Jump to content

Recommended Posts

Hello, like many other writers, I have a problem on my computer. When I try to run Malwarebytes, I get the annoying message "Windows cannot access specific device...". I've found various postings about this virus/worm, but with all of the responses, it has become much too confusing.

Earlier this evening, I was removing an infection caused by the bogus System Restore trojan. Now, when I go to see if everything is OK, I find that there seems to be another infection, or something left over. When I cleaned off the System Restore worm, I was able to use Malwarebytes, in conjunction with RKill, TDSS, and Unhide, though. So, that's what perplexes me.

Like I said, when launching Malwarebytes right now, I get the error message. Opening my AVG antivirus program tells me that nothing is enabled. So, to help me fix this, please be specific on what I need to download and run, and what log files I need to attach.

Thanks for your help!!

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for the help. I'll give it a try. Shall I perform the steps while the computer is in the safe mode?

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I've run all of the tasks you have asked. The log files are posted below. Let me know what the next step is. Also, let me know if the computer is OK to use.

TDSSKILLER LOG

19:45:23.0637 0408 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

19:45:24.0074 0408 ============================================================

19:45:24.0074 0408 Current date / time: 2011/10/24 19:45:24.0074

19:45:24.0074 0408 SystemInfo:

19:45:24.0074 0408

19:45:24.0074 0408 OS Version: 6.1.7600 ServicePack: 0.0

19:45:24.0074 0408 Product type: Workstation

19:45:24.0074 0408 ComputerName: LENOVO

19:45:24.0074 0408 UserName: Heather

19:45:24.0074 0408 Windows directory: C:\Windows

19:45:24.0074 0408 System windows directory: C:\Windows

19:45:24.0074 0408 Processor architecture: Intel x86

19:45:24.0074 0408 Number of processors: 2

19:45:24.0074 0408 Page size: 0x1000

19:45:24.0074 0408 Boot type: Safe boot with network

19:45:24.0074 0408 ============================================================

19:45:26.0867 0408 Initialize success

19:45:31.0063 1184 ============================================================

19:45:31.0063 1184 Scan started

19:45:31.0063 1184 Mode: Manual;

19:45:31.0063 1184 ============================================================

19:45:32.0904 1184 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

19:45:32.0904 1184 1394ohci - ok

19:45:32.0951 1184 5U877 (d623af0d0db0f13d32cae34d3f0dad39) C:\Windows\system32\DRIVERS\5U877.sys

19:45:32.0951 1184 5U877 - ok

19:45:33.0013 1184 63ea5de9 (8f2bb1827cac01aee6a16e30a1260199) C:\Windows\3915246179:2618663446.exe

19:45:33.0013 1184 Suspicious file (Hidden): C:\Windows\3915246179:2618663446.exe. md5: 8f2bb1827cac01aee6a16e30a1260199

19:45:33.0013 1184 63ea5de9 ( Rootkit.Win32.PMax.gen ) - infected

19:45:33.0013 1184 63ea5de9 - detected Rootkit.Win32.PMax.gen (0)

19:45:33.0060 1184 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

19:45:33.0060 1184 ACPI - ok

19:45:33.0107 1184 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

19:45:33.0107 1184 AcpiPmi - ok

19:45:33.0185 1184 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

19:45:33.0185 1184 adp94xx - ok

19:45:33.0231 1184 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

19:45:33.0231 1184 adpahci - ok

19:45:33.0278 1184 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

19:45:33.0294 1184 adpu320 - ok

19:45:33.0434 1184 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys

19:45:33.0434 1184 AFD - ok

19:45:33.0465 1184 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

19:45:33.0481 1184 agp440 - ok

19:45:33.0512 1184 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

19:45:33.0528 1184 aic78xx - ok

19:45:33.0590 1184 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

19:45:33.0590 1184 aliide - ok

19:45:33.0621 1184 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

19:45:33.0621 1184 amdagp - ok

19:45:33.0653 1184 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

19:45:33.0653 1184 amdide - ok

19:45:33.0684 1184 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

19:45:33.0684 1184 AmdK8 - ok

19:45:33.0715 1184 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

19:45:33.0731 1184 AmdPPM - ok

19:45:33.0762 1184 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

19:45:33.0762 1184 amdsata - ok

19:45:33.0793 1184 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

19:45:33.0793 1184 amdsbs - ok

19:45:33.0824 1184 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

19:45:33.0824 1184 amdxata - ok

19:45:33.0855 1184 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

19:45:33.0855 1184 AppID - ok

19:45:33.0980 1184 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

19:45:33.0980 1184 arc - ok

19:45:34.0011 1184 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

19:45:34.0011 1184 arcsas - ok

19:45:34.0043 1184 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

19:45:34.0058 1184 AsyncMac - ok

19:45:34.0089 1184 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

19:45:34.0089 1184 atapi - ok

19:45:34.0214 1184 AVGIDSDriver (f6878b90a8a9795116bce335238e65af) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

19:45:34.0214 1184 AVGIDSDriver - ok

19:45:34.0292 1184 AVGIDSEH (19a08a6728a6e02099d64268218cd799) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

19:45:34.0292 1184 AVGIDSEH - ok

19:45:34.0370 1184 AVGIDSFilter (f8927ab1dd086edeff2924a64dc89869) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

19:45:34.0370 1184 AVGIDSFilter - ok

19:45:34.0464 1184 AVGIDSShim (44d562825d811eea3c8cd6140cbad5d0) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

19:45:34.0464 1184 AVGIDSShim - ok

19:45:34.0542 1184 Avgldx86 (6a2a36d7be68b2114de0417ca84e1547) C:\Windows\system32\DRIVERS\avgldx86.sys

19:45:34.0542 1184 Avgldx86 ( Rootkit.Win32.ZAccess.j ) - infected

19:45:34.0542 1184 Avgldx86 - detected Rootkit.Win32.ZAccess.j (0)

19:45:34.0620 1184 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys

19:45:34.0620 1184 Avgmfx86 - ok

19:45:34.0698 1184 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys

19:45:34.0698 1184 Avgrkx86 - ok

19:45:34.0776 1184 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys

19:45:34.0776 1184 Avgtdix - ok

19:45:34.0854 1184 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

19:45:34.0869 1184 b06bdrv - ok

19:45:34.0916 1184 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

19:45:34.0916 1184 b57nd60x - ok

19:45:35.0010 1184 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

19:45:35.0010 1184 Beep - ok

19:45:35.0057 1184 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

19:45:35.0057 1184 blbdrive - ok

19:45:35.0135 1184 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys

19:45:35.0135 1184 bowser - ok

19:45:35.0166 1184 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:45:35.0181 1184 BrFiltLo - ok

19:45:35.0213 1184 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:45:35.0213 1184 BrFiltUp - ok

19:45:35.0291 1184 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

19:45:35.0291 1184 Brserid - ok

19:45:35.0322 1184 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

19:45:35.0322 1184 BrSerWdm - ok

19:45:35.0353 1184 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:45:35.0353 1184 BrUsbMdm - ok

19:45:35.0369 1184 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

19:45:35.0369 1184 BrUsbSer - ok

19:45:35.0462 1184 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys

19:45:35.0478 1184 BthEnum - ok

19:45:35.0509 1184 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

19:45:35.0525 1184 BTHMODEM - ok

19:45:35.0556 1184 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys

19:45:35.0556 1184 BthPan - ok

19:45:35.0618 1184 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\System32\Drivers\BTHport.sys

19:45:35.0634 1184 BTHPORT - ok

19:45:35.0696 1184 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\System32\Drivers\BTHUSB.sys

19:45:35.0696 1184 BTHUSB - ok

19:45:35.0759 1184 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

19:45:35.0759 1184 cdfs - ok

19:45:35.0805 1184 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

19:45:35.0805 1184 cdrom - ok

19:45:35.0837 1184 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

19:45:35.0837 1184 circlass - ok

19:45:35.0883 1184 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

19:45:35.0883 1184 CLFS - ok

19:45:35.0915 1184 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

19:45:35.0915 1184 CmBatt - ok

19:45:35.0930 1184 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

19:45:35.0930 1184 cmdide - ok

19:45:35.0961 1184 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

19:45:35.0961 1184 CNG - ok

19:45:36.0008 1184 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

19:45:36.0008 1184 Compbatt - ok

19:45:36.0024 1184 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

19:45:36.0024 1184 CompositeBus - ok

19:45:36.0055 1184 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

19:45:36.0055 1184 crcdisk - ok

19:45:36.0086 1184 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys

19:45:36.0086 1184 CSC - ok

19:45:36.0180 1184 DfsC (ade22bb3926c60890a72d1bb5661bd62) C:\Windows\system32\Drivers\dfsc.sys

19:45:36.0180 1184 Suspicious file (Forged): C:\Windows\system32\Drivers\dfsc.sys. Real md5: ade22bb3926c60890a72d1bb5661bd62, Fake md5: 83d1ecea8faae75604c0fa49ac7ad996

19:45:36.0180 1184 DfsC ( Rootkit.Win32.ZAccess.g ) - infected

19:45:36.0180 1184 DfsC - detected Rootkit.Win32.ZAccess.g (0)

19:45:36.0227 1184 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

19:45:36.0227 1184 discache - ok

19:45:36.0258 1184 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

19:45:36.0258 1184 Disk - ok

19:45:36.0289 1184 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

19:45:36.0289 1184 drmkaud - ok

19:45:36.0367 1184 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

19:45:36.0367 1184 DXGKrnl - ok

19:45:36.0461 1184 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

19:45:36.0539 1184 ebdrv - ok

19:45:36.0585 1184 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

19:45:36.0601 1184 elxstor - ok

19:45:36.0601 1184 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

19:45:36.0601 1184 ErrDev - ok

19:45:36.0679 1184 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

19:45:36.0695 1184 exfat - ok

19:45:36.0710 1184 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

19:45:36.0710 1184 fastfat - ok

19:45:36.0726 1184 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

19:45:36.0726 1184 fdc - ok

19:45:36.0757 1184 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

19:45:36.0757 1184 FileInfo - ok

19:45:36.0773 1184 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

19:45:36.0773 1184 Filetrace - ok

19:45:36.0788 1184 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

19:45:36.0788 1184 flpydisk - ok

19:45:36.0819 1184 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

19:45:36.0819 1184 FltMgr - ok

19:45:36.0866 1184 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

19:45:36.0866 1184 FsDepends - ok

19:45:36.0882 1184 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

19:45:36.0882 1184 Fs_Rec - ok

19:45:36.0897 1184 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys

19:45:36.0897 1184 fvevol - ok

19:45:36.0913 1184 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:45:36.0913 1184 gagp30kx - ok

19:45:36.0991 1184 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:45:36.0991 1184 GEARAspiWDM - ok

19:45:37.0007 1184 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

19:45:37.0022 1184 hcw85cir - ok

19:45:37.0053 1184 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

19:45:37.0053 1184 HdAudAddService - ok

19:45:37.0085 1184 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

19:45:37.0085 1184 HDAudBus - ok

19:45:37.0100 1184 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

19:45:37.0100 1184 HidBatt - ok

19:45:37.0116 1184 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

19:45:37.0116 1184 HidBth - ok

19:45:37.0131 1184 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

19:45:37.0131 1184 HidIr - ok

19:45:37.0178 1184 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

19:45:37.0178 1184 HidUsb - ok

19:45:37.0194 1184 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

19:45:37.0194 1184 HpSAMD - ok

19:45:37.0241 1184 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

19:45:37.0241 1184 HTTP - ok

19:45:37.0256 1184 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

19:45:37.0256 1184 hwpolicy - ok

19:45:37.0272 1184 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

19:45:37.0272 1184 i8042prt - ok

19:45:37.0319 1184 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys

19:45:37.0319 1184 iaStor - ok

19:45:37.0350 1184 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

19:45:37.0350 1184 iaStorV - ok

19:45:37.0412 1184 IBMPMDRV (4dcfc1792be8fc092ab41eafa9d0fde5) C:\Windows\system32\DRIVERS\ibmpmdrv.sys

19:45:37.0412 1184 IBMPMDRV - ok

19:45:37.0615 1184 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys

19:45:37.0724 1184 igfx - ok

19:45:37.0755 1184 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

19:45:37.0755 1184 iirsp - ok

19:45:37.0849 1184 IntcAzAudAddService (d991871aa47da7989540ac2c0f6ec533) C:\Windows\system32\drivers\RTKVHDA.sys

19:45:37.0896 1184 IntcAzAudAddService - ok

19:45:37.0943 1184 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys

19:45:37.0943 1184 IntcHdmiAddService - ok

19:45:37.0958 1184 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

19:45:37.0958 1184 intelide - ok

19:45:37.0989 1184 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

19:45:37.0989 1184 intelppm - ok

19:45:38.0005 1184 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

19:45:38.0021 1184 IPMIDRV - ok

19:45:38.0021 1184 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

19:45:38.0036 1184 IPNAT - ok

19:45:38.0067 1184 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

19:45:38.0067 1184 IRENUM - ok

19:45:38.0083 1184 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

19:45:38.0083 1184 isapnp - ok

19:45:38.0114 1184 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

19:45:38.0114 1184 iScsiPrt - ok

19:45:38.0161 1184 JMCR (2137795d207280d5707554aaf936fd19) C:\Windows\system32\DRIVERS\jmcr.sys

19:45:38.0161 1184 JMCR - ok

19:45:38.0177 1184 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

19:45:38.0192 1184 kbdclass - ok

19:45:38.0192 1184 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

19:45:38.0208 1184 kbdhid - ok

19:45:38.0223 1184 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

19:45:38.0223 1184 KSecDD - ok

19:45:38.0255 1184 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

19:45:38.0255 1184 KSecPkg - ok

19:45:38.0317 1184 lenovo.smi (3c3f7f424e324c6971632c5de5ff458f) C:\Windows\system32\DRIVERS\smiif32.sys

19:45:38.0317 1184 lenovo.smi - ok

19:45:38.0333 1184 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

19:45:38.0333 1184 lltdio - ok

19:45:38.0364 1184 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:45:38.0379 1184 LSI_FC - ok

19:45:38.0395 1184 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:45:38.0395 1184 LSI_SAS - ok

19:45:38.0411 1184 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:45:38.0411 1184 LSI_SAS2 - ok

19:45:38.0442 1184 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:45:38.0442 1184 LSI_SCSI - ok

19:45:38.0457 1184 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

19:45:38.0457 1184 luafv - ok

19:45:38.0489 1184 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

19:45:38.0504 1184 megasas - ok

19:45:38.0520 1184 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

19:45:38.0520 1184 MegaSR - ok

19:45:38.0535 1184 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

19:45:38.0535 1184 Modem - ok

19:45:38.0567 1184 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

19:45:38.0567 1184 monitor - ok

19:45:38.0598 1184 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

19:45:38.0598 1184 mouclass - ok

19:45:38.0613 1184 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

19:45:38.0613 1184 mouhid - ok

19:45:38.0629 1184 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

19:45:38.0629 1184 mountmgr - ok

19:45:38.0645 1184 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

19:45:38.0660 1184 mpio - ok

19:45:38.0660 1184 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

19:45:38.0660 1184 mpsdrv - ok

19:45:38.0707 1184 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

19:45:38.0707 1184 MRxDAV - ok

19:45:38.0769 1184 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:45:38.0769 1184 mrxsmb - ok

19:45:38.0816 1184 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:45:38.0816 1184 mrxsmb10 - ok

19:45:38.0847 1184 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:45:38.0847 1184 mrxsmb20 - ok

19:45:38.0879 1184 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

19:45:38.0879 1184 msahci - ok

19:45:38.0894 1184 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

19:45:38.0894 1184 msdsm - ok

19:45:38.0910 1184 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

19:45:38.0910 1184 Msfs - ok

19:45:38.0925 1184 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

19:45:38.0925 1184 mshidkmdf - ok

19:45:38.0941 1184 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

19:45:38.0941 1184 msisadrv - ok

19:45:38.0972 1184 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

19:45:38.0972 1184 MSKSSRV - ok

19:45:38.0988 1184 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

19:45:38.0988 1184 MSPCLOCK - ok

19:45:39.0003 1184 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

19:45:39.0003 1184 MSPQM - ok

19:45:39.0019 1184 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

19:45:39.0035 1184 MsRPC - ok

19:45:39.0050 1184 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

19:45:39.0050 1184 mssmbios - ok

19:45:39.0081 1184 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

19:45:39.0081 1184 MSTEE - ok

19:45:39.0097 1184 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

19:45:39.0097 1184 MTConfig - ok

19:45:39.0113 1184 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

19:45:39.0113 1184 Mup - ok

19:45:39.0144 1184 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

19:45:39.0159 1184 NativeWifiP - ok

19:45:39.0191 1184 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

19:45:39.0222 1184 NDIS - ok

19:45:39.0237 1184 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

19:45:39.0237 1184 NdisCap - ok

19:45:39.0269 1184 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

19:45:39.0269 1184 NdisTapi - ok

19:45:39.0284 1184 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

19:45:39.0284 1184 Ndisuio - ok

19:45:39.0300 1184 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

19:45:39.0315 1184 NdisWan - ok

19:45:39.0331 1184 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

19:45:39.0331 1184 NDProxy - ok

19:45:39.0347 1184 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

19:45:39.0347 1184 NetBIOS - ok

19:45:39.0362 1184 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

19:45:39.0362 1184 NetBT - ok

19:45:39.0627 1184 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys

19:45:39.0752 1184 NETw5s32 - ok

19:45:39.0861 1184 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

19:45:39.0939 1184 netw5v32 - ok

19:45:39.0955 1184 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

19:45:39.0955 1184 nfrd960 - ok

19:45:39.0971 1184 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

19:45:39.0986 1184 Npfs - ok

19:45:40.0002 1184 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

19:45:40.0002 1184 nsiproxy - ok

19:45:40.0049 1184 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

19:45:40.0080 1184 Ntfs - ok

19:45:40.0095 1184 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

19:45:40.0111 1184 Null - ok

19:45:40.0127 1184 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

19:45:40.0127 1184 nvraid - ok

19:45:40.0142 1184 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

19:45:40.0142 1184 nvstor - ok

19:45:40.0158 1184 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

19:45:40.0158 1184 nv_agp - ok

19:45:40.0173 1184 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

19:45:40.0173 1184 ohci1394 - ok

19:45:40.0220 1184 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

19:45:40.0220 1184 Parport - ok

19:45:40.0236 1184 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

19:45:40.0236 1184 partmgr - ok

19:45:40.0251 1184 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

19:45:40.0251 1184 Parvdm - ok

19:45:40.0345 1184 PCDSRVC{C4B36920-79E24793-06000000}_0 (a88f42ad20418620d08a13ad1a70c083) c:\progra~1\pc-doc~1\pcdsrvc.pkms

19:45:40.0610 1184 PCDSRVC{C4B36920-79E24793-06000000}_0 - ok

19:45:40.0626 1184 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

19:45:40.0626 1184 pci - ok

19:45:40.0641 1184 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

19:45:40.0641 1184 pciide - ok

19:45:40.0657 1184 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

19:45:40.0657 1184 pcmcia - ok

19:45:40.0673 1184 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

19:45:40.0673 1184 pcw - ok

19:45:40.0704 1184 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

19:45:40.0719 1184 PEAUTH - ok

19:45:40.0797 1184 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

19:45:40.0797 1184 PptpMiniport - ok

19:45:40.0813 1184 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

19:45:40.0813 1184 Processor - ok

19:45:40.0875 1184 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys

19:45:40.0875 1184 psadd - ok

19:45:40.0907 1184 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

19:45:40.0907 1184 Psched - ok

19:45:40.0938 1184 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys

19:45:40.0938 1184 PxHelp20 - ok

19:45:40.0969 1184 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

19:45:41.0016 1184 ql2300 - ok

19:45:41.0031 1184 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

19:45:41.0031 1184 ql40xx - ok

19:45:41.0063 1184 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

19:45:41.0063 1184 QWAVEdrv - ok

19:45:41.0078 1184 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

19:45:41.0078 1184 RasAcd - ok

19:45:41.0109 1184 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:45:41.0125 1184 RasAgileVpn - ok

19:45:41.0141 1184 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:45:41.0141 1184 Rasl2tp - ok

19:45:41.0156 1184 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

19:45:41.0156 1184 RasPppoe - ok

19:45:41.0187 1184 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

19:45:41.0187 1184 RasSstp - ok

19:45:41.0203 1184 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

19:45:41.0203 1184 rdbss - ok

19:45:41.0219 1184 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

19:45:41.0219 1184 rdpbus - ok

19:45:41.0234 1184 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:45:41.0234 1184 RDPCDD - ok

19:45:41.0265 1184 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys

19:45:41.0265 1184 RDPDR - ok

19:45:41.0281 1184 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

19:45:41.0281 1184 RDPENCDD - ok

19:45:41.0297 1184 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

19:45:41.0297 1184 RDPREFMP - ok

19:45:41.0312 1184 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

19:45:41.0312 1184 RDPWD - ok

19:45:41.0328 1184 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

19:45:41.0328 1184 rdyboost - ok

19:45:41.0375 1184 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

19:45:41.0375 1184 regi - ok

19:45:41.0515 1184 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys

19:45:41.0515 1184 RFCOMM - ok

19:45:41.0609 1184 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

19:45:41.0609 1184 rspndr - ok

19:45:41.0671 1184 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys

19:45:41.0671 1184 RTL8167 - ok

19:45:41.0702 1184 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys

19:45:41.0702 1184 s3cap - ok

19:45:41.0733 1184 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

19:45:41.0749 1184 sbp2port - ok

19:45:41.0765 1184 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

19:45:41.0765 1184 scfilter - ok

19:45:41.0811 1184 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys

19:45:41.0811 1184 sdbus - ok

19:45:41.0843 1184 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:45:41.0843 1184 secdrv - ok

19:45:41.0889 1184 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

19:45:41.0889 1184 Serenum - ok

19:45:41.0921 1184 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

19:45:41.0921 1184 Serial - ok

19:45:41.0952 1184 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

19:45:41.0952 1184 sermouse - ok

19:45:41.0983 1184 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

19:45:41.0983 1184 sffdisk - ok

19:45:42.0014 1184 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

19:45:42.0014 1184 sffp_mmc - ok

19:45:42.0030 1184 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys

19:45:42.0045 1184 sffp_sd - ok

19:45:42.0077 1184 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

19:45:42.0077 1184 sfloppy - ok

19:45:42.0123 1184 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\Windows\system32\DRIVERS\Apsx86.sys

19:45:42.0123 1184 Shockprf - ok

19:45:42.0155 1184 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

19:45:42.0170 1184 sisagp - ok

19:45:42.0201 1184 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:45:42.0201 1184 SiSRaid2 - ok

19:45:42.0233 1184 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

19:45:42.0233 1184 SiSRaid4 - ok

19:45:42.0264 1184 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

19:45:42.0264 1184 Smb - ok

19:45:42.0311 1184 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

19:45:42.0311 1184 spldr - ok

19:45:42.0389 1184 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys

19:45:42.0389 1184 srv - ok

19:45:42.0451 1184 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys

19:45:42.0451 1184 srv2 - ok

19:45:42.0498 1184 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

19:45:42.0513 1184 SrvHsfHDA - ok

19:45:42.0560 1184 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

19:45:42.0576 1184 SrvHsfV92 - ok

19:45:42.0623 1184 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

19:45:42.0638 1184 SrvHsfWinac - ok

19:45:42.0669 1184 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys

19:45:42.0669 1184 srvnet - ok

19:45:42.0732 1184 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

19:45:42.0732 1184 stexstor - ok

19:45:42.0779 1184 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys

19:45:42.0779 1184 storflt - ok

19:45:42.0810 1184 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys

19:45:42.0825 1184 storvsc - ok

19:45:42.0841 1184 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

19:45:42.0841 1184 swenum - ok

19:45:42.0903 1184 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys

19:45:42.0903 1184 SynTP - ok

19:45:43.0028 1184 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\drivers\tcpip.sys

19:45:43.0059 1184 Tcpip - ok

19:45:43.0106 1184 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\Windows\system32\DRIVERS\tcpip.sys

19:45:43.0122 1184 TCPIP6 - ok

19:45:43.0153 1184 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

19:45:43.0153 1184 tcpipreg - ok

19:45:43.0200 1184 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

19:45:43.0200 1184 TDPIPE - ok

19:45:43.0231 1184 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

19:45:43.0231 1184 TDTCP - ok

19:45:43.0262 1184 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

19:45:43.0262 1184 tdx - ok

19:45:43.0278 1184 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

19:45:43.0278 1184 TermDD - ok

19:45:43.0340 1184 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\Windows\system32\DRIVERS\ApsHM86.sys

19:45:43.0340 1184 TPDIGIMN - ok

19:45:43.0387 1184 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys

19:45:43.0387 1184 TPM - ok

19:45:43.0465 1184 TPPWRIF (6412da2b8d079d821b99b3a99943284e) C:\Windows\system32\drivers\Tppwr32v.sys

19:45:43.0465 1184 TPPWRIF - ok

19:45:43.0512 1184 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:45:43.0512 1184 tssecsrv - ok

19:45:43.0543 1184 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

19:45:43.0543 1184 tunnel - ok

19:45:43.0574 1184 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

19:45:43.0574 1184 uagp35 - ok

19:45:43.0605 1184 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

19:45:43.0605 1184 udfs - ok

19:45:43.0668 1184 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

19:45:43.0668 1184 uliagpkx - ok

19:45:43.0699 1184 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

19:45:43.0699 1184 umbus - ok

19:45:43.0730 1184 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

19:45:43.0730 1184 UmPass - ok

19:45:43.0808 1184 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys

19:45:43.0808 1184 USBAAPL - ok

19:45:43.0839 1184 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

19:45:43.0839 1184 usbccgp - ok

19:45:43.0871 1184 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

19:45:43.0871 1184 usbcir - ok

19:45:43.0917 1184 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys

19:45:43.0917 1184 usbehci - ok

19:45:43.0949 1184 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys

19:45:43.0964 1184 usbhub - ok

19:45:43.0995 1184 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

19:45:43.0995 1184 usbohci - ok

19:45:44.0027 1184 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

19:45:44.0027 1184 usbprint - ok

19:45:44.0089 1184 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

19:45:44.0089 1184 usbscan - ok

19:45:44.0120 1184 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:45:44.0120 1184 USBSTOR - ok

19:45:44.0136 1184 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

19:45:44.0136 1184 usbuhci - ok

19:45:44.0167 1184 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

19:45:44.0167 1184 usbvideo - ok

19:45:44.0214 1184 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

19:45:44.0214 1184 vdrvroot - ok

19:45:44.0245 1184 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

19:45:44.0245 1184 vga - ok

19:45:44.0276 1184 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

19:45:44.0276 1184 VgaSave - ok

19:45:44.0307 1184 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

19:45:44.0323 1184 vhdmp - ok

19:45:44.0354 1184 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

19:45:44.0354 1184 viaagp - ok

19:45:44.0385 1184 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

19:45:44.0385 1184 ViaC7 - ok

19:45:44.0401 1184 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

19:45:44.0401 1184 viaide - ok

19:45:44.0448 1184 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys

19:45:44.0448 1184 vmbus - ok

19:45:44.0479 1184 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys

19:45:44.0479 1184 VMBusHID - ok

19:45:44.0510 1184 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

19:45:44.0510 1184 volmgr - ok

19:45:44.0541 1184 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

19:45:44.0541 1184 volmgrx - ok

19:45:44.0588 1184 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

19:45:44.0588 1184 volsnap - ok

19:45:44.0635 1184 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

19:45:44.0635 1184 vsmraid - ok

19:45:44.0697 1184 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

19:45:44.0697 1184 vwifibus - ok

19:45:44.0713 1184 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

19:45:44.0713 1184 vwififlt - ok

19:45:44.0791 1184 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

19:45:44.0791 1184 WacomPen - ok

19:45:44.0822 1184 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

19:45:44.0822 1184 WANARP - ok

19:45:44.0822 1184 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

19:45:44.0822 1184 Wanarpv6 - ok

19:45:44.0869 1184 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

19:45:44.0869 1184 Wd - ok

19:45:44.0900 1184 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

19:45:44.0900 1184 Wdf01000 - ok

19:45:44.0963 1184 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

19:45:44.0963 1184 WfpLwf - ok

19:45:44.0994 1184 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

19:45:44.0994 1184 WIMMount - ok

19:45:45.0087 1184 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

19:45:45.0087 1184 WinUsb - ok

19:45:45.0119 1184 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

19:45:45.0119 1184 WmiAcpi - ok

19:45:45.0165 1184 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

19:45:45.0165 1184 ws2ifsl - ok

19:45:45.0212 1184 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

19:45:45.0212 1184 WudfPf - ok

19:45:45.0321 1184 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:45:45.0337 1184 WUDFRd - ok

19:45:45.0368 1184 MBR (0x1B8) (5e77d9d060f945b3341b1be190796101) \Device\Harddisk0\DR0

19:45:45.0399 1184 \Device\Harddisk0\DR0 - ok

19:45:45.0399 1184 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR2

19:45:47.0537 1184 \Device\Harddisk2\DR2 - ok

19:45:47.0552 1184 Boot (0x1200) (f613096a87d02aff79e6343f457d8c3c) \Device\Harddisk0\DR0\Partition0

19:45:47.0552 1184 \Device\Harddisk0\DR0\Partition0 - ok

19:45:47.0568 1184 Boot (0x1200) (695eab32800eaa48312c1623d3938aef) \Device\Harddisk0\DR0\Partition1

19:45:47.0568 1184 \Device\Harddisk0\DR0\Partition1 - ok

19:45:47.0599 1184 Boot (0x1200) (25cd9df0b022ce8ea9f1059d9aec1ae0) \Device\Harddisk0\DR0\Partition2

19:45:47.0599 1184 \Device\Harddisk0\DR0\Partition2 - ok

19:45:47.0615 1184 Boot (0x1200) (f7746d4089f82776d9c5b841d5dbb42d) \Device\Harddisk2\DR2\Partition0

19:45:47.0615 1184 \Device\Harddisk2\DR2\Partition0 - ok

19:45:47.0615 1184 ============================================================

19:45:47.0615 1184 Scan finished

19:45:47.0615 1184 ============================================================

19:45:47.0630 1444 Detected object count: 3

19:45:47.0630 1444 Actual detected object count: 3

19:46:15.0554 1444 HKLM\SYSTEM\ControlSet001\services\63ea5de9 - will be deleted on reboot

19:46:15.0585 1444 HKLM\SYSTEM\ControlSet002\services\63ea5de9 - will be deleted on reboot

19:46:15.0601 1444 C:\Windows\3915246179:2618663446.exe - will be deleted on reboot

19:46:15.0601 1444 63ea5de9 ( Rootkit.Win32.PMax.gen ) - User select action: Delete

19:46:15.0757 1444 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\avgldx86.sys) error 1813

19:46:19.0142 1444 Backup copy not found, trying to cure infected file..

19:46:19.0142 1444 C:\Windows\system32\DRIVERS\avgldx86.sys - Cure failed (FFFFFFFF)

19:46:19.0142 1444 C:\Windows\system32\DRIVERS\avgldx86.sys - processing error

19:46:19.0142 1444 Avgldx86 ( Rootkit.Win32.ZAccess.j ) - User select action: Cure

19:46:19.0470 1444 Backup copy not found, trying to cure infected file..

19:46:19.0501 1444 Cure success, using it..

19:46:19.0532 1444 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot

19:46:19.0532 1444 DfsC ( Rootkit.Win32.ZAccess.g ) - User select action: Cure

--------------------

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8014

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/24/2011 7:57:37 PM

mbam-log-2011-10-24 (19-57-37).txt

Scan type: Quick scan

Objects scanned: 175614

Time elapsed: 3 minute(s), 39 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\Temp\kjghsad.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.

c:\Windows\Temp\thpm4649353988045808043.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.

----------------------

COMBOFIX LOG

ComboFix 11-10-24.04 - Heather 10/24/2011 20:21:06.1.2 - x86 NETWORK

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.2374 [GMT -5:00]

Running from: c:\users\Heather\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\SPL539B.tmp

c:\programdata\SPL67B7.tmp

c:\programdata\SPLB200.tmp

c:\programdata\SPLF95B.tmp

c:\users\Heather\AppData\Roaming\KiiibbF3pnG5QHd

c:\users\Heather\AppData\Roaming\KiiibbF3pnG5QHd\Guard Online .ico

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Guard Online

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk

c:\windows\$NtUninstallKB49660$

c:\windows\$NtUninstallKB49660$\1676303849\@

c:\windows\$NtUninstallKB49660$\1676303849\cfg.ini

c:\windows\$NtUninstallKB49660$\1676303849\L\xadqgnnk

c:\windows\$NtUninstallKB49660$\1676303849\loader.tlb

c:\windows\$NtUninstallKB49660$\1676303849\lsflt7.ver

c:\windows\$NtUninstallKB49660$\1676303849\U\$80000000

c:\windows\$NtUninstallKB49660$\1676303849\U\@00000001

c:\windows\$NtUninstallKB49660$\1676303849\U\@000000c0

c:\windows\$NtUninstallKB49660$\1676303849\U\@000000cb

c:\windows\$NtUninstallKB49660$\1676303849\U\@000000cf

c:\windows\$NtUninstallKB49660$\1676303849\U\@80000000

c:\windows\$NtUninstallKB49660$\1676303849\U\@800000c0

c:\windows\$NtUninstallKB49660$\1676303849\U\@800000cb

c:\windows\$NtUninstallKB49660$\1676303849\U\@800000cf

c:\windows\$NtUninstallKB49660$\3867196099

c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}

c:\windows\3915246179

c:\windows\system32\c_14125.nls

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

c:\windows\system32\Thumbs.db

Q:\AUTORUN.INF

.

Infected copy of c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!Access Connections!AcPrfMgrSvc.exe

.

Infected copy of c:\program files\Lenovo\Access Connections\AcSvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!Access Connections!AcSvc.exe

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Apple!Mobile Device Support!AppleMobileDeviceService.exe

.

Infected copy of c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!AVG!AVG10!Toolbar!ToolbarBroker.exe

.

Infected copy of c:\program files\AVG\AVG2012\avgwdsvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!AVG!AVG2012!avgwdsvc.exe

.

Infected copy of c:\program files\Microsoft\BingBar\SeaPort.EXE was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Microsoft!BingBar!SeaPort.EXE

.

Infected copy of c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Microsoft Small Business!Business Contact Manager!BcmSqlStartupSvc.exe

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Bonjour!mDNSResponder.exe

.

Infected copy of c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!DDNI!Lenovo Idea Notes!DDNIMSGService.exe

.

Infected copy of c:\program files\DDNI\DIBS\DDNIService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!DDNI!DIBS!DDNIService.exe

.

Infected copy of c:\program files\Intel\WiFi\bin\EvtEng.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Intel!WiFi!bin!EvtEng.exe

.

Infected copy of c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Intel!Intel Matrix Storage Manager!IAANTMon.exe

.

Infected copy of c:\windows\system32\ibmpmsvc.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_x86_neutral_5f3e9881aec7e605\x86\ibmpmsvc.exe

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!iPod!bin!iPodService.exe

.

Infected copy of c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!InterVideo!RegMgr!iviRegMgr.exe

.

Infected copy of c:\program files\LENOVO\HOTKEY\MICMUTE.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!HOTKEY!MICMUTE.exe

.

Infected copy of c:\windows\system32\lxeacoms.exe was found and disinfected

Restored copy from - c:\windows\System32\DriverStore\FileRepository\lxeaprc.inf_x86_neutral_116e6cf7029798d9\i386\lxeacoms.exe

.

Infected copy of c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Intel!WirelessCommon!RegSrvc.exe

.

Infected copy of c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Microsoft SQL Server!90!Shared!sqlwriter.exe

.

Infected copy of c:\program files\Lenovo\System Update\SUService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!System Update!SUService.exe

.

Infected copy of c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Lenovo!tvt_reg_monitor_svc.exe

.

Infected copy of c:\program files\LENOVO\HOTKEY\TPHKSVC.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!HOTKEY!TPHKSVC.exe

.

Infected copy of c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!AVG Secure Search!vToolbarUpdater!8.0.1!ToolbarUpdater.exe

.

Infected copy of c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!DDNI!Lenovo Idea Notes!DDNIMSGService.exe

Infected copy of c:\program files\DDNI\DIBS\DDNIService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!DDNI!DIBS!DDNIService.exe

Infected copy of c:\program files\Lenovo\System Update\SUService.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Lenovo!System Update!SUService.exe

Infected copy of c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe was found and disinfected

Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Lenovo!tvt_reg_monitor_svc.exe

.

((((((((((((((((((((((((( Files Created from 2011-09-25 to 2011-10-25 )))))))))))))))))))))))))))))))

.

.

2011-10-25 01:29 . 2011-10-25 01:31 -------- d-----w- c:\users\Heather\AppData\Local\temp

2011-10-25 01:29 . 2011-10-25 01:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-25 01:18 . 2009-07-13 23:11 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-25 00:51 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-25 00:51 . 2011-10-25 00:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (second copy)

2011-10-20 02:22 . 2011-10-20 02:22 -------- d--h--w- c:\windows\PIF

2011-10-18 00:08 . 2011-10-18 00:08 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-18 00:02 . 2011-10-18 00:02 -------- d-----w- c:\windows\Sun

2011-10-10 18:34 . 2011-10-10 18:34 -------- d-----w- c:\users\Heather\AppData\Roaming\E5sWJ7dELg

2011-10-10 18:34 . 2011-10-10 18:34 -------- d-----w- c:\users\Heather\AppData\Roaming\DtxP0ycS1v3n4m

2011-10-10 01:11 . 2011-10-10 01:11 -------- d-----w- c:\users\Heather\AppData\Roaming\mzzzONNyxA0uS

2011-10-10 01:11 . 2011-10-10 19:32 -------- d-----w- c:\users\Heather\AppData\Roaming\WggTTZqjjYwkIrO

2011-10-10 01:11 . 2011-10-10 01:11 -------- d-----w- c:\users\Heather\AppData\Roaming\SbDD33pnG4

2011-10-07 01:33 . 2011-10-07 01:33 -------- d-----w- c:\program files\AVG Secure Search

2011-10-07 01:33 . 2011-10-07 01:33 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2011-10-07 01:32 . 2011-10-07 01:32 -------- d-----w- c:\users\Heather\AppData\Roaming\AVG2012

2011-10-07 01:31 . 2011-10-07 01:47 -------- d-----w- c:\programdata\AVG2012

2011-09-29 21:36 . 2011-09-29 21:36 -------- d-----w- C:\1be8dd95c941b72c6779cbeb

2011-09-29 21:06 . 2011-09-29 21:06 -------- d-----w- C:\$AVG

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 00:48 . 2011-06-15 20:08 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-10-20 00:27 . 2009-07-13 23:11 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-09-13 11:30 . 2011-09-13 11:30 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-08-08 11:08 . 2011-08-08 11:08 40016 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2011-10-04 20:49 . 2011-06-02 01:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-07-26 15:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]

"TpShocks"="TpShocks.exe" [2009-07-09 337184]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]

"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]

"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]

"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]

"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]

"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2009-10-14 36864]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2009-10-01 766632]

"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2009-10-01 139944]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-23 2404704]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware (second copy)\mbam.exe" [2011-08-31 1047208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware (second copy)\mbamgui.exe" [2011-08-31 449608]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-11 229840]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-12 5265248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]

R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2009-07-29 602792]

R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [2009-07-29 98984]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]

R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]

R2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-07-15 62320]

R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-07 246600]

R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-11 16720]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-08 195336]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]

R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]

S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-25 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]

.

2011-10-20 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:43]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll

FF - ProfilePath - c:\users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\jhycjozs.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.stltoday.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc1125e&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

SafeBoot-25550614.sys

SafeBoot-33717429.sys

SafeBoot-65719020.sys

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]

"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,c1,44,91,aa,6a,ad,41,81,ef,60,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ea,c1,44,91,aa,6a,ad,41,81,ef,60,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\conhost.exe

.

**************************************************************************

.

Completion time: 2011-10-24 20:35:02 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-25 01:35

.

Pre-Run: 264,229,240,832 bytes free

Post-Run: 264,302,596,096 bytes free

.

- - End Of File - - 36A6916C14971810CF44D1310FFAB318

------------------

DDS LOG

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17

Run by Heather at 20:40:52 on 2011-10-24

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.2410 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://lenovo.msn.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [TpShocks] TpShocks.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start

mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"

mRun: [ideaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"

mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware (second copy)\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware (second copy)\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{2F64794F-CC80-4DE1-AD21-C54A46E2F6D6} : DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\heather\appdata\roaming\mozilla\firefox\profiles\jhycjozs.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.stltoday.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc1125e&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-25 167936]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-16 13480]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

S2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]

S2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-10-21 171872]

S2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-10-21 163680]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\MICMUTE.exe [2009-10-5 45424]

S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-3-14 98984]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]

S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]

S2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-6 246600]

S3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2009-12-25 125568]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-13 1025352]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-10 122880]

S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-7 119256]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-8-18 20848]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-25 75040]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]

.

=============== Created Last 30 ================

.

2011-10-25 01:32:08 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-25 01:29:53 -------- d-----w- c:\users\heather\appdata\local\temp

2011-10-25 01:18:31 80896 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2011-10-25 01:07:53 98816 ----a-w- c:\windows\sed.exe

2011-10-25 01:07:53 518144 ----a-w- c:\windows\SWREG.exe

2011-10-25 01:07:53 256000 ----a-w- c:\windows\PEV.exe

2011-10-25 01:07:53 208896 ----a-w- c:\windows\MBR.exe

2011-10-25 00:51:52 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-25 00:51:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (second copy)

2011-10-20 02:22:53 -------- d--h--w- c:\windows\PIF

2011-10-18 00:08:04 -------- d-sh--w- c:\windows\system32\%APPDATA%

2011-10-10 18:34:32 -------- d-----w- c:\users\heather\appdata\roaming\E5sWJ7dELg

2011-10-10 18:34:31 -------- d-----w- c:\users\heather\appdata\roaming\DtxP0ycS1v3n4m

2011-10-10 01:11:23 -------- d-----w- c:\users\heather\appdata\roaming\mzzzONNyxA0uS

2011-10-10 01:11:14 -------- d-----w- c:\users\heather\appdata\roaming\WggTTZqjjYwkIrO

2011-10-10 01:11:14 -------- d-----w- c:\users\heather\appdata\roaming\SbDD33pnG4

2011-10-07 01:33:44 -------- d-----w- c:\program files\common files\AVG Secure Search

2011-10-07 01:33:44 -------- d-----w- c:\program files\AVG Secure Search

2011-10-07 01:32:50 -------- d-----w- c:\users\heather\appdata\roaming\AVG2012

2011-10-07 01:31:41 -------- d-----w- c:\programdata\AVG2012

2011-09-29 21:36:38 -------- d-----w- C:\1be8dd95c941b72c6779cbeb

2011-09-29 21:06:36 -------- d-----w- C:\$AVG

.

==================== Find3M ====================

.

2011-10-25 00:48:50 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-10-20 00:27:05 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-09-06 02:38:14 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-08-27 04:43:07 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-27 04:43:06 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

2011-08-17 04:26:02 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-08-17 04:22:23 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-08-17 04:22:23 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-08-17 04:22:23 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-08-17 04:22:23 204288 ----a-w- c:\windows\system32\MSNP.ax

.

============= FINISH: 20:41:02.11 ===============

END OF LOG FILES

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Chris,

I was wondering if you had a chance to review the logs I've pasted and if there were any suggested next steps.

Thanks again for all of your help!

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

I apologize for the delay.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

The other day, when I was trying to figure out what was going on, I found that the computer did indeed have a backdoor trojan by the name of Rootkit.Win32.ZAccess.j. Seeing that it affected a file (Avgldx86) that relates to the AVG antivirus application on the computer, I completely uninstalled AVG. After rebooting, I ran the TDSSKiller application and found that the rootkit was no longer present. It looks like it had been removed when AVG was completely uninstalled. Malwarebytes and Combofix also showed no issues, too. I reinstalled a fresh copy of AVG and it now works too. Could it be that the trojan has been removed through this action? Or, is the computer still at risk?

Thanks for the help!

Hi,

I apologize for the delay.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

  • Staff

Hi,

It's possible that the trojan was removed, but the damage may already have been done.

That's why I said this:

"Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so."

Link to post
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.