Jump to content

Complicated Virus


Recommended Posts

Here is my last HijackThis log (sorry for not .zip)

2011/08/23 11:15:33.0546 2436 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57

2011/08/23 11:15:33.0890 2436 ================================================================================

2011/08/23 11:15:33.0890 2436 SystemInfo:

2011/08/23 11:15:33.0890 2436

2011/08/23 11:15:33.0890 2436 OS Version: 5.1.2600 ServicePack: 2.0

2011/08/23 11:15:33.0890 2436 Product type: Workstation

2011/08/23 11:15:33.0890 2436 ComputerName: HAL9000

2011/08/23 11:15:33.0890 2436 UserName: Jonathan Ross

2011/08/23 11:15:33.0890 2436 Windows directory: C:\WINDOWS

2011/08/23 11:15:33.0890 2436 System windows directory: C:\WINDOWS

2011/08/23 11:15:33.0890 2436 Processor architecture: Intel x86

2011/08/23 11:15:33.0890 2436 Number of processors: 1

2011/08/23 11:15:33.0890 2436 Page size: 0x1000

2011/08/23 11:15:33.0890 2436 Boot type: Normal boot

2011/08/23 11:15:33.0890 2436 ================================================================================

2011/08/23 11:15:36.0328 2436 Initialize success

2011/08/23 11:20:54.0390 0808 ================================================================================

2011/08/23 11:20:54.0390 0808 Scan started

2011/08/23 11:20:54.0390 0808 Mode: Manual;

2011/08/23 11:20:54.0390 0808 ================================================================================

2011/08/23 11:20:56.0187 0808 3f54274e (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1311200319:3232487601.exe

2011/08/23 11:20:58.0296 0808 Suspicious file (Hidden): C:\WINDOWS\1311200319:3232487601.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

2011/08/23 11:20:58.0312 0808 3f54274e - detected HiddenFile.Multi.Generic (1)

2011/08/23 11:20:58.0500 0808 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/08/23 11:20:58.0781 0808 A3AB (21af8e9c727c6d7643ad497268f55bf1) C:\WINDOWS\system32\DRIVERS\A3AB.sys

2011/08/23 11:20:59.0156 0808 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/08/23 11:20:59.0500 0808 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/08/23 11:20:59.0656 0808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/08/23 11:20:59.0796 0808 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/08/23 11:21:00.0000 0808 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/08/23 11:21:00.0218 0808 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/08/23 11:21:00.0453 0808 AFS2K (c685cc27a2e637f0dcb5a45e67cc6f74) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/08/23 11:21:00.0578 0808 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/08/23 11:21:00.0718 0808 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/08/23 11:21:00.0953 0808 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/08/23 11:21:01.0140 0808 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/08/23 11:21:01.0375 0808 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/08/23 11:21:01.0562 0808 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/08/23 11:21:01.0781 0808 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/08/23 11:21:02.0015 0808 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/08/23 11:21:02.0296 0808 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/08/23 11:21:02.0484 0808 ANIO (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS

2011/08/23 11:21:02.0718 0808 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/08/23 11:21:02.0921 0808 ASAPIW2k (4f9cbbf95e8f7a0d4c0edcfe3b78102e) C:\WINDOWS\system32\Drivers\ASAPIW2K.sys

2011/08/23 11:21:03.0109 0808 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/08/23 11:21:03.0359 0808 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/08/23 11:21:03.0578 0808 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/08/23 11:21:03.0734 0808 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/08/23 11:21:03.0953 0808 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/08/23 11:21:04.0156 0808 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/08/23 11:21:04.0531 0808 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/08/23 11:21:04.0718 0808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/08/23 11:21:04.0890 0808 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/08/23 11:21:05.0046 0808 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

2011/08/23 11:21:05.0218 0808 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys

2011/08/23 11:21:05.0500 0808 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

2011/08/23 11:21:05.0937 0808 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

2011/08/23 11:21:06.0390 0808 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

2011/08/23 11:21:06.0796 0808 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

2011/08/23 11:21:07.0156 0808 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

2011/08/23 11:21:07.0515 0808 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

2011/08/23 11:21:07.0812 0808 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

2011/08/23 11:21:08.0140 0808 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

2011/08/23 11:21:08.0468 0808 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS

2011/08/23 11:21:08.0859 0808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/08/23 11:21:10.0500 0808 Bridge (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/08/23 11:21:10.0703 0808 BridgeMP (e4e6a0922e3d983728c9ad4e8d466954) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/08/23 11:21:11.0640 0808 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/08/23 11:21:12.0359 0808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/08/23 11:21:12.0734 0808 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/08/23 11:21:13.0109 0808 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/08/23 11:21:13.0562 0808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/08/23 11:21:13.0921 0808 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/08/23 11:21:14.0375 0808 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/08/23 11:21:15.0218 0808 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/08/23 11:21:16.0093 0808 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/08/23 11:21:16.0953 0808 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

2011/08/23 11:21:17.0953 0808 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys

2011/08/23 11:21:18.0921 0808 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\system32\Drivers\d347prt.sys

2011/08/23 11:21:19.0625 0808 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/08/23 11:21:20.0234 0808 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/08/23 11:21:20.0937 0808 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/08/23 11:21:21.0937 0808 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/08/23 11:21:23.0296 0808 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/08/23 11:21:24.0031 0808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/08/23 11:21:24.0781 0808 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/08/23 11:21:25.0406 0808 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/08/23 11:21:25.0796 0808 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/08/23 11:21:26.0281 0808 drvmcdb (7df2e645fbda7cde94fcabba7f0de4c2) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/08/23 11:21:28.0093 0808 E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/08/23 11:21:29.0390 0808 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/08/23 11:21:30.0140 0808 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/08/23 11:21:31.0609 0808 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/08/23 11:21:32.0156 0808 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/08/23 11:21:32.0671 0808 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/08/23 11:21:33.0640 0808 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/08/23 11:21:34.0718 0808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/08/23 11:21:35.0812 0808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/08/23 11:21:37.0281 0808 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2011/08/23 11:21:38.0750 0808 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/08/23 11:21:39.0531 0808 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/08/23 11:21:40.0328 0808 HPZid412 (863cc3a82c63c9f60acf2e85d5310620) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/08/23 11:21:40.0875 0808 HPZipr12 (08cb72e95dd75b61f2966b311d0e4366) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/08/23 11:21:41.0375 0808 HPZius12 (ca990306ed4ef732af9695bff24fc96f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/08/23 11:21:41.0750 0808 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/08/23 11:21:42.0531 0808 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/08/23 11:21:43.0328 0808 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/08/23 11:21:43.0671 0808 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/08/23 11:21:44.0031 0808 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/08/23 11:21:44.0234 0808 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/08/23 11:21:44.0531 0808 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/08/23 11:21:44.0875 0808 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/08/23 11:21:45.0296 0808 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/08/23 11:21:45.0562 0808 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/08/23 11:21:45.0828 0808 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/08/23 11:21:46.0156 0808 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/08/23 11:21:46.0546 0808 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/08/23 11:21:46.0828 0808 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/08/23 11:21:47.0171 0808 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/08/23 11:21:47.0515 0808 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/08/23 11:21:47.0781 0808 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/08/23 11:21:48.0078 0808 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/08/23 11:21:48.0437 0808 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/08/23 11:21:48.0656 0808 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/08/23 11:21:49.0078 0808 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/08/23 11:21:49.0656 0808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/08/23 11:21:50.0437 0808 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/08/23 11:21:51.0078 0808 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/08/23 11:21:51.0859 0808 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/23 11:21:52.0203 0808 IPSec - detected Rootkit.Win32.ZAccess.c (0)

2011/08/23 11:21:52.0828 0808 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/08/23 11:21:53.0328 0808 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/08/23 11:21:53.0937 0808 JSWSCIMD (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys

2011/08/23 11:21:55.0015 0808 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/08/23 11:21:55.0750 0808 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

2011/08/23 11:21:56.0031 0808 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/08/23 11:21:56.0453 0808 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/08/23 11:21:57.0187 0808 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/08/23 11:21:57.0437 0808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/08/23 11:21:57.0625 0808 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/08/23 11:21:58.0046 0808 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/08/23 11:21:58.0203 0808 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/08/23 11:21:58.0390 0808 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/08/23 11:21:58.0609 0808 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/08/23 11:21:58.0781 0808 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/08/23 11:21:59.0078 0808 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/08/23 11:21:59.0546 0808 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/08/23 11:21:59.0921 0808 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/08/23 11:22:00.0156 0808 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/08/23 11:22:00.0390 0808 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/08/23 11:22:00.0625 0808 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/08/23 11:22:00.0843 0808 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/08/23 11:22:01.0109 0808 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/08/23 11:22:01.0343 0808 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/08/23 11:22:01.0625 0808 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/08/23 11:22:01.0859 0808 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/08/23 11:22:02.0093 0808 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/08/23 11:22:02.0281 0808 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/08/23 11:22:02.0453 0808 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/08/23 11:22:02.0625 0808 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/08/23 11:22:02.0796 0808 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/08/23 11:22:02.0984 0808 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/08/23 11:22:03.0171 0808 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/08/23 11:22:03.0390 0808 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/08/23 11:22:03.0609 0808 NMSCFG (1d3bb79a0035077297779c8c52ca3c01) C:\WINDOWS\system32\drivers\NMSCFG.SYS

2011/08/23 11:22:03.0796 0808 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/08/23 11:22:04.0156 0808 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/08/23 11:22:04.0562 0808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/08/23 11:22:05.0062 0808 nv (5950e6cc9fb3fabb61604d395dbc8550) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/08/23 11:22:05.0468 0808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/08/23 11:22:05.0687 0808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/08/23 11:22:05.0937 0808 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/08/23 11:22:06.0125 0808 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/08/23 11:22:06.0328 0808 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

2011/08/23 11:22:06.0515 0808 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys

2011/08/23 11:22:06.0765 0808 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/08/23 11:22:06.0937 0808 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/08/23 11:22:07.0140 0808 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/08/23 11:22:07.0343 0808 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/08/23 11:22:07.0500 0808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/08/23 11:22:07.0656 0808 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/08/23 11:22:07.0906 0808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/08/23 11:22:08.0031 0808 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/08/23 11:22:08.0484 0808 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/08/23 11:22:08.0671 0808 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/08/23 11:22:08.0859 0808 pfc (f2b3785d7282bac66d4b644fc88749f0) C:\WINDOWS\system32\drivers\pfc.sys

2011/08/23 11:22:09.0062 0808 PfModNT (2f5532f9b0f903b26847da674b4f55b2) C:\WINDOWS\System32\PfModNT.sys

2011/08/23 11:22:09.0296 0808 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/08/23 11:22:09.0421 0808 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/08/23 11:22:09.0640 0808 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/08/23 11:22:09.0828 0808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/08/23 11:22:09.0937 0808 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/08/23 11:22:10.0125 0808 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/08/23 11:22:10.0312 0808 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/08/23 11:22:10.0531 0808 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/08/23 11:22:10.0671 0808 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/08/23 11:22:10.0781 0808 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/08/23 11:22:10.0968 0808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/08/23 11:22:11.0156 0808 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/08/23 11:22:11.0625 0808 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/08/23 11:22:11.0921 0808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/08/23 11:22:12.0109 0808 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/08/23 11:22:12.0375 0808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/08/23 11:22:12.0609 0808 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/08/23 11:22:12.0812 0808 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/08/23 11:22:12.0937 0808 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/08/23 11:22:13.0156 0808 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys

2011/08/23 11:22:13.0390 0808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/08/23 11:22:13.0656 0808 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/08/23 11:22:13.0875 0808 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/08/23 11:22:14.0250 0808 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/08/23 11:22:14.0531 0808 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/08/23 11:22:14.0703 0808 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/08/23 11:22:14.0859 0808 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/08/23 11:22:14.0968 0808 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/08/23 11:22:15.0093 0808 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\System32\DRIVERS\sr.sys

2011/08/23 11:22:15.0328 0808 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/08/23 11:22:15.0578 0808 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/08/23 11:22:15.0703 0808 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/08/23 11:22:15.0843 0808 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/08/23 11:22:16.0000 0808 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/08/23 11:22:16.0156 0808 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/08/23 11:22:16.0265 0808 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/08/23 11:22:16.0406 0808 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/08/23 11:22:16.0500 0808 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/08/23 11:22:16.0656 0808 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/08/23 11:22:16.0812 0808 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/08/23 11:22:17.0015 0808 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/08/23 11:22:17.0140 0808 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/08/23 11:22:17.0359 0808 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/08/23 11:22:17.0562 0808 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/08/23 11:22:17.0796 0808 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/08/23 11:22:17.0984 0808 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/08/23 11:22:18.0203 0808 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2011/08/23 11:22:18.0484 0808 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/08/23 11:22:18.0687 0808 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

2011/08/23 11:22:18.0875 0808 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/08/23 11:22:19.0062 0808 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

2011/08/23 11:22:19.0281 0808 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/08/23 11:22:19.0468 0808 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/08/23 11:22:19.0671 0808 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

2011/08/23 11:22:19.0796 0808 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/08/23 11:22:20.0000 0808 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/08/23 11:22:20.0187 0808 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/08/23 11:22:20.0625 0808 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/08/23 11:22:20.0953 0808 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/08/23 11:22:21.0156 0808 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\SYSTEM32\VCdRom.sys

2011/08/23 11:22:21.0453 0808 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/08/23 11:22:21.0640 0808 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/08/23 11:22:21.0812 0808 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/08/23 11:22:21.0968 0808 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/08/23 11:22:22.0203 0808 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/08/23 11:22:22.0484 0808 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/08/23 11:22:22.0687 0808 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/08/23 11:22:23.0000 0808 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/08/23 11:22:23.0203 0808 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/08/23 11:22:23.0453 0808 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/08/23 11:22:23.0671 0808 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

2011/08/23 11:22:23.0812 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/08/23 11:22:24.0000 0808 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/08/23 11:22:24.0031 0808 Boot (0x1200) (c031c7b8284f1438ac09411f1026e3a3) \Device\Harddisk0\DR0\Partition0

2011/08/23 11:22:24.0062 0808 Boot (0x1200) (9795f53f0f4970233708ae6c5c847c0a) \Device\Harddisk1\DR1\Partition0

2011/08/23 11:22:24.0078 0808 ================================================================================

2011/08/23 11:22:24.0078 0808 Scan finished

2011/08/23 11:22:24.0078 0808 ================================================================================

2011/08/23 11:22:24.0109 2340 Detected object count: 2

2011/08/23 11:22:24.0109 2340 Actual detected object count: 2

2011/08/23 11:36:02.0640 2340 HiddenFile.Multi.Generic(3f54274e) - User select action: Skip

2011/08/23 11:36:02.0781 2340 IPSec (518d980950174fead090b4d1a62f2e17) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/08/23 11:36:02.0828 2340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813

2011/08/23 11:36:07.0937 2340 Backup copy found, using it..

2011/08/23 11:36:07.0968 2340 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot

2011/08/23 11:36:07.0968 2340 Rootkit.Win32.ZAccess.c(IPSec) - User select action: Cure

MISC. info:

These items popped up from AVG:

"c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected"

"c:\Program Files\AVG\AVG10\avgwdsvc.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\CTsvcCDA.EXE";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\Java\jre6\bin\jqs.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\nvsvc32.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\SYSTEM32\wuauclt.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgnsx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgchsvx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgrsx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\Program Files\AVG\AVG10\avgcsrvx.exe";"Virus identified Win32/Katusha.A";"Infected"

"c:\WINDOWS\assembly\GAC_MSIL\Desktop.ini";"Trojan horse Agent_r.AKS";"Infected"

THESE were found by TDSSkiller, but don't seem to be resolved after reboot:

Malicious Objects

Rootkit.Win32.ZAccess.c

Service name: IPSec

Service Type: Kernal driver (0x1)

Service Start: System (0x1)

File: C:\WINDOWS\system32\DRIVERS\ipsec.sys

MD5: 518d980950174fead090b4d1a62f2e17

Hidden File

Service Name: 3f54274e

Service Type: Kernal driver (0x1)

Service Start: Demand (0x3)

File: C:\WINDOWS\1311200310:3232487601.exe

I couldn't get my DDS.txt to zip, but here are the results.

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11

Run by Jonathan Ross at 11:55:04 on 2011-08-23

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.357 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\1311200319:3232487601.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVG\AVG10\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe -k DComLaunch

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\SYSTEM32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com

mSearch Page = hxxp://www.google.com

mSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchAssistant = hxxp://www.google.com/ie

uCustomizeSearch = about:blank

uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized

mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot

StartupFolder: c:\documents and settings\jonathan ross\start menu\programs\startup\V CAST Music Monitor.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Digital Line Detect.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Image Zone Fast Start.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hp psc 1000 series.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\hpoddt01.exe.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Office.lnk.disabled

StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Microsoft Works Calendar Reminders.lnk.disabled

mPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab

DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} - hxxps://vmodlms.widerthanam.com/component/VZWDLManager.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143679815796

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\jonathan ross\application data\mozilla\firefox\profiles\tsj4tx7v.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - plugin: c:\documents and settings\jonathan ross\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2006-11-20 155136]

R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2006-11-20 5248]

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]

R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-8-22 10872]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 297168]

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\VCdRom.sys [2006-11-20 8576]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-11-25 57376]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-6-8 41272]

S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2009-11-25 547744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\d-link\wireless g wda-1320\jswutil\jswpsapi.exe [2009-11-25 352338]

S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-8-21 52432]

.

=============== Created Last 30 ================

.

2011-08-23 15:43:42 -------- d-----w- c:\program files\Trojan Remover

2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\jonathan ross\application data\Simply Super Software

2011-08-23 15:43:42 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software

2011-08-23 15:36:08 94768 ----a-w- c:\windows\system32\drivers\46029272.sys

2011-08-23 05:39:49 43408 --sha-w- c:\windows\system32\c_66981.nl_

2011-08-22 14:45:05 -------- d-----w- c:\documents and settings\jonathan ross\DoctorWeb

2011-08-22 14:39:37 43408 --sha-w- c:\windows\system32\c_66981.nl_.mwt

2011-08-22 14:26:35 632064 ----a-w- c:\windows\system32\msvcr80.dll

2011-08-22 14:26:34 554240 ----a-w- c:\windows\system32\msvcp80.dll

2011-08-22 14:26:32 34048 ----a-w- c:\windows\system32\eEmpty.exe

2011-08-22 14:26:14 146432 ----a-w- c:\windows\REGEDIT.COM

2011-08-22 14:26:14 146432 ----a-w- c:\windows\R.COM

2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\TASKMGR.COM

2011-08-22 14:26:14 135680 ----a-w- c:\windows\system32\T.COM

2011-08-22 14:26:12 -------- d-----w- c:\program files\common files\MicroWorld

2011-08-22 14:26:00 -------- d-----w- c:\documents and settings\all users\application data\MicroWorld

2011-08-22 14:25:23 -------- d-----w- c:\program files\CleanUp!

2011-08-22 14:22:18 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys

2011-08-22 14:22:13 -------- d-----w- c:\documents and settings\all users\application data\Grisoft

2011-08-21 10:54:04 52432 ----a-w- c:\windows\system32\drivers\klmd.sys

.

==================== Find3M ====================

.

2011-08-23 15:13:18 64896 ----a-w- c:\windows\system32\drivers\serial.sys

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

============= FINISH: 11:56:50.25 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.