Jump to content

Recommended Posts

So about a week ago I had a av thing downloaded to my desktop called opencloud security, I got rkill and malwarebites and got that off the desktop, but now (and with opencloud) i get redirected on google pages and can't access anti malware programs because it can't find the file or I don't have permission to access it. I have avg free and that doesn't catch it. I also have spybot, superantimalware, and malwarebites but can't acces them either. My comp also freezes and runs reaaaaaalllly slow after about an hour of being on it, task manager shows no differences in comp usage. So I'm stuck ecausr anything I try to do fails, I've read every sticky and none have helped, anyoe know what to do???? Running on xp

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

-screen317

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Marty at 15:48:44 on 2011-10-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.370 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\wltray.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://windiwsfsearch.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearchURL = hxxp://windiwsfsearch.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {3b7aaeb1-9f3d-4491-9c06-c7165ca8d058} - c:\program files\applications\iebt.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: VResLabWarningBHO Class: {b494e7bb-1e33-4922-a947-f74eff4e714f} - c:\program files\vreslab\VResLabWarning.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: Internet Service: {144a6b24-0ebc-4d89-bf09-a06a718e57b5} - c:\program files\applications\iebr.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File

uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet

uRun: [VResLab] "c:\program files\vreslab\VResLab.exe"

uRun: [wblogon] c:\windows\system32\algg.exe

uRun: [ANTIVIRUS] c:\program files\aav\AAV.exe

uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [broadcom Wireless Manager] c:\windows\system32\wltray.exe

mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"

mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"

mRun: [ANTIVIRUS] c:\program files\aav\AAV.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CTSysVol] c:\program files\rocketfish\rf5.1\surround mixer\CTSysVol.exe /r

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [OpenCloud Security] c:\documents and settings\marty\application data\opencloud security\OpenCloud Security.exe

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRunOnce: [AvgRemover] c:\documents and settings\administrator\local settings\temporary internet files\content.ie5\r6n771j4\avg_remover_stf_x86_2012_1796[1].exe /run_number=2 /avgdir="c:\program files\avg\avg9" /avgdatadir="c:\documents and settings\all users\application data\avg9" /ndis_nextstep=1

mExplorerRun: [smile] c:\program files\applications\wcs.exe

StartupFolder: c:\docume~1\marty\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\billmind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - c:\program files\dynex enhanced g desktop card adapter\DynexWCUI.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{418B4E6C-D257-415F-B747-C1EEAB893852} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C1C904E7-A977-4024-AA68-A2BF60484A17} : DhcpNameServer = 192.168.0.1

Filter: text/html - {f800bfeb-aff2-4418-aee4-d5381175e8f8} -

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: bismuthiferous: {d04bbe06-7ce7-405e-8730-cd56d9531cbb} - c:\windows\system32\vimhx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-4 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]

S3 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S3 cpuz132;cpuz132;\??\c:\docume~1\marty\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\marty\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-13 20:40:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-10 20:52:39 -------- d-----w- c:\documents and settings\marty\application data\SUPERAntiSpyware.com

2011-10-10 20:52:12 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-10-10 20:52:12 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-10-04 22:55:45 -------- d-----w- c:\documents and settings\marty\application data\AVG2012

2011-10-04 22:54:00 -------- d-----w- c:\documents and settings\marty\application data\AVG Secure Search

2011-10-04 22:53:55 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-10-04 22:53:54 -------- d-----w- c:\program files\AVG Secure Search

2011-10-04 22:52:53 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-04 22:52:53 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-09-29 22:07:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-29 22:06:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-29 21:48:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-09-29 21:48:28 -------- d-----w- c:\documents and settings\marty\application data\Malwarebytes

2011-09-29 21:48:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-26 16:42:16 -------- d-----w- c:\documents and settings\marty\application data\OpenCloud Security

2011-09-26 16:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll

2011-09-26 16:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll

2011-09-26 15:43:30 -------- d-----w- c:\program files\iPod

2011-09-26 15:43:24 -------- d-----w- c:\program files\iTunes

2011-09-26 15:38:24 -------- d-----w- c:\program files\Bonjour

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2011-10-13 20:42:23 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-11 21:04:41 517 --sha-w- c:\windows\system32\ipsmsnap32.dll

2011-08-11 20:03:50 517 --sha-w- c:\windows\system32\inetpp32.dll

2011-08-11 16:10:17 517 --sha-w- c:\windows\system32\wowfaxui32.dll

2011-08-07 17:08:02 517 --sha-w- c:\windows\system32\MFPLAT32.dll

2011-08-04 16:34:18 517 --sha-w- c:\windows\system32\kbdhela332.dll

2011-08-03 19:02:36 517 --sha-w- c:\windows\system32\MFC71u32.dll

2011-08-03 17:56:39 517 --sha-w- c:\windows\system32\mimefilt32.dll

2011-08-02 20:59:05 517 --sha-w- c:\windows\system32\wpdtrace32.dll

2011-08-02 19:54:58 517 --sha-w- c:\windows\system32\mll_qic32.dll

2011-08-02 18:54:08 517 --sha-w- c:\windows\system32\mll_mtf32.dll

2011-08-01 19:29:32 517 --sha-w- c:\windows\system32\kbdinbe132.dll

2011-08-01 18:23:34 517 --sha-w- c:\windows\system32\modex32.dll

2011-08-01 17:19:33 517 --sha-w- c:\windows\system32\mmcfxcommon32.dll

2011-08-01 04:08:34 517 --sha-w- c:\windows\system32\kbdsl3232.dll

2011-08-01 03:02:56 517 --sha-w- c:\windows\system32\jobexec32.dll

2011-08-01 02:01:57 517 --sha-w- c:\windows\system32\kbdest32.dll

2011-08-01 01:01:24 517 --sha-w- c:\windows\system32\wstdecod32.dll

2011-08-01 00:00:59 517 --sha-w- c:\windows\system32\kbdla32.dll

2011-07-31 23:00:32 517 --sha-w- c:\windows\system32\msctfp32.dll

2011-07-31 16:06:22 517 --sha-w- c:\windows\system32\moricons32.dll

2011-07-27 19:08:53 517 --sha-w- c:\windows\system32\windowscodecsext32.dll

2011-07-27 17:53:34 517 --sha-w- c:\windows\system32\mspmsp32.dll

2011-07-27 16:53:12 517 --sha-w- c:\windows\system32\cic32.dll

2011-07-27 04:26:53 517 --sha-w- c:\windows\system32\samlib32.dll

2011-07-27 03:26:32 517 --sha-w- c:\windows\system32\ptpusd32.dll

2011-07-27 00:50:03 517 --sha-w- c:\windows\system32\kbdfi32.dll

2011-07-26 23:49:42 517 --sha-w- c:\windows\system32\kbdsl32.dll

2011-07-25 21:52:08 517 --sha-w- c:\windows\system32\xmlprovi32.dll

2011-07-25 20:46:30 517 --sha-w- c:\windows\system32\kbdnepr32.dll

2011-07-25 02:27:11 517 --sha-w- c:\windows\system32\msorcl3232.dll

2011-07-25 01:21:33 517 --sha-w- c:\windows\system32\msacm3232.dll

2011-07-23 15:20:02 517 --sha-w- c:\windows\system32\audiodev32.dll

2011-07-23 01:48:35 517 --sha-w- c:\windows\system32\kbdhu132.dll

2011-07-23 00:16:57 517 --sha-w- c:\windows\system32\localsec32.dll

2011-07-22 23:12:12 517 --sha-w- c:\windows\system32\accesor32.dll

2011-07-22 05:48:31 517 --sha-w- c:\windows\system32\kbdsf32.dll

2011-07-22 04:42:54 517 --sha-w- c:\windows\system32\msvcirt32.dll

2011-07-22 03:37:16 517 --sha-w- c:\windows\system32\mscpxl3232.dll

2011-07-22 02:31:38 517 --sha-w- c:\windows\system32\audiosrv32.dll

2011-07-19 17:28:34 517 --sha-w- c:\windows\system32\Q_COMM32.dll

2011-07-17 21:53:25 517 --sha-w- c:\windows\system32\mciseq32.dll

2011-07-17 20:53:01 517 --sha-w- c:\windows\system32\kbdmon32.dll

2011-07-17 19:52:34 517 --sha-w- c:\windows\system32\mchgrcoi32.dll

2011-07-17 18:52:13 517 --sha-w- c:\windows\system32\asferror32.dll

2011-07-17 17:50:52 517 --sha-w- c:\windows\system32\kbdukx32.dll

2011-07-17 16:50:04 517 --sha-w- c:\windows\system32\narrhook32.dll

2011-07-16 20:42:53 517 --sha-w- c:\windows\system32\msfeeds32.dll

2011-07-16 20:19:19 0 ---ha-w- c:\documents and settings\marty\puvdeoczhw.tmp

.

============= FINISH: 15:50:00.15 ===============

Link to post
Share on other sites

  • Staff

Hi,

I notice that you are using more than one antivirus program (AVG and Norton). This is very dangerous, as multiple AVs can interfere with one another and actually allow MORE viruses to get through. I strongly suggest you go to Start -> Control Panel -> Add or Remove Programs and uninstall all but one antivirus program.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

12:40:49.0046 3928 TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54

12:40:53.0390 3928 ============================================================

12:40:53.0390 3928 Current date / time: 2011/10/14 12:40:53.0390

12:40:53.0390 3928 SystemInfo:

12:40:53.0390 3928

12:40:53.0390 3928 OS Version: 5.1.2600 ServicePack: 3.0

12:40:53.0390 3928 Product type: Workstation

12:40:53.0390 3928 ComputerName: D6LF4HF1

12:40:53.0390 3928 UserName: Marty

12:40:53.0390 3928 Windows directory: C:\WINDOWS

12:40:53.0390 3928 System windows directory: C:\WINDOWS

12:40:53.0390 3928 Processor architecture: Intel x86

12:40:53.0390 3928 Number of processors: 2

12:40:53.0390 3928 Page size: 0x1000

12:40:53.0390 3928 Boot type: Normal boot

12:40:53.0390 3928 ============================================================

12:40:55.0234 3928 Initialize success

12:40:57.0140 3716 ============================================================

12:40:57.0140 3716 Scan started

12:40:57.0140 3716 Mode: Manual;

12:40:57.0140 3716 ============================================================

12:40:59.0203 3716 Abiosdsk - ok

12:40:59.0250 3716 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

12:40:59.0265 3716 abp480n5 - ok

12:40:59.0328 3716 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

12:40:59.0343 3716 ACPI - ok

12:40:59.0390 3716 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

12:40:59.0390 3716 ACPIEC - ok

12:40:59.0421 3716 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

12:40:59.0421 3716 adpu160m - ok

12:40:59.0484 3716 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

12:40:59.0484 3716 aec - ok

12:40:59.0546 3716 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

12:40:59.0546 3716 AFD - ok

12:40:59.0593 3716 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

12:40:59.0593 3716 agp440 - ok

12:40:59.0656 3716 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

12:40:59.0656 3716 agpCPQ - ok

12:40:59.0671 3716 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

12:40:59.0671 3716 Aha154x - ok

12:40:59.0687 3716 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

12:40:59.0687 3716 aic78u2 - ok

12:40:59.0703 3716 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

12:40:59.0703 3716 aic78xx - ok

12:40:59.0718 3716 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

12:40:59.0718 3716 AliIde - ok

12:40:59.0734 3716 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

12:40:59.0734 3716 alim1541 - ok

12:40:59.0781 3716 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

12:40:59.0781 3716 amdagp - ok

12:40:59.0796 3716 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

12:40:59.0796 3716 amsint - ok

12:40:59.0812 3716 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

12:40:59.0828 3716 asc - ok

12:40:59.0843 3716 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

12:40:59.0843 3716 asc3350p - ok

12:40:59.0859 3716 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

12:40:59.0859 3716 asc3550 - ok

12:40:59.0968 3716 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

12:41:00.0015 3716 AsyncMac - ok

12:41:00.0312 3716 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

12:41:00.0312 3716 atapi - ok

12:41:00.0437 3716 Atdisk - ok

12:41:00.0562 3716 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

12:41:00.0578 3716 Atmarpc - ok

12:41:00.0609 3716 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

12:41:00.0609 3716 audstub - ok

12:41:00.0750 3716 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

12:41:00.0750 3716 AVGIDSDriver - ok

12:41:00.0937 3716 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

12:41:00.0937 3716 AVGIDSEH - ok

12:41:01.0000 3716 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

12:41:01.0000 3716 AVGIDSFilter - ok

12:41:01.0046 3716 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

12:41:01.0046 3716 AVGIDSShim - ok

12:41:01.0093 3716 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

12:41:01.0109 3716 Avgldx86 - ok

12:41:01.0109 3716 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

12:41:01.0125 3716 Avgmfx86 - ok

12:41:01.0140 3716 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

12:41:01.0140 3716 Avgrkx86 - ok

12:41:01.0187 3716 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

12:41:01.0187 3716 Avgtdix - ok

12:41:01.0265 3716 BCM43XX (e679fe7890c366f3418963e289d273cf) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

12:41:01.0296 3716 BCM43XX - ok

12:41:01.0312 3716 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

12:41:01.0312 3716 Beep - ok

12:41:01.0328 3716 catchme - ok

12:41:01.0359 3716 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

12:41:01.0359 3716 cbidf - ok

12:41:01.0375 3716 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

12:41:01.0375 3716 cbidf2k - ok

12:41:01.0390 3716 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

12:41:01.0390 3716 cd20xrnt - ok

12:41:01.0421 3716 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

12:41:01.0437 3716 Cdaudio - ok

12:41:01.0453 3716 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

12:41:01.0453 3716 Cdfs - ok

12:41:01.0484 3716 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

12:41:01.0484 3716 Cdrom - ok

12:41:01.0500 3716 Changer - ok

12:41:01.0546 3716 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

12:41:01.0546 3716 CmdIde - ok

12:41:01.0578 3716 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

12:41:01.0578 3716 Cpqarray - ok

12:41:01.0718 3716 cpuz132 - ok

12:41:01.0765 3716 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

12:41:01.0765 3716 ctsfm2k - ok

12:41:01.0828 3716 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

12:41:01.0828 3716 dac2w2k - ok

12:41:01.0843 3716 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

12:41:01.0843 3716 dac960nt - ok

12:41:01.0890 3716 datunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\datunidr.sys

12:41:01.0890 3716 datunidr - ok

12:41:01.0953 3716 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

12:41:01.0953 3716 Disk - ok

12:41:02.0062 3716 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

12:41:02.0078 3716 dmboot - ok

12:41:02.0125 3716 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

12:41:02.0125 3716 dmio - ok

12:41:02.0250 3716 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

12:41:02.0250 3716 dmload - ok

12:41:02.0296 3716 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

12:41:02.0312 3716 DMusic - ok

12:41:02.0343 3716 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

12:41:02.0343 3716 dpti2o - ok

12:41:02.0390 3716 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

12:41:02.0390 3716 drmkaud - ok

12:41:02.0437 3716 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

12:41:02.0437 3716 E100B - ok

12:41:02.0484 3716 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

12:41:02.0484 3716 e1express - ok

12:41:02.0531 3716 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

12:41:02.0531 3716 Fastfat - ok

12:41:02.0562 3716 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

12:41:02.0562 3716 Fdc - ok

12:41:02.0593 3716 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

12:41:02.0593 3716 Fips - ok

12:41:02.0640 3716 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

12:41:02.0640 3716 Flpydisk - ok

12:41:02.0687 3716 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

12:41:02.0703 3716 FltMgr - ok

12:41:02.0703 3716 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

12:41:02.0718 3716 Fs_Rec - ok

12:41:02.0718 3716 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

12:41:02.0718 3716 Ftdisk - ok

12:41:02.0765 3716 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

12:41:02.0765 3716 GEARAspiWDM - ok

12:41:02.0812 3716 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

12:41:02.0812 3716 Gpc - ok

12:41:02.0828 3716 HDAudBus - ok

12:41:02.0875 3716 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

12:41:02.0875 3716 HidUsb - ok

12:41:02.0937 3716 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

12:41:02.0937 3716 hpn - ok

12:41:03.0000 3716 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

12:41:03.0000 3716 HTTP - ok

12:41:03.0031 3716 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

12:41:03.0031 3716 i2omgmt - ok

12:41:03.0062 3716 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

12:41:03.0062 3716 i2omp - ok

12:41:03.0078 3716 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

12:41:03.0078 3716 i8042prt - ok

12:41:03.0343 3716 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

12:41:03.0546 3716 ialm - ok

12:41:03.0578 3716 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

12:41:03.0578 3716 iaStor - ok

12:41:03.0609 3716 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

12:41:03.0609 3716 Imapi - ok

12:41:03.0656 3716 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

12:41:03.0656 3716 ini910u - ok

12:41:03.0828 3716 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

12:41:03.0953 3716 IntcAzAudAddService - ok

12:41:04.0187 3716 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

12:41:04.0218 3716 IntelIde - ok

12:41:04.0390 3716 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

12:41:04.0390 3716 intelppm - ok

12:41:04.0421 3716 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

12:41:04.0421 3716 Ip6Fw - ok

12:41:04.0468 3716 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

12:41:04.0468 3716 IpFilterDriver - ok

12:41:04.0500 3716 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

12:41:04.0500 3716 IpInIp - ok

12:41:04.0546 3716 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

12:41:04.0546 3716 IpNat - ok

12:41:04.0562 3716 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

12:41:04.0562 3716 IPSec - ok

12:41:04.0593 3716 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

12:41:04.0593 3716 IRENUM - ok

12:41:04.0609 3716 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

12:41:04.0609 3716 isapnp - ok

12:41:04.0625 3716 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

12:41:04.0625 3716 Kbdclass - ok

12:41:04.0625 3716 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

12:41:04.0625 3716 kbdhid - ok

12:41:04.0671 3716 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

12:41:04.0671 3716 kmixer - ok

12:41:04.0734 3716 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

12:41:04.0734 3716 KSecDD - ok

12:41:04.0750 3716 lbrtfdc - ok

12:41:04.0796 3716 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys

12:41:04.0796 3716 MBAMProtector - ok

12:41:04.0812 3716 MCSTRM - ok

12:41:04.0828 3716 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

12:41:04.0843 3716 mnmdd - ok

12:41:04.0890 3716 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

12:41:04.0890 3716 Modem - ok

12:41:04.0937 3716 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

12:41:04.0953 3716 Mouclass - ok

12:41:05.0000 3716 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

12:41:05.0000 3716 mouhid - ok

12:41:05.0031 3716 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

12:41:05.0031 3716 MountMgr - ok

12:41:05.0078 3716 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

12:41:05.0078 3716 mraid35x - ok

12:41:05.0109 3716 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

12:41:05.0109 3716 MRxDAV - ok

12:41:05.0156 3716 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

12:41:05.0171 3716 MRxSmb - ok

12:41:05.0187 3716 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

12:41:05.0187 3716 Msfs - ok

12:41:05.0250 3716 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

12:41:05.0250 3716 MSKSSRV - ok

12:41:05.0265 3716 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

12:41:05.0265 3716 MSPCLOCK - ok

12:41:05.0281 3716 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

12:41:05.0281 3716 MSPQM - ok

12:41:05.0328 3716 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

12:41:05.0328 3716 mssmbios - ok

12:41:05.0500 3716 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

12:41:05.0500 3716 Mup - ok

12:41:05.0500 3716 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

12:41:05.0500 3716 NDIS - ok

12:41:05.0546 3716 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

12:41:05.0546 3716 NdisTapi - ok

12:41:05.0593 3716 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

12:41:05.0593 3716 Ndisuio - ok

12:41:05.0593 3716 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

12:41:05.0593 3716 NdisWan - ok

12:41:05.0625 3716 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

12:41:05.0625 3716 NDProxy - ok

12:41:05.0640 3716 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

12:41:05.0640 3716 NetBIOS - ok

12:41:05.0671 3716 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

12:41:05.0671 3716 NetBT - ok

12:41:05.0687 3716 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

12:41:05.0703 3716 Npfs - ok

12:41:05.0734 3716 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

12:41:05.0750 3716 Ntfs - ok

12:41:05.0765 3716 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

12:41:05.0781 3716 Null - ok

12:41:05.0875 3716 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

12:41:05.0921 3716 nv - ok

12:41:05.0953 3716 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

12:41:05.0953 3716 NwlnkFlt - ok

12:41:05.0984 3716 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

12:41:06.0000 3716 NwlnkFwd - ok

12:41:06.0062 3716 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys

12:41:06.0062 3716 ossrv - ok

12:41:06.0187 3716 P17 (4988ac8b88c9814ccb0b2f93869af1e0) C:\WINDOWS\system32\drivers\P17.sys

12:41:06.0234 3716 P17 - ok

12:41:06.0265 3716 Packet (8f856dae19383bd69db444004d5d4f50) C:\WINDOWS\system32\DRIVERS\packet.sys

12:41:06.0265 3716 Packet - ok

12:41:06.0296 3716 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

12:41:06.0296 3716 Parport - ok

12:41:06.0328 3716 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

12:41:06.0328 3716 PartMgr - ok

12:41:06.0375 3716 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

12:41:06.0375 3716 ParVdm - ok

12:41:06.0375 3716 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

12:41:06.0375 3716 PCI - ok

12:41:06.0390 3716 PCIDump - ok

12:41:06.0406 3716 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

12:41:06.0406 3716 PCIIde - ok

12:41:06.0437 3716 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

12:41:06.0437 3716 Pcmcia - ok

12:41:06.0437 3716 PDCOMP - ok

12:41:06.0453 3716 PDFRAME - ok

12:41:06.0453 3716 PDRELI - ok

12:41:06.0468 3716 PDRFRAME - ok

12:41:06.0484 3716 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

12:41:06.0484 3716 perc2 - ok

12:41:06.0640 3716 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

12:41:06.0640 3716 perc2hib - ok

12:41:06.0734 3716 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

12:41:06.0734 3716 PptpMiniport - ok

12:41:06.0765 3716 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

12:41:06.0765 3716 PSched - ok

12:41:06.0781 3716 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

12:41:06.0781 3716 Ptilink - ok

12:41:06.0953 3716 PTproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys

12:41:06.0953 3716 PTproct - ok

12:41:06.0984 3716 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

12:41:06.0984 3716 ql1080 - ok

12:41:07.0015 3716 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

12:41:07.0031 3716 Ql10wnt - ok

12:41:07.0062 3716 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

12:41:07.0062 3716 ql12160 - ok

12:41:07.0062 3716 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

12:41:07.0078 3716 ql1240 - ok

12:41:07.0093 3716 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

12:41:07.0093 3716 ql1280 - ok

12:41:07.0156 3716 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

12:41:07.0156 3716 RasAcd - ok

12:41:07.0234 3716 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

12:41:07.0234 3716 Rasl2tp - ok

12:41:07.0250 3716 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

12:41:07.0250 3716 RasPppoe - ok

12:41:07.0265 3716 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

12:41:07.0265 3716 Raspti - ok

12:41:07.0312 3716 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

12:41:07.0312 3716 Rdbss - ok

12:41:07.0328 3716 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

12:41:07.0328 3716 RDPCDD - ok

12:41:07.0375 3716 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

12:41:07.0375 3716 rdpdr - ok

12:41:07.0437 3716 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

12:41:07.0453 3716 RDPWD - ok

12:41:07.0484 3716 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

12:41:07.0484 3716 redbook - ok

12:41:07.0562 3716 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys

12:41:07.0562 3716 SCDEmu - ok

12:41:07.0609 3716 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

12:41:07.0609 3716 Secdrv - ok

12:41:07.0656 3716 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

12:41:07.0656 3716 serenum - ok

12:41:07.0703 3716 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

12:41:07.0703 3716 Serial - ok

12:41:07.0734 3716 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

12:41:07.0734 3716 Sfloppy - ok

12:41:07.0750 3716 Simbad - ok

12:41:07.0812 3716 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

12:41:07.0812 3716 sisagp - ok

12:41:07.0843 3716 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

12:41:07.0843 3716 Sparrow - ok

12:41:07.0890 3716 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

12:41:07.0890 3716 splitter - ok

12:41:07.0984 3716 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\WINDOWS\System32\Drivers\sptd.sys

12:41:07.0984 3716 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7

12:41:08.0000 3716 sptd ( LockedFile.Multi.Generic ) - warning

12:41:08.0000 3716 sptd - detected LockedFile.Multi.Generic (1)

12:41:08.0000 3716 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

12:41:08.0000 3716 sr - ok

12:41:08.0046 3716 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

12:41:08.0062 3716 Srv - ok

12:41:08.0218 3716 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

12:41:08.0218 3716 swenum - ok

12:41:08.0281 3716 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

12:41:08.0281 3716 swmidi - ok

12:41:08.0328 3716 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

12:41:08.0328 3716 symc810 - ok

12:41:08.0359 3716 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

12:41:08.0359 3716 symc8xx - ok

12:41:08.0390 3716 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

12:41:08.0390 3716 sym_hi - ok

12:41:08.0406 3716 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

12:41:08.0406 3716 sym_u3 - ok

12:41:08.0437 3716 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

12:41:08.0437 3716 sysaudio - ok

12:41:08.0500 3716 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

12:41:08.0500 3716 Tcpip - ok

12:41:08.0562 3716 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

12:41:08.0562 3716 TDPIPE - ok

12:41:08.0609 3716 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

12:41:08.0609 3716 TDTCP - ok

12:41:08.0656 3716 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

12:41:08.0656 3716 TermDD - ok

12:41:08.0718 3716 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\WINDOWS\system32\drivers\tiehdusb.sys

12:41:08.0718 3716 TIEHDUSB - ok

12:41:08.0734 3716 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

12:41:08.0734 3716 TosIde - ok

12:41:08.0765 3716 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

12:41:08.0765 3716 Udfs - ok

12:41:08.0781 3716 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

12:41:08.0781 3716 ultra - ok

12:41:08.0828 3716 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

12:41:08.0843 3716 Update - ok

12:41:08.0906 3716 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys

12:41:08.0906 3716 USBAAPL - ok

12:41:08.0968 3716 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys

12:41:08.0968 3716 usbbus - ok

12:41:09.0031 3716 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

12:41:09.0031 3716 usbccgp - ok

12:41:09.0093 3716 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys

12:41:09.0093 3716 UsbDiag - ok

12:41:09.0125 3716 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

12:41:09.0125 3716 usbehci - ok

12:41:09.0140 3716 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

12:41:09.0140 3716 usbhub - ok

12:41:09.0187 3716 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys

12:41:09.0187 3716 USBModem - ok

12:41:09.0218 3716 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

12:41:09.0218 3716 usbprint - ok

12:41:09.0250 3716 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

12:41:09.0265 3716 usbscan - ok

12:41:09.0296 3716 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

12:41:09.0296 3716 USBSTOR - ok

12:41:09.0421 3716 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

12:41:09.0421 3716 usbuhci - ok

12:41:09.0500 3716 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

12:41:09.0500 3716 VgaSave - ok

12:41:09.0562 3716 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

12:41:09.0562 3716 viaagp - ok

12:41:09.0578 3716 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

12:41:09.0578 3716 ViaIde - ok

12:41:09.0625 3716 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

12:41:09.0625 3716 VolSnap - ok

12:41:09.0656 3716 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

12:41:09.0656 3716 Wanarp - ok

12:41:09.0656 3716 WDICA - ok

12:41:09.0687 3716 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

12:41:09.0687 3716 wdmaud - ok

12:41:09.0765 3716 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

12:41:09.0765 3716 WpdUsb - ok

12:41:09.0812 3716 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

12:41:09.0812 3716 WudfPf - ok

12:41:09.0812 3716 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

12:41:09.0812 3716 WudfRd - ok

12:41:09.0875 3716 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

12:41:10.0015 3716 \Device\Harddisk0\DR0 - ok

12:41:10.0015 3716 Boot (0x1200) (91629b6e96fb0a4afda12ff125df158e) \Device\Harddisk0\DR0\Partition0

12:41:10.0031 3716 \Device\Harddisk0\DR0\Partition0 - ok

12:41:10.0031 3716 ============================================================

12:41:10.0031 3716 Scan finished

12:41:10.0031 3716 ============================================================

12:41:10.0031 3504 Detected object count: 1

12:41:10.0031 3504 Actual detected object count: 1

12:41:22.0296 3504 sptd ( LockedFile.Multi.Generic ) - skipped by user

12:41:22.0296 3504 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

12:41:24.0796 3892 Deinitialize success

12:25:09 Marty MESSAGE Protection started successfully

12:25:16 Marty MESSAGE IP Protection started successfully

12:25:17 Marty MESSAGE IP Protection stopped

ComboFix 11-10-13.05 - Marty 10/13/2011 19:20:16.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.268 [GMT -5:00]

Running from: c:\documents and settings\Marty\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\SPL3.tmp

c:\documents and settings\All Users\SPL4.tmp

c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\2c0zpddr.default\extensions\{5787493a-d295-4162-9c7b-351471eb4bf5}

c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\2c0zpddr.default\extensions\{5787493a-d295-4162-9c7b-351471eb4bf5}\chrome.manifest

c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\2c0zpddr.default\extensions\{5787493a-d295-4162-9c7b-351471eb4bf5}\chrome\xulcache.jar

c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\2c0zpddr.default\extensions\{5787493a-d295-4162-9c7b-351471eb4bf5}\defaults\preferences\xulcache.js

c:\documents and settings\Marty\Application Data\Mozilla\Firefox\Profiles\2c0zpddr.default\extensions\{5787493a-d295-4162-9c7b-351471eb4bf5}\install.rdf

c:\documents and settings\Marty\Application Data\OpenCloud Security

c:\documents and settings\Marty\My Documents\My Documents.url

c:\documents and settings\Marty\My Documents\My Music\My Music.url

c:\documents and settings\Marty\My Documents\My Pictures\My Pictures.url

c:\documents and settings\Marty\My Documents\My Videos\My Video.url

c:\documents and settings\Marty\puvdeoczhw.tmp

c:\documents and settings\Marty\WINDOWS

c:\program files\Applications\myd.ico

c:\program files\Applications\mym.ico

c:\program files\Applications\myp.ico

c:\program files\Applications\myv.ico

c:\program files\Applications\ot.ico

c:\program files\Applications\ts.ico

c:\program files\Common

c:\program files\Shared

c:\program files\Shared\shared.sig

c:\windows\621819276

c:\windows\settings.reg

c:\windows\system32\512686

c:\windows\system32\accesor32.dll

c:\windows\system32\asferror32.dll

c:\windows\system32\audiodev32.dll

c:\windows\system32\audiosrv32.dll

c:\windows\system32\cic32.dll

c:\windows\system32\d3d9caps.dat

c:\windows\system32\inetpp32.dll

c:\windows\system32\ipsmsnap32.dll

c:\windows\system32\jobexec32.dll

c:\windows\system32\kbdest32.dll

c:\windows\system32\kbdfi32.dll

c:\windows\system32\kbdhela332.dll

c:\windows\system32\kbdhu132.dll

c:\windows\system32\kbdinbe132.dll

c:\windows\system32\kbdla32.dll

c:\windows\system32\kbdmon32.dll

c:\windows\system32\kbdnepr32.dll

c:\windows\system32\kbdsf32.dll

c:\windows\system32\kbdsl32.dll

c:\windows\system32\kbdsl3232.dll

c:\windows\system32\kbdukx32.dll

c:\windows\system32\localsec32.dll

c:\windows\system32\mchgrcoi32.dll

c:\windows\system32\mciseq32.dll

c:\windows\system32\MFC71u32.dll

c:\windows\system32\MFPLAT32.dll

c:\windows\system32\mimefilt32.dll

c:\windows\system32\mll_mtf32.dll

c:\windows\system32\mll_qic32.dll

c:\windows\system32\mmcfxcommon32.dll

c:\windows\system32\modex32.dll

c:\windows\system32\moricons32.dll

c:\windows\system32\msacm3232.dll

c:\windows\system32\mscpxl3232.dll

c:\windows\system32\msctfp32.dll

c:\windows\system32\msfeeds32.dll

c:\windows\system32\msorcl3232.dll

c:\windows\system32\mspmsp32.dll

c:\windows\system32\msvcirt32.dll

c:\windows\system32\narrhook32.dll

c:\windows\system32\ptpusd32.dll

c:\windows\system32\Q_COMM32.dll

c:\windows\system32\rnaph.dll

c:\windows\system32\samlib32.dll

c:\windows\system32\windowscodecsext32.dll

c:\windows\system32\wowfaxui32.dll

c:\windows\system32\wpdtrace32.dll

c:\windows\system32\wstdecod32.dll

c:\windows\system32\xmlprovi32.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_8c351025

.

.

((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))

.

.

2011-10-13 21:54 . 2011-10-13 21:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-13 21:54 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-13 20:40 . 2011-10-13 21:49 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-10 20:52 . 2011-10-10 20:52 -------- d-----w- c:\documents and settings\Marty\Application Data\SUPERAntiSpyware.com

2011-10-10 20:52 . 2011-10-10 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2011-10-10 00:09 . 2011-10-10 00:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-10-04 22:55 . 2011-10-04 22:55 -------- d-----w- c:\documents and settings\Marty\Application Data\AVG2012

2011-10-04 22:54 . 2011-10-04 22:54 -------- d-----w- c:\documents and settings\Marty\Application Data\AVG Secure Search

2011-10-04 22:53 . 2011-10-04 22:53 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-10-04 22:53 . 2011-10-04 22:54 -------- d-----w- c:\program files\AVG Secure Search

2011-10-04 22:52 . 2011-10-07 19:53 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-04 22:52 . 2011-10-04 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-10-04 22:21 . 2011-10-04 22:24 -------- d-----w- c:\documents and settings\Administrator

2011-09-29 22:07 . 2011-09-29 22:07 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-29 22:06 . 2011-10-09 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-29 21:48 . 2011-09-29 21:48 -------- d-----w- c:\documents and settings\Marty\Application Data\Malwarebytes

2011-09-29 21:48 . 2011-09-29 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-09-26 16:41 . 2011-09-26 16:41 220160 ------w- c:\windows\system32\dllcache\oleacc.dll

2011-09-26 16:41 . 2011-09-26 16:41 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll

2011-09-26 16:24 . 2011-09-26 16:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-09-26 15:43 . 2011-09-26 15:43 -------- d-----w- c:\program files\iPod

2011-09-26 15:43 . 2011-09-26 15:44 -------- d-----w- c:\program files\iTunes

2011-09-26 15:38 . 2011-09-26 15:38 -------- d-----w- c:\program files\Bonjour

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-09-26 15:36 . 2011-09-26 15:36 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-09-26 15:35 . 2011-09-26 15:36 -------- d-----w- c:\program files\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-13 20:42 . 2004-08-10 18:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41 . 2004-08-10 18:51 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41 . 2004-08-10 18:51 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30 . 2011-07-11 06:13 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12 . 2004-08-10 18:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2004-08-10 18:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2004-08-10 18:51 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2004-08-10 18:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2004-08-10 18:51 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2004-08-10 18:51 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2004-08-10 18:50 138496 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-10-04 22:53 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll" [2011-10-04 1451336]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-26 39408]

"SetDefaultMIDI"="MIDIDef.exe" [2002-12-03 49152]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-14 142104]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-14 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-14 138008]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"Broadcom Wireless Manager"="c:\windows\system32\wltray.exe" [2007-03-02 1282048]

"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-05-04 291760]

"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-03-05 20480]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-14 81920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"CTSysVol"="c:\program files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe" [2007-09-05 57344]

"P17Helper"="P17.dll" [2009-02-26 65536]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-10-04 218440]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\documents and settings\Marty\Start Menu\Programs\Startup\

Billminder.lnk - c:\quickenw\billmind.exe [2009-4-19 33280]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-1-15 7168]

Dynex Wireless Networking Utility.lnk - c:\program files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe [2008-4-11 1462272]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Pocket Tanks Deluxe\\pockettanks.exe"=

"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=

"c:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddwbgw.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Documents and Settings\\Marty\\My Documents\\My Games\\Halo\\Halo\\halo.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol

"10426:UDP"= 10426:UDP:SingleClick ICC

"135:TCP"= 135:TCP:TCP Port 135

"5000:TCP"= 5000:TCP:TCP Port 5000

"5001:TCP"= 5001:TCP:TCP Port 5001

"5002:TCP"= 5002:TCP:TCP Port 5002

"5003:TCP"= 5003:TCP:TCP Port 5003

"5004:TCP"= 5004:TCP:TCP Port 5004

"5005:TCP"= 5005:TCP:TCP Port 5005

"5006:TCP"= 5006:TCP:TCP Port 5006

"5007:TCP"= 5007:TCP:TCP Port 5007

"5008:TCP"= 5008:TCP:TCP Port 5008

"5009:TCP"= 5009:TCP:TCP Port 5009

"5010:TCP"= 5010:TCP:TCP Port 5010

"5011:TCP"= 5011:TCP:TCP Port 5011

"5012:TCP"= 5012:TCP:TCP Port 5012

"5013:TCP"= 5013:TCP:TCP Port 5013

"5014:TCP"= 5014:TCP:TCP Port 5014

"5015:TCP"= 5015:TCP:TCP Port 5015

"5016:TCP"= 5016:TCP:TCP Port 5016

"5017:TCP"= 5017:TCP:TCP Port 5017

"5018:TCP"= 5018:TCP:TCP Port 5018

"5019:TCP"= 5019:TCP:TCP Port 5019

"5020:TCP"= 5020:TCP:TCP Port 5020

"3461:UDP"= 3461:UDP:Windows Media Format SDK (iexplore.exe)

"3460:UDP"= 3460:UDP:Windows Media Format SDK (iexplore.exe)

"3476:UDP"= 3476:UDP:Windows Media Format SDK (iexplore.exe)

"58377:TCP"= 58377:TCP:Pando Media Booster

"58377:UDP"= 58377:UDP:Pando Media Booster

"3074:TCP"= 3074:TCP:xboxTCP3074

"88:UDP"= 88:UDP:xboxUDP88

"3074:UDP"= 3074:UDP:xboxUDP3074

"53:UDP"= 53:UDP:xboxUDP53

"53:TCP"= 53:TCP:xboxTCP53

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 32592]

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 229840]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 295248]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [4/26/2007 12:21 AM 99248]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/13/2011 4:54 PM 366152]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [10/4/2011 5:53 PM 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/11/2011 1:14 AM 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/13/2011 4:54 PM 22216]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [9/12/2011 6:23 AM 5265248]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 10:22 PM 135664]

S3 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 10:22 PM 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 2:37 PM 517096]

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-03 c:\windows\Tasks\AdobeAAMUpdater-1.0-D6LF4HF1-Marty.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-09 09:44]

.

2011-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]

.

2011-10-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-26 16:53]

.

2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 03:22]

.

2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 03:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}

mStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://windiwsfsearch.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearchURL = hxxp://windiwsfsearch.com

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Toolbar-Locked - (no file)

HKCU-Run-VResLab - c:\program files\VResLab\VResLab.exe

HKCU-Run-wblogon - c:\windows\system32\algg.exe

HKCU-Run-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

HKLM-Run-ANTIVIRUS - c:\program files\AAV\AAV.exe

HKLM-RunOnce-AvgRemover - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\avg_remover_stf_x86_2012_1796[1].exe

SafeBoot-65634666.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-10-14 12:24

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(968)

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(2132)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\wltrysvc.exe

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Dell Network Assistant\hnm_svc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxddcoms.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\Rundll32.exe

c:\program files\Dell Network Assistant\ezi_hnm2.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-10-14 12:35:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-14 17:35

.

Pre-Run: 19,189,657,600 bytes free

Post-Run: 21,966,082,048 bytes free

.

- - End Of File - - B4EE895B179F9F1462BC3ECE043D63B3

Link to post
Share on other sites

Malwarebytes...

Database version: 7941

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/14/2011 1:04:12 PM

mbam-log-2011-10-14 (13-03-51).txt

Scan type: Quick scan

Objects scanned: 220427

Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 2

Registry Data Items Infected: 5

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{A0E1054B-01EE-4D57-A059-4D99F339709F} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Typelib\{8E3C68CD-F500-4A2A-8CB9-132BB38C3573} (Trojan.BHO) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{986A8AC1-AB4D-4F41-9068-4B01C0197867} (Trojan.BHO) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> No action taken.

Registry Values Infected:

HKEY_CLASSES_ROOT\AppID\main.DLL\AppID (Adware.DeepDive) -> Value: AppID -> No action taken.

HKEY_CLASSES_ROOT\main.BHO.1\CLSID\(default) (Adware.DeepDive) -> Value: (default) -> No action taken.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q={searchTerms}) Good: (http://www.Google.com/) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com) Good: (http://www.Google.com/) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.SearchPage) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (http://www.Google.com/) -> No action taken.

Folders Infected:

c:\documents and settings\Conner\start menu\Programs\opencloud security (Rogue.OpenCloudSecurity) -> No action taken.

Files Infected:

c:\documents and settings\Marty\favorites\antivirus scan.url (Rogue.Link) -> No action taken.

c:\documents and settings\Conner\Desktop\opencloud security.lnk (Rogue.OpenCloudSecurity) -> No action taken.

c:\documents and settings\Conner\start menu\Programs\opencloud security\opencloud security.lnk (Rogue.OpenCloudSecurity) -> No action taken.

DDS....

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Marty at 12:56:51 on 2011-10-14

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.141 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton AntiVirus *Disabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\System32\wltrysvc.exe

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Dell Network Assistant\hnm_svc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxddserv.exe

C:\WINDOWS\system32\lxddcoms.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\WINDOWS\system32\wltray.exe

C:\Program Files\Lexmark 2500 Series\lxddmon.exe

C:\Program Files\Lexmark 2500 Series\lxddamon.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe

C:\Program Files\Dell Network Assistant\ezi_hnm2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\taskmgr.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://windiwsfsearch.com/search?q={searchTerms}

mStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local;<local>

uSearchAssistant = hxxp://windiwsfsearch.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mSearchURL = hxxp://windiwsfsearch.com

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.34\AVG Secure Search_toolbar.dll

TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File

uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [setDefaultMIDI] MIDIDef.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [broadcom Wireless Manager] c:\windows\system32\wltray.exe

mRun: [lxddmon.exe] "c:\program files\lexmark 2500 series\lxddmon.exe"

mRun: [lxddamon] "c:\program files\lexmark 2500 series\lxddamon.exe"

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CTSysVol] c:\program files\rocketfish\rf5.1\surround mixer\CTSysVol.exe /r

mRun: [P17Helper] Rundll32 P17.dll,P17Helper

mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

StartupFolder: c:\docume~1\marty\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\billmind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dynexw~1.lnk - c:\program files\dynex enhanced g desktop card adapter\DynexWCUI.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{418B4E6C-D257-415F-B747-C1EEAB893852} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{C1C904E7-A977-4024-AA68-A2BF60484A17} : DhcpNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2007-4-26 99248]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-13 366152]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-4 246600]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-13 22216]

R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-14 41272]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]

S3 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S3 cpuz132;cpuz132;\??\c:\docume~1\marty\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\marty\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== Created Last 30 ================

.

2011-10-14 17:42:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-13 22:03:59 -------- d-sha-r- C:\cmdcons

2011-10-13 21:59:47 98816 ----a-w- c:\windows\sed.exe

2011-10-13 21:59:47 518144 ----a-w- c:\windows\SWREG.exe

2011-10-13 21:59:47 256000 ----a-w- c:\windows\PEV.exe

2011-10-13 21:59:47 208896 ----a-w- c:\windows\MBR.exe

2011-10-13 21:54:33 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-13 21:54:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-13 20:40:07 -------- d-----w- C:\TDSSKiller_Quarantine

2011-10-10 20:52:39 -------- d-----w- c:\documents and settings\marty\application data\SUPERAntiSpyware.com

2011-10-10 20:52:12 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com

2011-10-04 22:55:45 -------- d-----w- c:\documents and settings\marty\application data\AVG2012

2011-10-04 22:54:00 -------- d-----w- c:\documents and settings\marty\application data\AVG Secure Search

2011-10-04 22:53:55 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-10-04 22:53:54 -------- d-----w- c:\program files\AVG Secure Search

2011-10-04 22:52:53 -------- d-----w- c:\windows\system32\drivers\AVG

2011-10-04 22:52:53 -------- d-----w- c:\documents and settings\all users\application data\AVG2012

2011-09-29 22:07:12 -------- d--h--w- c:\documents and settings\all users\application data\Common Files

2011-09-29 22:06:59 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-09-29 21:48:28 -------- d-----w- c:\documents and settings\marty\application data\Malwarebytes

2011-09-29 21:48:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-09-26 16:41:20 220160 ------w- c:\windows\system32\dllcache\oleacc.dll

2011-09-26 16:41:14 20480 ------w- c:\windows\system32\dllcache\oleaccrc.dll

2011-09-26 15:43:30 -------- d-----w- c:\program files\iPod

2011-09-26 15:43:24 -------- d-----w- c:\program files\iTunes

2011-09-26 15:38:24 -------- d-----w- c:\program files\Bonjour

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-09-26 15:36:05 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2011-10-13 20:42:23 162816 ----a-w- c:\windows\system32\drivers\netbt.sys

2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys

.

============= FINISH: 13:04:20.78 ===============

Link to post
Share on other sites

  • Staff

Did you uninstall AVG or Norton?

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.