Jump to content

Recommended Posts

I've had some malware recently, "Malware Protection" and "Windows Security 2011"

I thought I had removed all traces of problems but I'm still having

trouble getting completely clean. I've ran Malware Anti-Malware,

SuperAntiSpyware and they haven't come up with anything. Here are some

other logs which you would probably want to look at. I also just ran

ATFCleaner prior to posting this.

Also I have trouble starting my computer. When I log off windows xp it gets hung up on saving your settings and I have to manually power down. When I start my computer sometimes it says computer didn't shut down properly, and takes me to the screen to choose normal or safe mode, then it restarts and cycles through the same screens repetitively.

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-25 20:29:23

-----------------------------

20:29:23.281 OS Version: Windows 5.1.2600 Service Pack 3

20:29:23.281 Number of processors: 1 586 0x207

20:29:23.281 ComputerName: ANDY UserName: Andy

20:29:24.484 Initialize success

20:29:36.578 Disk 0 (boot) \Device\Harddisk0\DR0 ->

\Device\Ide\IdeDeviceP0T0L0-3

20:29:36.578 Disk 0 Vendor: WDC_WD800BB-75CAA0 16.06V16 Size:

76293MB BusType: 3

20:29:36.578 Device \Driver\atapi -> DriverStartIo 8a76331b

20:29:38.578 Disk 0 MBR read successfully

20:29:38.578 Disk 0 MBR scan

20:29:38.578 Disk 0 Windows XP default MBR code

20:29:40.578 Disk 0 scanning sectors +156232125

20:29:40.625 Disk 0 scanning C:\WINDOWS\system32\drivers

20:30:00.109 Service scanning

20:30:02.843 Disk 0 trace - called modules:

20:30:02.843 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8a7634d0]<<

20:30:02.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a84dab8]

20:30:02.843 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a8435e8]

20:30:02.843 \Driver\atapi[0x8a807560] -> IRP_MJ_CREATE -> 0x8a7634d0

20:30:02.843 Scan finished successfully

20:31:17.937 Disk 0 MBR has been saved successfully to

"C:\Documents and Settings\Andy\Desktop\MBR.dat"

20:31:17.968 The log file has been saved successfully to

"C:\Documents and Settings\Andy\Desktop\aswMBR.txt"

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Andy at 20:35:23 on 2011-05-25

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.679

[GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device

Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\Andy\Desktop\aswMBR.exe

C:\Documents and Settings\Andy\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL =

mWindow Title = Microsoft Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO:

{a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program

files\flashget\jccatch.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c}

- c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class:

{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -

c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE

c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

mPolicies-system: RunStartupScriptSync = 1 (0x1)

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program

files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} -

{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program

files\evernote\evernote3.5\enbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0000000A-9980-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab

DPF: {00000055-9980-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {00000161-0000-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://active.macromedia.com/director/cabs/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244924108437

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {64697663-0000-0010-8000-00AA00389B71} -

hxxp://codecs.microsoft.com/codecs/i386/cinepak.cab

DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} -

hxxp://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

c:\program files\avg\avg8\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andy\application

data\mozilla\firefox\profiles\l1am3en0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - http:/www.google.com/ig

FF - component: c:\documents and settings\andy\application

data\mozilla\firefox\profiles\l1am3en0.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - plugin: c:\program files\common files\research in

motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]

R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]

R1 AvgLdx86;AVG Free AVI Loader Driver

x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-24 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver

x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-24 27784]

R1 AvgTdiX;AVG Free8 Network

Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-24 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS

[2008-12-22 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS

[2008-12-22 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe

[2009-5-24 297752]

S1 tvtool;tvtool;\??\c:\program files\tvtool 6.5\tvtool.sys -->

c:\program files\tvtool 6.5\tvtool.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe

[2010-3-18 130384]

S3 AVG Security Toolbar Service;AVG Security Toolbar

Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe

[2010-10-26 947528]

S3 cur_bus;Curitel USB Composite Device driver

(WDM);c:\windows\system32\drivers\cur_bus.sys [2005-8-7 52384]

S3 cur_mdfl;Curitel Packet Service

Filter;c:\windows\system32\drivers\cur_mdfl.sys [2005-8-7 6096]

S3 cur_mdm;Curitel Packet Service

Drivers;c:\windows\system32\drivers\cur_mdm.sys [2005-8-7 84384]

S3 cur_serd;Curitel Packet Service Diagnostic Serial Port

(WDM);c:\windows\system32\drivers\cur_serd.sys [2005-8-7 66016]

S3 Curidcato;Curidcato;c:\windows\system32\mrinfo.exe [2002-9-3 12800]

S3 censoredFmn;censoredFmn;\??\c:\program files\avisplit\censoredfmn.sys -->

c:\program files\avisplit\censoredFmn.sys [?]

S3 MIDUSB;Driver for

Midistart-2;c:\windows\system32\drivers\mstart-2drv.sys [2006-7-17

46976]

S3 NPF;NetGroup Packet Filter

Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS

[2008-12-22 7408]

S3 SCREAMINGBDRIVER;Screaming Bee

Audio;c:\windows\system32\drivers\screamingbaudio.sys -->

c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 WinRM;Windows Remote Management

(WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3

14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe

[2010-3-18 753504]

S3 xbreader;MaxDrive XBox Driver

(xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2

19677]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2095-11-30 23:05:46 -------- d-sh--w- c:\documents and settings\andy\UserData

2095-11-30 22:49:56 -------- d-----w- c:\program files\WS_FTP

2011-05-25 17:07:54 -------- d-----w- c:\documents and

settings\andy\application data\Image-Line

2011-05-25 17:07:26 -------- d-----w- c:\documents and

settings\andy\application data\SynthMaker

2011-05-25 00:11:48 -------- d-----w- c:\program files\ExplorerXP

2011-05-24 17:37:14 -------- d-----w- c:\program files\FolderSize

2011-05-24 17:28:05 -------- d-----w- c:\program files\Outsim

2011-05-22 18:46:37 0 ----a-w- c:\windows\Qjupovapupi.bin

2011-05-22 18:46:36 -------- d-----w- c:\documents and

settings\andy\local settings\application

data\{C25121D5-4D40-46F3-8D53-D070DBA93528}

2011-05-20 17:19:20 -------- d-----w- C:\virtualdub

2011-05-16 05:04:42 69632 ----a-r- c:\documents and

settings\andy\application

data\microsoft\installer\{96b20c36-4f3e-4ca2-8583-fb2999e16a6e}\BlackBerry.exe

2011-04-29 22:37:50 -------- d-----w- c:\program files\AimOne_AlltoMP3

.

==================== Find3M ====================

.

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2005-05-13 22:12:00 217073 --sha-r- c:\windows\meta4.exe

2005-10-24 16:13:58 66560 --sha-r- c:\windows\MOTA113.exe

2005-10-14 02:27:00 422400 --sha-r- c:\windows\x2.64.exe

2008-12-21 21:46:54 351744 --sha-w- c:\windows\system32\avisynth.dll

2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll

2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,

http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800BB-75CAA0 rev.16.06V16 ->

Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A7634D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX,

[0x8a7697f0]; MOV EAX, [0x8a76986c]; PUSH EBX; PUSH ESI; MOV ESI,

[EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8],

EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A84DAB8]

3 CLASSPNP[0xF7637FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A8435E8]

\Driver\atapi[0x8A807560] -> IRP_MJ_CREATE -> 0x8A7634D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES;

PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH

DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP

[bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A76331B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 20:36:26.10 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Then update MBAM, run a Quick Scan, and post its log.

Then run DDS again and post its log.

Link to post
Share on other sites

Thank you very much!!!

2011/05/30 20:53:49.0398 3936 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24

2011/05/30 20:53:49.0867 3936 ================================================================================

2011/05/30 20:53:49.0867 3936 SystemInfo:

2011/05/30 20:53:49.0867 3936

2011/05/30 20:53:49.0867 3936 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/30 20:53:49.0867 3936 Product type: Workstation

2011/05/30 20:53:49.0867 3936 ComputerName: ANDY

2011/05/30 20:53:49.0867 3936 UserName: Andy

2011/05/30 20:53:49.0867 3936 Windows directory: C:\WINDOWS

2011/05/30 20:53:49.0867 3936 System windows directory: C:\WINDOWS

2011/05/30 20:53:49.0867 3936 Processor architecture: Intel x86

2011/05/30 20:53:49.0867 3936 Number of processors: 1

2011/05/30 20:53:49.0867 3936 Page size: 0x1000

2011/05/30 20:53:49.0867 3936 Boot type: Normal boot

2011/05/30 20:53:49.0867 3936 ================================================================================

2011/05/30 20:53:52.0883 3936 Initialize success

2011/05/30 20:53:55.0664 0816 ================================================================================

2011/05/30 20:53:55.0664 0816 Scan started

2011/05/30 20:53:55.0664 0816 Mode: Manual;

2011/05/30 20:53:55.0664 0816 ================================================================================

2011/05/30 20:53:57.0195 0816 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/05/30 20:53:57.0398 0816 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/30 20:53:57.0601 0816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/30 20:53:57.0789 0816 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/05/30 20:53:57.0961 0816 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/05/30 20:53:58.0117 0816 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/30 20:53:58.0273 0816 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2011/05/30 20:53:58.0508 0816 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys

2011/05/30 20:53:58.0742 0816 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/05/30 20:53:58.0945 0816 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/05/30 20:53:59.0180 0816 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/05/30 20:53:59.0336 0816 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/05/30 20:53:59.0508 0816 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/05/30 20:53:59.0711 0816 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/05/30 20:53:59.0883 0816 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/05/30 20:54:00.0055 0816 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/05/30 20:54:00.0273 0816 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/05/30 20:54:00.0445 0816 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/05/30 20:54:00.0617 0816 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/05/30 20:54:00.0789 0816 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/05/30 20:54:01.0008 0816 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/30 20:54:01.0195 0816 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/30 20:54:01.0492 0816 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/30 20:54:01.0695 0816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/30 20:54:01.0898 0816 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

2011/05/30 20:54:02.0055 0816 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2011/05/30 20:54:02.0226 0816 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys

2011/05/30 20:54:02.0523 0816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/30 20:54:02.0726 0816 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/05/30 20:54:02.0758 0816 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/05/30 20:54:02.0930 0816 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

2011/05/30 20:54:03.0430 0816 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/05/30 20:54:03.0601 0816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/30 20:54:03.0805 0816 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/30 20:54:03.0961 0816 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/05/30 20:54:04.0101 0816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/30 20:54:04.0289 0816 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/30 20:54:04.0476 0816 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/05/30 20:54:04.0633 0816 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/05/30 20:54:04.0820 0816 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/30 20:54:05.0070 0816 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/05/30 20:54:05.0258 0816 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/05/30 20:54:05.0461 0816 cur_bus (936655ee9e6db86e1accad1c2cee1053) C:\WINDOWS\system32\DRIVERS\cur_bus.sys

2011/05/30 20:54:05.0617 0816 cur_mdfl (8d3c5ffcc4ebd3fccd66eeaa39377f82) C:\WINDOWS\system32\DRIVERS\cur_mdfl.sys

2011/05/30 20:54:05.0805 0816 cur_mdm (310f4eac43bb9587b83ce94e7c1cd35c) C:\WINDOWS\system32\DRIVERS\cur_mdm.sys

2011/05/30 20:54:05.0961 0816 cur_serd (bbf6d15e04ad5bdcba45580b3d66a105) C:\WINDOWS\system32\DRIVERS\cur_serd.sys

2011/05/30 20:54:06.0133 0816 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/05/30 20:54:06.0305 0816 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/05/30 20:54:06.0523 0816 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/30 20:54:06.0711 0816 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/30 20:54:07.0023 0816 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/05/30 20:54:07.0258 0816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/30 20:54:07.0508 0816 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/30 20:54:07.0742 0816 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/05/30 20:54:07.0961 0816 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/30 20:54:08.0164 0816 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/05/30 20:54:08.0523 0816 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/30 20:54:08.0758 0816 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/30 20:54:09.0008 0816 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/30 20:54:09.0148 0816 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/30 20:54:09.0336 0816 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/30 20:54:09.0508 0816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/30 20:54:09.0617 0816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/30 20:54:09.0867 0816 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/05/30 20:54:10.0055 0816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/05/30 20:54:10.0289 0816 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/30 20:54:10.0476 0816 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/30 20:54:10.0664 0816 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/05/30 20:54:10.0851 0816 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/05/30 20:54:11.0070 0816 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/05/30 20:54:11.0398 0816 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/30 20:54:11.0633 0816 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/05/30 20:54:11.0867 0816 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/05/30 20:54:12.0086 0816 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/30 20:54:12.0305 0816 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/05/30 20:54:12.0523 0816 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/05/30 20:54:12.0726 0816 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/05/30 20:54:12.0945 0816 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/05/30 20:54:13.0117 0816 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/05/30 20:54:13.0320 0816 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/05/30 20:54:13.0476 0816 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/05/30 20:54:13.0680 0816 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/05/30 20:54:14.0023 0816 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/05/30 20:54:14.0226 0816 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/05/30 20:54:14.0601 0816 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/30 20:54:14.0836 0816 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/05/30 20:54:15.0039 0816 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/05/30 20:54:15.0242 0816 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/30 20:54:15.0430 0816 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/30 20:54:15.0648 0816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/30 20:54:15.0836 0816 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/30 20:54:16.0070 0816 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/30 20:54:16.0336 0816 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/30 20:54:16.0555 0816 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/30 20:54:16.0836 0816 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/30 20:54:17.0039 0816 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/30 20:54:17.0258 0816 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/30 20:54:17.0508 0816 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/30 20:54:18.0117 0816 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/05/30 20:54:18.0336 0816 MIDUSB (43faf3ee4ee4ff81c5665323baf32fae) C:\WINDOWS\system32\Drivers\mstart-2drv.sys

2011/05/30 20:54:18.0586 0816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/30 20:54:18.0820 0816 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/30 20:54:19.0070 0816 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/30 20:54:19.0242 0816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/30 20:54:19.0476 0816 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/30 20:54:19.0680 0816 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/05/30 20:54:19.0898 0816 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/30 20:54:20.0164 0816 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/30 20:54:20.0461 0816 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/30 20:54:20.0695 0816 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/30 20:54:20.0914 0816 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/30 20:54:21.0117 0816 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/30 20:54:21.0336 0816 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/30 20:54:21.0539 0816 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/30 20:54:21.0836 0816 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/30 20:54:22.0133 0816 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys

2011/05/30 20:54:22.0367 0816 MXOPSWD (c29f284ff7ab4ed38ce419a9424e52a2) C:\WINDOWS\system32\DRIVERS\mxopswd.sys

2011/05/30 20:54:22.0617 0816 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/30 20:54:22.0851 0816 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/30 20:54:23.0055 0816 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/30 20:54:23.0273 0816 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/30 20:54:23.0508 0816 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/30 20:54:23.0742 0816 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/30 20:54:23.0976 0816 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/30 20:54:24.0195 0816 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/30 20:54:24.0398 0816 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/30 20:54:24.0695 0816 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/05/30 20:54:24.0961 0816 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2011/05/30 20:54:25.0195 0816 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/30 20:54:25.0461 0816 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/30 20:54:25.0789 0816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/30 20:54:26.0180 0816 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/05/30 20:54:26.0820 0816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/30 20:54:27.0055 0816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/30 20:54:27.0242 0816 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/05/30 20:54:27.0461 0816 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/05/30 20:54:27.0680 0816 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/30 20:54:27.0914 0816 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/30 20:54:28.0164 0816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/30 20:54:28.0367 0816 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/30 20:54:28.0695 0816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/30 20:54:28.0898 0816 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/30 20:54:29.0133 0816 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2011/05/30 20:54:30.0039 0816 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/05/30 20:54:30.0273 0816 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/05/30 20:54:30.0539 0816 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys

2011/05/30 20:54:30.0820 0816 pnpshark (e68daac907bb158c55ad55d01d6e31ba) C:\WINDOWS\system32\DRIVERS\pnpshark.sys

2011/05/30 20:54:31.0101 0816 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/30 20:54:31.0320 0816 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/30 20:54:31.0555 0816 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/30 20:54:32.0055 0816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/30 20:54:32.0242 0816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/05/30 20:54:32.0617 0816 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/05/30 20:54:32.0851 0816 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/05/30 20:54:33.0086 0816 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/05/30 20:54:33.0305 0816 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/05/30 20:54:33.0555 0816 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/05/30 20:54:33.0789 0816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/30 20:54:34.0086 0816 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/30 20:54:34.0305 0816 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/30 20:54:34.0492 0816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/30 20:54:34.0711 0816 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/30 20:54:34.0930 0816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/30 20:54:35.0148 0816 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/30 20:54:35.0414 0816 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/30 20:54:35.0695 0816 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/30 20:54:35.0976 0816 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys

2011/05/30 20:54:36.0148 0816 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/05/30 20:54:36.0320 0816 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/05/30 20:54:36.0539 0816 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/05/30 20:54:36.0773 0816 RT2500 (2c70c23787f8b500eccc5c1280b72e7c) C:\WINDOWS\system32\DRIVERS\RT2500.sys

2011/05/30 20:54:36.0992 0816 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/05/30 20:54:37.0180 0816 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/30 20:54:37.0258 0816 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/05/30 20:54:37.0320 0816 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/05/30 20:54:37.0570 0816 SCDEmu (65b47e763ed55f35f787a7918272d155) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/05/30 20:54:37.0976 0816 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/30 20:54:38.0195 0816 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/30 20:54:38.0414 0816 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/30 20:54:38.0726 0816 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/30 20:54:39.0101 0816 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/05/30 20:54:39.0289 0816 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/30 20:54:39.0680 0816 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys

2011/05/30 20:54:39.0976 0816 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/05/30 20:54:40.0195 0816 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/30 20:54:40.0445 0816 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/30 20:54:40.0711 0816 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/30 20:54:41.0023 0816 st3shark (f7cd574cff0e0df2ced11710acfb60a2) C:\WINDOWS\system32\DRIVERS\st3shark.sys

2011/05/30 20:54:41.0258 0816 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/30 20:54:41.0461 0816 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/30 20:54:41.0726 0816 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/30 20:54:41.0976 0816 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/05/30 20:54:42.0164 0816 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/05/30 20:54:42.0383 0816 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/05/30 20:54:42.0601 0816 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/05/30 20:54:42.0914 0816 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/30 20:54:43.0195 0816 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/30 20:54:43.0492 0816 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

2011/05/30 20:54:43.0836 0816 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/30 20:54:44.0070 0816 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/30 20:54:44.0273 0816 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/30 20:54:44.0523 0816 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/05/30 20:54:44.0773 0816 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2011/05/30 20:54:45.0086 0816 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/30 20:54:45.0273 0816 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/05/30 20:54:45.0523 0816 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/30 20:54:45.0836 0816 USBAAPL (7c9f1503245402b01c79bdfa8731cb2a) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/30 20:54:46.0008 0816 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/05/30 20:54:46.0226 0816 usbbus (b5fbadee0e8aa4ad1f5e3f4f153c8c6c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/05/30 20:54:46.0398 0816 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/30 20:54:46.0570 0816 UsbDiag (3cedcf0b428d5f49a4a2b031f974e838) C:\WINDOWS\system32\DRIVERS\lgUsbDiag.sys

2011/05/30 20:54:46.0820 0816 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/30 20:54:47.0008 0816 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/30 20:54:47.0180 0816 USBModem (b4796b12df011dc75617d4c687cf38cc) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/05/30 20:54:47.0383 0816 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/30 20:54:47.0539 0816 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/30 20:54:47.0820 0816 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/30 20:54:47.0992 0816 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/30 20:54:48.0148 0816 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/05/30 20:54:48.0320 0816 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/30 20:54:48.0508 0816 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/05/30 20:54:48.0680 0816 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/05/30 20:54:48.0883 0816 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/30 20:54:49.0070 0816 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/30 20:54:49.0305 0816 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/30 20:54:49.0539 0816 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/05/30 20:54:49.0898 0816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/05/30 20:54:50.0101 0816 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/30 20:54:50.0320 0816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/30 20:54:50.0570 0816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/30 20:54:50.0867 0816 xbreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\WINDOWS\system32\Drivers\xbreader.sys

2011/05/30 20:54:51.0023 0816 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0

2011/05/30 20:54:51.0023 0816 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/30 20:54:51.0039 0816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3

2011/05/30 20:54:51.0070 0816 ================================================================================

2011/05/30 20:54:51.0070 0816 Scan finished

2011/05/30 20:54:51.0070 0816 ================================================================================

2011/05/30 20:54:51.0086 3876 Detected object count: 1

2011/05/30 20:54:51.0086 3876 Actual detected object count: 1

2011/05/30 20:56:33.0101 3876 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/30 20:56:33.0101 3876 \Device\Harddisk0\DR0 - ok

2011/05/30 20:56:33.0101 3876 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/05/30 20:56:38.0555 3960 Deinitialize success

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6727

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/31/2011 12:05:53 AM

mbam-log-2011-05-31 (00-05-48).txt

Scan type: Full scan (C:\|)

Objects scanned: 338616

Time elapsed: 2 hour(s), 45 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\Andy\application data\Adobe\shed\thr1.chm (Malware.Trace) -> No action taken.

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Andy at 1:40:04 on 2011-05-31

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.969 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Andy\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL =

mWindow Title = Microsoft Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

mPolicies-system: RunStartupScriptSync = 1 (0x1)

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244924108437

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {64697663-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/cinepak.cab

DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - hxxp://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andy\application data\mozilla\firefox\profiles\l1am3en0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - http:/www.google.com/ig

FF - component: c:\documents and settings\andy\application data\mozilla\firefox\profiles\l1am3en0.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]

R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-24 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-24 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-24 108552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-24 297752]

S1 tvtool;tvtool;\??\c:\program files\tvtool 6.5\tvtool.sys --> c:\program files\tvtool 6.5\tvtool.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 947528]

S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [2005-8-7 52384]

S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [2005-8-7 6096]

S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [2005-8-7 84384]

S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [2005-8-7 66016]

S3 Curidcato;Curidcato;c:\windows\system32\mrinfo.exe [2002-9-3 12800]

S3 censoredFmn;censoredFmn;\??\c:\program files\avisplit\censoredfmn.sys --> c:\program files\avisplit\censoredFmn.sys [?]

S3 MIDUSB;Driver for Midistart-2;c:\windows\system32\drivers\mstart-2drv.sys [2006-7-17 46976]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2095-11-30 23:05:46 -------- d-sh--w- c:\documents and settings\andy\UserData

2095-11-30 22:49:56 -------- d-----w- c:\program files\WS_FTP

2011-05-25 17:07:54 -------- d-----w- c:\documents and settings\andy\application data\Image-Line

2011-05-25 17:07:26 -------- d-----w- c:\documents and settings\andy\application data\SynthMaker

2011-05-25 00:11:48 -------- d-----w- c:\program files\ExplorerXP

2011-05-24 17:37:14 -------- d-----w- c:\program files\FolderSize

2011-05-24 17:28:05 -------- d-----w- c:\program files\Outsim

2011-05-22 18:46:37 0 ----a-w- c:\windows\Qjupovapupi.bin

2011-05-22 18:46:36 -------- d-----w- c:\documents and settings\andy\local settings\application data\{C25121D5-4D40-46F3-8D53-D070DBA93528}

2011-05-20 17:19:20 -------- d-----w- C:\virtualdub

2011-05-16 05:04:42 69632 ----a-r- c:\documents and settings\andy\application data\microsoft\installer\{96b20c36-4f3e-4ca2-8583-fb2999e16a6e}\BlackBerry.exe

.

==================== Find3M ====================

.

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2005-05-13 22:12:00 217073 --sha-r- c:\windows\meta4.exe

2005-10-24 16:13:58 66560 --sha-r- c:\windows\MOTA113.exe

2005-10-14 02:27:00 422400 --sha-r- c:\windows\x2.64.exe

2008-12-21 21:46:54 351744 --sha-w- c:\windows\system32\avisynth.dll

2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll

2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

============= FINISH: 1:41:53.76 ===============

Link to post
Share on other sites

Combofix log is too long, I've attached it. Here is DDS

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by Andy at 12:55:31 on 2011-06-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1108 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

svchost.exe

C:\WINDOWS\System32\svchost.exe -k dot3svc

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\Andy\Desktop\dds.scr

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Search_URL =

mWindow Title = Microsoft Internet Explorer provided by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

uPolicies-explorer: NoSMBalloonTip = 1 (0x1)

IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm

IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmsp9dmo.cab

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab

DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,74/mcinsctl.cab

DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244924108437

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {64697663-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/cinepak.cab

DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} - hxxp://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab

DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\andy\application data\mozilla\firefox\profiles\l1am3en0.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - http:/www.google.com/ig

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

.

============= SERVICES / DRIVERS ===============

.

R0 pnpshark;pnpshark;c:\windows\system32\drivers\pnpshark.sys [2003-10-2 119552]

R0 st3shark;st3shark;c:\windows\system32\drivers\st3shark.sys [2003-9-27 5504]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]

S1 tvtool;tvtool;\??\c:\program files\tvtool 6.5\tvtool.sys --> c:\program files\tvtool 6.5\tvtool.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [2005-8-7 52384]

S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [2005-8-7 6096]

S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [2005-8-7 84384]

S3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\drivers\cur_serd.sys [2005-8-7 66016]

S3 Curidcato;Curidcato;c:\windows\system32\mrinfo.exe [2002-9-3 12800]

S3 censoredFmn;censoredFmn;\??\c:\program files\avisplit\censoredfmn.sys --> c:\program files\avisplit\censoredFmn.sys [?]

S3 MIDUSB;Driver for Midistart-2;c:\windows\system32\drivers\mstart-2drv.sys [2006-7-17 46976]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2002-9-3 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2001-1-2 19677]

.

=============== File Associations ===============

.

.txt=

.

=============== Created Last 30 ================

.

2095-11-30 23:05:46 -------- d-sh--w- c:\documents and settings\andy\UserData

2095-11-30 22:49:56 -------- d-----w- c:\program files\WS_FTP

2011-05-25 17:07:54 -------- d-----w- c:\documents and settings\andy\application data\Image-Line

2011-05-25 17:07:26 -------- d-----w- c:\documents and settings\andy\application data\SynthMaker

2011-05-25 00:11:48 -------- d-----w- c:\program files\ExplorerXP

2011-05-24 17:37:14 -------- d-----w- c:\program files\FolderSize

2011-05-24 17:28:05 -------- d-----w- c:\program files\Outsim

2011-05-22 18:46:37 0 ----a-w- c:\windows\Qjupovapupi.bin

2011-05-20 17:19:20 -------- d-----w- C:\virtualdub

2011-05-16 05:04:42 69632 ----a-r- c:\documents and settings\andy\application data\microsoft\installer\{96b20c36-4f3e-4ca2-8583-fb2999e16a6e}\BlackBerry.exe

.

==================== Find3M ====================

.

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2005-05-13 22:12:00 217073 --sha-r- c:\windows\meta4.exe

2005-10-24 16:13:58 66560 --sha-r- c:\windows\MOTA113.exe

2005-10-14 02:27:00 422400 --sha-r- c:\windows\x2.64.exe

2008-12-21 21:46:54 351744 --sha-w- c:\windows\system32\avisynth.dll

2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll

2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll

2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll

2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll

2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe

2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

.

============= FINISH: 13:00:00.10 ===============

ComboFix.txt

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

C:\Documents and Settings\Andy\Application Data\Sun\Java\Deployment\cache\6.0\5\7c18d505-1b6032f7 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\ufezubet.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\warning.html.vir Win32/TrojanDownloader.FakeAlert.AED virus deleted - quarantined

Results of screen317's Security Check version 0.99.12

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Antivirus out of date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner (remove only)

Java 6 Update 23

Java 2 Runtime Environment, SE v1.4.2_06

Out of date Java installed!

Flash Player Out of Date!

Adobe Flash Player 10.1.85.3

Adobe Reader 9.4.2

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..)

Mozilla Thunderbird (3.0.) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

ESET ESET Online Scanner OnlineScannerApp.exe

``````````End of Log````````````

Things seem to be running fine now. I do have AVG but I uninstalled to run Combofix.

Thanks for all your help btw.

Link to post
Share on other sites

  • Staff

Hi,

Please download ATF Cleaner by Atribune from here, and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Java Cache

The rest are optional - if you want to remove the whole lot, check Select All.

Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

HijackThis 2.0.2

Java

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.