Jump to content

B1GPUN

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok. I have done everything requested. Thanks Again for bearing with me through this issue. The computer is running fine, all the updates were successful. The only issue was Ad-Aware will not uninstall through Add/Remove due to an error. It seems as if the system is clean. I also downloaded AVG free 2012 and ran a scan which found nothing. I guess my main concern that remains is in regards to my external hard drives. Is it safe to plug them back in? They were plugged in at time of infection.
  2. Another note - I uninstalled MBAM (the corrupted one) and reinstalled a new copy and was able to run a quick scan successfully for the first time. It found nothing malicious
  3. Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware Malwarebytes' Anti-Malware CCleaner Java 6 Update 23 Java version out of date! Adobe Flash Player ( 10.2.159.1) Flash Player out of Date! Adobe Reader 9 (Adobe Reader out of date! Mozilla Firefox (7.0.1) Firefox out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe is disabled! Ad-Aware AAWTray.exe is disabled! Malwarebytes' Anti-Malware mbamservice.exe Malwarebytes' Anti-Malware mbamgui.exe ``````````End of Log````````````
  4. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17103 (vista_gdr.110816-1000) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0d50a9ce62a740408e1adea2dc2e70b5 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-24 06:17:19 # local_time=2011-11-24 01:17:19 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777175 100 0 629622 629622 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=186717 # found=48 # cleaned=48 # scan_time=8674 C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\17\2465fd11-715b71ca Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\X.vir Win32/Sirefef.DD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\U\800000cb.@.vir a variant of Win32/Agent.TEO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Documents and Settings\Scott\Local Settings\Application Data\5958c76b\U\800000cf.@.vir probably a variant of Win32/Kryptik.JDI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\bin32\nSvcIp.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCORE.EXE.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\ZuneBusEnum.exe.vir Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\cdrom.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090640.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090651.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090668.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090669.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090686.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1000\A0090687.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091168.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091169.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092168.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092169.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092192.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092236.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092237.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092254.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092255.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092444.sys a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092499.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092500.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092501.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092502.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092503.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1003\A0092504.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1005\A0092953.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP918\A0082004.exe probably a variant of Win32/Agent.BLBJFEG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP918\A0082112.dll a variant of Win32/Kryptik.QSR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP923\A0082644.exe probably a variant of Win32/Agent.BLBJFEG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP923\A0082649.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP931\A0083012.dll a variant of Win32/Kryptik.QSR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088551.sys a variant of Win32/Rootkit.Kryptik.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088552.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088615.sys a variant of Win32/Rootkit.Kryptik.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088616.ini a variant of Win32/Sirefef.CH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\26.10.2011_02.05.45\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.DM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\wuauclt.exe.tmp Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\KB905474\wgasetup.exe Win32/Patched.HN trojan (cleaned - quarantined) 00000000000000000000000000000000 C
  5. ESET log will be posted momentarily. My system actually runs pretty smooth. startup is a little slow and to be honest I havn't been using it much since the infection. I'm leaving it off most of the time. One question I do have is regarding external hard drives. I have 3 of them that were connected when the infection occured. I unplugged them soon after, and have not plugged them back in. Should I worry about them or anything being on those drives?
  6. I am still with you. I apologize for the delay. I did not recieve an email alert that there was a response to the thread so I did not know you had replied. THanks for bearing with me. I will do as instructed asap...
  7. Ok, everything has been done as requested. Here is the Log: ComboFix 11-11-11.02 - Scott 11/11/2011 3:06.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2612 [GMT -5:00] Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . file zipped: c:\windows\system32\c_97100.nl_ . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\c_97100.nl_ . . ((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 ))))))))))))))))))))))))))))))) . . 2011-11-11 07:50 . 2011-11-11 07:54 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Akamai 2011-11-06 18:45 . 2011-11-01 02:18 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-06 18:45 . 2011-11-01 02:18 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-11-01 02:38 . 2011-11-01 02:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-26 06:08 . 2011-10-26 06:08 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-25 07:05 . 2011-10-25 07:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-10-25 02:17 . 2011-10-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup 2011-10-25 01:15 . 2011-10-25 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\HPAppData 2011-10-24 17:05 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll 2011-10-24 17:04 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-10-24 05:59 . 2011-11-06 19:06 -------- d-sh--w- c:\documents and settings\Scott\Local Settings\Application Data\5958c76b 2011-10-24 00:17 . 2011-10-24 00:31 -------- d-----w- c:\documents and settings\Scott\Tracing 2011-10-23 18:55 . 2011-10-23 18:55 -------- d-----w- c:\program files\Microsoft 2011-10-23 18:54 . 2011-10-23 18:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-10-23 18:54 . 2011-10-23 18:55 -------- d-----w- c:\program files\Windows Live 2011-10-23 18:51 . 2011-10-23 18:51 -------- d-----w- c:\program files\Common Files\Windows Live . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:18 . 2009-01-09 07:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 21:00 . 2009-01-10 06:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 21:32 . 2007-07-27 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:32 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:32 . 2007-07-27 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:32 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22 . 2007-07-27 12:00 389120 ----a-w- c:\windows\system32\html.iec 2011-09-30 16:14 . 2011-03-27 20:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-11-06_19.22.52 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-11 08:19 . 2011-11-11 08:19 16384 c:\windows\temp\Perflib_Perfdata_198.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\Steam\steam.exe" [2011-08-10 1242448] "Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-09-30 194560] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552] "Akamai NetSession Interface"="c:\documents and settings\Scott\Local Settings\Application Data\Akamai\netsession_win.exe" [2011-11-11 3303000] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "nwiz"="nwiz.exe" [2008-09-18 1657376] "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=10.0.1411" [?] . c:\documents and settings\Scott\Start Menu\Programs\Startup\ MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-9 692224] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^V CAST Media Monitor.lnk] path=c:\documents and settings\Scott\Start Menu\Programs\Startup\V CAST Media Monitor.lnk backup=c:\windows\pss\V CAST Media Monitor.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxee] 2010-10-31 13:39 19456000 ----a-w- c:\program files\Boxee\BOXEE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 16:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-21 01:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Boxee\\BOXEE.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC.exe"= "c:\\Program Files\\Unified Remote\\RemoteServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Verizon\\McciBrowser.exe"= "c:\\Documents and Settings\\Scott\\Desktop\\TDSSKiller.exe"= "c:\\DOWNLOADS\\SUPERAntiSpyware.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Documents and Settings\\Scott\\Desktop\\New Folder\\TDSSKiller.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"= "c:\\Program Files\\Steam\\steamerrorreporter.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Documents and Settings\\Scott\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1070:TCP"= 1070:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/6/2011 2:09 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 2:11 PM 366152] R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 5:40 PM 119792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 1:40 AM 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2009 9:54 AM 38176] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/3/2009 2:57 AM 47360] S2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe --> c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/15/2010 1:48 PM 6016] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [9/27/2010 3:03 AM 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/27/2010 3:03 AM 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/15/2010 1:48 PM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/15/2010 1:48 PM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [7/15/2010 1:48 PM 9472] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-11-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-06 08:55] . 2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44] . 2011-11-11 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mlb.mlb.com/index.jsp uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F}: NameServer = 208.67.222.222,208.67.220.220 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pzjx8kdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-11 03:19 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(808) c:\windows\system32\nvLsp.dll . - - - - - - - > 'explorer.exe'(1236) c:\windows\system32\WININET.dll c:\program files\RocketDock\RocketDock.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\bin32\nSvcIp.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Zune\ZuneNss.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-11-11 03:32:08 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-11 08:32 ComboFix.txt 2009-01-26 14:40 ComboFix2.txt 2011-11-06 19:32 . Pre-Run: 55,632,969,728 bytes free Post-Run: 55,625,011,200 bytes free . - - End Of File - - 642146B1A8D69CEE1941011DA8790F25 Upload was successful
  8. AND A NEW DDS . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23 Run by Scott at 14:39:04 on 2011-11-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2597 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\WINDOWS\System32\svchost.exe -k Akamai C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ZuneBusEnum.exe C:\Program Files\bin32\nSvcIp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Rainmeter\Rainmeter.exe C:\Documents and Settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mlb.mlb.com/index.jsp uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe" uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [unified Remote v2] c:\program files\unified remote\RemoteServer.exe uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [RTHDCPL] RTHDCPL.EXE mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe" mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ"&"prod=90"&"ver=10.0.1411 StartupFolder: c:\docume~1\scott\startm~1\programs\startup\mlbtvn~1.lnk - c:\documents and settings\scott\local settings\application data\autobahn\mlb-nexdef-autobahn.exe StartupFolder: c:\docume~1\scott\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - c:\progra~1\videoget\plugins\VIDEOG~1.DLL IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: %SYSTEMROOT%\system32\nvLsp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F} : DhcpNameServer = 192.168.1.1 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\pzjx8kdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false . ============= SERVICES / DRIVERS =============== . R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-11-6 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2007-7-27 14336] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 366152] R2 ntk_dtv;ntk_dtv;c:\program files\directv\directv\kernel\dmp\ntk_dtv.sys [2009-9-17 119792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-10 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-1-9 38176] S2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?] S2 CLDTVHNService;CLDTVHNService;c:\program files\directv\directv\kernel\dmp\cldtvhnservice.exe --> c:\program files\directv\directv\kernel\dmp\CLDTVHNService.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664] S2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\motoconnectservice.exe --> c:\program files\motorola\motoconnectservice\MotoConnectService.exe [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2010-7-15 6016] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2010-9-27 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-27 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2010-7-15 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-7-15 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-7-15 9472] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-11-06 18:45:44 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-06 18:45:44 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-11-06 18:42:03 98816 ----a-w- c:\windows\sed.exe 2011-11-06 18:42:03 518144 ----a-w- c:\windows\SWREG.exe 2011-11-06 18:42:03 256000 ----a-w- c:\windows\PEV.exe 2011-11-06 18:42:03 208896 ----a-w- c:\windows\MBR.exe 2011-11-01 02:38:20 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-26 06:08:00 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-25 02:17:50 -------- d-----w- c:\documents and settings\all users\application data\SUPERSetup 2011-10-25 01:56:41 48016 --sha-w- c:\windows\system32\c_97100.nl_ 2011-10-24 17:05:00 215920 ----a-w- c:\windows\system32\muweb.dll 2011-10-24 17:05:00 16736 ----a-w- c:\windows\system32\mucltui.dll.mui 2011-10-24 17:04:57 274288 ----a-w- c:\windows\system32\mucltui.dll 2011-10-24 05:59:02 -------- d-sh--w- c:\documents and settings\scott\local settings\application data\5958c76b 2011-10-24 00:17:46 -------- d-----w- c:\documents and settings\scott\Tracing 2011-10-23 18:55:16 -------- d-----w- c:\program files\Microsoft 2011-10-23 18:54:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-10-23 18:51:52 -------- d-----w- c:\program files\common files\Windows Live . ==================== Find3M ==================== . 2011-10-25 07:18:52 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 21:32:17 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:32:16 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:32:16 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:32:15 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22:23 389120 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 14:39:21.59 ===============
  9. HERE IS THE COMBOFIX LOG: One note, after combofix ran an IE icon showed up on my desktop with a text file named "catchme.log" It contained: File "C:\ComboFix\MT_nSvcIp.exe.tmp" added successfully. Don't know if this is of any value ComboFix 11-11-06.02 - Scott 11/06/2011 13:52:49.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3455.2957 [GMT -5:00] Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Tarma Installer c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\0DC5862787C23049._bu c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\20101002233429.log c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{02FB3E48-4459-4986-BBE5-945B063B1E58}\Setup.ico c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\20101002233421.log c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{B2460671-BD25-4C1C-ACB7-FBD4967365FE}\Setup.ico c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\20101002233426.log c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{BB51F026-06AC-4F5D-B18C-4E99ED18E477}\Setup.ico c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\20101002233530.log c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{C7D86D8E-8C33-4A42-B401-3BABDB4E91C7}\Setup.ico c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setup.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\_Setupx.dll c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\20100916023805.log c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.dat c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.exe c:\documents and settings\All Users\Application Data\Tarma Installer\{E7269FD6-34EA-4617-8752-6739AA384080}\Setup.ico c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{479F8C12-576B-4A58-AB78-4B70F7012AA8}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{516A7A9D-5659-4DF1-ADCA-3AB2770664F6}\PostBuild.exe c:\documents and settings\All Users\Application Data\TEMP\{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}\PostBuild.exe c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\80000000.@ c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\800000cb.@ c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\U\800000cf.@ c:\documents and settings\Scott\Local Settings\Application Data\5958c76b\X c:\documents and settings\Scott\rgjifbuzkp.tmp c:\windows\$NtUninstallKB25036$ c:\windows\$NtUninstallKB25036$\1498990443\@ c:\windows\$NtUninstallKB25036$\1498990443\L\kfhmdshi c:\windows\$NtUninstallKB25036$\1498990443\loader.tlb c:\windows\$NtUninstallKB25036$\1498990443\U\@00000001 c:\windows\$NtUninstallKB25036$\1498990443\U\@000000c0 c:\windows\$NtUninstallKB25036$\1498990443\U\@000000cb c:\windows\$NtUninstallKB25036$\1498990443\U\@000000cf c:\windows\$NtUninstallKB25036$\1498990443\U\@80000000 c:\windows\$NtUninstallKB25036$\1498990443\U\@800000c0 c:\windows\$NtUninstallKB25036$\1498990443\U\@800000cb c:\windows\$NtUninstallKB25036$\1498990443\U\@800000cf c:\windows\$NtUninstallKB25036$\454262038 c:\windows\bwUnin-8.1.1.50-8876480SL.exe c:\windows\system32\ c:\windows\system32\c_97100.nls . Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - The cat found it Infected copy of c:\program files\SUPERAntiSpyware\SASCORE.EXE was found and disinfected Restored copy from - c:\program files\SUPERAntiSpyware\ . Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088611.exe . Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP1001\A0091176.exe . Infected copy of c:\program files\bin32\nSvcIp.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088560.exe . Infected copy of c:\windows\system32\nvsvc32.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088491.exe . Infected copy of c:\windows\system32\ZuneBusEnum.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088559.exe . Infected copy of c:\program files\bin32\nSvcIp.exe was found and disinfected Restored copy from - c:\system volume information\_restore{349DD2E9-09FA-4AD5-AA28-0A3F2FB36744}\RP997\A0088560.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_5958c76b . . ((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 ))))))))))))))))))))))))))))))) . . 2011-11-06 18:45 . 2011-11-01 02:18 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2011-11-06 18:45 . 2011-11-01 02:18 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2011-11-01 02:38 . 2011-11-01 02:38 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-26 06:08 . 2011-10-26 06:08 -------- d-----w- C:\TDSSKiller_Quarantine 2011-10-25 07:05 . 2011-10-25 07:05 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help 2011-10-25 02:17 . 2011-10-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup 2011-10-25 01:56 . 2011-11-01 02:19 48016 --sha-w- c:\windows\system32\c_97100.nl_ 2011-10-24 05:59 . 2011-11-06 19:06 -------- d-sh--w- c:\documents and settings\Scott\Local Settings\Application Data\5958c76b 2011-10-24 00:17 . 2011-10-24 00:31 -------- d-----w- c:\documents and settings\Scott\Tracing 2011-10-23 18:55 . 2011-10-23 18:55 -------- d-----w- c:\program files\Microsoft 2011-10-23 18:54 . 2011-10-23 18:54 -------- d-----w- c:\program files\Windows Live SkyDrive 2011-10-23 18:54 . 2011-10-23 18:55 -------- d-----w- c:\program files\Windows Live 2011-10-23 18:51 . 2011-10-23 18:51 -------- d-----w- c:\program files\Common Files\Windows Live . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-25 07:18 . 2009-01-09 07:59 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2007-07-27 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2007-07-27 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2007-07-27 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2007-07-27 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 21:00 . 2009-01-10 06:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-17 21:32 . 2007-07-27 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2011-08-17 21:32 . 2007-07-27 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2011-08-17 21:32 . 2007-07-27 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl 2011-08-17 21:32 . 2007-07-27 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2011-08-17 13:49 . 2007-07-27 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-08-17 12:22 . 2007-07-27 12:00 389120 ----a-w- c:\windows\system32\html.iec 2011-09-30 16:14 . 2011-03-27 20:52 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-09-15 2048000] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Steam"="c:\program files\Steam\steam.exe" [2011-08-10 1242448] "Unified Remote v2"="c:\program files\Unified Remote\RemoteServer.exe" [2011-09-30 194560] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "nwiz"="nwiz.exe" [2008-09-18 1657376] "RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 153608] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctOTQ1MjY5MjY1LVQ0LUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5RysxLVRCOSsyLUZMKzktWE8zNisxLUY5TTdDKzQtRjlNMTBCKzItRjlNMisxLUREVCsxODkyMC1GTDEwKzEtRk9JKzExLUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMS1TVDEyRk9JKzEtRjEwTTEyQVUrMQ∏=90&ver=10.0.1411" [?] . c:\documents and settings\Scott\Start Menu\Programs\Startup\ MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Scott\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-11 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-9 67128] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-9 692224] Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2009-11-1 119296] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^V CAST Media Monitor.lnk] path=c:\documents and settings\Scott\Start Menu\Programs\Startup\V CAST Media Monitor.lnk backup=c:\windows\pss\V CAST Media Monitor.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boxee] 2010-10-31 13:39 19456000 ----a-w- c:\program files\Boxee\BOXEE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] 2007-12-14 16:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] 2008-03-21 01:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Boxee\\BOXEE.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\DirecTV\\DirecTV\\DIRECTV2PC.exe"= "c:\\Program Files\\Unified Remote\\RemoteServer.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"= "c:\\Program Files\\Verizon\\McciBrowser.exe"= "c:\\Documents and Settings\\Scott\\Desktop\\TDSSKiller.exe"= "c:\\DOWNLOADS\\SUPERAntiSpyware.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SSUpdate.exe"= "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"= "c:\\Documents and Settings\\Scott\\Desktop\\New Folder\\TDSSKiller.exe"= "c:\\Program Files\\Common Files\\Java\\Java Update\\jaucheck.exe"= "c:\\Program Files\\Steam\\steamerrorreporter.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1050:TCP"= 1050:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [11/6/2011 2:09 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [7/27/2007 7:00 AM 14336] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/6/2011 2:11 PM 366152] R2 ntk_dtv;ntk_dtv;c:\program files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys [9/17/2009 5:40 PM 119792] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/10/2009 1:40 AM 22216] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/9/2009 9:54 AM 38176] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2/3/2009 2:57 AM 47360] S2 CLDTVHNService;CLDTVHNService;c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe --> c:\program files\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe --> c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [7/15/2010 1:48 PM 6016] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/19/2009 9:44 PM 135664] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [9/27/2010 3:03 AM 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [9/27/2010 3:03 AM 19968] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [7/15/2010 1:48 PM 8320] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [7/15/2010 1:48 PM 23424] S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [7/15/2010 1:48 PM 9472] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-11-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-06 08:55] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44] . 2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-20 02:44] . 2011-11-06 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 02:18] . . ------- Supplementary Scan ------- . uStart Page = hxxp://mlb.mlb.com/index.jsp uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{3B820D68-9E8E-4B15-8C7B-079E29F0F89F}: NameServer = 208.67.222.222,208.67.220.220 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\pzjx8kdb.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - prefs.js: network.proxy.type - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . BHO-{0281CD58-3082-4C8A-B2F5-76B2F811C902} - c:\windows\system32\atrace32.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) SafeBoot-12374780.sys SafeBoot-46488479.sys SafeBoot-61684727.sys SafeBoot-70141892.sys SafeBoot-75466144.sys SafeBoot-82777506.sys SafeBoot-klmdb.sys SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe AddRemove-{E7269FD6-34EA-4617-8752-6739AA384080} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{E7269~1\Setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-06 14:21 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(752) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(808) c:\windows\system32\nvLsp.dll . - - - - - - - > 'explorer.exe'(3736) c:\windows\system32\WININET.dll c:\program files\RocketDock\RocketDock.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\ZuneBusEnum.exe c:\program files\bin32\nSvcIp.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Zune\ZuneNss.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2011-11-06 14:32:26 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-06 19:32 ComboFix.txt 2009-01-26 14:40 . Pre-Run: 52,178,825,216 bytes free Post-Run: 55,661,678,592 bytes free . - - End Of File - - 20B20D74C9A4DF4DA1027AB141F6724B
  10. I re-downloaded MBAM and attempted a quick scan. After a few seconds it closed and any attempts to open program get the response "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions..." Please advise next course of action
  11. Thank you for your response and sorry for the delay... I ran TDSSKILLER and the log is pasted below. As far as a MBAM scan, I cannot run the program. It will not open. How should I proceed or how can I get it working. The virus itself made AVG recognize many program files as infections. They are in the vault as Katusha.A and MBAM is one of them. 22:09:30.0015 2000 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01 22:09:32.0015 2000 ============================================================ 22:09:32.0015 2000 Current date / time: 2011/10/31 22:09:32.0015 22:09:32.0015 2000 SystemInfo: 22:09:32.0015 2000 22:09:32.0015 2000 OS Version: 5.1.2600 ServicePack: 3.0 22:09:32.0015 2000 Product type: Workstation 22:09:32.0015 2000 ComputerName: SHANE 22:09:32.0015 2000 UserName: Scott 22:09:32.0015 2000 Windows directory: C:\WINDOWS 22:09:32.0015 2000 System windows directory: C:\WINDOWS 22:09:32.0015 2000 Processor architecture: Intel x86 22:09:32.0015 2000 Number of processors: 2 22:09:32.0015 2000 Page size: 0x1000 22:09:32.0015 2000 Boot type: Normal boot 22:09:32.0015 2000 ============================================================ 22:09:39.0796 2000 Initialize success 22:09:54.0140 2352 ============================================================ 22:09:54.0140 2352 Scan started 22:09:54.0140 2352 Mode: Manual; 22:09:54.0140 2352 ============================================================ 22:09:57.0921 2352 5958c76b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1808226393:2795976852.exe 22:10:00.0296 2352 Suspicious file (Hidden): C:\WINDOWS\1808226393:2795976852.exe. md5: 8f2bb1827cac01aee6a16e30a1260199 22:10:00.0296 2352 5958c76b ( Rootkit.Win32.PMax.gen ) - infected 22:10:00.0296 2352 5958c76b - detected Rootkit.Win32.PMax.gen (0) 22:10:00.0437 2352 Abiosdsk - ok 22:10:00.0515 2352 abp480n5 - ok 22:10:00.0687 2352 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:10:00.0718 2352 ACPI - ok 22:10:00.0812 2352 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:10:00.0812 2352 ACPIEC - ok 22:10:00.0859 2352 adpu160m - ok 22:10:00.0937 2352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:10:00.0937 2352 aec - ok 22:10:01.0156 2352 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 22:10:01.0187 2352 AFD - ok 22:10:01.0343 2352 Aha154x - ok 22:10:01.0406 2352 aic78u2 - ok 22:10:01.0687 2352 aic78xx - ok 22:10:01.0781 2352 AliIde - ok 22:10:01.0890 2352 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 22:10:01.0890 2352 AmdPPM - ok 22:10:01.0906 2352 amsint - ok 22:10:02.0281 2352 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 22:10:02.0296 2352 Arp1394 - ok 22:10:02.0500 2352 asc - ok 22:10:02.0703 2352 asc3350p - ok 22:10:02.0859 2352 asc3550 - ok 22:10:03.0187 2352 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys 22:10:03.0187 2352 Aspi32 - ok 22:10:03.0421 2352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:10:03.0421 2352 AsyncMac - ok 22:10:03.0687 2352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:10:03.0687 2352 atapi - ok 22:10:03.0890 2352 Atdisk - ok 22:10:04.0156 2352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:10:04.0171 2352 Atmarpc - ok 22:10:04.0312 2352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:10:04.0328 2352 audstub - ok 22:10:04.0421 2352 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 22:10:04.0421 2352 AVGIDSDriver - ok 22:10:04.0734 2352 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 22:10:04.0734 2352 AVGIDSEH - ok 22:10:04.0828 2352 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 22:10:04.0828 2352 AVGIDSFilter - ok 22:10:05.0203 2352 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 22:10:05.0203 2352 AVGIDSShim - ok 22:10:05.0421 2352 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 22:10:05.0421 2352 Avgmfx86 - ok 22:10:05.0531 2352 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 22:10:05.0546 2352 Avgrkx86 - ok 22:10:05.0890 2352 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 22:10:05.0890 2352 Avgtdix - ok 22:10:06.0140 2352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:10:06.0203 2352 Beep - ok 22:10:06.0531 2352 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys 22:10:06.0921 2352 BTCFilterService - ok 22:10:07.0015 2352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:10:07.0015 2352 cbidf2k - ok 22:10:07.0093 2352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 22:10:07.0109 2352 CCDECODE - ok 22:10:07.0109 2352 cd20xrnt - ok 22:10:07.0187 2352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:10:07.0187 2352 Cdaudio - ok 22:10:07.0453 2352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:10:07.0468 2352 Cdfs - ok 22:10:07.0625 2352 Cdrom (dfcaffc0a5d9fdac7bdf169c5e3bdf10) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:10:07.0625 2352 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: dfcaffc0a5d9fdac7bdf169c5e3bdf10, Fake md5: 4b0a100eaf5c49ef3cca8c641431eacc 22:10:07.0625 2352 Cdrom ( Rootkit.Win32.ZAccess.e ) - infected 22:10:07.0625 2352 Cdrom - detected Rootkit.Win32.ZAccess.e (0) 22:10:07.0640 2352 Changer - ok 22:10:07.0703 2352 CmdIde - ok 22:10:07.0734 2352 Cpqarray - ok 22:10:07.0750 2352 dac2w2k - ok 22:10:07.0765 2352 dac960nt - ok 22:10:07.0796 2352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:10:07.0796 2352 Disk - ok 22:10:07.0843 2352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:10:07.0875 2352 dmboot - ok 22:10:07.0921 2352 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 22:10:07.0921 2352 dmio - ok 22:10:07.0937 2352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:10:07.0937 2352 dmload - ok 22:10:07.0968 2352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:10:07.0968 2352 DMusic - ok 22:10:07.0984 2352 dpti2o - ok 22:10:08.0000 2352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:10:08.0000 2352 drmkaud - ok 22:10:08.0046 2352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:10:08.0078 2352 Fastfat - ok 22:10:08.0093 2352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:10:08.0093 2352 Fdc - ok 22:10:08.0109 2352 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:10:08.0109 2352 Fips - ok 22:10:08.0125 2352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:10:08.0125 2352 Flpydisk - ok 22:10:08.0140 2352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:10:08.0156 2352 FltMgr - ok 22:10:08.0171 2352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:10:08.0187 2352 Fs_Rec - ok 22:10:08.0187 2352 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:10:08.0203 2352 Ftdisk - ok 22:10:08.0218 2352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:10:08.0218 2352 Gpc - ok 22:10:08.0343 2352 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys 22:10:08.0343 2352 grmnusb - ok 22:10:08.0406 2352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:10:08.0406 2352 HDAudBus - ok 22:10:08.0515 2352 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:10:08.0515 2352 hidusb - ok 22:10:08.0640 2352 hpn - ok 22:10:08.0765 2352 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 22:10:08.0765 2352 HPZid412 - ok 22:10:08.0781 2352 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 22:10:08.0781 2352 HPZipr12 - ok 22:10:08.0875 2352 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 22:10:08.0890 2352 HPZius12 - ok 22:10:09.0000 2352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:10:09.0109 2352 HTTP - ok 22:10:09.0125 2352 i2omgmt - ok 22:10:09.0375 2352 i2omp - ok 22:10:09.0593 2352 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:10:09.0640 2352 i8042prt - ok 22:10:09.0687 2352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:10:09.0703 2352 Imapi - ok 22:10:09.0718 2352 ini910u - ok 22:10:09.0921 2352 IntcAzAudAddService (0be7f157d695e1d10ee102c96de4ac18) C:\WINDOWS\system32\drivers\RtkHDAud.sys 22:10:09.0953 2352 IntcAzAudAddService - ok 22:10:09.0968 2352 IntelIde - ok 22:10:10.0000 2352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:10:10.0015 2352 Ip6Fw - ok 22:10:10.0046 2352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:10:10.0046 2352 IpFilterDriver - ok 22:10:10.0062 2352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:10:10.0062 2352 IpInIp - ok 22:10:10.0093 2352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:10:10.0093 2352 IpNat - ok 22:10:10.0125 2352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:10:10.0203 2352 IPSec - ok 22:10:10.0218 2352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:10:10.0218 2352 IRENUM - ok 22:10:10.0281 2352 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:10:10.0281 2352 isapnp - ok 22:10:10.0359 2352 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:10:10.0375 2352 Kbdclass - ok 22:10:10.0375 2352 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:10:10.0375 2352 kbdhid - ok 22:10:10.0453 2352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:10:10.0515 2352 kmixer - ok 22:10:10.0625 2352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:10:10.0640 2352 KSecDD - ok 22:10:10.0703 2352 L8042Kbd (d88846f9f4f27ae9be584a6e5b6b8753) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys 22:10:10.0703 2352 L8042Kbd - ok 22:10:10.0734 2352 lbrtfdc - ok 22:10:10.0796 2352 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 22:10:10.0796 2352 LHidFilt - ok 22:10:10.0843 2352 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 22:10:10.0843 2352 LMouFilt - ok 22:10:10.0890 2352 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys 22:10:10.0890 2352 LVUSBSta - ok 22:10:11.0031 2352 LVUVC (92d03dc19eae9d0a86735705e374fdad) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 22:10:11.0265 2352 LVUVC - ok 22:10:11.0359 2352 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys 22:10:11.0359 2352 MBAMProtector - ok 22:10:11.0437 2352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:10:11.0437 2352 mnmdd - ok 22:10:11.0453 2352 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:10:11.0453 2352 Modem - ok 22:10:11.0546 2352 motandroidusb (0a43169e115b5e9346a4ba1effcb04cb) C:\WINDOWS\system32\Drivers\motoandroid.sys 22:10:11.0546 2352 motandroidusb - ok 22:10:11.0578 2352 motccgp (7b8d7bb9ae3ae9cd133bbc5aa91dd3cc) C:\WINDOWS\system32\DRIVERS\motccgp.sys 22:10:11.0578 2352 motccgp - ok 22:10:11.0625 2352 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 22:10:11.0625 2352 motccgpfl - ok 22:10:11.0671 2352 motmodem (c3b0fd4f463e90b3917ff6ccea853bb6) C:\WINDOWS\system32\DRIVERS\motmodem.sys 22:10:11.0671 2352 motmodem - ok 22:10:11.0703 2352 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys 22:10:11.0703 2352 MotoSwitchService - ok 22:10:11.0734 2352 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys 22:10:11.0734 2352 Motousbnet - ok 22:10:12.0000 2352 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys 22:10:12.0015 2352 motusbdevice - ok 22:10:12.0062 2352 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:10:12.0062 2352 Mouclass - ok 22:10:12.0062 2352 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:10:12.0062 2352 mouhid - ok 22:10:12.0093 2352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:10:12.0093 2352 MountMgr - ok 22:10:12.0093 2352 mraid35x - ok 22:10:12.0250 2352 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 22:10:12.0250 2352 MREMP50 - ok 22:10:12.0250 2352 MREMPR5 - ok 22:10:12.0265 2352 MRENDIS5 - ok 22:10:12.0281 2352 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 22:10:12.0281 2352 MRESP50 - ok 22:10:12.0328 2352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:10:12.0328 2352 MRxDAV - ok 22:10:12.0375 2352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:10:12.0375 2352 MRxSmb - ok 22:10:12.0406 2352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:10:12.0406 2352 Msfs - ok 22:10:12.0437 2352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:10:12.0437 2352 MSKSSRV - ok 22:10:12.0453 2352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:10:12.0453 2352 MSPCLOCK - ok 22:10:12.0468 2352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:10:12.0468 2352 MSPQM - ok 22:10:12.0515 2352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:10:12.0515 2352 mssmbios - ok 22:10:12.0562 2352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 22:10:12.0562 2352 MSTEE - ok 22:10:12.0671 2352 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 22:10:12.0671 2352 MTsensor - ok 22:10:12.0796 2352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 22:10:12.0812 2352 Mup - ok 22:10:12.0843 2352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 22:10:12.0859 2352 NABTSFEC - ok 22:10:12.0921 2352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:10:12.0937 2352 NDIS - ok 22:10:12.0984 2352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 22:10:12.0984 2352 NdisIP - ok 22:10:13.0046 2352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:10:13.0046 2352 NdisTapi - ok 22:10:13.0093 2352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:10:13.0093 2352 Ndisuio - ok 22:10:13.0156 2352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:10:13.0156 2352 NdisWan - ok 22:10:13.0203 2352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 22:10:13.0203 2352 NDProxy - ok 22:10:13.0234 2352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:10:13.0234 2352 NetBIOS - ok 22:10:13.0296 2352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:10:13.0296 2352 NetBT - ok 22:10:13.0359 2352 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 22:10:13.0375 2352 NIC1394 - ok 22:10:13.0390 2352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:10:13.0390 2352 Npfs - ok 22:10:13.0437 2352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:10:13.0437 2352 Ntfs - ok 22:10:13.0765 2352 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DirecTV\DirecTV\Kernel\DMP\ntk_dtv.sys 22:10:13.0765 2352 ntk_dtv - ok 22:10:13.0828 2352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:10:13.0843 2352 Null - ok 22:10:14.0093 2352 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:10:15.0203 2352 nv - ok 22:10:15.0937 2352 NVENETFD (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 22:10:15.0937 2352 NVENETFD - ok 22:10:16.0609 2352 NVHDA (0ba72d1d0b83e1e5500c5dc4c7bafc32) C:\WINDOWS\system32\drivers\nvhda32.sys 22:10:16.0609 2352 NVHDA - ok 22:10:16.0765 2352 nvnetbus (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 22:10:16.0765 2352 nvnetbus - ok 22:10:16.0921 2352 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\WINDOWS\system32\DRIVERS\nvsmu.sys 22:10:16.0921 2352 nvsmu - ok 22:10:17.0093 2352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:10:17.0093 2352 NwlnkFlt - ok 22:10:17.0109 2352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:10:17.0109 2352 NwlnkFwd - ok 22:10:17.0250 2352 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 22:10:17.0296 2352 ohci1394 - ok 22:10:18.0125 2352 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:10:18.0156 2352 Parport - ok 22:10:18.0453 2352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:10:18.0468 2352 PartMgr - ok 22:10:18.0843 2352 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:10:18.0843 2352 ParVdm - ok 22:10:19.0500 2352 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:10:19.0546 2352 PCI - ok 22:10:19.0750 2352 PCIDump - ok 22:10:19.0953 2352 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:10:19.0953 2352 PCIIde - ok 22:10:20.0015 2352 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:10:20.0078 2352 Pcmcia - ok 22:10:20.0218 2352 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys 22:10:20.0234 2352 pcouffin - ok 22:10:20.0265 2352 PDCOMP - ok 22:10:20.0328 2352 PDFRAME - ok 22:10:20.0734 2352 PDRELI - ok 22:10:20.0781 2352 PDRFRAME - ok 22:10:20.0828 2352 perc2 - ok 22:10:21.0046 2352 perc2hib - ok 22:10:21.0156 2352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:10:21.0171 2352 PptpMiniport - ok 22:10:21.0218 2352 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 22:10:21.0234 2352 Processor - ok 22:10:21.0281 2352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:10:21.0281 2352 PSched - ok 22:10:21.0375 2352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:10:21.0390 2352 Ptilink - ok 22:10:21.0468 2352 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 22:10:21.0468 2352 PxHelp20 - ok 22:10:21.0484 2352 ql1080 - ok 22:10:21.0500 2352 Ql10wnt - ok 22:10:21.0515 2352 ql12160 - ok 22:10:21.0531 2352 ql1240 - ok 22:10:21.0546 2352 ql1280 - ok 22:10:21.0593 2352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:10:21.0609 2352 RasAcd - ok 22:10:21.0671 2352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:10:21.0687 2352 Rasl2tp - ok 22:10:21.0703 2352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:10:21.0703 2352 RasPppoe - ok 22:10:21.0718 2352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:10:21.0718 2352 Raspti - ok 22:10:21.0765 2352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:10:21.0765 2352 Rdbss - ok 22:10:21.0781 2352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:10:21.0781 2352 RDPCDD - ok 22:10:21.0812 2352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:10:21.0812 2352 rdpdr - ok 22:10:21.0890 2352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 22:10:21.0890 2352 RDPWD - ok 22:10:21.0906 2352 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:10:21.0921 2352 redbook - ok 22:10:21.0953 2352 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 22:10:21.0968 2352 RimVSerPort - ok 22:10:22.0031 2352 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 22:10:22.0031 2352 ROOTMODEM - ok 22:10:22.0234 2352 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 22:10:22.0234 2352 SASDIFSV - ok 22:10:22.0250 2352 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 22:10:22.0250 2352 SASKUTIL - ok 22:10:22.0281 2352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:10:22.0281 2352 Secdrv - ok 22:10:22.0312 2352 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:10:22.0312 2352 serenum - ok 22:10:22.0343 2352 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:10:22.0359 2352 Serial - ok 22:10:22.0406 2352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:10:22.0406 2352 Sfloppy - ok 22:10:22.0437 2352 Simbad - ok 22:10:22.0500 2352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 22:10:22.0515 2352 SLIP - ok 22:10:22.0531 2352 Sparrow - ok 22:10:22.0578 2352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:10:22.0578 2352 splitter - ok 22:10:22.0609 2352 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:10:22.0609 2352 sr - ok 22:10:22.0656 2352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 22:10:22.0671 2352 Srv - ok 22:10:22.0718 2352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 22:10:22.0718 2352 streamip - ok 22:10:22.0734 2352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:10:22.0734 2352 swenum - ok 22:10:22.0781 2352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:10:22.0796 2352 swmidi - ok 22:10:22.0812 2352 symc810 - ok 22:10:22.0828 2352 symc8xx - ok 22:10:22.0843 2352 sym_hi - ok 22:10:22.0843 2352 sym_u3 - ok 22:10:22.0859 2352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:10:22.0875 2352 sysaudio - ok 22:10:22.0968 2352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:10:22.0984 2352 Tcpip - ok 22:10:23.0031 2352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:10:23.0031 2352 TDPIPE - ok 22:10:23.0046 2352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:10:23.0046 2352 TDTCP - ok 22:10:23.0109 2352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:10:23.0109 2352 TermDD - ok 22:10:23.0125 2352 TosIde - ok 22:10:23.0187 2352 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys 22:10:23.0187 2352 TPkd - ok 22:10:23.0234 2352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:10:23.0234 2352 Udfs - ok 22:10:23.0250 2352 ultra - ok 22:10:23.0281 2352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:10:23.0281 2352 Update - ok 22:10:23.0359 2352 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 22:10:23.0359 2352 USBAAPL - ok 22:10:23.0390 2352 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 22:10:23.0390 2352 usbaudio - ok 22:10:23.0437 2352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:10:23.0437 2352 usbccgp - ok 22:10:23.0468 2352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:10:23.0468 2352 usbehci - ok 22:10:23.0484 2352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:10:23.0484 2352 usbhub - ok 22:10:23.0500 2352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 22:10:23.0515 2352 usbohci - ok 22:10:23.0593 2352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:10:23.0593 2352 usbprint - ok 22:10:23.0671 2352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:10:23.0687 2352 usbscan - ok 22:10:23.0703 2352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:10:23.0703 2352 USBSTOR - ok 22:10:23.0765 2352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:10:23.0765 2352 VgaSave - ok 22:10:23.0796 2352 ViaIde - ok 22:10:23.0828 2352 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:10:23.0828 2352 VolSnap - ok 22:10:23.0875 2352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:10:23.0875 2352 Wanarp - ok 22:10:23.0984 2352 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 22:10:23.0984 2352 Wdf01000 - ok 22:10:24.0000 2352 WDICA - ok 22:10:24.0015 2352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:10:24.0015 2352 wdmaud - ok 22:10:24.0140 2352 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 22:10:24.0140 2352 WinUSB - ok 22:10:24.0187 2352 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDOWS\system32\drivers\WmBEnum.sys 22:10:24.0187 2352 WmBEnum - ok 22:10:24.0234 2352 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDOWS\system32\drivers\WmFilter.sys 22:10:24.0250 2352 WmFilter - ok 22:10:24.0265 2352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 22:10:24.0265 2352 WmiAcpi - ok 22:10:24.0296 2352 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDOWS\system32\drivers\WmVirHid.sys 22:10:24.0296 2352 WmVirHid - ok 22:10:24.0296 2352 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDOWS\system32\drivers\WmXlCore.sys 22:10:24.0312 2352 WmXlCore - ok 22:10:24.0375 2352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 22:10:24.0390 2352 WpdUsb - ok 22:10:24.0421 2352 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:10:24.0421 2352 WS2IFSL - ok 22:10:24.0515 2352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 22:10:24.0515 2352 WSTCODEC - ok 22:10:24.0578 2352 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:10:24.0593 2352 WudfPf - ok 22:10:24.0609 2352 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:10:24.0625 2352 WudfRd - ok 22:10:24.0687 2352 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys 22:10:24.0687 2352 xusb21 - ok 22:10:24.0921 2352 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys 22:10:24.0921 2352 zumbus - ok 22:10:25.0000 2352 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 22:10:25.0156 2352 \Device\Harddisk0\DR0 - ok 22:10:25.0171 2352 Boot (0x1200) (8488de0feb1ba9d97febbf65251c7ded) \Device\Harddisk0\DR0\Partition0 22:10:25.0171 2352 \Device\Harddisk0\DR0\Partition0 - ok 22:10:25.0171 2352 ============================================================ 22:10:25.0171 2352 Scan finished 22:10:25.0171 2352 ============================================================ 22:10:25.0187 3612 Detected object count: 2 22:10:25.0187 3612 Actual detected object count: 2 22:10:52.0625 3612 HKLM\SYSTEM\ControlSet001\services\5958c76b - will be deleted on reboot 22:10:52.0625 3612 HKLM\SYSTEM\ControlSet003\services\5958c76b - will be deleted on reboot 22:10:52.0625 3612 C:\WINDOWS\1808226393:2795976852.exe - will be deleted on reboot 22:10:52.0625 3612 5958c76b ( Rootkit.Win32.PMax.gen ) - User select action: Delete 22:10:54.0765 3612 Backup copy found, using it.. 22:10:55.0812 3612 C:\WINDOWS\system32\DRIVERS\cdrom.sys - will be cured on reboot 22:10:55.0812 3612 Cdrom ( Rootkit.Win32.ZAccess.e ) - User select action: Cure 22:11:12.0046 0708 Deinitialize success
  12. AVG detected incoming threat and MBAM (pro version) crashed simultaneously last night. TDSSKiller is identifying "Rootkit.win32.pmax.gen" and another time it showed zaccess one as well. Upon restarts the infection keeps showing up. AVG and MBAM will not run in regular or safe mode. I have internet connection, but I am getting redirects. As per forum instructions, attached is dds.txt -- should i also include attach.txt? Please Help, thanks in advance. dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.