hello i seemed to have caught the trojan virus cyrpt.AQLW. AVG keeps fighting it but never removes it. i followed the guide in the sticky and will post my logs.
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.26.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John :: REVX [administrator]
2/27/2012 5:41:49 AM
mbam-log-2012-02-27 (05-41-49).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359820
Time elapsed: 1 hour(s), 19 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-27 18:30:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts3Port4Path0Target0Lun0 WDC_WD16 rev.20.0
Running: d83b1yl2.exe; Driver: E:\DOCUME~1\John\LOCALS~1\Temp\pxtdrpog.sys
---- System - GMER 1.0.15 ----
SSDT spkz.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spkz.sys ZwEnumerateValueKey [0xB7EC7030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts3Port4Path0Target0Lun0 8AB061F8
Device \Driver\a7ge2hac \Device\Scsi\a7ge2hac1 8A921500
Device \Driver\nvgts \Device\Scsi\nvgts1 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts3 8AB061F8
Device \Driver\a7ge2hac \Device\Scsi\a7ge2hac1Port5Path0Target0Lun0 8A921500
Device \FileSystem\Ntfs \Ntfs 8AB051F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John at 18:32:12 on 2012-02-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2097 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
E:\PROGRA~1\AVG\AVG10\avgchsvx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
E:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
E:\WINDOWS\System32\svchost.exe -k Akamai
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\AVG\AVG10\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\BUFFALO\NASNAVI\nassvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\Program Files\AVG\AVG10\avgnsx.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\AVG\AVG10\avgemcx.exe
E:\WINDOWS\System32\ups.exe
E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Razer\DeathAdder\razerhid.exe
E:\Program Files\AVG\AVG10\avgtray.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
E:\Program Files\Razer\DeathAdder\razertra.exe
E:\Program Files\AVG Secure Search\vprot.exe
E:\Program Files\Razer\DeathAdder\razerofa.exe
E:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
E:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
E:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
E:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
E:\Program Files\BUFFALO\NASNAVI\nassche.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
E:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
E:\PROGRA~1\AVG\AVG10\avgrsx.exe
E:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - e:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - e:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] e:\program files\windows media player\WMPNSCFG.exe
mRun: [Launch LCDMon] "e:\program files\common files\logitech\lcd manager\lcdmon.exe"
mRun: [Launch LGDCore] "e:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [DeathAdder] e:\program files\razer\deathadder\razerhid.exe
mRun: [AVG_TRAY] e:\program files\avg\avg10\avgtray.exe
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "e:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [CTAPR2] "e:\program files\creative\sound blaster tactic(3d)\sound blaster tactic(3d) control panel\CTAPR2.exe" /r
mRun: [vProt] "e:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "e:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: e:\docume~1\john\startm~1\programs\startup\buffal~1.lnk - e:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: e:\docume~1\john\startm~1\programs\startup\nassch~1.lnk - e:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\rnx-n1~1.lnk - e:\program files\rnx-n180ube 11n usb wireless lan utility\RtWLan.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - e:\program files\datacolor\spyder3express\utility\Spyder3Utility.exe
IE: E&xport to Microsoft Excel - e:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - e:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office11\REFIEBAR.DLL
LSP: e:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab
DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - hxxp://roadrunnerrecords.echospin.com/wizard/files/esWizard.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187621116406
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://www.netchexonline.net/ActiveX/activexviewer.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - e:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;e:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;e:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 PzWDM;PzWDM;e:\windows\system32\drivers\PzWDM.sys [2010-5-29 15172]
R1 Avgldx86;AVG AVI Loader Driver;e:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;e:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;e:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 CLBStor;InstantBurn Storage Helper Driver;e:\windows\system32\drivers\CLBStor.sys [2011-1-10 15784]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/01/16 23:21:32];e:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;e:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Akamai;Akamai NetSession Interface;e:\windows\system32\svchost.exe -k Akamai [2003-3-31 14336]
R2 AVGIDSAgent;AVGIDSAgent;e:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;e:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;e:\windows\system32\drivers\CLBUDF.sys [2011-1-10 163368]
R2 NasPmService;NAS PM Service;e:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> e:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-4 2348352]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;e:\windows\system32\drivers\sfsz.sys [2008-9-12 345984]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;e:\windows\system32\drivers\thdudf.sys [2012-2-26 66944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\viewpoint\common\ViewpointService.exe [2008-3-27 24652]
R2 vToolbarUpdater;vToolbarUpdater;e:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-2-16 909152]
R2 Z-SANService;Z-SAN Service;e:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2008-9-12 376891]
R3 AVGIDSDriver;AVGIDSDriver;e:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;e:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;e:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [2007-9-16 22784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda32.sys [2012-2-23 123712]
R3 UHSFilt;UHSFilt;e:\windows\system32\drivers\UHSFilt.sys [2012-2-2 2016768]
R3 ZetBus;Zetera Virtual Bus;e:\windows\system32\drivers\ZetBus.sys [2008-9-12 15488]
S0 ZetSFD;ZetSFD;e:\windows\system32\drivers\ZetSFD.sys [2008-9-12 12800]
S2 avgarcln;Bgsvcgen;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mksupdateint;Mfesmfk;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 ndasscsi;Sfvfs02;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2012-2-4 1691480]
S3 androidusb;ADB Interface Driver;e:\windows\system32\drivers\androidusb.sys [2011-7-31 25728]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;e:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-27 167264]
S3 CyUsb;Cypress Generic USB Driver;e:\windows\system32\drivers\CYUSB.sys [2008-6-13 31104]
S3 FlyUsb;FLY Fusion;e:\windows\system32\drivers\FlyUsb.sys [2012-1-9 18560]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\androidusb.sys [2011-7-31 25728]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;e:\windows\system32\drivers\rcblan.sys [2011-5-28 39704]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8192su.sys [2011-1-10 606056]
S3 Spyder3;Datacolor Spyder3;e:\windows\system32\drivers\Spyder3.sys [2008-9-8 12288]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZetMPD;ZetMPD;e:\windows\system32\drivers\ZetMPD.sys [2008-9-12 5120]
.
=============== Created Last 30 ================
.
2012-02-27 02:24:27 0 --sha-w- e:\windows\system32\dds_trash_log.cmd
2012-02-27 01:54:44 -------- d-----w- e:\documents and settings\john\local settings\application data\Aiseesoft Studio
2012-02-27 01:54:36 66944 ----a-w- e:\windows\system32\drivers\thdudf.sys
2012-02-27 01:54:31 -------- d-----w- e:\program files\Aiseesoft Studio
2012-02-27 01:54:31 -------- d-----w- e:\documents and settings\all users\application data\Aiseesoft Studio
2012-02-27 01:30:44 1837296 ----a-w- e:\windows\system32\WUDFUpdate_01009.dll
2012-02-27 01:30:42 1419232 ----a-w- e:\windows\system32\wdfcoinstaller01005.dll
2012-02-27 01:30:30 -------- d-----w- e:\program files\Acer Inc
2012-02-23 20:47:10 876864 ----a-w- e:\windows\system32\nvhdagenco3220103.dll
2012-02-23 20:47:10 27968 ----a-w- e:\windows\system32\nvhdap32.dll
2012-02-23 20:47:10 123712 ----a-w- e:\windows\system32\drivers\nvhda32.sys
2012-02-23 20:45:21 164160 ----a-w- e:\windows\system32\nvsvc32.exe
2012-02-23 20:45:21 143680 ----a-w- e:\windows\system32\nvcolor.exe
2012-02-23 20:45:20 15494464 ----a-w- e:\windows\system32\nvcpl.dll
2012-02-23 20:45:20 108352 ----a-w- e:\windows\system32\nvmctray.dll
2012-02-23 20:45:15 54272 ----a-w- e:\windows\system32\nvwddi.dll
2012-02-23 20:23:19 -------- d-----w- e:\program files\Phyxion.net
2012-02-17 00:13:26 -------- d-----w- e:\windows\system32\cache
2012-02-16 22:15:22 3072 -c----w- e:\windows\system32\dllcache\iacenc.dll
2012-02-16 22:15:22 3072 ------w- e:\windows\system32\iacenc.dll
2012-02-15 00:06:21 -------- d-----w- e:\documents and settings\all users\application data\AVG Secure Search
2012-02-15 00:06:16 -------- d-----w- e:\program files\common files\AVG Secure Search
2012-02-15 00:06:15 -------- d-----w- e:\program files\AVG Secure Search
2012-02-08 02:04:37 -------- d-----w- e:\documents and settings\john\local settings\application data\BigHugeEngine
2012-02-08 02:04:34 -------- d-----w- e:\documents and settings\all users\application data\EA Core
2012-02-08 02:04:32 -------- d-----w- e:\documents and settings\all users\application data\EA Logs
2012-02-08 02:03:15 -------- d--h--w- e:\program files\common files\EAInstaller
2012-02-08 01:29:17 -------- d-----w- e:\documents and settings\john\application data\Origin
2012-02-08 01:28:22 -------- d-----w- e:\documents and settings\john\local settings\application data\Origin
2012-02-08 01:28:04 -------- d-----w- e:\program files\Origin Games
2012-02-08 01:28:04 -------- d-----w- e:\documents and settings\all users\application data\Origin
2012-02-08 01:28:03 -------- d-----w- e:\documents and settings\all users\application data\Electronic Arts
2012-02-08 01:27:50 -------- d-----w- e:\program files\Origin
2012-02-04 16:03:47 701440 ----a-w- e:\windows\system32\cohelper.dll
2012-02-04 16:03:46 485920 ----a-w- e:\windows\system32\nvunrm.exe
2012-02-04 07:30:54 359016 ----a-w- e:\windows\vncutil.exe
2012-02-04 07:30:52 63592 ----a-w- e:\windows\system32\RtkCoInstXP.dll
2012-02-04 07:30:52 129640 ----a-w- e:\windows\RtkAudioService.exe
2012-02-04 07:30:51 1395800 ----a-w- e:\windows\system32\drivers\Monfilt.sys
2012-02-04 07:30:49 1691480 ----a-w- e:\windows\system32\drivers\Ambfilt.sys
2012-02-04 07:03:05 881984 ----a-w- e:\windows\system32\nvgenco32.dll
2012-02-04 07:03:05 18620416 ----a-w- e:\windows\system32\nvoglnt.dll
2012-02-04 07:03:05 1000256 ----a-w- e:\windows\system32\nvdispco32.dll
2012-02-04 07:03:04 5918720 ----a-w- e:\windows\system32\nvcuda.dll
2012-02-04 07:03:03 4309760 -c--a-w- e:\windows\system32\dllcache\nv4_disp.dll
2012-02-04 07:03:03 4309760 ----a-w- e:\windows\system32\nv4_disp.dll
2012-02-04 07:03:03 2292224 ----a-w- e:\windows\system32\nvapi.dll
2012-02-04 07:03:03 13415040 -c--a-w- e:\windows\system32\dllcache\nv4_mini.sys
2012-02-04 07:03:03 13415040 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2012-02-04 05:57:00 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-02-02 23:53:09 -------- d-----w- e:\documents and settings\john\local settings\application data\Creative
2012-02-02 23:38:34 2016768 ----a-w- e:\windows\system32\drivers\UHSFilt.sys
2012-02-02 23:38:34 197120 ----a-w- e:\windows\system32\UHScInst.dll
2012-02-02 23:38:33 892 ----a-w- e:\windows\FatWDef.reg
2012-02-02 23:38:33 782336 ----a-w- e:\windows\OALInst.exe
2012-02-02 23:38:33 77824 ----a-w- e:\windows\FatWDef.exe
2012-02-02 23:38:33 107008 ----a-w- e:\windows\system32\UHSSPI32.dll
2012-02-02 23:38:31 647872 ------w- e:\windows\system32\Mscomct2.ocx
2012-02-02 23:38:31 53248 ------w- e:\windows\Ctregrun.exe
2012-02-02 23:38:29 7062 ----a-w- e:\windows\system32\audiopid.vxd
2012-02-02 23:37:39 -------- d-----w- e:\program files\Creative
2012-02-02 23:34:22 60032 -c--a-w- e:\windows\system32\dllcache\usbaudio.sys
2012-02-02 23:34:22 60032 ----a-w- e:\windows\system32\drivers\USBAUDIO.sys
.
==================== Find3M ====================
.
2012-02-23 20:47:38 292700 ----a-w- e:\windows\system32\nvdrsdb0.bin
2012-02-23 20:47:38 1 ----a-w- e:\windows\system32\nvdrssel.bin
2012-02-23 20:47:30 292700 ----a-w- e:\windows\system32\nvdrsdb1.bin
2012-02-10 04:10:00 65536 ----a-w- e:\windows\system32\OpenCL.dll
2012-02-10 04:10:00 2522944 ----a-w- e:\windows\system32\nvcuvid.dll
2012-02-10 04:10:00 2437440 ----a-w- e:\windows\system32\nvcuvenc.dll
2012-02-10 04:10:00 17534976 ----a-w- e:\windows\system32\nvcompiler.dll
2012-02-02 23:38:42 413696 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-02 23:38:42 110592 ----a-w- e:\windows\system32\OpenAL32.dll
2012-01-12 16:53:24 1859968 ----a-w- e:\windows\system32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- e:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:46:36 916992 ----a-w- e:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- e:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- e:\windows\system32\html.iec
2011-12-10 21:24:06 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:33:24.48 ===============
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.26.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John :: REVX [administrator]
2/27/2012 5:41:49 AM
mbam-log-2012-02-27 (05-41-49).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 359820
Time elapsed: 1 hour(s), 19 minute(s), 48 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-27 18:30:20
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts3Port4Path0Target0Lun0 WDC_WD16 rev.20.0
Running: d83b1yl2.exe; Driver: E:\DOCUME~1\John\LOCALS~1\Temp\pxtdrpog.sys
---- System - GMER 1.0.15 ----
SSDT spkz.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spkz.sys ZwEnumerateValueKey [0xB7EC7030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\nvgts \Device\Scsi\nvgts2Port3Path1Target1Lun0 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts3Port4Path0Target0Lun0 8AB061F8
Device \Driver\a7ge2hac \Device\Scsi\a7ge2hac1 8A921500
Device \Driver\nvgts \Device\Scsi\nvgts1 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AB061F8
Device \Driver\nvgts \Device\Scsi\nvgts3 8AB061F8
Device \Driver\a7ge2hac \Device\Scsi\a7ge2hac1Port5Path0Target0Lun0 8A921500
Device \FileSystem\Ntfs \Ntfs 8AB051F8
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by John at 18:32:12 on 2012-02-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2097 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
E:\PROGRA~1\AVG\AVG10\avgchsvx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
E:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
E:\WINDOWS\System32\svchost.exe -k Akamai
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\AVG\AVG10\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\BUFFALO\NASNAVI\nassvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\Program Files\AVG\AVG10\avgnsx.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\Program Files\AVG\AVG10\avgemcx.exe
E:\WINDOWS\System32\ups.exe
E:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\Program Files\Razer\DeathAdder\razerhid.exe
E:\Program Files\AVG\AVG10\avgtray.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
E:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
E:\Program Files\Razer\DeathAdder\razertra.exe
E:\Program Files\AVG Secure Search\vprot.exe
E:\Program Files\Razer\DeathAdder\razerofa.exe
E:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
E:\WINDOWS\system32\RunDLL32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Windows Media Player\WMPNSCFG.exe
E:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
E:\WINDOWS\system32\SearchIndexer.exe
E:\Program Files\RNX-N180UBE 11n USB Wireless LAN Utility\RtWLan.exe
E:\Program Files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe
E:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
E:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
E:\Program Files\BUFFALO\NASNAVI\nassche.exe
E:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
E:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
E:\PROGRA~1\AVG\AVG10\avgrsx.exe
E:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - e:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - e:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - e:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] e:\program files\windows media player\WMPNSCFG.exe
mRun: [Launch LCDMon] "e:\program files\common files\logitech\lcd manager\lcdmon.exe"
mRun: [Launch LGDCore] "e:\program files\common files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [DeathAdder] e:\program files\razer\deathadder\razerhid.exe
mRun: [AVG_TRAY] e:\program files\avg\avg10\avgtray.exe
mRun: [UpdateLBPShortCut] "e:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdateP2GoShortCut] "e:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "e:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [UpdatePPShortCut] "e:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\powerproducer" updatewithcreateonce "software\cyberlink\powerproducer\5.0"
mRun: [UpdatePSTShortCut] "e:\program files\cyberlink\blu-ray disc suite\muitransfer\muistartmenu.exe" "e:\program files\cyberlink\blu-ray disc suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [CTAPR2] "e:\program files\creative\sound blaster tactic(3d)\sound blaster tactic(3d) control panel\CTAPR2.exe" /r
mRun: [vProt] "e:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "e:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /installquiet
StartupFolder: e:\docume~1\john\startm~1\programs\startup\buffal~1.lnk - e:\program files\buffalo\nasnavi\NasNavi.exe
StartupFolder: e:\docume~1\john\startm~1\programs\startup\nassch~1.lnk - e:\program files\buffalo\nasnavi\nassche.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\rnx-n1~1.lnk - e:\program files\rnx-n180ube 11n usb wireless lan utility\RtWLan.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\spyder~1.lnk - e:\program files\datacolor\spyder3express\utility\Spyder3Utility.exe
IE: E&xport to Microsoft Excel - e:\micros~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - e:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office11\REFIEBAR.DLL
LSP: e:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - hxxps://setup.bellsouth.net/wizlet/PWReset/static/controls/WebflowActiveXInstaller_4-2-1.cab
DPF: {3527C5BD-4A46-4362-94B6-12341D087A4B} - hxxp://roadrunnerrecords.echospin.com/wizard/files/esWizard.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187621116406
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} - hxxps://www.netchexonline.net/ActiveX/activexviewer.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - e:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - e:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - e:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "e:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;e:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;e:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 PzWDM;PzWDM;e:\windows\system32\drivers\PzWDM.sys [2010-5-29 15172]
R1 Avgldx86;AVG AVI Loader Driver;e:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;e:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;e:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 CLBStor;InstantBurn Storage Helper Driver;e:\windows\system32\drivers\CLBStor.sys [2011-1-10 15784]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/01/16 23:21:32];e:\program files\cyberlink\powerdvd8\000.fcl [2010-1-12 87536]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;e:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Akamai;Akamai NetSession Interface;e:\windows\system32\svchost.exe -k Akamai [2003-3-31 14336]
R2 AVGIDSAgent;AVGIDSAgent;e:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;e:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;e:\windows\system32\drivers\CLBUDF.sys [2011-1-10 163368]
R2 NasPmService;NAS PM Service;e:\program files\buffalo\nasnavi\nassvc.exe -service_execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> e:\program files\buffalo\nasnavi\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;e:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-4 2348352]
R2 PassThru Service;Internet Pass-Through Service;e:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices;e:\windows\system32\drivers\sfsz.sys [2008-9-12 345984]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;e:\windows\system32\drivers\thdudf.sys [2012-2-26 66944]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\viewpoint\common\ViewpointService.exe [2008-3-27 24652]
R2 vToolbarUpdater;vToolbarUpdater;e:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-2-16 909152]
R2 Z-SANService;Z-SAN Service;e:\program files\netgear\netgear storage central manager utility\Z-SANService.exe [2008-9-12 376891]
R3 AVGIDSDriver;AVGIDSDriver;e:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;e:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;e:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 DAdderFltr;DeathAdder Mouse;e:\windows\system32\drivers\dadder.sys [2007-9-16 22784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;e:\windows\system32\drivers\nvhda32.sys [2012-2-23 123712]
R3 UHSFilt;UHSFilt;e:\windows\system32\drivers\UHSFilt.sys [2012-2-2 2016768]
R3 ZetBus;Zetera Virtual Bus;e:\windows\system32\drivers\ZetBus.sys [2008-9-12 15488]
S0 ZetSFD;ZetSFD;e:\windows\system32\drivers\ZetSFD.sys [2008-9-12 12800]
S2 avgarcln;Bgsvcgen;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mksupdateint;Mfesmfk;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S2 ndasscsi;Sfvfs02;e:\windows\system32\svchost.exe -k netsvcs [2003-3-31 14336]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [2012-2-4 1691480]
S3 androidusb;ADB Interface Driver;e:\windows\system32\drivers\androidusb.sys [2011-7-31 25728]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;e:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-27 167264]
S3 CyUsb;Cypress Generic USB Driver;e:\windows\system32\drivers\CYUSB.sys [2008-6-13 31104]
S3 FlyUsb;FLY Fusion;e:\windows\system32\drivers\FlyUsb.sys [2012-1-9 18560]
S3 HTCAND32;HTC Device Driver;e:\windows\system32\drivers\androidusb.sys [2011-7-31 25728]
S3 htcnprot;HTC NDIS Protocol Driver;e:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
S3 RemoteControl-USBLAN;RemoteControl-USBLAN;e:\windows\system32\drivers\rcblan.sys [2011-5-28 39704]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;e:\windows\system32\drivers\RTL8192su.sys [2011-1-10 606056]
S3 Spyder3;Datacolor Spyder3;e:\windows\system32\drivers\Spyder3.sys [2008-9-8 12288]
S3 WinRM;Windows Remote Management (WS-Management);e:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZetMPD;ZetMPD;e:\windows\system32\drivers\ZetMPD.sys [2008-9-12 5120]
.
=============== Created Last 30 ================
.
2012-02-27 02:24:27 0 --sha-w- e:\windows\system32\dds_trash_log.cmd
2012-02-27 01:54:44 -------- d-----w- e:\documents and settings\john\local settings\application data\Aiseesoft Studio
2012-02-27 01:54:36 66944 ----a-w- e:\windows\system32\drivers\thdudf.sys
2012-02-27 01:54:31 -------- d-----w- e:\program files\Aiseesoft Studio
2012-02-27 01:54:31 -------- d-----w- e:\documents and settings\all users\application data\Aiseesoft Studio
2012-02-27 01:30:44 1837296 ----a-w- e:\windows\system32\WUDFUpdate_01009.dll
2012-02-27 01:30:42 1419232 ----a-w- e:\windows\system32\wdfcoinstaller01005.dll
2012-02-27 01:30:30 -------- d-----w- e:\program files\Acer Inc
2012-02-23 20:47:10 876864 ----a-w- e:\windows\system32\nvhdagenco3220103.dll
2012-02-23 20:47:10 27968 ----a-w- e:\windows\system32\nvhdap32.dll
2012-02-23 20:47:10 123712 ----a-w- e:\windows\system32\drivers\nvhda32.sys
2012-02-23 20:45:21 164160 ----a-w- e:\windows\system32\nvsvc32.exe
2012-02-23 20:45:21 143680 ----a-w- e:\windows\system32\nvcolor.exe
2012-02-23 20:45:20 15494464 ----a-w- e:\windows\system32\nvcpl.dll
2012-02-23 20:45:20 108352 ----a-w- e:\windows\system32\nvmctray.dll
2012-02-23 20:45:15 54272 ----a-w- e:\windows\system32\nvwddi.dll
2012-02-23 20:23:19 -------- d-----w- e:\program files\Phyxion.net
2012-02-17 00:13:26 -------- d-----w- e:\windows\system32\cache
2012-02-16 22:15:22 3072 -c----w- e:\windows\system32\dllcache\iacenc.dll
2012-02-16 22:15:22 3072 ------w- e:\windows\system32\iacenc.dll
2012-02-15 00:06:21 -------- d-----w- e:\documents and settings\all users\application data\AVG Secure Search
2012-02-15 00:06:16 -------- d-----w- e:\program files\common files\AVG Secure Search
2012-02-15 00:06:15 -------- d-----w- e:\program files\AVG Secure Search
2012-02-08 02:04:37 -------- d-----w- e:\documents and settings\john\local settings\application data\BigHugeEngine
2012-02-08 02:04:34 -------- d-----w- e:\documents and settings\all users\application data\EA Core
2012-02-08 02:04:32 -------- d-----w- e:\documents and settings\all users\application data\EA Logs
2012-02-08 02:03:15 -------- d--h--w- e:\program files\common files\EAInstaller
2012-02-08 01:29:17 -------- d-----w- e:\documents and settings\john\application data\Origin
2012-02-08 01:28:22 -------- d-----w- e:\documents and settings\john\local settings\application data\Origin
2012-02-08 01:28:04 -------- d-----w- e:\program files\Origin Games
2012-02-08 01:28:04 -------- d-----w- e:\documents and settings\all users\application data\Origin
2012-02-08 01:28:03 -------- d-----w- e:\documents and settings\all users\application data\Electronic Arts
2012-02-08 01:27:50 -------- d-----w- e:\program files\Origin
2012-02-04 16:03:47 701440 ----a-w- e:\windows\system32\cohelper.dll
2012-02-04 16:03:46 485920 ----a-w- e:\windows\system32\nvunrm.exe
2012-02-04 07:30:54 359016 ----a-w- e:\windows\vncutil.exe
2012-02-04 07:30:52 63592 ----a-w- e:\windows\system32\RtkCoInstXP.dll
2012-02-04 07:30:52 129640 ----a-w- e:\windows\RtkAudioService.exe
2012-02-04 07:30:51 1395800 ----a-w- e:\windows\system32\drivers\Monfilt.sys
2012-02-04 07:30:49 1691480 ----a-w- e:\windows\system32\drivers\Ambfilt.sys
2012-02-04 07:03:05 881984 ----a-w- e:\windows\system32\nvgenco32.dll
2012-02-04 07:03:05 18620416 ----a-w- e:\windows\system32\nvoglnt.dll
2012-02-04 07:03:05 1000256 ----a-w- e:\windows\system32\nvdispco32.dll
2012-02-04 07:03:04 5918720 ----a-w- e:\windows\system32\nvcuda.dll
2012-02-04 07:03:03 4309760 -c--a-w- e:\windows\system32\dllcache\nv4_disp.dll
2012-02-04 07:03:03 4309760 ----a-w- e:\windows\system32\nv4_disp.dll
2012-02-04 07:03:03 2292224 ----a-w- e:\windows\system32\nvapi.dll
2012-02-04 07:03:03 13415040 -c--a-w- e:\windows\system32\dllcache\nv4_mini.sys
2012-02-04 07:03:03 13415040 ----a-w- e:\windows\system32\drivers\nv4_mini.sys
2012-02-04 05:57:00 472808 ----a-w- e:\windows\system32\deployJava1.dll
2012-02-02 23:53:09 -------- d-----w- e:\documents and settings\john\local settings\application data\Creative
2012-02-02 23:38:34 2016768 ----a-w- e:\windows\system32\drivers\UHSFilt.sys
2012-02-02 23:38:34 197120 ----a-w- e:\windows\system32\UHScInst.dll
2012-02-02 23:38:33 892 ----a-w- e:\windows\FatWDef.reg
2012-02-02 23:38:33 782336 ----a-w- e:\windows\OALInst.exe
2012-02-02 23:38:33 77824 ----a-w- e:\windows\FatWDef.exe
2012-02-02 23:38:33 107008 ----a-w- e:\windows\system32\UHSSPI32.dll
2012-02-02 23:38:31 647872 ------w- e:\windows\system32\Mscomct2.ocx
2012-02-02 23:38:31 53248 ------w- e:\windows\Ctregrun.exe
2012-02-02 23:38:29 7062 ----a-w- e:\windows\system32\audiopid.vxd
2012-02-02 23:37:39 -------- d-----w- e:\program files\Creative
2012-02-02 23:34:22 60032 -c--a-w- e:\windows\system32\dllcache\usbaudio.sys
2012-02-02 23:34:22 60032 ----a-w- e:\windows\system32\drivers\USBAUDIO.sys
.
==================== Find3M ====================
.
2012-02-23 20:47:38 292700 ----a-w- e:\windows\system32\nvdrsdb0.bin
2012-02-23 20:47:38 1 ----a-w- e:\windows\system32\nvdrssel.bin
2012-02-23 20:47:30 292700 ----a-w- e:\windows\system32\nvdrsdb1.bin
2012-02-10 04:10:00 65536 ----a-w- e:\windows\system32\OpenCL.dll
2012-02-10 04:10:00 2522944 ----a-w- e:\windows\system32\nvcuvid.dll
2012-02-10 04:10:00 2437440 ----a-w- e:\windows\system32\nvcuvenc.dll
2012-02-10 04:10:00 17534976 ----a-w- e:\windows\system32\nvcompiler.dll
2012-02-02 23:38:42 413696 ----a-w- e:\windows\system32\wrap_oal.dll
2012-02-02 23:38:42 110592 ----a-w- e:\windows\system32\OpenAL32.dll
2012-01-12 16:53:24 1859968 ----a-w- e:\windows\system32\win32k.sys
2012-01-04 00:48:42 354176 ----a-w- e:\windows\system32\DivXControlPanelApplet.cpl
2011-12-17 19:46:36 916992 ----a-w- e:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- e:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- e:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- e:\windows\system32\html.iec
2011-12-10 21:24:06 20464 ----a-w- e:\windows\system32\drivers\mbam.sys
.
============= FINISH: 18:33:24.48 ===============