Jump to content

Lots of suspicious outgoing connections.


Recommended Posts

I'm trying to clean out this machine. It's been blue screening quite often, so I ran mbam and it's blocking tons of outgoing connections. AVG is reporting a rootkit, ugh. Thanks for taking a look!

DDS:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by Valerie at 13:31:26 on 2011-08-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.821 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\WINDOWS\system32\rdpclip.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\HomeData\Host.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\ACT\Act for Windows\Act.Outlook.Sync.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\logon.scr
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: @c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2291.0\npwinext.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Act.Outlook.Service] "c:\program files\act\act for windows\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for windows\ActSage.exe" -preload
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\valerie\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hometr~1.lnk - c:\homedata\Host.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpzrcv01.lnk - c:\program files\hp\temp\{b94428f6-e93c-4d1d-8580-46d70fa07a9d}\setup\hpzstub.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sageac~1.lnk - c:\program files\act\act for windows\Act.Outlook.Sync.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: selectpayment.com\ssl
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290809991953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{2A96F8DE-C951-41DC-99F2-4B0E303109CD} : DhcpNameServer = 10.1.10.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\valerie\application data\mozilla\firefox\profiles\y5d4970i.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.cpsmi.com:32002/mail/blankskin.html?id=275f56e1be85bac528eae2d6f79c04b7
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-19 366640]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\sqlservr.exe [2010-5-6 42884448]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-19 22712]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2010-8-19 81920]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2011-7-20 10112]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-5-6 44896]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\microsoft sql server\mssql10_50.act7\mssql\binn\SQLAGENT.EXE [2010-5-6 367456]
.
=============== Created Last 30 ================
.
2011-08-21 16:26:46 -------- d-sha-r- C:\cmdcons
2011-08-21 16:26:09 98816 ----a-w- c:\windows\sed.exe
2011-08-21 16:26:09 518144 ----a-w- c:\windows\SWREG.exe
2011-08-21 16:26:09 256000 ----a-w- c:\windows\PEV.exe
2011-08-21 16:26:09 208896 ----a-w- c:\windows\MBR.exe
2011-08-19 15:13:47 -------- d-----w- c:\documents and settings\valerie\application data\Malwarebytes
2011-08-19 15:13:22 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 15:13:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-08-19 15:13:16 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 15:13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-10 13:45:48 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 13:45:30 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 14:21:25 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2011-08-03 14:21:25 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-08-03 14:09:37 -------- d-----w- c:\program files\Microsoft
2011-08-03 14:09:27 -------- d-----w- c:\program files\MSN Toolbar
2011-08-03 14:08:26 -------- d-----w- c:\program files\Bing Bar Installer
2011-08-03 14:06:56 -------- d-----w- c:\documents and settings\valerie\application data\HpUpdate
2011-08-03 14:06:13 527208 ------w- c:\windows\system32\HPDiscoPM5312.dll
2011-08-03 14:06:09 1792872 ----a-w- c:\windows\system32\HPScanMiniDrv_OJ8500_A910.dll
2011-08-03 14:06:07 267112 ----a-w- c:\windows\system32\hpinksts5312LM.dll
2011-08-03 14:06:07 232296 ----a-w- c:\windows\system32\hpinksts5312.dll
2011-08-03 14:06:07 213864 ----a-w- c:\windows\system32\hpinkcoi5312.dll
2011-08-03 14:03:54 -------- d-----w- c:\documents and settings\valerie\local settings\application data\HP
2011-08-03 14:01:53 -------- d-----w- c:\documents and settings\valerie\application data\supportdotcom
2011-08-03 14:01:40 -------- d-----w- c:\program files\common files\supportdotcom
.
==================== Find3M ====================
.
2011-08-21 17:12:36 848 --sha-w- c:\documents and settings\all users\application data\KGyGaAvL.sys
2011-07-27 20:22:20 54776 ----a-w- c:\windows\system32\drivers\mozy.sys
2011-07-20 08:44:56 28032 ----a-w- c:\windows\system32\ssmirrdr.dll
2011-07-20 08:44:56 10112 ----a-w- c:\windows\system32\drivers\ssmirrdr.sys
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36:30 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36:30 43520 ------w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36:30 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-08 09:40:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-08 09:40:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD3200AAKS-75VYA0 rev.12.01B02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x899754C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x8997c8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x8997c730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x89CA2AB8]
3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000006f[0x89D00F18]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89C92940]
\Driver\atapi[0x89A63E18] -> IRP_MJ_CREATE -> 0x899754C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x899752E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:32:11.98 ===============

GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-21 13:45:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD3200AAKS-75VYA0 rev.12.01B02
Running: dmt2vok2.exe; Driver: C:\DOCUME~1\Valerie\LOCALS~1\Temp\kwlyapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB310B738]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB310B7DC]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB310B878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB310B914]

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7278360, 0x307F47, 0xE8000020]
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Valerie\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0293000A
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 02D2000A
.text C:\WINDOWS\System32\svchost.exe[1248] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 02D3000A
.text C:\WINDOWS\System32\svchost.exe[1248] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E0000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[4584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 899752E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 899752E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-5 899752E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 899752E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 899752E0
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-10 899752E0

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Program Files\MozyHome\Data\filter_raw.log.1 0 bytes

---- EOF - GMER 1.0.15 ----

protection-log-2011-08-21.txt

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.