Tech Support banner

Status
Not open for further replies.
1 - 20 of 39 Posts

·
Registered
Joined
·
25 Posts
Discussion Starter #1
I've recently found that I've been infected with either some sort of virus or malware. I ran Malware Bytes and Super Anti Spyware, and an AVG full system scan, and nothing has fixed the problem. I also tried running a GMER log but I keep getting an error message saying it has encountered an unknown problem, so I could never get the log from it. Also, I do not have access to a boot cd.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Robert at 12:31:31 on 2011-12-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2541 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\robert\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [XpDis0Conf] c:\progra~1\belkin\belkin~1\tool\WinXPDisableZeroConfigation.exe 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84 /d
mRun: [XpOpenAuto] "c:\program files\belkin\belkin 54mbps wireless utility\tool\OpenXpAuto.exe" 979899a48a75987f6b9d86a9aa798c73837198ae83a6a498b878837b768a788c84
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjEyMzI0MjYzLVQ0LUJBKzEtS1YzKzctRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzctRkwxMCsxLVhPMTArMTE"&"prod=90"&"ver=10.0.1325
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
 

Attachments

·
Registered
Joined
·
25 Posts
Discussion Starter #2
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{83F61848-694F-4D18-9624-3FE02CB55575} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{B7D01D15-BCDF-427E-A934-B2F09063E854} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{FF0F0B7C-4083-4348-AC0A-942AB35DDFDC} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - component: c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\robert\application data\mozilla\firefox\profiles\9j8m59u2.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - plugin: c:\documents and settings\robert\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [2008-10-20 244736]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-12-29 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2009-11-12 11136]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [2011-11-5 1034240]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\robert\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\robert\locals~1\temp\dx9\SessionLauncher.exe [?]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-7-26 20608]
S3 cpuz134;cpuz134;\??\c:\docume~1\robert\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\robert\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2009-11-12 22784]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCTSFileEnum;PCTSFileEnum;c:\program files\pc tools security\pctsfiles.exe --> c:\program files\pc tools security\PCTSFiles.exe [?]
.
=============== Created Last 30 ================
.
2011-12-06 17:34:28 2062 ----a-w- c:\windows\system32\tmp.reg
2011-11-21 19:47:13 -------- d-----w- c:\program files\iPod
2011-11-11 08:28:29 -------- d-----w- c:\documents and settings\robert\local settings\application data\Skyrim
2011-11-11 08:26:33 -------- d-----w- C:\d4f826fcc131b14d97e3bad5d0
.
==================== Find3M ====================
.
2011-11-29 19:56:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 15:43:56 98304 ----a-w- c:\windows\DUMP9b74.tmp
2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 12:32:27.85 ===============
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello twilight2188 and welcome to TSF,

I'll need a bit more information before we proceed. Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
 

·
Registered
Joined
·
25 Posts
Discussion Starter #4
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-11 17:44:34
-----------------------------
17:44:34.806 OS Version: Windows 5.1.2600 Service Pack 3
17:44:34.806 Number of processors: 2 586 0xF0B
17:44:34.806 ComputerName: ROBERT UserName: Robert
17:44:38.931 Initialize success
17:44:50.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:44:50.260 Disk 0 Vendor: WDC_WD4000AAJS-00YFA0 12.01C02 Size: 381553MB BusType: 3
17:44:52.353 Disk 0 MBR read successfully
17:44:52.353 Disk 0 MBR scan
17:44:52.353 Disk 0 Windows XP default MBR code
17:44:52.353 Disk 0 scanning sectors +781401600
17:44:52.416 Disk 0 scanning C:\WINDOWS\system32\drivers
17:44:58.853 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
17:45:28.072 Service scanning
17:45:28.900 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
17:45:29.556 Modules scanning
17:45:46.916 Module: C:\WINDOWS\System32\drivers\afd.sys **SUSPICIOUS**
17:45:52.838 Disk 0 trace - called modules:
17:45:52.900 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x892b2f10]<<
17:45:52.900 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b6baab8]
17:45:52.900 3 CLASSPNP.SYS[b80f8fd7] -> nt!IofCallDriver -> [0x89ca4798]
17:45:52.900 \Driver\00002006[0x8b289360] -> IRP_MJ_CREATE -> 0x892b2f10
17:45:52.900 Scan finished successfully
17:46:11.041 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Robert\Desktop\MBR.dat"
17:46:11.041 The log file has been saved successfully to "C:\Documents and Settings\Robert\Desktop\aswMBR.txt"
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Thank you. :)

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
 

·
Registered
Joined
·
25 Posts
Discussion Starter #6
ComboFix 11-12-11.02 - Robert 12/12/2011 8:41.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2737 [GMT -5:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Robert\ntuser.tmp
C:\install.exe
c:\windows\$NtUninstallKB56795$
c:\windows\$NtUninstallKB56795$\3175047396\@
c:\windows\$NtUninstallKB56795$\3175047396\bckfg.tmp
c:\windows\$NtUninstallKB56795$\3175047396\cfg.ini
c:\windows\$NtUninstallKB56795$\3175047396\Desktop.ini
c:\windows\$NtUninstallKB56795$\3175047396\keywords
c:\windows\$NtUninstallKB56795$\3175047396\kwrd.dll
c:\windows\$NtUninstallKB56795$\3175047396\L\akygdmgo
c:\windows\$NtUninstallKB56795$\3175047396\lsflt7.ver
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3175047396\U\[email protected]
c:\windows\$NtUninstallKB56795$\3929473721
c:\windows\CSC\d6
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
((((((((((((((((((((((((( Files Created from 2011-11-12 to 2011-12-12 )))))))))))))))))))))))))))))))
.
.
2011-12-12 06:13 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-11-21 19:47 . 2011-11-21 19:47 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-29 19:56 . 2011-06-01 15:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-18 15:43 . 2007-12-29 10:57 98304 ----a-w- c:\windows\DUMP9b74.tmp
2011-10-10 14:22 . 2007-12-29 19:06 692736 ------w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23 . 2011-01-07 10:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21 . 2011-02-10 11:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2001-08-23 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2001-08-23 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2001-08-23 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-11-10 14:07 . 2011-05-13 16:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-03-17 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-17 22:08 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngin1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-03-17 22:08 3911776 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-03-17 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngin1.dll" [2011-03-17 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-03-17 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1953792]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2009-09-22 163840]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctNjEyMzI0MjYzLVQ0LUJBKzEtS1YzKzctRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzctRkwxMCsxLVhPMTArMTE&prod=90&ver=10.0.1325" [?]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Steam\\SteamApps\\twilight2188\\half-life 2 deathmatch\\hl2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\twilight2188\\day of defeat source beta\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\SteamApps\\twilight2188\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Versions\\Base15405\\SC2.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\twilight2188\\half-life source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\peggle deluxe\\Peggle.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\geometry wars\\GeometryWars.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\poker night at the inventory\\CelebrityPoker.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\assassin's creed 2\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\magic the gathering - duels of the planeswalkers\\DotP.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\spiral knights\\java_vm\\bin\\javaw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mass effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mass effect\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mass effect 2\\Binaries\\MassEffect2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mass effect 2\\MassEffect2Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\mass effect 2\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dead space\\Dead Space.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dead space\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii\\DragonAge2Launcher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dragon age ii\\docs\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dead space 2\\deadspace2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dead space 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\recettear.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\recettear\\custom.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\darksiders\\DarksidersPC.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\twilight2188\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\magic the gathering dotp 2012\\Magic_2012.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\skyrim\\SkyrimLauncher.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\magicka\\Magicka.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"61570:TCP"= 61570:TCP:azureus
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/12/2008 10:15 PM 717296]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [10/20/2008 7:54 AM 244736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 6:25 PM 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [11/12/2009 10:32 PM 11136]
R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE2500xp.sys [11/5/2011 9:41 PM 1034240]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Robert\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Robert\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 cpuz134;cpuz134;\??\c:\docume~1\Robert\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Robert\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [11/12/2009 10:32 PM 22784]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [12/15/2009 3:07 PM 25832]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PCTSFileEnum;PCTSFileEnum;c:\program files\PC Tools Security\PCTSFiles.exe --> c:\program files\PC Tools Security\PCTSFiles.exe [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-2000478354-839522115-1003Core.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:25]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-2000478354-839522115-1003UA.job
- c:\documents and settings\Robert\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 02:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\9j8m59u2.default\
FF - prefs.js: browser.search.selectedEngine - YouTube
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-XpDis0Conf - c:\progra~1\Belkin\BELKIN~1\Tool\WinXPDisableZeroConfigation.exe
HKLM-Run-XpOpenAuto - c:\program files\Belkin\Belkin 54Mbps Wireless Utility\TOOL\OpenXpAuto.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-12 09:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-606747145-2000478354-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:11,a3,9c,0f,44,87,20,18,7b,8e,42,9a,78,0e,e7,aa,86,b9,e5,76,3c,32,19,
74,15,4b,62,97,33,01,a7,62,74,21,26,79,b7,0f,07,43,7f,4a,2f,84,53,90,c0,25,\
"??"=hex:10,57,47,2b,6c,5c,05,d3,a8,8e,fe,21,1b,28,5c,3d
.
[HKEY_USERS\S-1-5-21-606747145-2000478354-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:dd,7f,a8,7e,c4,6e,a6,47,73,b6,6d,1b,22,9f,cb,68,58,8d,38,f4,a0,
f1,cb,4c,32,73,94,a0,86,e0,8a,f8,6a,cf,80,b9,29,df,d9,96,83,78,65,b7,1e,ba,\
"rkeysecu"=hex:28,78,0c,f8,aa,e1,4b,11,1e,86,94,c7,85,f7,8c,3f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\RTHDCPL.EXE
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-12-12 09:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-12 14:09
.
Pre-Run: 5,440,520,192 bytes free
Post-Run: 6,217,986,048 bytes free
.
- - End Of File - - 8E1BD5CEDC93FBF3F3CDA2C9AE1DB05B
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
ComboFix appears to have effectively removed the active infection. How is the machine behaving now?

Please go to here to run the online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
 

·
Registered
Joined
·
25 Posts
Discussion Starter #8
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\15\72b0da4f-426dd5ce a variant of Win32/Kryptik.WSZ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\16\425fcbd0-712e5dc0 a variant of Win32/Kryptik.WRS trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\17\51690b91-4286e910 a variant of Java/TrojanDownloader.OpenConnection.AQ trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\44afe282-75275363 a variant of Win32/Kryptik.WWF trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\23\51893597-49c273f3 a variant of Win32/Kryptik.WXW trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\40\94b77a8-21480ea9 a variant of Java/Exploit.CVE-2011-3544.C trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\58\13152fba-41282adf a variant of Win32/Kryptik.WSK trojan
C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\0\433baf00-120c7d14 a variant of Win32/Kryptik.WPY trojan
C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\31\339bcd1f-7337376e Java/TrojanDownloader.OpenConnection.AP trojan
C:\Documents and Settings\Robert\Application Data\Sun\Java\Deployment\cache\6.0\54\6e45fa36-32460515 Java/TrojanDownloader.OpenStream.NCA trojan
C:\Program Files\DAEMON Tools Lite\uninst.exe Win32/Adware.Toolbar.Shopper application
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir a variant of Win32/Rootkit.Kryptik.FW trojan
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
To clear the infection in the java cache, it's simplest and more thorough using this next tool:

Download TFC (Temp File Cleaner) to your desktop.
  • Save any unsaved work as TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
=====================================

Daemon tools would have to be uninstalled if you're not keen on the idea of it's toolbar being an Adware component.

The remaining items are backups created during the course of this fix and will be cleared during the uninstall of ComboFix.

If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.


To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

  • Microsoft Windows Update - http://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • SpywareBlaster to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
    • SpywareBlaster is a preventative program. It sets flags in the registry to prevent the running of a specific list of bad spyware related ActiveX controls. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.
  • WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE.

  • Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer

  • BACKING UP YOUR REGISTRY
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

    Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

**Kindly respond one more time and let me know if we may consider this thread resolved.
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
You're welcome. Best wishes to you. :wave:
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Topic re-opened per user request.

Hi twilight2188,

I'll need fresh logs. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Also -- Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
Please post the contents of that log in your next reply.
 

·
Registered
Joined
·
25 Posts
Discussion Starter #13
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by Robert at 16:10:49 on 2011-12-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.1194 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k netsvc
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuz1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin1.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
 

·
Registered
Joined
·
25 Posts
Discussion Starter #14
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctNjEyMzI0MjYzLVQ0LUJBKzEtS1YzKzctRlA5KzYtQkFSOUcrMS1UQjkrMi1GTCs5LUYxME0rNS1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzEtTElDKzctRkwxMCsxLVhPMTArMTE"&"prod=90"&"ver=10.0.1325
 

·
Registered
Joined
·
25 Posts
Discussion Starter #15
Every time I go to copy and paste the rest of the log, it keeps saying the server is busy and wont let me send a decent block of text.
 

·
Registered
Joined
·
25 Posts
Discussion Starter #16
16:19:26.0250 5304 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
16:19:27.0156 5304 ============================================================
16:19:27.0156 5304 Current date / time: 2011/12/19 16:19:27.0156
16:19:27.0156 5304 SystemInfo:
16:19:27.0156 5304
16:19:27.0156 5304 OS Version: 5.1.2600 ServicePack: 3.0
16:19:27.0156 5304 Product type: Workstation
16:19:27.0156 5304 ComputerName: ROBERT
16:19:27.0156 5304 UserName: Robert
16:19:27.0156 5304 Windows directory: C:\WINDOWS
16:19:27.0156 5304 System windows directory: C:\WINDOWS
16:19:27.0156 5304 Processor architecture: Intel x86
16:19:27.0156 5304 Number of processors: 2
16:19:27.0156 5304 Page size: 0x1000
16:19:27.0156 5304 Boot type: Normal boot
16:19:27.0156 5304 ============================================================
16:19:34.0703 5304 Initialize success
16:19:37.0125 6072 ============================================================
16:19:37.0125 6072 Scan started
16:19:37.0125 6072 Mode: Manual;
16:19:37.0125 6072 ============================================================
16:19:40.0000 6072 Abiosdsk - ok
16:19:40.0015 6072 abp480n5 - ok
16:19:40.0062 6072 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:19:40.0062 6072 ACPI - ok
16:19:40.0109 6072 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:19:40.0109 6072 ACPIEC - ok
16:19:40.0109 6072 adpu160m - ok
16:19:40.0156 6072 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:19:40.0156 6072 aec - ok
16:19:40.0203 6072 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:19:40.0203 6072 AFD - ok
16:19:40.0203 6072 Aha154x - ok
16:19:40.0218 6072 aic78u2 - ok
16:19:40.0218 6072 aic78xx - ok
16:19:40.0234 6072 AliIde - ok
16:19:40.0234 6072 amsint - ok
16:19:40.0250 6072 asc - ok
16:19:40.0265 6072 asc3350p - ok
16:19:40.0265 6072 asc3550 - ok
16:19:40.0328 6072 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:19:40.0328 6072 AsyncMac - ok
16:19:40.0359 6072 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:19:40.0359 6072 atapi - ok
16:19:40.0375 6072 Atdisk - ok
16:19:40.0421 6072 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\WINDOWS\system32\DRIVERS\atksgt.sys
16:19:40.0437 6072 atksgt - ok
16:19:40.0484 6072 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:19:40.0484 6072 Atmarpc - ok
16:19:40.0531 6072 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:19:40.0531 6072 audstub - ok
16:19:40.0578 6072 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
16:19:40.0578 6072 AVGIDSDriver - ok
16:19:40.0609 6072 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
16:19:40.0609 6072 AVGIDSEH - ok
16:19:40.0640 6072 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
16:19:40.0640 6072 AVGIDSFilter - ok
16:19:40.0687 6072 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
16:19:40.0687 6072 AVGIDSShim - ok
16:19:40.0718 6072 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
16:19:40.0718 6072 Avgldx86 - ok
16:19:40.0781 6072 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
16:19:40.0781 6072 Avgmfx86 - ok
16:19:40.0828 6072 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
16:19:40.0828 6072 Avgrkx86 - ok
16:19:40.0843 6072 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
16:19:40.0843 6072 Avgtdix - ok
16:19:40.0859 6072 BCM43XX - ok
16:19:40.0890 6072 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:19:40.0890 6072 Beep - ok
16:19:40.0937 6072 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
16:19:40.0937 6072 BRGSp50 - ok
16:19:40.0984 6072 c2scsi (9a410a90f06a2812a24a164d896ea755) C:\WINDOWS\system32\drivers\c2scsi.sys
16:19:40.0984 6072 c2scsi - ok
16:19:40.0984 6072 catchme - ok
16:19:41.0031 6072 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:19:41.0031 6072 cbidf2k - ok
16:19:41.0046 6072 cd20xrnt - ok
16:19:41.0062 6072 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:19:41.0062 6072 Cdaudio - ok
16:19:41.0109 6072 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:19:41.0109 6072 Cdfs - ok
16:19:41.0140 6072 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:19:41.0140 6072 Cdrom - ok
16:19:41.0156 6072 Changer - ok
16:19:41.0171 6072 CmdIde - ok
16:19:41.0187 6072 Cpqarray - ok
16:19:41.0328 6072 cpuz134 - ok
16:19:41.0531 6072 ctac32k (177bc4ee3840119a780eafad5a010f8f) C:\WINDOWS\system32\drivers\ctac32k.sys
16:19:41.0546 6072 ctac32k - ok
16:19:41.0718 6072 ctaud2k (eb0c0d62d8d2b8f41da149c866e93397) C:\WINDOWS\system32\drivers\ctaud2k.sys
16:19:41.0750 6072 ctaud2k - ok
16:19:41.0859 6072 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
16:19:41.0890 6072 ctdvda2k - ok
16:19:41.0921 6072 ctprxy2k (7d7eea7ffbc19e1b712d241490be51ed) C:\WINDOWS\system32\drivers\ctprxy2k.sys
16:19:41.0968 6072 ctprxy2k - ok
16:19:42.0109 6072 ctsfm2k (538122d33dd4b04cc189d5ca72bd6706) C:\WINDOWS\system32\drivers\ctsfm2k.sys
16:19:42.0125 6072 ctsfm2k - ok
16:19:42.0140 6072 dac2w2k - ok
16:19:42.0203 6072 dac960nt - ok
16:19:42.0250 6072 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
16:19:42.0265 6072 DAdderFltr - ok
16:19:42.0328 6072 danewFltr (c512b618d0e19339572ad125e26b9cb5) C:\WINDOWS\system32\drivers\danew.sys
16:19:42.0328 6072 danewFltr - ok
16:19:42.0375 6072 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:19:42.0375 6072 Disk - ok
16:19:42.0687 6072 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:19:42.0718 6072 dmboot - ok
16:19:43.0031 6072 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:19:43.0031 6072 dmio - ok
16:19:43.0359 6072 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:19:43.0359 6072 dmload - ok
16:19:43.0640 6072 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:19:43.0656 6072 DMusic - ok
16:19:43.0953 6072 dpti2o - ok
16:19:44.0765 6072 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:19:44.0796 6072 drmkaud - ok
16:19:45.0500 6072 emupia (8e0eb62be9f9bee7c2e4c50685038e8d) C:\WINDOWS\system32\drivers\emupia2k.sys
16:19:45.0500 6072 emupia - ok
16:19:46.0250 6072 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:19:46.0265 6072 Fastfat - ok
16:19:46.0640 6072 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
16:19:46.0640 6072 Fdc - ok
16:19:46.0890 6072 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:19:46.0890 6072 Fips - ok
16:19:47.0562 6072 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
16:19:47.0562 6072 Flpydisk - ok
16:19:48.0000 6072 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:19:48.0046 6072 FltMgr - ok
16:19:49.0250 6072 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:19:49.0250 6072 Fs_Rec - ok
16:19:50.0312 6072 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:19:50.0437 6072 Ftdisk - ok
16:19:50.0875 6072 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDOWS\gdrv.sys
16:19:50.0875 6072 gdrv - ok
16:19:51.0609 6072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
16:19:51.0609 6072 GEARAspiWDM - ok
16:19:52.0312 6072 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:19:52.0312 6072 Gpc - ok
16:19:53.0468 6072 ha20x2k (f2607d0d89f57d3564cf65a61a237f1a) C:\WINDOWS\system32\drivers\ha20x2k.sys
16:19:55.0078 6072 ha20x2k - ok
16:19:55.0968 6072 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:19:56.0093 6072 HDAudBus - ok
16:19:56.0703 6072 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:19:56.0703 6072 hidusb - ok
16:19:57.0312 6072 hpn - ok
16:19:57.0828 6072 hpt3xx - ok
16:19:58.0437 6072 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:19:58.0546 6072 HTTP - ok
16:19:59.0265 6072 i2omgmt - ok
16:19:59.0859 6072 i2omp - ok
16:20:00.0562 6072 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:20:00.0562 6072 i8042prt - ok
16:20:01.0546 6072 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:20:01.0546 6072 Imapi - ok
16:20:02.0109 6072 ini910u - ok
16:20:04.0781 6072 IntcAzAudAddService (c4006af18682fca0d8a011a0a21070f8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:20:08.0078 6072 IntcAzAudAddService - ok
16:20:08.0406 6072 IntelIde - ok
16:20:08.0703 6072 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:20:08.0703 6072 intelppm - ok
16:20:09.0093 6072 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:20:09.0109 6072 ip6fw - ok
16:20:09.0765 6072 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:20:09.0781 6072 IpFilterDriver - ok
16:20:10.0500 6072 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:20:10.0562 6072 IpInIp - ok
16:20:11.0562 6072 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:20:11.0765 6072 IpNat - ok
16:20:12.0671 6072 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:20:12.0734 6072 IPSec - ok
16:20:13.0515 6072 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:20:13.0578 6072 IRENUM - ok
16:20:14.0265 6072 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:20:14.0265 6072 isapnp - ok
16:20:14.0656 6072 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\WINDOWS\system32\DRIVERS\jraid.sys
16:20:14.0656 6072 JRAID - ok
16:20:15.0406 6072 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:20:15.0406 6072 Kbdclass - ok
16:20:16.0140 6072 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:20:16.0250 6072 kmixer - ok
16:20:16.0656 6072 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:20:16.0718 6072 KSecDD - ok
16:20:17.0546 6072 lbrtfdc - ok
16:20:18.0421 6072 Linksys_adapter_H (bcdf72dce41874b3ad9143d537b493b2) C:\WINDOWS\system32\DRIVERS\AE2500xp.sys
16:20:18.0453 6072 Linksys_adapter_H - ok
16:20:18.0687 6072 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
16:20:18.0687 6072 lirsgt - ok
16:20:19.0312 6072 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:20:19.0312 6072 mnmdd - ok
16:20:19.0734 6072 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:20:19.0781 6072 Modem - ok
16:20:20.0328 6072 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:20:20.0328 6072 Mouclass - ok
16:20:20.0718 6072 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:20:20.0718 6072 mouhid - ok
16:20:21.0265 6072 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:20:21.0265 6072 MountMgr - ok
16:20:21.0359 6072 mraid35x - ok
16:20:21.0468 6072 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:20:21.0468 6072 MRxDAV - ok
16:20:21.0640 6072 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:20:21.0640 6072 MRxSmb - ok
16:20:22.0203 6072 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:20:22.0203 6072 Msfs - ok
16:20:23.0062 6072 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:20:23.0125 6072 MSKSSRV - ok
16:20:23.0421 6072 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:20:23.0421 6072 MSPCLOCK - ok
16:20:23.0656 6072 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:20:23.0656 6072 MSPQM - ok
16:20:24.0062 6072 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:20:24.0062 6072 mssmbios - ok
16:20:24.0578 6072 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:20:24.0625 6072 Mup - ok
16:20:25.0093 6072 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:20:25.0156 6072 NDIS - ok
16:20:26.0109 6072 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:20:26.0125 6072 NdisTapi - ok
16:20:26.0406 6072 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:20:26.0406 6072 Ndisuio - ok
16:20:26.0640 6072 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:20:26.0703 6072 NdisWan - ok
16:20:27.0265 6072 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:20:27.0265 6072 NDProxy - ok
16:20:27.0671 6072 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:20:27.0703 6072 NetBIOS - ok
16:20:28.0437 6072 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:20:28.0578 6072 NetBT - ok
16:20:29.0281 6072 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:20:29.0281 6072 Npfs - ok
16:20:30.0140 6072 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:20:30.0640 6072 Ntfs - ok
16:20:31.0515 6072 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:20:31.0515 6072 Null - ok
16:20:32.0484 6072 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:20:32.0750 6072 nv - ok
16:20:33.0109 6072 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:20:33.0218 6072 NwlnkFlt - ok
16:20:34.0093 6072 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:20:34.0187 6072 NwlnkFwd - ok
16:20:34.0640 6072 ossrv (611b58c2fd89aa9e80743a197ba62277) C:\WINDOWS\system32\drivers\ctoss2k.sys
16:20:34.0656 6072 ossrv - ok
16:20:35.0187 6072 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:20:35.0250 6072 Parport - ok
16:20:35.0859 6072 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:20:35.0859 6072 PartMgr - ok
16:20:36.0484 6072 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:20:36.0484 6072 ParVdm - ok
16:20:36.0687 6072 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:20:36.0703 6072 PCI - ok
16:20:36.0812 6072 PCIDump - ok
16:20:37.0406 6072 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:20:37.0406 6072 PCIIde - ok
16:20:37.0734 6072 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:20:37.0734 6072 Pcmcia - ok
16:20:37.0984 6072 PDCOMP - ok
16:20:38.0296 6072 PDFRAME - ok
16:20:38.0421 6072 PDRELI - ok
16:20:38.0515 6072 PDRFRAME - ok
16:20:38.0640 6072 perc2 - ok
16:20:38.0734 6072 perc2hib - ok
16:20:38.0937 6072 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:20:38.0937 6072 PptpMiniport - ok
16:20:39.0484 6072 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:20:39.0484 6072 Processor - ok
16:20:40.0859 6072 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:20:40.0859 6072 PSched - ok
16:20:41.0359 6072 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:20:41.0359 6072 Ptilink - ok
16:20:41.0421 6072 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:20:41.0421 6072 PxHelp20 - ok
16:20:41.0421 6072 ql1080 - ok
16:20:41.0437 6072 Ql10wnt - ok
16:20:41.0453 6072 ql12160 - ok
16:20:41.0453 6072 ql1240 - ok
16:20:41.0468 6072 ql1280 - ok
16:20:41.0500 6072 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:20:41.0500 6072 RasAcd - ok
16:20:41.0531 6072 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:20:41.0531 6072 Rasl2tp - ok
16:20:41.0546 6072 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:20:41.0546 6072 RasPppoe - ok
16:20:41.0593 6072 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:20:41.0593 6072 Raspti - ok
16:20:41.0609 6072 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:20:41.0609 6072 Rdbss - ok
16:20:41.0625 6072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:20:41.0625 6072 RDPCDD - ok
16:20:41.0671 6072 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:20:41.0671 6072 rdpdr - ok
16:20:41.0718 6072 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
16:20:41.0718 6072 RDPWD - ok
16:20:41.0765 6072 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:20:41.0765 6072 redbook - ok
16:20:41.0812 6072 RTLE8023xp (badabe0940c01619e8510b90fb314929) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
16:20:41.0812 6072 RTLE8023xp - ok
16:20:41.0875 6072 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:20:41.0875 6072 Secdrv - ok
16:20:41.0937 6072 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:20:41.0937 6072 serenum - ok
16:20:42.0015 6072 Serial (2d542f2eb1c958ee5f687d5aaf95aa23) C:\WINDOWS\system32\DRIVERS\serial.sys
16:20:42.0031 6072 Serial - ok
16:20:42.0312 6072 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:20:42.0312 6072 Sfloppy - ok
16:20:42.0359 6072 Simbad - ok
16:20:42.0375 6072 Sparrow - ok
16:20:42.0421 6072 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:20:42.0421 6072 splitter - ok
16:20:42.0484 6072 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
16:20:42.0484 6072 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
16:20:42.0484 6072 sptd ( LockedFile.Multi.Generic ) - warning
16:20:42.0484 6072 sptd - detected LockedFile.Multi.Generic (1)
16:20:42.0500 6072 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:20:42.0515 6072 sr - ok
16:20:42.0546 6072 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:20:42.0546 6072 Srv - ok
16:20:42.0609 6072 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:20:42.0609 6072 swenum - ok
16:20:42.0671 6072 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:20:42.0671 6072 swmidi - ok
16:20:42.0687 6072 symc810 - ok
16:20:42.0687 6072 symc8xx - ok
16:20:42.0703 6072 sym_hi - ok
16:20:42.0703 6072 sym_u3 - ok
16:20:42.0734 6072 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:20:42.0734 6072 sysaudio - ok
16:20:42.0796 6072 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:20:42.0796 6072 Tcpip - ok
16:20:42.0890 6072 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:20:42.0937 6072 TDPIPE - ok
16:20:43.0468 6072 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:20:43.0500 6072 TDTCP - ok
16:20:43.0859 6072 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:20:43.0859 6072 TermDD - ok
16:20:44.0250 6072 TosIde - ok
16:20:44.0421 6072 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:20:44.0421 6072 Udfs - ok
16:20:44.0515 6072 ultra - ok
16:20:44.0609 6072 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:20:44.0625 6072 Update - ok
16:20:44.0750 6072 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:20:44.0750 6072 USBAAPL - ok
16:20:44.0968 6072 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:20:45.0000 6072 usbccgp - ok
16:20:45.0296 6072 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:20:45.0296 6072 usbehci - ok
16:20:45.0625 6072 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:20:45.0625 6072 usbhub - ok
16:20:46.0156 6072 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:20:46.0218 6072 usbscan - ok
16:20:46.0937 6072 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:20:46.0937 6072 USBSTOR - ok
16:20:47.0468 6072 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:20:47.0468 6072 usbuhci - ok
16:20:47.0843 6072 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:20:47.0843 6072 VgaSave - ok
16:20:48.0312 6072 ViaIde - ok
16:20:48.0703 6072 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:20:48.0703 6072 VolSnap - ok
16:20:48.0984 6072 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:20:49.0046 6072 Wanarp - ok
16:20:49.0343 6072 WDICA - ok
16:20:49.0531 6072 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:20:49.0531 6072 wdmaud - ok
16:20:49.0703 6072 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
16:20:49.0703 6072 WpdUsb - ok
16:20:49.0843 6072 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
16:20:49.0843 6072 WS2IFSL - ok
16:20:50.0187 6072 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:20:50.0250 6072 WudfPf - ok
16:20:50.0375 6072 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:20:50.0375 6072 WudfRd - ok
16:20:50.0437 6072 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
16:20:50.0437 6072 ZDPSp50 - ok
16:20:50.0468 6072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:20:50.0625 6072 \Device\Harddisk0\DR0 - ok
16:20:55.0812 6072 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
16:20:55.0812 6072 \Device\Harddisk1\DR2 - ok
16:20:55.0828 6072 Boot (0x1200) (ddfdb82930482de9ac6b33c7f57ac487) \Device\Harddisk0\DR0\Partition0
16:20:55.0828 6072 \Device\Harddisk0\DR0\Partition0 - ok
16:20:55.0828 6072 Boot (0x1200) (bc8f50932d9c05942c2bd9922fecb6c6) \Device\Harddisk1\DR2\Partition0
16:20:55.0828 6072 \Device\Harddisk1\DR2\Partition0 - ok
16:20:55.0828 6072 ============================================================
16:20:55.0828 6072 Scan finished
16:20:55.0828 6072 ============================================================
16:20:55.0843 5040 Detected object count: 1
16:20:55.0843 5040 Actual detected object count: 1
16:21:19.0421 5040 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:21:19.0421 5040 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
16:21:45.0312 5296 Deinitialize success
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Ok, what about the gmer log. Are you able to copy/paste that in, or attach it?
 
1 - 20 of 39 Posts
Status
Not open for further replies.
Top