 5312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

08:35:31.0546 5312 Cdrom - ok

08:35:31.0546 5312 Changer - ok

08:35:31.0562 5312 CmdIde - ok

08:35:31.0578 5312 Cpqarray - ok

08:35:31.0625 5312 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

08:35:31.0640 5312 ctxusbm - ok

08:35:31.0656 5312 dac2w2k - ok

08:35:31.0671 5312 dac960nt - ok

08:35:31.0687 5312 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

08:35:31.0812 5312 Disk - ok

08:35:31.0859 5312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

08:35:32.0031 5312 dmboot - ok

08:35:32.0062 5312 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

08:35:32.0203 5312 dmio - ok

08:35:32.0218 5312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

08:35:32.0359 5312 dmload - ok

08:35:32.0421 5312 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

08:35:32.0515 5312 DMusic - ok

08:35:32.0531 5312 dpti2o - ok

08:35:32.0562 5312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

08:35:32.0687 5312 drmkaud - ok

08:35:32.0718 5312 f78aab16 ( Rootkit.Win32.PMax.gen ) - infected

08:35:32.0718 5312 f78aab16 - detected Rootkit.Win32.PMax.gen (0)

08:35:32.0781 5312 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

08:35:32.0906 5312 Fastfat - ok

08:35:32.0937 5312 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

08:35:33.0062 5312 Fdc - ok

08:35:33.0062 5312 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

08:35:33.0203 5312 Fips - ok

08:35:33.0218 5312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

08:35:33.0343 5312 Flpydisk - ok

08:35:33.0390 5312 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

08:35:33.0515 5312 FltMgr - ok

08:35:33.0531 5312 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

08:35:33.0640 5312 Fs_Rec - ok

08:35:33.0656 5312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

08:35:33.0765 5312 Ftdisk - ok

08:35:33.0796 5312 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

08:35:33.0921 5312 gameenum - ok

08:35:33.0921 5312 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys

08:35:34.0750 5312 gdrv - ok

08:35:34.0843 5312 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

08:35:34.0859 5312 GEARAspiWDM - ok

08:35:34.0937 5312 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

08:35:35.0046 5312 Gpc - ok

08:35:35.0062 5312 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

08:35:35.0109 5312 grmnusb - ok

08:35:35.0187 5312 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys

08:35:35.0265 5312 Hardlock - ok

08:35:35.0343 5312 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

08:35:35.0484 5312 HDAudBus - ok

08:35:35.0546 5312 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

08:35:35.0671 5312 HidUsb - ok

08:35:35.0687 5312 hpn - ok

08:35:35.0734 5312 HPx9G+ (3f4d2a4eb2e4be51c5e75e579ff34b70) C:\WINDOWS\system32\DRIVERS\HPx9G2k.sys

08:35:35.0765 5312 HPx9G+ ( UnsignedFile.Multi.Generic ) - warning

08:35:35.0765 5312 HPx9G+ - detected UnsignedFile.Multi.Generic (1)

08:35:35.0828 5312 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

08:35:35.0875 5312 HTTP - ok

08:35:35.0890 5312 i2omgmt - ok

08:35:35.0890 5312 i2omp - ok

08:35:35.0937 5312 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

08:35:36.0046 5312 i8042prt - ok

08:35:36.0078 5312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

08:35:36.0203 5312 Imapi - ok

08:35:36.0203 5312 ini910u - ok

08:35:36.0359 5312 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

08:35:36.0500 5312 IntcAzAudAddService - ok

08:35:36.0515 5312 IntelIde - ok

08:35:36.0562 5312 Intels51 (cb5c2935491f0f998f1b62bffa258464) C:\WINDOWS\system32\DRIVERS\Intels51.sys

08:35:36.0640 5312 Intels51 - ok

08:35:36.0734 5312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

08:35:36.0828 5312 Ip6Fw - ok

08:35:36.0875 5312 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

08:35:37.0000 5312 IpFilterDriver - ok

08:35:37.0015 5312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

08:35:37.0125 5312 IpInIp - ok

08:35:37.0140 5312 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

08:35:37.0250 5312 IpNat - ok

08:35:37.0281 5312 IPSec (7a48a358f23d01fdabda0927d2dd907f) C:\WINDOWS\system32\DRIVERS\ipsec.sys

08:35:37.0281 5312 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 7a48a358f23d01fdabda0927d2dd907f, Fake md5: 23c74d75e36e7158768dd63d92789a91

08:35:37.0296 5312 IPSec ( Rootkit.Win32.ZAccess.c ) - infected

08:35:37.0296 5312 IPSec - detected Rootkit.Win32.ZAccess.c (0)

08:35:37.0312 5312 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

08:35:37.0406 5312 IRENUM - ok

08:35:37.0453 5312 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

08:35:37.0562 5312 isapnp - ok

08:35:37.0578 5312 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

08:35:37.0671 5312 Kbdclass - ok

08:35:37.0718 5312 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

08:35:37.0828 5312 kbdhid - ok

08:35:37.0875 5312 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

08:35:37.0968 5312 kmixer - ok

08:35:37.0984 5312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

08:35:38.0062 5312 KSecDD - ok

08:35:38.0078 5312 lbrtfdc - ok

08:35:38.0109 5312 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

08:35:38.0125 5312 MBAMProtector - ok

08:35:38.0156 5312 MBAMSwissArmy - ok

08:35:38.0203 5312 MGCSECP (3a8e3f8e56b12f95442ef27a4d817389) C:\WINDOWS\system32\drivers\MGCSECP.sys

08:35:38.0203 5312 MGCSECP ( UnsignedFile.Multi.Generic ) - warning

08:35:38.0203 5312 MGCSECP - detected UnsignedFile.Multi.Generic (1)

08:35:38.0234 5312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

08:35:38.0343 5312 mnmdd - ok

08:35:38.0375 5312 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

08:35:38.0468 5312 Modem - ok

08:35:38.0500 5312 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

08:35:38.0625 5312 MODEMCSA - ok

08:35:38.0640 5312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

08:35:38.0734 5312 Mouclass - ok

08:35:38.0750 5312 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

08:35:38.0859 5312 mouhid - ok

08:35:38.0906 5312 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

08:35:39.0031 5312 MountMgr - ok

08:35:39.0046 5312 mraid35x - ok

08:35:39.0062 5312 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

08:35:39.0171 5312 MRxDAV - ok

08:35:39.0218 5312 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

08:35:39.0281 5312 MRxSmb - ok

08:35:39.0296 5312 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

08:35:39.0406 5312 Msfs - ok

08:35:39.0453 5312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

08:35:39.0546 5312 MSKSSRV - ok

08:35:39.0578 5312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

08:35:39.0687 5312 MSPCLOCK - ok

08:35:39.0734 5312 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

08:35:39.0875 5312 MSPQM - ok

08:35:39.0875 5312 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

08:35:39.0984 5312 mssmbios - ok

08:35:40.0015 5312 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

08:35:40.0093 5312 MSTEE - ok

08:35:40.0125 5312 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

08:35:40.0125 5312 Mup - ok

08:35:40.0140 5312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

08:35:40.0265 5312 NABTSFEC - ok

08:35:40.0281 5312 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

08:35:40.0375 5312 NDIS - ok

08:35:40.0406 5312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

08:35:40.0531 5312 NdisIP - ok

08:35:40.0578 5312 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

08:35:40.0609 5312 NdisTapi - ok

08:35:40.0625 5312 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

08:35:40.0734 5312 Ndisuio - ok

08:35:40.0781 5312 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

08:35:40.0875 5312 NdisWan - ok

08:35:40.0921 5312 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

08:35:40.0953 5312 NDProxy - ok

08:35:40.0984 5312 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

08:35:41.0078 5312 NetBIOS - ok

08:35:41.0125 5312 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

08:35:41.0218 5312 NetBT - ok

08:35:41.0281 5312 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

08:35:41.0390 5312 nm - ok

08:35:41.0406 5312 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

08:35:41.0484 5312 Npfs - ok

08:35:41.0546 5312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

08:35:41.0671 5312 Ntfs - ok

08:35:41.0703 5312 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

08:35:41.0718 5312 NuidFltr - ok

08:35:41.0750 5312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

08:35:41.0843 5312 Null - ok

08:35:41.0984 5312 nv (eb2858f920b8135b807b5ccaa3ed73dc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

08:35:42.0156 5312 nv - ok

08:35:42.0187 5312 nvata (ef9941593b2e9b436f64a87ddb570d1a) C:\WINDOWS\system32\DRIVERS\nvata.sys

08:35:42.0234 5312 nvata - ok

08:35:42.0265 5312 NVENETFD (0ae6258709d58fb53638e8d28f4480d4) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

08:35:42.0312 5312 NVENETFD - ok

08:35:42.0343 5312 nvnetbus (1296b33c223a58485d5eaa779752216a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

08:35:42.0359 5312 nvnetbus - ok

08:35:42.0406 5312 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

08:35:42.0500 5312 NwlnkFlt - ok

08:35:42.0515 5312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

08:35:42.0625 5312 NwlnkFwd - ok

08:35:42.0687 5312 PAC7302 (5fae249a5635a52970652ca8eb216515) C:\WINDOWS\system32\DRIVERS\PAC7302.SYS

08:35:42.0765 5312 PAC7302 - ok

08:35:42.0812 5312 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

08:35:42.0921 5312 Parport - ok

08:35:42.0921 5312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

08:35:43.0031 5312 PartMgr - ok

08:35:43.0046 5312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

08:35:43.0156 5312 ParVdm - ok

08:35:43.0171 5312 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

08:35:43.0296 5312 PCI - ok

08:35:43.0312 5312 PCIDump - ok

08:35:43.0312 5312 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

08:35:43.0406 5312 PCIIde - ok

08:35:43.0437 5312 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

08:35:43.0546 5312 Pcmcia - ok

08:35:43.0562 5312 PDCOMP - ok

08:35:43.0562 5312 PDFRAME - ok

08:35:43.0578 5312 PDRELI - ok

08:35:43.0593 5312 PDRFRAME - ok

08:35:43.0593 5312 perc2 - ok

08:35:43.0609 5312 perc2hib - ok

08:35:43.0656 5312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

08:35:43.0765 5312 PptpMiniport - ok

08:35:43.0796 5312 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

08:35:43.0890 5312 Processor - ok

08:35:43.0921 5312 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

08:35:44.0046 5312 PSched - ok

08:35:44.0062 5312 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

08:35:44.0140 5312 Ptilink - ok

08:35:44.0171 5312 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

08:35:44.0187 5312 PxHelp20 - ok

08:35:44.0203 5312 ql1080 - ok

08:35:44.0203 5312 Ql10wnt - ok

08:35:44.0218 5312 ql12160 - ok

08:35:44.0234 5312 ql1240 - ok

08:35:44.0234 5312 ql1280 - ok

08:35:44.0265 5312 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

08:35:44.0359 5312 RasAcd - ok

08:35:44.0375 5312 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

08:35:44.0468 5312 Rasl2tp - ok

08:35:44.0484 5312 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

08:35:44.0562 5312 RasPppoe - ok

08:35:44.0578 5312 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

08:35:44.0671 5312 Raspti - ok

08:35:44.0718 5312 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

08:35:44.0796 5312 Rdbss - ok

08:35:44.0812 5312 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

08:35:44.0890 5312 RDPCDD - ok

08:35:44.0937 5312 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

08:35:44.0984 5312 RDPWD - ok

08:35:45.0031 5312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

08:35:45.0125 5312 redbook - ok

08:35:45.0187 5312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

08:35:45.0281 5312 Secdrv - ok

08:35:45.0312 5312 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

08:35:45.0406 5312 serenum - ok

08:35:45.0421 5312 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

08:35:45.0500 5312 Serial - ok

08:35:45.0531 5312 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

08:35:45.0609 5312 Sfloppy - ok

08:35:45.0625 5312 Simbad - ok

08:35:45.0671 5312 SiS315 (a644954c7114cf03d1e5c717e11f87a9) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

08:35:45.0734 5312 SiS315 - ok

08:35:45.0796 5312 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

08:35:45.0828 5312 SISAGP - ok

08:35:45.0875 5312 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys

08:35:45.0906 5312 SiSide - ok

08:35:45.0921 5312 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys

08:35:45.0937 5312 sisidex ( UnsignedFile.Multi.Generic ) - warning

08:35:45.0937 5312 sisidex - detected UnsignedFile.Multi.Generic (1)

08:35:45.0953 5312 SiSkp (f7376bbf4ee1fd62243021739d8f4931) C:\WINDOWS\system32\DRIVERS\srvkp.sys

08:35:45.0953 5312 SiSkp - ok

08:35:46.0000 5312 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys

08:35:46.0109 5312 SISNIC - ok

08:35:46.0140 5312 SISNICXP (9ffbf0d8881a985175bc86597a1b429f) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys

08:35:46.0171 5312 SISNICXP - ok

08:35:46.0171 5312 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys

08:35:46.0187 5312 sisperf ( UnsignedFile.Multi.Generic ) - warning

08:35:46.0187 5312 sisperf - detected UnsignedFile.Multi.Generic (1)

08:35:46.0218 5312 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

08:35:46.0312 5312 SLIP - ok

08:35:46.0359 5312 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys

08:35:46.0406 5312 smwdm - ok

08:35:46.0421 5312 Sparrow - ok

08:35:46.0468 5312 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

08:35:46.0562 5312 splitter - ok

08:35:46.0578 5312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

08:35:46.0703 5312 sr - ok

08:35:46.0734 5312 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

08:35:46.0765 5312 Srv - ok

08:35:46.0828 5312 SSIPDDP (e04b795bd5a600163ff6d1e16d33d0f5) C:\WINDOWS\system32\DRIVERS\SSIPDDP.SYS

08:35:46.0828 5312 SSIPDDP ( UnsignedFile.Multi.Generic ) - warning

08:35:46.0828 5312 SSIPDDP - detected UnsignedFile.Multi.Generic (1)

08:35:46.0859 5312 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

08:35:46.0968 5312 streamip - ok

08:35:47.0015 5312 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

08:35:47.0109 5312 swenum - ok

08:35:47.0140 5312 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

08:35:47.0218 5312 swmidi - ok

08:35:47.0234 5312 symc810 - ok

08:35:47.0250 5312 symc8xx - ok

08:35:47.0265 5312 sym_hi - ok

08:35:47.0265 5312 sym_u3 - ok

08:35:47.0281 5312 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

08:35:47.0390 5312 sysaudio - ok

08:35:47.0453 5312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

08:35:47.0515 5312 Tcpip - ok

08:35:47.0546 5312 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

08:35:47.0640 5312 TDPIPE - ok

08:35:47.0656 5312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

08:35:47.0750 5312 TDTCP - ok

08:35:47.0781 5312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

08:35:47.0875 5312 TermDD - ok

08:35:47.0890 5312 TosIde - ok

08:35:47.0937 5312 TRMUSB5K (53908ad09d37d86db3d7c00aced738e1) C:\WINDOWS\system32\drivers\TRMUSB5K.sys

08:35:47.0968 5312 TRMUSB5K ( UnsignedFile.Multi.Generic ) - warning

08:35:47.0968 5312 TRMUSB5K - detected UnsignedFile.Multi.Generic (1)

08:35:48.0015 5312 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

08:35:48.0125 5312 uagp35 - ok

08:35:48.0156 5312 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

08:35:48.0250 5312 Udfs - ok

08:35:48.0265 5312 ultra - ok

08:35:48.0312 5312 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

08:35:48.0453 5312 Update - ok

08:35:48.0500 5312 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

08:35:48.0562 5312 USBAAPL - ok

08:35:48.0609 5312 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

08:35:48.0703 5312 usbaudio - ok

08:35:48.0765 5312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

08:35:48.0859 5312 usbccgp - ok

08:35:48.0890 5312 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

08:35:48.0984 5312 usbehci - ok

08:35:49.0000 5312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

08:35:49.0093 5312 usbhub - ok

08:35:49.0109 5312 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

08:35:49.0218 5312 usbohci - ok

08:35:49.0250 5312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

08:35:49.0328 5312 usbprint - ok

08:35:49.0343 5312 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

08:35:49.0453 5312 usbscan - ok

08:35:49.0468 5312 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

08:35:49.0578 5312 USBSTOR - ok

08:35:49.0593 5312 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

08:35:49.0703 5312 usb_rndisx - ok

08:35:49.0703 5312 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

08:35:49.0828 5312 VgaSave - ok

08:35:49.0843 5312 ViaIde - ok

08:35:49.0859 5312 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

08:35:49.0953 5312 VolSnap - ok

08:35:49.0984 5312 w800bus (b8c182df79ac8938311ac8e193d52762) C:\WINDOWS\system32\DRIVERS\w800bus.sys

08:35:50.0031 5312 w800bus - ok

08:35:50.0046 5312 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\WINDOWS\system32\DRIVERS\w800mdfl.sys

08:35:50.0078 5312 w800mdfl - ok

08:35:50.0093 5312 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\WINDOWS\system32\DRIVERS\w800mdm.sys

08:35:50.0125 5312 w800mdm - ok

08:35:50.0156 5312 w800mgmt (36ad2eb4a6376d08555864eb4cfd2508) C:\WINDOWS\system32\DRIVERS\w800mgmt.sys

08:35:50.0156 5312 w800mgmt - ok

08:35:50.0203 5312 w800obex (7905915006febbf0f137af36a3fd6429) C:\WINDOWS\system32\DRIVERS\w800obex.sys

08:35:50.0218 5312 w800obex - ok

08:35:50.0250 5312 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

08:35:50.0328 5312 Wanarp - ok

08:35:50.0375 5312 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

08:35:50.0421 5312 wceusbsh - ok

08:35:50.0484 5312 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

08:35:50.0515 5312 Wdf01000 - ok

08:35:50.0515 5312 WDICA - ok

08:35:50.0609 5312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

08:35:50.0703 5312 wdmaud - ok

08:35:50.0828 5312 WIBUKEY (afcea7939925378f867dde6af76f3924) C:\WINDOWS\system32\DRIVERS\WibuKey.sys

08:35:50.0828 5312 WIBUKEY ( UnsignedFile.Multi.Generic ) - warning

08:35:50.0828 5312 WIBUKEY - detected UnsignedFile.Multi.Generic (1)

08:35:50.0859 5312 Wibukey2 (1ac50e90995649803bacab62f5f48e2a) C:\WINDOWS\system32\drivers\wibukey2.sys

08:35:50.0906 5312 Wibukey2 - ok

08:35:50.0968 5312 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

08:35:51.0000 5312 WpdUsb - ok

08:35:51.0031 5312 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

08:35:51.0140 5312 WSTCODEC - ok

08:35:51.0171 5312 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

08:35:51.0203 5312 WudfPf - ok

08:35:51.0234 5312 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

08:35:51.0265 5312 WudfRd - ok

08:35:51.0312 5312 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

08:35:51.0406 5312 \Device\Harddisk0\DR0 - ok

08:35:51.0406 5312 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2

08:35:52.0140 5312 \Device\Harddisk1\DR2 - ok

08:35:52.0140 5312 Boot (0x1200) (8bc76d3d792e4efef5ded928884593d0) \Device\Harddisk0\DR0\Partition0

08:35:52.0140 5312 \Device\Harddisk0\DR0\Partition0 - ok

08:35:52.0140 5312 Boot (0x1200) (f4abeaf6a2ec9ed8270e9c0cec0dbf2c) \Device\Harddisk1\DR2\Partition0

08:35:52.0156 5312 \Device\Harddisk1\DR2\Partition0 - ok

08:35:52.0156 5312 ============================================================

08:35:52.0156 5312 Scan finished

08:35:52.0156 5312 ============================================================

08:35:52.0265 5304 Detected object count: 12

08:35:52.0265 5304 Actual detected object count: 12

08:38:06.0781 5304 BrScnUsb ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:06.0781 5304 BrScnUsb ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:06.0781 5304 BrSerIf ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:06.0781 5304 BrSerIf ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:06.0781 5304 BrUsbSer ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:06.0781 5304 BrUsbSer ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:06.0781 5304 f78aab16 ( Rootkit.Win32.PMax.gen ) - skipped by user

08:38:06.0781 5304 f78aab16 ( Rootkit.Win32.PMax.gen ) - User select action: Skip

08:38:06.0781 5304 HPx9G+ ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:06.0781 5304 HPx9G+ ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:07.0000 5304 Backup copy found, using it..

08:38:07.0000 5304 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot

08:38:07.0828 5304 C:\WINDOWS\system32\c_67626.nls - will be deleted on reboot

08:38:08.0625 5304 IPSec ( Rootkit.Win32.ZAccess.c ) - User select action: Cure

08:38:08.0625 5304 MGCSECP ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0625 5304 MGCSECP ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:08.0625 5304 sisidex ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0625 5304 sisidex ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:08.0640 5304 sisperf ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0640 5304 sisperf ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:08.0640 5304 SSIPDDP ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0640 5304 SSIPDDP ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:08.0640 5304 TRMUSB5K ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0640 5304 TRMUSB5K ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:08.0640 5304 WIBUKEY ( UnsignedFile.Multi.Generic ) - skipped by user

08:38:08.0640 5304 WIBUKEY ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:38:36.0109 3020 Deinitialize success

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by DSE Customer at 8:51:56 on 2011-12-02

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1163 [GMT 13:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Panasonic\TrapMonitor\Trapmnnt.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Classic PhoneTools\CapFax.EXE

C:\Program Files\Icons\SetIcon.exe

C:\Program Files\Panasonic\Panasonic-DMS\Device Monitor\DMWakeup.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\PixArt\PAC7302\Monitor.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\WINDOWS\system32\sistray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\AVG\AVG10\avgui.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.co.nz/ig?hl=en

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [uniPrint] c:\program files\uniprint\client\SetDfltSettings.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\dse customer\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [CapFax] c:\program files\classic phonetools\CapFax.EXE

mRun: [LandOnline] c:\program files\landonline printer driver\PrintManager.exe

mRun: [setIcon] c:\program files\icons\SetIcon.exe

mRun: [Panasonic Device Monitor Wakeup] c:\program files\panasonic\panasonic-dms\device monitor\DMWakeup.exe

mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [uniPrint] c:\program files\uniprint\client\SetDfltSettings.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malwarenew\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\panaso~1.lnk - c:\program files\panasonic\panasonic-dms\port controller\Mfpscdl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\panasonic\panasonic-dms\network mfp utilities\status monitor\MfpStats.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~2.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe

IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute lite edition\vrie.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

LSP: mswsock.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220405117421

DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} - file://c:\program files\autocad lt 2002\AcDcToday.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} - file://c:\program files\autocad lt 2002\InstBanr.ocx

DPF: {C6637286-300D-11D4-AE0A-0010830243BD} - file://c:\program files\autocad lt 2002\InstFred.ocx

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://c:\program files\autocad lt 2002\AcPreview.ocx

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab

TCP: Interfaces\{09170212-226D-46AF-9B67-F1E33C6B6B08} : DhcpNameServer = 192.168.7.1

TCP: Interfaces\{B6D3F7D9-CE86-43D7-89CB-841FBFE180E8} : NameServer = 202.27.158.40,202.27.156.72

TCP: Interfaces\{C70F77F1-D09E-4E5C-905F-1D7E1E0568B8} : NameServer = 202.27.158.40,202.27.156.72

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\dse customer\application data\mozilla\firefox\profiles\s3ae5z1j.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fshva%3D1%26ui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1&ltmpl=default&ltmplcache=2#inbox/1239e2b98265cb32|http://www.cantafly.com/joomla/|http://www.cutc.org.nz/forum/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c8828b4&v=7.008.031.001&i=26&tp=ab&iy=&ychte=au&lng=en-US&q=

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll

FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\dse customer\application data\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\documents and settings\dse customer\application data\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\documents and settings\dse customer\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: AVG Security Toolbar em:version=7.008.031.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared

FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-11-9 65584]

R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 577592]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 261036]

R2 MGCSECP;MGCSECP;c:\windows\system32\drivers\Mgcsecp.sys [2001-10-25 99808]

R2 SSIPDDP;SSIPDDP Parallel port device driver;c:\windows\system32\drivers\SSIPDDP.SYS [2006-2-13 52736]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-21 22216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7384840]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 129784]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2133112]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malwarenew\mbamservice.exe [2011-12-1 366152]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2009-9-1 20160]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-1 938376]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-10-8 30192]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 129784]

S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\HPx9G2k.sys [2006-7-4 12658]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [2010-8-19 9881]

S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [2005-11-9 16384]

.

=============== File Associations ===============

.

.scr=AutoCADLTScriptFile

.

=============== Created Last 30 ================

.

2011-12-01 02:57:17 -------- d-----w- c:\program files\Malwarebytes' Anti-MalwareNEW

2011-11-29 23:34:49 -------- d-----w- c:\documents and settings\dse customer\local settings\application data\LogMeIn

2011-11-29 23:34:49 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn

.

==================== Find3M ====================

.

2011-12-01 19:40:06 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys

2011-12-01 02:47:11 42760 ----a-w- c:\windows\system32\brss01a.exe

2011-12-01 01:16:13 152552 ----a-w- c:\windows\system32\nvsvc32.exe

2011-12-01 01:16:11 54288 ----a-w- c:\windows\system32\brsvc01a.exe

2011-10-19 03:43:57 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-25 22:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-25 22:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-25 22:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2005-12-22 01:59:27 5254656 -c--a-w- c:\program files\converter.exe

2005-12-22 01:52:58 2063624 -c--a-w- c:\program files\CuteWriter.exe

2005-08-24 02:23:47 13235784 -c--a-w- c:\program files\avg70free_338a597.exe

.

============= FINISH: 8:52:15.39 ===============

attach.zip

Link to post
Share on other sites

Step 1

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, please post the following log files:

  • ESET Online Scanner log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

From Step 1:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2c6fad70bbfadc4c9bf5813237c83c05

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-06 08:49:37

# local_time=2011-12-07 09:49:37 (+1200, New Zealand Daylight Time)

# country="New Zealand"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1032 16777189 100 95 0 65572373 0 0

# compatibility_mode=8192 67108863 100 0 336 336 0 0

# scanned=421284

# found=27

# cleaned=27

# scan_time=4350

C:\Program Files\Malwarebytes' Anti-MalwareNEW\mbamservice.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\DSE Customer\Local Settings\Application Data\f78aab16\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\DSE Customer\Local Settings\Application Data\f78aab16\U\80000000.@.vir a variant of Win32/Sirefef.DV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\DSE Customer\Local Settings\Application Data\f78aab16\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP749\A0095876.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP750\A0095966.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP753\A0096192.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP756\A0096334.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP757\A0096389.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0097389.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098388.sys a variant of Win32/Patched.NBE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098389.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098449.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098452.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098453.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098454.sys a variant of Win32/Patched.NBE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098455.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098521.sys a variant of Win32/Patched.NBE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP758\A0098522.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP759\A0100588.sys a variant of Win32/Patched.NBE trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP759\A0100589.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP761\A0100803.old Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP761\A0100808.old Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP761\A0100822.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP761\A0100823.rbf Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP761\A0100987.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{8AC1587C-A6EF-4158-B643-5130A4392569}\RP762\A0101156.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Running Step 2 now

Link to post
Share on other sites

7/12/2011 10:11:06 a.m.

mbam-log-2011-12-07 (10-11-06).txt

Scan type: Quick scan

Objects scanned: 190851

Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Those who were found in C:\System Volume Information folder will be cleaned easy with cleaning the old system restore points. The problem is this one:

C:\Program Files\Malwarebytes' Anti-MalwareNEW\mbamservice.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000

Please uninstall your Malwarebytes' Anti-Malware and download the latest version.

http://www.malwarebytes.org/products/malwarebytes_free

Please perform a new quick scan then post the log file.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8329

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

8/12/2011 8:36:45 a.m.

mbam-log-2011-12-08 (08-36-45).txt

Scan type: Quick scan

Objects scanned: 192318

Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I have good news for you => Your system is clean now! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Let the cleaning tools we use. First get rid of ComboFix:

Go to Start => Run... and copy & paste next command in the field:

ComboFix /uninstall

Then hit Enter button.

This procedure will do the following:

  • Uninstall ComboFix
  • Delete its related folders and files
  • Reset your clock settings then update it and perform a full system scan.
  • Hide file extensions
  • Hide the system/hidden files
  • Resets System Restore again

Note: Make sure there's a space between ComboFix and /uninstall

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete ResetTeaTimer, TDSSKiller and DDS.

Some quick tips:

  1. Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.