Jump to content

Audio adware not pickup by Malware pro


Recommended Posts

Greetings,

I'm infected with something... a annoying audio add is poping all the time.

Not only this but also some adds pages pop-up for no reason.

I'm a post-production professional, I need audio on my speakers all the time, and loud.

This machine is the one I use to browse online and now is infected.

I've been following the instructions on the topic "I'm infected - What do I do now?".

Actions taken:

MalwarebytePro updated, full scan

Avira free updated, full scan

Run dds.scr and GMER.

My Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7658

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

05-09-2011 20:40:10

mbam-log-2011-09-05 (20-40-09).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 331874

Time elapsed: 1 hour(s), 49 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

My malwarebytes protection log contents:

21:38:07 Avid_RPS MESSAGE IP Protection started successfully

21:51:09 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

21:51:12 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

21:51:18 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

21:57:02 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

21:57:05 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

21:57:11 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:21:44 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:21:47 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:21:53 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:27:37 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:27:40 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:27:46 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:52:20 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:52:23 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:52:28 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:58:12 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:58:15 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

22:58:21 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:22:57 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:22:59 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:23:05 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:28:48 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:28:51 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

23:28:57 Avid_RPS IP-BLOCK 178.17.162.242 (Type: outgoing)

The dds.txt contents:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Avid_RPS at 0:03:15 on 2011-09-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2541 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

svchost.exe 4

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

svchost.exe 4

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Documents and Settings\Avid_RPS\Local Settings\Application Data\Google\Update\1.3.21.65\GoogleCrashHandler.exe

C:\WINDOWS\system32\ctfmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

uRun: [Google Update] "c:\documents and settings\avid_rps\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [EPSON PX650 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\docume~1\avid_rps\locals~1\temp\E_S15.tmp" /EF "HKCU"

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [EPSON PX650 Series on dual_opteron (from KLAU-ASUS)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\windows\temp\E_S8.tmp" /EF "HKCU"

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-disallowrun: 1 = avnotify.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: Antiwpa - antiwpa.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\avid_rps\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136]

R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656]

R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760]

R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784]

S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528]

.

=============== Created Last 30 ================

.

2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd

.

==================== Find3M ====================

.

2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS AmdEide.sys

c:\windows\system32\drivers\AmdEide.sys AMD Corporation AMD IDE Bus Mastering

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA74890]

3 CLASSPNP[0xBA128FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000072[0x8AA7B880]

5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Scsi\AMDEIDE1Port1Path0Target0Lun0[0x8AA7B998]

kernel: MBR read successfully

_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }

user != kernel MBR !!!

.

============= FINISH: 0:03:58,31 ===============

I've read some posts of others with problems and being no stranger to technology...this is realy confusing how you guys read those logs...

If any good soul can provide a help to kill this annoying audio add poping up all the time, I would thank you.

Regards, Carlos Filipe, Porto, Portugal

attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I notice that you are using more than one antivirus program (ESET and Antivir). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Also post a fresh DDS log.

Link to post
Share on other sites

I notice that you are using more than one antivirus program (ESET and Antivir).

Hello and thanks for helping!

I only had installed ESET online scanner to fix something over an year ago and unninstalled it pronto.

I checked now and it was not listed in the unninstall app in control pannel.

So right now I deleted the orphanned folders it left.

I only have Avira free and Malwarebytes Pro securing the PC.

I've run the tdskiller and it found two itens and set to cure.

Rebooted and up to now no audio or pages popup, but sometimes it went for over an hour without poping ads... so not sure if it cured it.

The logs bellow:

first one:

2011/09/07 23:17:01.0031 2988 TDSS rootkit removing tool 2.5.18.0 Sep 5 2011 09:53:09

2011/09/07 23:17:04.0250 2988 Perform update action was selected

2011/09/07 23:17:04.0250 2820 Deinitialize success

and second one:

2011/09/07 23:17:40.0093 0468 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56

2011/09/07 23:17:40.0265 0468 ================================================================================

2011/09/07 23:17:40.0265 0468 SystemInfo:

2011/09/07 23:17:40.0265 0468

2011/09/07 23:17:40.0265 0468 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/07 23:17:40.0265 0468 Product type: Workstation

2011/09/07 23:17:40.0265 0468 ComputerName: DUAL_OPTERON

2011/09/07 23:17:40.0265 0468 UserName: Avid_RPS

2011/09/07 23:17:40.0265 0468 Windows directory: C:\WINDOWS

2011/09/07 23:17:40.0265 0468 System windows directory: C:\WINDOWS

2011/09/07 23:17:40.0265 0468 Processor architecture: Intel x86

2011/09/07 23:17:40.0265 0468 Number of processors: 2

2011/09/07 23:17:40.0265 0468 Page size: 0x1000

2011/09/07 23:17:40.0265 0468 Boot type: Normal boot

2011/09/07 23:17:40.0265 0468 ================================================================================

2011/09/07 23:17:40.0625 0468 Initialize success

2011/09/07 23:17:48.0593 1612 ================================================================================

2011/09/07 23:17:48.0593 1612 Scan started

2011/09/07 23:17:48.0593 1612 Mode: Manual;

2011/09/07 23:17:48.0593 1612 ================================================================================

2011/09/07 23:17:49.0046 1612 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/09/07 23:17:49.0468 1612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/07 23:17:49.0609 1612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/07 23:17:49.0796 1612 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys

2011/09/07 23:17:50.0093 1612 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/09/07 23:17:50.0250 1612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/07 23:17:50.0468 1612 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/07 23:17:50.0718 1612 AMDAC97 (18412adb1bcd8d35eb0d8498bdfa2ded) C:\WINDOWS\system32\drivers\AMDAC97.sys

2011/09/07 23:17:50.0859 1612 amdagp8p (dadb544c579b858009ab92114f45c414) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys

2011/09/07 23:17:50.0984 1612 amdbusdr (e8ab90c6b47040185fff01ebc9a70a70) C:\WINDOWS\system32\DRIVERS\amdbusdr.sys

2011/09/07 23:17:51.0140 1612 AMDEIDE (4496e7983a3069cfb377300937638904) C:\WINDOWS\system32\DRIVERS\AmdEide.sys

2011/09/07 23:17:51.0609 1612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/07 23:17:52.0140 1612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/07 23:17:52.0296 1612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/07 23:17:52.0578 1612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/07 23:17:52.0765 1612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/07 23:17:52.0921 1612 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/09/07 23:17:53.0093 1612 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys

2011/09/07 23:17:53.0203 1612 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/09/07 23:17:53.0375 1612 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/09/07 23:17:53.0531 1612 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/09/07 23:17:53.0703 1612 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/09/07 23:17:53.0906 1612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/07 23:17:54.0093 1612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/07 23:17:54.0234 1612 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/07 23:17:54.0515 1612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/07 23:17:54.0671 1612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/07 23:17:54.0828 1612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/07 23:17:55.0453 1612 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys

2011/09/07 23:17:55.0687 1612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/07 23:17:55.0890 1612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/07 23:17:56.0062 1612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/07 23:17:56.0234 1612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/07 23:17:56.0406 1612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/07 23:17:56.0687 1612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/07 23:17:56.0906 1612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/07 23:17:57.0062 1612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/07 23:17:57.0250 1612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/07 23:17:57.0484 1612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/07 23:17:57.0703 1612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/07 23:17:57.0875 1612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/07 23:17:58.0031 1612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/07 23:17:58.0171 1612 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2011/09/07 23:17:58.0296 1612 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\gearaspiwdm.sys

2011/09/07 23:17:58.0484 1612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/07 23:17:58.0687 1612 HDLink (4b0d257cf04bd68500bb035a309b2733) C:\WINDOWS\system32\DRIVERS\HDLink.sys

2011/09/07 23:17:58.0859 1612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/07 23:17:59.0187 1612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/07 23:17:59.0750 1612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/07 23:17:59.0906 1612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/07 23:18:00.0328 1612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/07 23:18:00.0515 1612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/07 23:18:00.0625 1612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/07 23:18:00.0781 1612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/07 23:18:00.0937 1612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/07 23:18:01.0078 1612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/07 23:18:01.0234 1612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/07 23:18:01.0421 1612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/07 23:18:01.0593 1612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/07 23:18:01.0734 1612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/07 23:18:02.0031 1612 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/07 23:18:02.0203 1612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/07 23:18:02.0359 1612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/07 23:18:02.0546 1612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/07 23:18:02.0703 1612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/07 23:18:03.0015 1612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/07 23:18:03.0187 1612 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/07 23:18:03.0328 1612 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/09/07 23:18:03.0468 1612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/07 23:18:03.0593 1612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/07 23:18:03.0765 1612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/07 23:18:03.0937 1612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/07 23:18:04.0109 1612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/07 23:18:04.0265 1612 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys

2011/09/07 23:18:04.0453 1612 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/07 23:18:04.0609 1612 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/07 23:18:04.0765 1612 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/07 23:18:04.0921 1612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/07 23:18:05.0078 1612 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/07 23:18:05.0218 1612 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/07 23:18:05.0375 1612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/07 23:18:05.0531 1612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/07 23:18:05.0687 1612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/07 23:18:05.0843 1612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/07 23:18:06.0046 1612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/07 23:18:06.0234 1612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/07 23:18:06.0421 1612 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/09/07 23:18:06.0593 1612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/07 23:18:06.0765 1612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/07 23:18:06.0921 1612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/07 23:18:07.0187 1612 nv (26a03ef0da5ae61fc484596d053551bb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/07 23:18:07.0500 1612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/07 23:18:07.0671 1612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/07 23:18:07.0843 1612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/07 23:18:08.0000 1612 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys

2011/09/07 23:18:08.0156 1612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/07 23:18:08.0312 1612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/07 23:18:08.0484 1612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/07 23:18:08.0640 1612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/07 23:18:08.0968 1612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/07 23:18:09.0078 1612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/07 23:18:09.0515 1612 pdiddcci (f3b2d982684e215dd1850814ebb87068) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys

2011/09/07 23:18:09.0843 1612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/07 23:18:10.0000 1612 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/09/07 23:18:10.0156 1612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/07 23:18:10.0312 1612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/07 23:18:10.0515 1612 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/07 23:18:11.0328 1612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/07 23:18:11.0515 1612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/07 23:18:11.0671 1612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/07 23:18:11.0843 1612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/07 23:18:12.0015 1612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/07 23:18:12.0171 1612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/07 23:18:12.0343 1612 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/07 23:18:12.0531 1612 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/07 23:18:12.0687 1612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/07 23:18:12.0875 1612 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/09/07 23:18:13.0062 1612 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/09/07 23:18:13.0234 1612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/07 23:18:13.0421 1612 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/07 23:18:13.0578 1612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/07 23:18:13.0765 1612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/07 23:18:13.0937 1612 SI3114 (290a287d80de7c75ef6d173b41981ea3) C:\WINDOWS\system32\DRIVERS\SI3114.sys

2011/09/07 23:18:14.0125 1612 SiFilter (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/09/07 23:18:14.0421 1612 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/07 23:18:14.0625 1612 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys

2011/09/07 23:18:14.0796 1612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/07 23:18:14.0953 1612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/07 23:18:15.0125 1612 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/07 23:18:15.0296 1612 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/09/07 23:18:15.0468 1612 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/07 23:18:15.0609 1612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/07 23:18:15.0796 1612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/07 23:18:16.0625 1612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/07 23:18:16.0796 1612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/07 23:18:16.0937 1612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/07 23:18:17.0078 1612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/07 23:18:17.0234 1612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/07 23:18:17.0593 1612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/07 23:18:17.0875 1612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/07 23:18:18.0062 1612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/07 23:18:18.0234 1612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/07 23:18:18.0390 1612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/07 23:18:18.0546 1612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/09/07 23:18:18.0703 1612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/07 23:18:18.0859 1612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/07 23:18:19.0062 1612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/07 23:18:19.0218 1612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/07 23:18:19.0437 1612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/07 23:18:19.0609 1612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/07 23:18:19.0906 1612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/07 23:18:20.0187 1612 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/09/07 23:18:20.0375 1612 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/07 23:18:20.0515 1612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/07 23:18:20.0640 1612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/07 23:18:20.0734 1612 MBR (0x1B8) (56c545673a143e70bb6729220c7ef69a) \Device\Harddisk0\DR0

2011/09/07 23:18:20.0750 1612 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.a (0)

2011/09/07 23:18:20.0781 1612 MBR (0x1B8) (56c545673a143e70bb6729220c7ef69a) \Device\Harddisk1\DR1

2011/09/07 23:18:20.0796 1612 \Device\Harddisk1\DR1 - detected Trojan-Clicker.Win32.Wistler.a (0)

2011/09/07 23:18:20.0812 1612 Boot (0x1200) (749c164af85e3a2f7ab87b13c645c579) \Device\Harddisk0\DR0\Partition0

2011/09/07 23:18:20.0843 1612 Boot (0x1200) (3e3ff2631ef9da747e2d44d44b3a2090) \Device\Harddisk1\DR1\Partition0

2011/09/07 23:18:20.0875 1612 ================================================================================

2011/09/07 23:18:20.0875 1612 Scan finished

2011/09/07 23:18:20.0875 1612 ================================================================================

2011/09/07 23:18:20.0906 1520 Detected object count: 2

2011/09/07 23:18:20.0906 1520 Actual detected object count: 2

2011/09/07 23:18:34.0187 1520 \Device\Harddisk0\DR0 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot

2011/09/07 23:18:34.0187 1520 \Device\Harddisk0\DR0 - ok

2011/09/07 23:18:34.0187 1520 Trojan-Clicker.Win32.Wistler.a(\Device\Harddisk0\DR0) - User select action: Cure

2011/09/07 23:18:34.0203 1520 \Device\Harddisk1\DR1 (Trojan-Clicker.Win32.Wistler.a) - will be cured after reboot

2011/09/07 23:18:34.0203 1520 \Device\Harddisk1\DR1 - ok

2011/09/07 23:18:34.0203 1520 Trojan-Clicker.Win32.Wistler.a(\Device\Harddisk1\DR1) - User select action: Cure

2011/09/07 23:18:40.0609 2732 Deinitialize success

now the contents of the DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Avid_RPS at 23:25:37 on 2011-09-07

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2544 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: ESET Personal firewall *Enabled*

.

============== Running Processes ===============

.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

uRun: [EPSON PX650 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\docume~1\avid_rps\locals~1\temp\E_S15.tmp" /EF "HKCU"

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [EPSON PX650 Series on dual_opteron (from KLAU-ASUS)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifme.exe /fu "c:\windows\temp\E_S8.tmp" /EF "HKCU"

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe

uPolicies-explorer: DisallowRun = 1 (0x1)

uPolicies-disallowrun: 1 = avnotify.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{ADABA224-7CCB-433B-8327-475D0CD98521} : DhcpNameServer = 192.168.1.254 192.168.1.254

Notify: Antiwpa - antiwpa.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\documents and settings\avid_rps\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136]

R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656]

R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760]

R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784]

S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528]

.

=============== Created Last 30 ================

.

2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd

.

==================== Find3M ====================

.

2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 23:26:22,87 ===============

Thanks again for following

Carlos

Link to post
Share on other sites

  • Staff

Hi Carlos,

Download the ESET Uninstaller and save it to your Desktop.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Double-click ESETUninstaller.exe; when it finishes, reboot.

Delete your copy of TDSSKiller, grab a fresh copy, run it, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hello again Mr. Screen317!

Thank you, since yesterday no more audio ads popping up, nor web pages ads!

I run the Eset unnistaller and it found two entries and removed them.

The tdskiller scanned and detected no more objects!

Followed the instructions on using Combofix with no issues in my part.

reactivated Avira and Malwarebytes Pro and runned again dds.src.

Bellow are the logs:

TDSKILLER

2011/09/08 23:01:02.0140 3204 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34

2011/09/08 23:01:02.0406 3204 ================================================================================

2011/09/08 23:01:02.0406 3204 SystemInfo:

2011/09/08 23:01:02.0406 3204

2011/09/08 23:01:02.0406 3204 OS Version: 5.1.2600 ServicePack: 3.0

2011/09/08 23:01:02.0406 3204 Product type: Workstation

2011/09/08 23:01:02.0406 3204 ComputerName: DUAL_OPTERON

2011/09/08 23:01:02.0406 3204 UserName: Avid_RPS

2011/09/08 23:01:02.0406 3204 Windows directory: C:\WINDOWS

2011/09/08 23:01:02.0406 3204 System windows directory: C:\WINDOWS

2011/09/08 23:01:02.0406 3204 Processor architecture: Intel x86

2011/09/08 23:01:02.0406 3204 Number of processors: 2

2011/09/08 23:01:02.0406 3204 Page size: 0x1000

2011/09/08 23:01:02.0406 3204 Boot type: Normal boot

2011/09/08 23:01:02.0406 3204 ================================================================================

2011/09/08 23:01:02.0750 3204 Initialize success

2011/09/08 23:01:04.0000 0864 ================================================================================

2011/09/08 23:01:04.0000 0864 Scan started

2011/09/08 23:01:04.0000 0864 Mode: Manual;

2011/09/08 23:01:04.0000 0864 ================================================================================

2011/09/08 23:01:04.0718 0864 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/09/08 23:01:04.0890 0864 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/09/08 23:01:05.0015 0864 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/09/08 23:01:05.0156 0864 adfs (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys

2011/09/08 23:01:05.0312 0864 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys

2011/09/08 23:01:05.0453 0864 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/09/08 23:01:05.0593 0864 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/09/08 23:01:05.0859 0864 AMDAC97 (18412adb1bcd8d35eb0d8498bdfa2ded) C:\WINDOWS\system32\drivers\AMDAC97.sys

2011/09/08 23:01:05.0984 0864 amdagp8p (dadb544c579b858009ab92114f45c414) C:\WINDOWS\system32\DRIVERS\amdagp8p.sys

2011/09/08 23:01:06.0109 0864 amdbusdr (e8ab90c6b47040185fff01ebc9a70a70) C:\WINDOWS\system32\DRIVERS\amdbusdr.sys

2011/09/08 23:01:06.0250 0864 AMDEIDE (4496e7983a3069cfb377300937638904) C:\WINDOWS\system32\DRIVERS\AmdEide.sys

2011/09/08 23:01:06.0515 0864 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/09/08 23:01:06.0765 0864 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/09/08 23:01:06.0906 0864 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/09/08 23:01:07.0046 0864 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/09/08 23:01:07.0187 0864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/09/08 23:01:07.0218 0864 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/09/08 23:01:07.0343 0864 AVCSTRM (e625773d7b950842d582f713656859c0) C:\WINDOWS\system32\DRIVERS\avcstrm.sys

2011/09/08 23:01:07.0453 0864 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/09/08 23:01:07.0593 0864 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/09/08 23:01:07.0921 0864 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/09/08 23:01:08.0078 0864 b57w2k (e5359a62ef537c4c25e364029272b439) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/09/08 23:01:08.0218 0864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/09/08 23:01:08.0359 0864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/09/08 23:01:08.0515 0864 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/09/08 23:01:08.0656 0864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/09/08 23:01:08.0796 0864 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/09/08 23:01:08.0937 0864 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/09/08 23:01:09.0250 0864 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys

2011/09/08 23:01:09.0453 0864 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/09/08 23:01:09.0609 0864 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/09/08 23:01:09.0765 0864 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/09/08 23:01:09.0890 0864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/09/08 23:01:09.0937 0864 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/09/08 23:01:10.0109 0864 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/09/08 23:01:10.0296 0864 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/09/08 23:01:10.0312 0864 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/09/08 23:01:10.0453 0864 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/09/08 23:01:10.0609 0864 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/09/08 23:01:10.0750 0864 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/09/08 23:01:10.0796 0864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/09/08 23:01:10.0937 0864 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/09/08 23:01:11.0078 0864 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2011/09/08 23:01:11.0125 0864 GearAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\gearaspiwdm.sys

2011/09/08 23:01:11.0265 0864 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/09/08 23:01:11.0421 0864 HDLink (4b0d257cf04bd68500bb035a309b2733) C:\WINDOWS\system32\DRIVERS\HDLink.sys

2011/09/08 23:01:11.0578 0864 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/09/08 23:01:11.0671 0864 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/09/08 23:01:11.0906 0864 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/09/08 23:01:12.0046 0864 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/09/08 23:01:12.0250 0864 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/09/08 23:01:12.0375 0864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/09/08 23:01:12.0421 0864 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/09/08 23:01:12.0562 0864 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/09/08 23:01:12.0703 0864 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/09/08 23:01:12.0828 0864 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/09/08 23:01:12.0968 0864 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/09/08 23:01:13.0109 0864 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/09/08 23:01:13.0140 0864 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/09/08 23:01:13.0265 0864 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/09/08 23:01:13.0453 0864 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys

2011/09/08 23:01:13.0593 0864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/09/08 23:01:13.0734 0864 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/09/08 23:01:13.0875 0864 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/09/08 23:01:14.0000 0864 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/09/08 23:01:14.0046 0864 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/09/08 23:01:14.0250 0864 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/09/08 23:01:14.0390 0864 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/09/08 23:01:14.0562 0864 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/09/08 23:01:14.0671 0864 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/09/08 23:01:14.0796 0864 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/09/08 23:01:14.0828 0864 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/09/08 23:01:14.0953 0864 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/09/08 23:01:15.0000 0864 MSTAPE (5c3f9bdf4db23b75306388fc26a0a8e5) C:\WINDOWS\system32\DRIVERS\mstape.sys

2011/09/08 23:01:15.0109 0864 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/09/08 23:01:15.0156 0864 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/09/08 23:01:15.0281 0864 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/09/08 23:01:15.0421 0864 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/09/08 23:01:15.0468 0864 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/09/08 23:01:15.0578 0864 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/09/08 23:01:15.0625 0864 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/09/08 23:01:15.0765 0864 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/09/08 23:01:15.0828 0864 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/09/08 23:01:15.0953 0864 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/09/08 23:01:16.0093 0864 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/09/08 23:01:16.0265 0864 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/09/08 23:01:16.0390 0864 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/09/08 23:01:16.0437 0864 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/09/08 23:01:16.0593 0864 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/09/08 23:01:16.0750 0864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/09/08 23:01:16.0921 0864 nv (26a03ef0da5ae61fc484596d053551bb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/09/08 23:01:17.0218 0864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/09/08 23:01:17.0234 0864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/09/08 23:01:17.0296 0864 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/09/08 23:01:17.0421 0864 oreans32 (b99575d16f887883b821d372ff292c20) C:\WINDOWS\system32\drivers\oreans32.sys

2011/09/08 23:01:17.0500 0864 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/09/08 23:01:17.0656 0864 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/09/08 23:01:17.0781 0864 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/09/08 23:01:17.0921 0864 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/09/08 23:01:18.0078 0864 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/09/08 23:01:18.0203 0864 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/09/08 23:01:18.0312 0864 pdiddcci (f3b2d982684e215dd1850814ebb87068) C:\WINDOWS\system32\DRIVERS\pdiddcci.sys

2011/09/08 23:01:18.0625 0864 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/09/08 23:01:18.0750 0864 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/09/08 23:01:18.0875 0864 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/09/08 23:01:18.0906 0864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/09/08 23:01:19.0031 0864 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/09/08 23:01:19.0250 0864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/09/08 23:01:19.0390 0864 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/09/08 23:01:19.0593 0864 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/09/08 23:01:19.0718 0864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/09/08 23:01:19.0781 0864 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/09/08 23:01:19.0906 0864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/09/08 23:01:19.0968 0864 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/09/08 23:01:20.0109 0864 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/09/08 23:01:20.0250 0864 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/09/08 23:01:20.0328 0864 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/09/08 23:01:20.0484 0864 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys

2011/09/08 23:01:20.0625 0864 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/09/08 23:01:20.0765 0864 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/09/08 23:01:20.0796 0864 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/09/08 23:01:20.0859 0864 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/09/08 23:01:21.0015 0864 SI3114 (290a287d80de7c75ef6d173b41981ea3) C:\WINDOWS\system32\DRIVERS\SI3114.sys

2011/09/08 23:01:21.0156 0864 SiFilter (77add99b502354b5f8ee6cb55d8982e5) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2011/09/08 23:01:21.0203 0864 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/09/08 23:01:21.0359 0864 smwdm (5ac51dba9b3a75d6ca79583edbf23001) C:\WINDOWS\system32\drivers\smwdm.sys

2011/09/08 23:01:21.0703 0864 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/09/08 23:01:21.0843 0864 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/09/08 23:01:21.0968 0864 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/09/08 23:01:22.0125 0864 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/09/08 23:01:22.0171 0864 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/09/08 23:01:22.0312 0864 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/09/08 23:01:22.0437 0864 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/09/08 23:01:22.0625 0864 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/09/08 23:01:22.0781 0864 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/09/08 23:01:22.0906 0864 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/09/08 23:01:23.0031 0864 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/09/08 23:01:23.0062 0864 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/09/08 23:01:23.0250 0864 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/09/08 23:01:23.0421 0864 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/09/08 23:01:23.0703 0864 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/09/08 23:01:23.0875 0864 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/09/08 23:01:24.0015 0864 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/09/08 23:01:24.0140 0864 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/09/08 23:01:24.0328 0864 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/09/08 23:01:24.0453 0864 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/09/08 23:01:24.0734 0864 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/09/08 23:01:24.0875 0864 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/09/08 23:01:25.0000 0864 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/09/08 23:01:25.0093 0864 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/09/08 23:01:25.0234 0864 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/09/08 23:01:25.0484 0864 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/09/08 23:01:25.0625 0864 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/09/08 23:01:25.0671 0864 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/09/08 23:01:25.0765 0864 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/09/08 23:01:25.0859 0864 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/09/08 23:01:25.0953 0864 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1

2011/09/08 23:01:26.0218 0864 Boot (0x1200) (749c164af85e3a2f7ab87b13c645c579) \Device\Harddisk0\DR0\Partition0

2011/09/08 23:01:26.0218 0864 Boot (0x1200) (a4f67c4ba1ed01a95723c6085ffa8e64) \Device\Harddisk1\DR1\Partition0

2011/09/08 23:01:26.0234 0864 ================================================================================

2011/09/08 23:01:26.0234 0864 Scan finished

2011/09/08 23:01:26.0234 0864 ================================================================================

2011/09/08 23:01:26.0281 3432 Detected object count: 0

2011/09/08 23:01:26.0281 3432 Actual detected object count: 0

COMBOFIX LOGS

ComboFix 11-09-08.03 - Avid_RPS 08-09-2011 23:15:18.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2583 [GMT 1:00]

Running from: c:\documents and settings\Avid_RPS\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory

c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini

c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.11f1da13.ini

c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\SL7E.tmp.6e678d5e.ini

c:\documents and settings\Avid_RPS\Local Settings\Application Data\ApplicationHistory\WinColor.exe.7590d086.ini

c:\windows\kb913800.exe

c:\windows\system32\mcaacadec.dll

c:\windows\system32\Temp

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))

.

.

2011-08-24 19:47 . 2011-08-24 19:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-08-12 10:32 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 10:31 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-10 16:43 . 2011-08-10 16:43 -------- d-----w- c:\program files\Imagineer Systems Ltd

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-12 17:10 . 2011-08-05 12:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-05 08:49 . 2010-12-31 13:40 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-05 08:49 . 2010-12-31 13:40 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-07-15 13:29 . 2007-01-20 14:09 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2004-08-04 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52 . 2010-09-18 15:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52 . 2010-09-18 15:48 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2009-01-31 22:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45 . 2007-01-20 14:10 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45 . 2004-08-03 23:56 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47 . 2004-08-03 21:59 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2007-01-20 14:10 293376 ----a-w- c:\windows\system32\winsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-03-21 611712]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 5926912]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

.

c:\documents and settings\Avid_RPS\Start Menu\Programs\Startup\

Dropbox.lnk - c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 05:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2005-06-15 16:25 5926912 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2005-06-15 16:25 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-06-24 20:00 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Avid_RPS\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Documents and Settings\\Avid_RPS\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server

"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server

"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server

"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [01-02-2009 18:00 27136]

R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [01-02-2009 18:00 22656]

R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [01-02-2009 18:00 37760]

R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [01-02-2009 17:58 54088]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [24-01-2010 3:48 33824]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [31-12-2010 14:40 136360]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [18-09-2010 16:48 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [18-09-2010 16:48 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04-07-2010 11:17 136176]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-08-2008 6:46 288112]

S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [01-02-2009 18:00 38784]

S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04-07-2010 11:17 136176]

S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [18-11-2009 17:01 38528]

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:33]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-04 17:33]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003Core.job

- c:\documents and settings\Avid_RPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 11:57]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1563985344-839522115-1003UA.job

- c:\documents and settings\Avid_RPS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-15 11:57]

.

2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1563985344-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

2011-09-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1563985344-839522115-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 02:02]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.pt/

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all by FlashGet3 - c:\documents and settings\Avid_RPS\Application Data\FlashGetBHO\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\Avid_RPS\Application Data\FlashGetBHO\GetUrl.htm

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

FF - ProfilePath - c:\documents and settings\Avid_RPS\Application Data\Mozilla\Firefox\Profiles\7ptwuf24.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-09-08 23:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-602162358-1563985344-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7697BB1-482F-3B8F-F691-69457FDB8DC9}*]

"iabkmipdklddfjjmpd"=hex:6b,61,69,6b,63,6a,6b,6f,6c,70,62,65,6d,66,6c,65,6d,6c,

69,61,64,6c,00,00

"halkoggihkmionjd"=hex:6b,61,69,6b,63,6a,6b,6f,6c,70,62,65,6d,66,6c,65,6d,6c,

69,61,64,6c,00,00

.

[HKEY_LOCAL_MACHINE\software\Assimilate Inc\Base*]

"CheckOut"="NO"

"LicDate"="NO"

"SRV_STATE"="Closed"

"AS_SYS_ID"="e3e4-96ab-739f-5163-1a01-0f45-7dbd-589f"

"SSLS_HIGHTIME"="1580934220"

"SXD"="14713127 41190"

"SSLS_LCLK"="N/A"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:49,ab,e3,ba,cc,c9,01,23,ad,7d,c6,88,3a,99,f6,e8,11,03,3a,6c,94,

45,61,ed,3c,4f,ba,80,49,51,2c,1f,40,ad,2f,28,fe,ec,30,b0,0a,76,71,fd,74,dc,\

.

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:49,ab,e3,ba,cc,c9,01,23,ad,7d,c6,88,3a,99,f6,e8,11,03,3a,6c,94,

45,61,ed,3c,4f,ba,80,49,51,2c,1f,40,ad,2f,28,fe,ec,30,b0,0a,76,71,fd,74,dc,\

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F03\4&26dcf72f&0\LogConf]

@DACL=(02 0000)

"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,

00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\

"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,

00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(2600)

c:\windows\system32\WININET.dll

c:\documents and settings\Avid_RPS\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2011-09-08 23:27:27 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-08 22:27

.

Pre-Run: 13.862.604.800 bytes free

Post-Run: 13.855.526.912 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - D99CB37B35F4A98D350C2415847113A3

DDS LOGS

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 7.0.5730.13

Run by Avid_RPS at 23:44:33 on 2011-09-08

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2582 [GMT 1:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.pt/

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll

TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File

mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe

StartupFolder: c:\docume~1\avid_rps\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\avid_rps\application data\dropbox\bin\Dropbox.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download all by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetAllUrl.htm

IE: Download by FlashGet3 - c:\documents and settings\avid_rps\application data\flashgetbho\GetUrl.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234699789390

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234699777968

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{ADABA224-7CCB-433B-8327-475D0CD98521} : DhcpNameServer = 192.168.1.254 192.168.1.254

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\avid_rps\application data\mozilla\firefox\profiles\7ptwuf24.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files\mozilla firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 amdagp8p;AMD NB AGP Bus Filter;c:\windows\system32\drivers\amdagp8p.sys [2009-2-1 27136]

R0 amdbusdr;amdbusdr;c:\windows\system32\drivers\AmdBusDr.sys [2009-2-1 22656]

R0 AMDEIDE;AMD EIDE Driver;c:\windows\system32\drivers\AmdEide.sys [2009-2-1 37760]

R0 SI3114;SiI-3114 SATALink Controller;c:\windows\system32\drivers\SI3114.sys [2009-2-1 54088]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-31 11608]

R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2010-1-24 33824]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-31 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-31 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-31 66616]

R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-2-3 12672]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-18 366640]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-18 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\common files\binarysense\disksvc.exe" --> c:\program files\common files\binarysense\disksvc.exe [?]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 AMDAC97;AMD AC'97 Audio Driver (WDM);c:\windows\system32\drivers\AMDAC97.sys [2009-2-1 38784]

S3 gupdatem;Serviço Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-4 136176]

S3 HDLink;Blackmagic Design HDLink Driver;c:\windows\system32\drivers\HDLink.sys [2009-11-18 38528]

.

=============== Created Last 30 ================

.

2011-09-08 22:14:16 -------- d-sha-r- C:\cmdcons

2011-09-08 22:11:19 98816 ----a-w- c:\windows\sed.exe

2011-09-08 22:11:19 518144 ----a-w- c:\windows\SWREG.exe

2011-09-08 22:11:19 256000 ----a-w- c:\windows\PEV.exe

2011-09-08 22:11:19 208896 ----a-w- c:\windows\MBR.exe

2011-08-12 10:32:07 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys

2011-08-12 10:31:57 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

2011-08-10 16:43:03 -------- d-----w- c:\program files\Imagineer Systems Ltd

.

==================== Find3M ====================

.

2011-08-12 17:10:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-05 08:49:02 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll

2011-06-21 18:45:57 78336 ----a-w- c:\windows\system32\ieencode.dll

2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl

2011-06-21 18:45:57 17408 ----a-w- c:\windows\system32\corpol.dll

2011-06-21 11:47:20 389120 ----a-w- c:\windows\system32\html.iec

2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll

.

============= FINISH: 23:44:49,65 ===============

Screen317, I hope the main problem is gone now, at least the annoying popups are gone.

But this is like taking one's son to the doctor: He may look like he has no virus, but we'll do as the doctor prescribed to the end of the medication!

Thanks for you help,

Carlos

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Things are looking better!

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Hi Screen317.

Thanks for getting back!

So the ESET online scanner log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17099 (vista_gdr.110617-1500)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=c4d5a84d2dff3c47996d27ca86936c72

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-13 09:49:39

# local_time=2011-09-13 10:49:39 (+0000, GMT Daylight Time)

# country="Portugal"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775125 100 93 212580 52479950 290204 0

# compatibility_mode=8192 67108863 100 0 9613 9613 0 0

# scanned=120535

# found=0

# cleaned=0

# scan_time=3585

and the Security Checkup logs

Results of screen317's Security Check version 0.99.18

Windows XP Service Pack 3

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Avira AntiVir Personal - Free Antivirus

ESET Online Scanner v3

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 14

Out of date Java installed!

Adobe Flash Player 10.3.183.5

Mozilla Firefox (3.6.22) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

``````````End of Log````````````

The machine is running smoothly, I think you managed to help on killing every trace of virys/malware I had running.

Thanks again,

Carlos Filipe, Porto, Portugal

Link to post
Share on other sites

  • Staff

Hi,

Great!

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 14

Adobe Flash Player 10.3.183.5

Restart your computer.

Get the latest version of Java and Adobe Flash Player.

Next, please visit Windows Update and download all critical updates, including Internet Explorer 8.

Let me know if the update was successful.

Let me know what issues remain.

-screen317

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.