Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Repost to Gary R.AVG Free Finds/Secures/And Then Finds Again

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Repost to Gary R.AVG Free Finds/Secures/And Then Finds Again

Unread postby Raptor » June 28th, 2013, 10:50 am

Hello:
I have AVG Free and yesterday it found 7 threats which I secured. I then ran AVG again and it found 3-4 threats. I removed them and ran again. This time NO THREATS were found. I ran it again and 4 were found. Once more and 8 threats came up. What the heck?
Not all were full computer scans.
One time when I tried to secure the found threats, I was informed that they were NOT removed.
I have attached a copy (on Notepad) of all the info I could get. (I don't know where AVG keeps logs)
Please advise...This is a brand new copy of XP and I can't imagine where I got these things from.
Thank you.
Steve
You do not have the required permissions to view the files attached to this post.
Last edited by Raptor on June 28th, 2013, 1:44 pm, edited 1 time in total.
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)
Advertisement
Register to Remove

Re: AVG Free Finds/Secures/And Then Finds Again

Unread postby Gary R » June 28th, 2013, 11:19 am

May I draw your attention to THIS topic, which you should have read, that states what we need you to post, so we can help you.

Please read the topic and post me ....

  • DDS.txt.
  • Attach.txt.
  • Details of the problems you're experiencing.

If for any reason you can't run DDS, please let me know in your return post.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: AVG Free Finds/Secures/And Then Finds Again

Unread postby Raptor » June 28th, 2013, 12:03 pm

You are correct and I do apologize.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Administrator at 11:56:22 on 2013-06-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.419 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bennettenterprises.us/
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/wind ... 1561544293
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2180462955
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{E3A2F4E7-D153-44FA-BEF1-BE96EB14433C} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\d6hx8stl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bennettenterprises.us/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.3.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\tvuplayer\npTVUAx.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-06-18 10:37; avg@toolbar; c:\documents and settings\all users\application data\avg safeguard toolbar\firefoxext\15.3.0.11
FF - ExtSQL: 2013-06-18 18:14; firefox@tvunetworks.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\d6hx8stl.default\extensions\firefox@tvunetworks.com
FF - ExtSQL: 2013-06-20 21:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-8 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-2-8 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-18 37664]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2013-4-18 1227800]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-4-18 16024]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-28 15:34:27 -------- d-----w- c:\program files\ESET
2013-06-26 15:32:44 -------- d-----w- c:\windows\system32\cache
2013-06-26 14:48:25 -------- d-----w- c:\documents and settings\administrator\application data\Windows Search
2013-06-26 13:32:34 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2013-06-26 13:32:33 275696 ----a-w- c:\windows\system32\mucltui.dll
2013-06-25 18:57:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2013-06-25 18:57:21 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-06-25 18:53:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-06-25 18:53:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-06-25 18:53:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-06-25 18:53:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-06-25 18:53:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2013-06-25 18:49:30 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple
2013-06-25 18:48:58 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Apple Computer
2013-06-25 13:59:34 -------- d-----w- c:\program files\MSXML 4.0
2013-06-24 20:16:28 -------- d-----w- c:\program files\common files\HP
2013-06-24 20:15:54 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-06-24 20:14:13 278016 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
2013-06-24 20:14:13 118272 ----a-w- c:\windows\system32\hpz3l5mu.dll
2013-06-24 20:13:48 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-06-24 20:13:48 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-06-24 20:12:40 271704 ----a-w- c:\windows\system32\hpzids01.dll
2013-06-24 20:12:32 729088 ----a-w- c:\windows\system32\hpowiax7.dll
2013-06-24 20:12:32 581632 ----a-w- c:\windows\system32\hpotscl6.dll
2013-06-24 20:12:32 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2013-06-24 20:12:32 309760 ----a-w- c:\windows\system32\difxapi.dll
2013-06-24 20:12:32 303104 ----a-w- c:\windows\system32\hpovst15.dll
2013-06-24 18:49:22 -------- d-----w- c:\documents and settings\administrator\local settings\application data\ApplicationHistory
2013-06-24 18:28:26 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2013-06-24 18:28:24 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2013-06-24 18:28:20 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2013-06-24 18:27:14 -------- d-----w- c:\program files\HP
2013-06-24 18:27:05 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-06-24 18:27:05 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-06-24 18:26:56 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-06-24 18:26:56 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-06-24 15:17:11 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2013-06-24 14:45:59 -------- d-----w- c:\windows\system32\winrm
2013-06-24 14:44:59 -------- d-----w- c:\documents and settings\administrator\application data\Windows Desktop Search
2013-06-24 14:43:51 -------- d-----w- c:\program files\Windows Desktop Search
2013-06-24 14:43:50 -------- d-----w- c:\windows\system32\GroupPolicy
2013-06-24 14:42:10 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-06-24 14:42:09 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-06-24 14:42:07 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-06-24 14:41:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-06-24 14:40:37 -------- d-----w- c:\program files\Windows Media Connect 2
2013-06-24 14:36:57 -------- d-----w- c:\windows\system32\LogFiles
2013-06-24 14:33:26 -------- d-----w- c:\windows\system32\URTTEMP
2013-06-24 14:27:44 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-06-21 16:38:34 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sun
2013-06-21 15:46:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-21 15:46:17 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-21 15:46:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-21 15:46:06 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-21 00:58:31 -------- d-----w- c:\windows\system32\XPSViewer
2013-06-21 00:08:59 -------- d-----w- c:\documents and settings\administrator\local settings\application data\PCHealth
2013-06-20 19:18:29 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Identities
2013-06-19 22:41:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2013-06-19 22:40:22 -------- d-----w- c:\windows\SHELLNEW
2013-06-19 20:06:48 -------- d-----w- c:\program files\DVDVideoSoft
2013-06-19 20:06:48 -------- d-----w- c:\program files\common files\DVDVideoSoft
2013-06-19 20:06:48 -------- d-----w- c:\documents and settings\administrator\application data\DVDVideoSoft
2013-06-19 19:18:09 -------- d-----w- c:\windows\system32\appmgmt
2013-06-19 19:01:16 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-06-19 19:00:27 117760 ------w- c:\windows\system32\prntvpt.dll
2013-06-19 19:00:26 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2013-06-19 19:00:26 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2013-06-19 19:00:26 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2013-06-19 19:00:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2013-06-19 19:00:25 575488 ------w- c:\windows\system32\xpsshhdr.dll
2013-06-19 19:00:24 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2013-06-19 19:00:24 1676288 ------w- c:\windows\system32\xpssvcs.dll
2013-06-19 16:57:55 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2013-06-19 16:20:14 -------- d-----w- c:\documents and settings\all users\application data\TVU Networks
2013-06-19 16:20:14 -------- d-----w- c:\documents and settings\administrator\local settings\application data\TVU Networks
2013-06-19 15:59:23 135168 ----a-w- c:\windows\system32\igfxres.dll
2013-06-19 15:44:03 -------- d-----w- c:\program files\Free ISO Creator
2013-06-19 15:16:16 -------- d-----w- c:\program files\CCleaner
2013-06-19 15:07:37 -------- d-----w- c:\program files\ISOpen
2013-06-19 15:05:03 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-06-19 15:04:45 -------- d-----w- c:\program files\LSoft Technologies
2013-06-19 00:12:58 28552 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2013-06-19 00:12:58 28040 ----a-w- c:\windows\system32\mdimon.dll
2013-06-18 23:28:54 -------- d-----w- c:\program files\MSECache
2013-06-18 23:16:19 -------- d-----w- c:\documents and settings\administrator\application data\NCH Software
2013-06-18 23:13:39 -------- d-----w- c:\program files\common files\Real
2013-06-18 22:56:56 -------- d-----w- c:\program files\NCH Swift Sound
2013-06-18 22:29:54 -------- d-----w- c:\program files\SlySoft
2013-06-18 22:26:41 -------- d-----w- c:\program files\NCH Software
2013-06-18 22:24:23 -------- d-----w- c:\program files\GRETECH
2013-06-18 22:23:33 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Secunia PSI
2013-06-18 22:14:50 -------- d-----w- c:\documents and settings\administrator\LocalLow
2013-06-18 22:14:41 -------- d-----w- c:\program files\TVUPlayer
2013-06-18 22:14:11 -------- d-----w- c:\program files\SopCast
2013-06-18 21:57:56 -------- d-----w- c:\program files\Lavalys
2013-06-18 21:55:28 645632 ----a-w- c:\windows\system32\xvidcore.dll
2013-06-18 21:55:28 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2013-06-18 21:55:28 153088 ----a-w- c:\windows\system32\xvid.ax
2013-06-18 21:55:16 -------- d-----w- c:\program files\Xvid
2013-06-18 16:55:36 -------- d-----w- c:\program files\Secunia
2013-06-18 16:52:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-18 16:52:51 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-18 16:51:52 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Adobe
2013-06-18 16:47:37 -------- d-----w- c:\program files\VideoLAN
2013-06-18 16:33:40 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2013-06-18 16:24:55 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2013-06-18 16:24:55 -------- d-----w- c:\program files\Belarc
2013-06-18 15:41:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-06-18 15:38:41 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-06-18 15:38:41 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-06-18 15:37:12 290560 -c----w- c:\windows\system32\dllcache\atmfd.dll
2013-06-18 15:35:30 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2013-06-18 15:27:22 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-06-18 15:27:22 3072 ------w- c:\windows\system32\iacenc.dll
2013-06-18 15:23:32 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-06-18 15:23:23 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2013-06-18 15:22:54 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2013-06-18 15:18:06 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2013-06-18 15:17:39 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2013-06-18 15:17:31 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2013-06-18 15:16:58 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2013-06-18 15:16:57 978944 -c----w- c:\windows\system32\dllcache\mfc42.dll
2013-06-18 15:16:27 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2013-06-18 15:15:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2013-06-18 15:14:15 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2013-06-18 15:10:14 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2013-06-18 15:10:14 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2013-06-18 15:07:15 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2013-06-18 15:03:50 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2013-06-18 15:02:56 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-06-18 15:02:50 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2013-06-18 15:00:43 -------- d-----w- c:\windows\system32\PreInstall
2013-06-18 14:51:25 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2013-06-18 14:51:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2013-06-18 14:51:23 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2013-06-18 14:51:22 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-06-18 14:51:21 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-06-18 14:50:56 -------- d-sh--w- c:\documents and settings\administrator\IECompatCache
2013-06-18 14:49:42 -------- d-sh--w- c:\documents and settings\administrator\PrivacIE
2013-06-18 14:48:59 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2013-06-18 14:48:50 129872 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2013-06-18 14:48:49 -------- d-----w- c:\program files\SpywareBlaster
2013-06-18 14:47:29 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-06-18 14:47:15 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-18 14:47:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-18 14:47:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-18 14:45:50 -------- d-----w- c:\documents and settings\administrator\application data\AVG2013
2013-06-18 14:37:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\AVG SafeGuard toolbar
2013-06-18 14:37:31 -------- d-----w- c:\documents and settings\administrator\application data\TuneUp Software
2013-06-18 14:37:20 -------- d-----w- c:\documents and settings\all users\application data\AVG SafeGuard toolbar
2013-06-18 14:37:15 -------- d-----w- c:\documents and settings\administrator\application data\AVG SafeGuard toolbar
2013-06-18 14:37:10 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-18 14:37:04 -------- d-----w- c:\program files\common files\AVG Secure Search
2013-06-18 14:37:02 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-06-18 14:35:26 -------- d--h--w- C:\$AVG
2013-06-18 14:35:26 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-06-18 14:34:08 -------- d-----w- c:\program files\AVG
2013-06-18 14:31:09 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2013-06-18 14:31:08 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2013-06-18 14:31:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\MFAData
2013-06-18 14:31:08 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Avg2013
2013-06-18 14:24:11 -------- d-----w- c:\windows\ie8updates
2013-06-18 14:23:57 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-06-18 14:23:56 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-06-18 14:23:56 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-06-18 14:23:55 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-06-18 14:23:55 2005504 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-06-18 14:23:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-06-18 14:23:48 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-06-18 14:22:51 -------- d-sh--w- c:\documents and settings\administrator\IETldCache
2013-06-18 14:16:09 -------- dc-h--w- c:\windows\ie8
2013-06-18 13:52:24 -------- dc----w- c:\windows\ServicePackFiles
2013-06-18 13:51:59 294912 ------w- c:\program files\windows media player\dlimport.exe
2013-06-18 13:51:53 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-06-18 13:46:32 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-06-18 13:27:04 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Mozilla
2013-06-18 13:18:48 -------- d-sh--w- c:\documents and settings\administrator\UserData
2013-06-18 13:15:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2013-06-18 13:15:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-18 13:15:46 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
.
==================== Find3M ====================
.
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-01 07:59:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-18 13:55:52 16024 ----a-w- c:\windows\system32\drivers\psi_mf_x86.sys
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:57:43.08 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/17/2013 3:28:56 PM
System Uptime: 6/28/2013 9:03:58 AM (2 hours ago)
.
Motherboard: Dell Computer Corporation | | 0F3553
Processor: Mobile Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2797/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 28 GiB total, 15.926 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP42: 6/25/2013 2:51:46 PM - Installed QuickTime
RP43: 6/26/2013 10:00:40 AM - Software Distribution Service 3.0
RP44: 6/26/2013 11:24:45 AM - Software Distribution Service 3.0
RP45: 6/27/2013 2:45:23 PM - Software Distribution Service 3.0
RP46: 6/27/2013 3:17:42 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Active@ ISO Burner
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Apple Application Support
Apple Software Update
AVG 2013
BCM V.92 56K Modem
Belarc Advisor 8.3
Broadcom 440x 10/100 Integrated Controller
C-Major Audio
CCleaner
CloneCD
Compatibility Pack for the 2007 Office system
Dell Wireless WLAN Card
DJ_AIO_03_F4200_Software_Min
ESET Online Scanner v3
EVEREST Home Edition v2.20
Express Burn Disc Burning Software
Express Zip
Free ISO Creator version 2.8
Free YouTube Download version 3.2.3.610
GOM Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Deskjet F4200 All-In-One Driver 11.0 03
Intel(R) Extreme Graphics 2 Driver
ISOpen V4.5
Java 7 Update 25
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft PowerPoint Viewer
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Prism Video Converter
QuickTime
Scan
Secunia PSI (3.0.0.7009)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
SopCast 3.2.9
SpywareBlaster 5.0
Switch Sound File Converter
Toolbox
TVUPlayer 2.5.3.1
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
VLC media player 2.0.7
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 5.00 beta 5 (32-bit)
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
6/27/2013 12:37:06 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
6/25/2013 9:42:00 AM, error: Dhcp [1002] - The IP address lease 192.168.0.166 for the Network Card with network address 000B7D154E9E has been denied by the DHCP server 172.20.225.5 (The DHCP Server sent a DHCPNACK message).
6/25/2013 5:26:18 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
6/24/2013 9:04:14 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E3A2F4E7-D153-44FA-BEF1-BE96EB14433C} because another computer on the network has the same name. The server could not start.
6/24/2013 11:15:20 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
6/24/2013 11:15:20 AM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
Sometimes my computer freezes up and other times it loads slowly. I did have redirection problems before running AVG Free but that now seems to be gone.
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Gary R » June 28th, 2013, 5:13 pm

No obvious signs of infection in your DDS logs.

I'd like you to run a couple of extra scans for me ....

First

Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:filefind
spbh.sys

:Regfind
spbh.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • SystemLook.txt
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » June 28th, 2013, 8:50 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 19:09 on 28/06/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "spbh.sys"
No files found.

========== Regfind ==========

Searching for "spbh.sys"
No data found.

-= EOF =-
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » June 28th, 2013, 8:50 pm

C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload(1).exe Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload.exe Win32/OpenCandy application
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\windows live messenger setup.exe a variant of Win32/Soft32Downloader.D application
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Gary R » June 29th, 2013, 1:23 am

Still no real signs of infection on your computer. The files flagged by E-Set look like installers to me, so their "detections" are probably heuristic.

But just in case the files are "dodgy", it's probably best to delete them.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload(1).exe
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload.exe
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\windows live messenger setup.exe
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » July 1st, 2013, 11:02 am

Thank yo so much for your help on this, Gary. We are having a lot of rain and flooding here so the Internet is on and off. Hence my delayed response.
=====================================================================================
All processes killed
========== FILES ==========
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload(1).exe

moved successfully.
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\FreeYouTubeDownload.exe

moved successfully.
C:\Documents and Settings\Administrator\My Documents\DOWNLOADS\windows live messenger

setup.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 640273640 bytes
->Temporary Internet Files folder emptied: 36980974 bytes
->FireFox cache emptied: 93799996 bytes
->Flash cache emptied: 1606 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41477390 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder

emptied: 33170 bytes
RecycleBin emptied: 215957126 bytes

Total Files Cleaned = 981.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 07012013_104730

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet

Files\Content.IE5\K7MYVTBH\i[1] moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Gary R » July 1st, 2013, 12:58 pm

As far as I can see, anything even remotely "dodgy" has now been removed from your machine.

How is your computer behaving now ?

Are you still getting flagged by AVG ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » July 1st, 2013, 6:54 pm

So far, no freezing but still slow at times. Just ran a full scan (AVG) and got 8 flags. I have heard of "false positives" but 8?!?!?
I keep my AVG...Mbam and Spyblaster updated daily and I run (Secunia) PSI Software Security Check weekly so you can understand how 8 flags get me upset. Anyway, I have included the AVG Log file below. NOTE: I HAVE NOT REMOVED ANY OF THESE FLAGS...WAITING FOR INSTRUCTIONS.
Thank you.
Steve
===================================================================================
"Whole Computer Scan"
"Medium priority";"8";"0";"8"
"Folders selected for scanning:";"Scan Whole Computer"
"Started:";"7/1/2013, 6:11:37 PM"
"Finished:";"7/1/2013, 6:45:11 PM"
"Total object scanned:";"550045"
"User who launched the scan:";"Administrator"

"Status";"Priority";"Name";"Description";"Result"
"Infected";"Medium";"pci.sys, hooked import ntoskrnl.exe IoDetachDevice -> spmi.sys +0x2CDDC";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"atapi.sys, hooked import HAL.dll READ_PORT_USHORT -> spmi.sys +0x20C0";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"pci.sys, hooked import ntoskrnl.exe IoAttachDeviceToDeviceStack -> spmi.sys +0x2CE30";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"atapi.sys, hooked import HAL.dll WRITE_PORT_BUFFER_USHORT -> spmi.sys +0x2800";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"i8042prt.sys, hooked import HAL.dll READ_PORT_UCHAR -> spmi.sys +0x11B90";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"atapi.sys, hooked import HAL.dll READ_PORT_UCHAR -> spmi.sys +0x2042";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"atapi.sys, hooked import HAL.dll READ_PORT_BUFFER_USHORT -> spmi.sys +0x213E";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
"Infected";"Medium";"atapi.sys, hooked import HAL.dll WRITE_PORT_UCHAR -> spmi.sys +0x26D6";"C:\WINDOWS\system32\drivers\spmi.sys";"Infected"
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Gary R » July 2nd, 2013, 1:08 am

OK, don't remove anything with AVG, we need to look at what it found.

First

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:File
C:\WINDOWS\system32\drivers\spmi.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT

Next

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Summary of the logs I need from you in your next post:
  • SystemLook.txt
  • TDSSKiller log
  • GMER log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » July 2nd, 2013, 12:03 pm

Thank you - 3 logs as instructed - POSTED SEPARATELY.
FYI: I have a reinstall XP disk which I prefer not to have to use but I thought you should know.
============================================================================
SystemLook 04.09.10 by jpshortstuff
Log created at 10:08 on 02/07/2013 by Administrator
Administrator - Elevation successful

========== File ==========

C:\WINDOWS\system32\drivers\spmi.sys - Unable to find/read file.

-= EOF =-
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » July 2nd, 2013, 12:04 pm

10:11:57.0773 2540 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:11:58.0324 2540 ============================================================
10:11:58.0324 2540 Current date / time: 2013/07/02 10:11:58.0324
10:11:58.0324 2540 SystemInfo:
10:11:58.0334 2540
10:11:58.0334 2540 OS Version: 5.1.2600 ServicePack: 3.0
10:11:58.0334 2540 Product type: Workstation
10:11:58.0334 2540 ComputerName: STEPHEN
10:11:58.0334 2540 UserName: Administrator
10:11:58.0334 2540 Windows directory: C:\WINDOWS
10:11:58.0334 2540 System windows directory: C:\WINDOWS
10:11:58.0334 2540 Processor architecture: Intel x86
10:11:58.0334 2540 Number of processors: 1
10:11:58.0334 2540 Page size: 0x1000
10:11:58.0334 2540 Boot type: Normal boot
10:11:58.0334 2540 ============================================================
10:12:00.0567 2540 Drive \Device\Harddisk0\DR0 - Size: 0x6FC7C8000 (27.95 Gb), SectorSize: 0x200, Cylinders: 0xE40, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:12:00.0567 2540 ============================================================
10:12:00.0567 2540 \Device\Harddisk0\DR0:
10:12:00.0567 2540 MBR partitions:
10:12:00.0567 2540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37DFF40
10:12:00.0567 2540 ============================================================
10:12:00.0617 2540 C: <-> \Device\Harddisk0\DR0\Partition1
10:12:00.0617 2540 ============================================================
10:12:00.0617 2540 Initialize success
10:12:00.0617 2540 ============================================================
10:12:04.0432 1524 ============================================================
10:12:04.0432 1524 Scan started
10:12:04.0432 1524 Mode: Manual;
10:12:04.0432 1524 ============================================================
10:12:06.0305 1524 ================ Scan system memory ========================
10:12:06.0315 1524 System memory - ok
10:12:06.0315 1524 ================ Scan services =============================
10:12:06.0525 1524 Abiosdsk - ok
10:12:06.0545 1524 abp480n5 - ok
10:12:06.0686 1524 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:12:06.0696 1524 ACPI - ok
10:12:06.0756 1524 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
10:12:06.0756 1524 ACPIEC - ok
10:12:06.0896 1524 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:12:06.0926 1524 AdobeFlashPlayerUpdateSvc - ok
10:12:06.0946 1524 adpu160m - ok
10:12:07.0056 1524 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
10:12:07.0056 1524 aec - ok
10:12:07.0136 1524 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
10:12:07.0146 1524 AFD - ok
10:12:07.0156 1524 Aha154x - ok
10:12:07.0176 1524 aic78u2 - ok
10:12:07.0196 1524 aic78xx - ok
10:12:07.0247 1524 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
10:12:07.0247 1524 Alerter - ok
10:12:07.0287 1524 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
10:12:07.0297 1524 ALG - ok
10:12:07.0307 1524 AliIde - ok
10:12:07.0327 1524 amsint - ok
10:12:07.0387 1524 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
10:12:07.0397 1524 AppMgmt - ok
10:12:07.0417 1524 asc - ok
10:12:07.0427 1524 asc3350p - ok
10:12:07.0447 1524 asc3550 - ok
10:12:07.0577 1524 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
10:12:07.0577 1524 aspnet_state - ok
10:12:07.0607 1524 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:12:07.0607 1524 AsyncMac - ok
10:12:07.0647 1524 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
10:12:07.0647 1524 atapi - ok
10:12:07.0667 1524 Atdisk - ok
10:12:07.0707 1524 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:12:07.0717 1524 Atmarpc - ok
10:12:07.0777 1524 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
10:12:07.0777 1524 AudioSrv - ok
10:12:07.0867 1524 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
10:12:07.0867 1524 audstub - ok
10:12:08.0759 1524 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:12:09.0139 1524 AVGIDSAgent - ok
10:12:09.0189 1524 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
10:12:09.0199 1524 AVGIDSDriver - ok
10:12:09.0269 1524 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\WINDOWS\system32\DRIVERS\avgidshx.sys
10:12:09.0279 1524 AVGIDSHX - ok
10:12:09.0309 1524 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
10:12:09.0309 1524 AVGIDSShim - ok
10:12:09.0360 1524 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
10:12:09.0360 1524 Avgldx86 - ok
10:12:09.0390 1524 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\WINDOWS\system32\DRIVERS\avglogx.sys
10:12:09.0400 1524 Avglogx - ok
10:12:09.0440 1524 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
10:12:09.0440 1524 Avgmfx86 - ok
10:12:09.0480 1524 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
10:12:09.0480 1524 Avgrkx86 - ok
10:12:09.0540 1524 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\WINDOWS\system32\DRIVERS\avgtdix.sys
10:12:09.0550 1524 Avgtdix - ok
10:12:09.0620 1524 [ 8DCD8B53E5935D9AF52CB62FD2B965B5 ] avgtp C:\WINDOWS\system32\drivers\avgtpx86.sys
10:12:09.0620 1524 avgtp - ok
10:12:09.0670 1524 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:12:09.0680 1524 avgwd - ok
10:12:09.0730 1524 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
10:12:09.0770 1524 BANTExt - ok
10:12:09.0890 1524 [ BF84C5CAB6392BB4EF01248287F69388 ] BCM43XX C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:12:09.0900 1524 BCM43XX - ok
10:12:09.0940 1524 [ E727776A56A51B7E6B7C87C02EA8B405 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
10:12:09.0940 1524 bcm4sbxp - ok
10:12:10.0181 1524 [ 41347688046D49CDE0F6D138A534F73D ] BCMModem C:\WINDOWS\system32\DRIVERS\BCMSM.sys
10:12:10.0271 1524 BCMModem - ok
10:12:10.0331 1524 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
10:12:10.0331 1524 Beep - ok
10:12:10.0401 1524 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
10:12:10.0421 1524 BITS - ok
10:12:10.0471 1524 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
10:12:10.0481 1524 Browser - ok
10:12:10.0551 1524 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
10:12:10.0561 1524 cbidf2k - ok
10:12:10.0581 1524 cd20xrnt - ok
10:12:10.0641 1524 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
10:12:10.0651 1524 Cdaudio - ok
10:12:10.0711 1524 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
10:12:10.0711 1524 Cdfs - ok
10:12:10.0742 1524 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:12:10.0752 1524 Cdrom - ok
10:12:10.0792 1524 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
10:12:10.0812 1524 cercsr6 - ok
10:12:10.0832 1524 Changer - ok
10:12:10.0882 1524 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
10:12:10.0882 1524 CiSvc - ok
10:12:10.0922 1524 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
10:12:10.0922 1524 ClipSrv - ok
10:12:10.0972 1524 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:12:10.0982 1524 clr_optimization_v2.0.50727_32 - ok
10:12:11.0092 1524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:12:11.0092 1524 clr_optimization_v4.0.30319_32 - ok
10:12:11.0162 1524 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:12:11.0162 1524 CmBatt - ok
10:12:11.0172 1524 CmdIde - ok
10:12:11.0192 1524 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:12:11.0202 1524 Compbatt - ok
10:12:11.0212 1524 COMSysApp - ok
10:12:11.0242 1524 Cpqarray - ok
10:12:11.0302 1524 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
10:12:11.0312 1524 CryptSvc - ok
10:12:11.0322 1524 dac2w2k - ok
10:12:11.0332 1524 dac960nt - ok
10:12:11.0423 1524 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
10:12:11.0433 1524 DcomLaunch - ok
10:12:11.0493 1524 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
10:12:11.0503 1524 Dhcp - ok
10:12:11.0533 1524 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
10:12:11.0533 1524 Disk - ok
10:12:11.0553 1524 dmadmin - ok
10:12:11.0643 1524 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
10:12:11.0663 1524 dmboot - ok
10:12:11.0683 1524 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
10:12:11.0693 1524 dmio - ok
10:12:11.0713 1524 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
10:12:11.0723 1524 dmload - ok
10:12:11.0773 1524 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
10:12:11.0773 1524 dmserver - ok
10:12:11.0833 1524 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
10:12:11.0833 1524 DMusic - ok
10:12:11.0903 1524 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
10:12:11.0903 1524 Dnscache - ok
10:12:11.0973 1524 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
10:12:11.0983 1524 Dot3svc - ok
10:12:11.0993 1524 dpti2o - ok
10:12:12.0013 1524 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
10:12:12.0013 1524 drmkaud - ok
10:12:12.0053 1524 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
10:12:12.0063 1524 EapHost - ok
10:12:12.0114 1524 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
10:12:12.0114 1524 ElbyCDFL - ok
10:12:12.0154 1524 [ 178CC9403816C082D22A1D47FA1F9C85 ] ElbyCDIO C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
10:12:12.0154 1524 ElbyCDIO - ok
10:12:12.0204 1524 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
10:12:12.0214 1524 ERSvc - ok
10:12:12.0274 1524 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
10:12:12.0274 1524 Eventlog - ok
10:12:12.0354 1524 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
10:12:12.0364 1524 EventSystem - ok
10:12:12.0444 1524 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
10:12:12.0444 1524 Fastfat - ok
10:12:12.0494 1524 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
10:12:12.0504 1524 FastUserSwitchingCompatibility - ok
10:12:12.0534 1524 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
10:12:12.0534 1524 Fdc - ok
10:12:12.0564 1524 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
10:12:12.0574 1524 Fips - ok
10:12:12.0594 1524 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
10:12:12.0594 1524 Flpydisk - ok
10:12:12.0664 1524 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
10:12:12.0674 1524 FltMgr - ok
10:12:12.0764 1524 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
10:12:12.0764 1524 FontCache3.0.0.0 - ok
10:12:12.0804 1524 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:12:12.0815 1524 Fs_Rec - ok
10:12:12.0885 1524 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:12:12.0885 1524 Ftdisk - ok
10:12:12.0975 1524 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:12:12.0985 1524 Gpc - ok
10:12:13.0155 1524 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
10:12:13.0155 1524 helpsvc - ok
10:12:13.0175 1524 HidServ - ok
10:12:13.0225 1524 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:12:13.0235 1524 HidUsb - ok
10:12:13.0285 1524 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
10:12:13.0285 1524 hkmsvc - ok
10:12:13.0305 1524 hpn - ok
10:12:13.0365 1524 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
10:12:13.0425 1524 HPZid412 - ok
10:12:13.0465 1524 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
10:12:13.0495 1524 HPZipr12 - ok
10:12:13.0546 1524 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
10:12:13.0576 1524 HPZius12 - ok
10:12:13.0646 1524 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
10:12:13.0656 1524 HTTP - ok
10:12:13.0716 1524 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
10:12:13.0726 1524 HTTPFilter - ok
10:12:13.0736 1524 i2omgmt - ok
10:12:13.0756 1524 i2omp - ok
10:12:13.0796 1524 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:12:13.0806 1524 i8042prt - ok
10:12:13.0956 1524 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
10:12:14.0437 1524 ialm - ok
10:12:14.0607 1524 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:12:14.0637 1524 idsvc - ok
10:12:14.0687 1524 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
10:12:14.0697 1524 Imapi - ok
10:12:14.0777 1524 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
10:12:14.0787 1524 ImapiService - ok
10:12:14.0807 1524 ini910u - ok
10:12:14.0857 1524 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
10:12:14.0857 1524 IntelIde - ok
10:12:14.0928 1524 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:12:14.0928 1524 intelppm - ok
10:12:14.0968 1524 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
10:12:14.0978 1524 Ip6Fw - ok
10:12:15.0068 1524 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:12:15.0068 1524 IpFilterDriver - ok
10:12:15.0098 1524 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:12:15.0108 1524 IpInIp - ok
10:12:15.0158 1524 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:12:15.0168 1524 IpNat - ok
10:12:15.0238 1524 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:12:15.0248 1524 IPSec - ok
10:12:15.0278 1524 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
10:12:15.0288 1524 IRENUM - ok
10:12:15.0338 1524 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:12:15.0338 1524 isapnp - ok
10:12:15.0468 1524 [ 4F4D4AA1E0849FECC0CF5AACD59030B5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
10:12:15.0468 1524 JavaQuickStarterService - ok
10:12:15.0518 1524 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:12:15.0518 1524 Kbdclass - ok
10:12:15.0599 1524 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
10:12:15.0599 1524 kmixer - ok
10:12:15.0689 1524 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
10:12:15.0689 1524 KSecDD - ok
10:12:15.0749 1524 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
10:12:15.0759 1524 lanmanserver - ok
10:12:15.0819 1524 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
10:12:15.0839 1524 lanmanworkstation - ok
10:12:15.0859 1524 lbrtfdc - ok
10:12:15.0939 1524 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
10:12:15.0949 1524 LmHosts - ok
10:12:16.0049 1524 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
10:12:16.0049 1524 Messenger - ok
10:12:16.0149 1524 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
10:12:16.0149 1524 mnmdd - ok
10:12:16.0209 1524 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
10:12:16.0219 1524 mnmsrvc - ok
10:12:16.0269 1524 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
10:12:16.0279 1524 Modem - ok
10:12:16.0310 1524 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:12:16.0310 1524 Mouclass - ok
10:12:16.0370 1524 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:12:16.0370 1524 mouhid - ok
10:12:16.0400 1524 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
10:12:16.0400 1524 MountMgr - ok
10:12:16.0480 1524 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:12:16.0490 1524 MozillaMaintenance - ok
10:12:16.0500 1524 mraid35x - ok
10:12:16.0520 1524 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:12:16.0530 1524 MRxDAV - ok
10:12:16.0630 1524 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:12:16.0640 1524 MRxSmb - ok
10:12:16.0700 1524 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
10:12:16.0710 1524 MSDTC - ok
10:12:16.0740 1524 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
10:12:16.0740 1524 Msfs - ok
10:12:16.0760 1524 MSIServer - ok
10:12:16.0800 1524 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:12:16.0800 1524 MSKSSRV - ok
10:12:16.0820 1524 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:12:16.0830 1524 MSPCLOCK - ok
10:12:16.0860 1524 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
10:12:16.0860 1524 MSPQM - ok
10:12:16.0910 1524 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:12:16.0910 1524 mssmbios - ok
10:12:16.0981 1524 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
10:12:17.0001 1524 Mup - ok
10:12:17.0171 1524 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
10:12:17.0181 1524 napagent - ok
10:12:17.0241 1524 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
10:12:17.0251 1524 NDIS - ok
10:12:17.0281 1524 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:12:17.0281 1524 NdisTapi - ok
10:12:17.0351 1524 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:12:17.0351 1524 Ndisuio - ok
10:12:17.0371 1524 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:12:17.0381 1524 NdisWan - ok
10:12:17.0441 1524 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
10:12:17.0441 1524 NDProxy - ok
10:12:17.0501 1524 [ 949941E4DE88DF1FAF49A4B3CFFB756F ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
10:12:17.0511 1524 Net Driver HPZ12 - ok
10:12:17.0571 1524 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
10:12:17.0571 1524 NetBIOS - ok
10:12:17.0611 1524 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
10:12:17.0621 1524 NetBT - ok
10:12:17.0682 1524 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
10:12:17.0692 1524 NetDDE - ok
10:12:17.0702 1524 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
10:12:17.0712 1524 NetDDEdsdm - ok
10:12:17.0772 1524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
10:12:17.0772 1524 Netlogon - ok
10:12:17.0832 1524 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
10:12:17.0842 1524 Netman - ok
10:12:17.0902 1524 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:12:17.0902 1524 NetTcpPortSharing - ok
10:12:17.0962 1524 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
10:12:17.0972 1524 Nla - ok
10:12:18.0062 1524 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
10:12:18.0062 1524 Npfs - ok
10:12:18.0252 1524 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
10:12:18.0312 1524 Ntfs - ok
10:12:18.0342 1524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
10:12:18.0342 1524 NtLmSsp - ok
10:12:18.0433 1524 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
10:12:18.0443 1524 NtmsSvc - ok
10:12:18.0493 1524 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
10:12:18.0493 1524 Null - ok
10:12:18.0573 1524 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:12:18.0583 1524 NwlnkFlt - ok
10:12:18.0603 1524 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:12:18.0613 1524 NwlnkFwd - ok
10:12:18.0703 1524 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:12:18.0703 1524 ose - ok
10:12:18.0793 1524 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
10:12:18.0793 1524 Parport - ok
10:12:18.0823 1524 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
10:12:18.0823 1524 PartMgr - ok
10:12:18.0883 1524 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
10:12:18.0883 1524 ParVdm - ok
10:12:18.0903 1524 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
10:12:18.0903 1524 PCI - ok
10:12:18.0923 1524 PCIDump - ok
10:12:18.0953 1524 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
10:12:18.0953 1524 PCIIde - ok
10:12:19.0013 1524 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
10:12:19.0023 1524 Pcmcia - ok
10:12:19.0053 1524 PDCOMP - ok
10:12:19.0084 1524 PDFRAME - ok
10:12:19.0114 1524 PDRELI - ok
10:12:19.0134 1524 PDRFRAME - ok
10:12:19.0154 1524 perc2 - ok
10:12:19.0184 1524 perc2hib - ok
10:12:19.0274 1524 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
10:12:19.0274 1524 PlugPlay - ok
10:12:19.0314 1524 [ 2F4CA141A609CAF5C98F6E4760EF1B9B ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
10:12:19.0314 1524 Pml Driver HPZ12 - ok
10:12:19.0334 1524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
10:12:19.0334 1524 PolicyAgent - ok
10:12:19.0364 1524 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:12:19.0374 1524 PptpMiniport - ok
10:12:19.0384 1524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
10:12:19.0384 1524 ProtectedStorage - ok
10:12:19.0404 1524 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
10:12:19.0404 1524 PSched - ok
10:12:19.0454 1524 [ 68B57D7C11277EA89F78255480376B4D ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys
10:12:19.0454 1524 PSI - ok
10:12:19.0484 1524 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:12:19.0484 1524 Ptilink - ok
10:12:19.0494 1524 ql1080 - ok
10:12:19.0514 1524 Ql10wnt - ok
10:12:19.0524 1524 ql12160 - ok
10:12:19.0544 1524 ql1240 - ok
10:12:19.0564 1524 ql1280 - ok
10:12:19.0584 1524 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:12:19.0594 1524 RasAcd - ok
10:12:19.0654 1524 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
10:12:19.0664 1524 RasAuto - ok
10:12:19.0704 1524 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:12:19.0704 1524 Rasl2tp - ok
10:12:19.0765 1524 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
10:12:19.0775 1524 RasMan - ok
10:12:19.0795 1524 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:12:19.0805 1524 RasPppoe - ok
10:12:19.0835 1524 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
10:12:19.0845 1524 Raspti - ok
10:12:19.0975 1524 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:12:19.0975 1524 Rdbss - ok
10:12:20.0105 1524 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:12:20.0125 1524 RDPCDD - ok
10:12:20.0195 1524 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:12:20.0245 1524 rdpdr - ok
10:12:20.0315 1524 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
10:12:20.0345 1524 RDPWD - ok
10:12:20.0425 1524 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
10:12:20.0496 1524 RDSessMgr - ok
10:12:20.0546 1524 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
10:12:20.0616 1524 redbook - ok
10:12:20.0686 1524 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
10:12:20.0716 1524 RemoteAccess - ok
10:12:20.0746 1524 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
10:12:20.0796 1524 RemoteRegistry - ok
10:12:20.0846 1524 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
10:12:20.0886 1524 RpcLocator - ok
10:12:20.0976 1524 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
10:12:20.0976 1524 RpcSs - ok
10:12:21.0096 1524 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
10:12:21.0146 1524 RSVP - ok
10:12:21.0187 1524 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
10:12:21.0197 1524 SamSs - ok
10:12:21.0267 1524 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
10:12:21.0297 1524 SCardSvr - ok
10:12:21.0367 1524 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
10:12:21.0407 1524 Schedule - ok
10:12:21.0487 1524 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:12:21.0487 1524 Secdrv - ok
10:12:21.0537 1524 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
10:12:21.0537 1524 seclogon - ok
10:12:21.0707 1524 [ 86C9FD4982D0BEAEDF0C8BBF02AA148B ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
10:12:21.0827 1524 Secunia PSI Agent - ok
10:12:21.0878 1524 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
10:12:21.0888 1524 SENS - ok
10:12:21.0948 1524 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
10:12:21.0958 1524 Serial - ok
10:12:22.0158 1524 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
10:12:22.0168 1524 Sfloppy - ok
10:12:22.0388 1524 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
10:12:22.0418 1524 SharedAccess - ok
10:12:22.0488 1524 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
10:12:22.0498 1524 ShellHWDetection - ok
10:12:22.0508 1524 Simbad - ok
10:12:23.0650 1524 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:12:23.0941 1524 Skype C2C Service - ok
10:12:24.0051 1524 [ 4E8A4BB5B11D828FF986F6228B1CD3DF ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:12:24.0091 1524 SkypeUpdate - ok
10:12:24.0131 1524 Sparrow - ok
10:12:24.0161 1524 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
10:12:24.0181 1524 splitter - ok
10:12:24.0251 1524 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
10:12:24.0351 1524 Spooler - ok
10:12:24.0471 1524 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
10:12:24.0491 1524 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
10:12:24.0491 1524 sptd ( LockedFile.Multi.Generic ) - warning
10:12:24.0511 1524 sptd - detected LockedFile.Multi.Generic (1)
10:12:24.0561 1524 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
10:12:24.0561 1524 sr - ok
10:12:24.0621 1524 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
10:12:24.0642 1524 srservice - ok
10:12:24.0812 1524 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
10:12:24.0832 1524 Srv - ok
10:12:24.0912 1524 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
10:12:24.0912 1524 SSDPSRV - ok
10:12:25.0052 1524 [ 5813D453EF8CE49D607C255CF128ACEB ] STAC97 C:\WINDOWS\system32\drivers\stac97.sys
10:12:25.0082 1524 STAC97 - ok
10:12:25.0182 1524 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
10:12:25.0272 1524 stisvc - ok
10:12:25.0322 1524 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
10:12:25.0333 1524 swenum - ok
10:12:25.0423 1524 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
10:12:25.0433 1524 swmidi - ok
10:12:25.0453 1524 SwPrv - ok
10:12:25.0473 1524 symc810 - ok
10:12:25.0493 1524 symc8xx - ok
10:12:25.0503 1524 sym_hi - ok
10:12:25.0523 1524 sym_u3 - ok
10:12:25.0563 1524 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
10:12:25.0573 1524 sysaudio - ok
10:12:25.0633 1524 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
10:12:25.0693 1524 SysmonLog - ok
10:12:25.0743 1524 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
10:12:25.0753 1524 TapiSrv - ok
10:12:25.0813 1524 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:12:25.0823 1524 Tcpip - ok
10:12:25.0873 1524 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
10:12:25.0873 1524 TDPIPE - ok
10:12:25.0903 1524 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
10:12:25.0903 1524 TDTCP - ok
10:12:25.0953 1524 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
10:12:25.0953 1524 TermDD - ok
10:12:26.0034 1524 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
10:12:26.0044 1524 TermService - ok
10:12:26.0074 1524 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
10:12:26.0074 1524 Themes - ok
10:12:26.0134 1524 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
10:12:26.0134 1524 TlntSvr - ok
10:12:26.0154 1524 TosIde - ok
10:12:26.0214 1524 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
10:12:26.0224 1524 TrkWks - ok
10:12:26.0264 1524 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
10:12:26.0274 1524 Udfs - ok
10:12:26.0314 1524 ultra - ok
10:12:26.0404 1524 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
10:12:26.0424 1524 Update - ok
10:12:26.0494 1524 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
10:12:26.0504 1524 upnphost - ok
10:12:26.0534 1524 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
10:12:26.0544 1524 UPS - ok
10:12:26.0594 1524 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:12:26.0594 1524 usbccgp - ok
10:12:26.0644 1524 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:12:26.0644 1524 usbehci - ok
10:12:26.0704 1524 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:12:26.0715 1524 usbhub - ok
10:12:26.0765 1524 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:12:26.0765 1524 usbprint - ok
10:12:26.0865 1524 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
10:12:26.0865 1524 usbscan - ok
10:12:26.0915 1524 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:12:26.0935 1524 USBSTOR - ok
10:12:27.0005 1524 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:12:27.0005 1524 usbuhci - ok
10:12:27.0075 1524 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
10:12:27.0085 1524 VgaSave - ok
10:12:27.0095 1524 ViaIde - ok
10:12:27.0155 1524 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
10:12:27.0155 1524 VolSnap - ok
10:12:27.0225 1524 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
10:12:27.0235 1524 VSS - ok
10:12:27.0436 1524 [ 654D358F8DC18167F31A01166B4CA9D6 ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
10:12:27.0546 1524 vToolbarUpdater15.3.0 - ok
10:12:27.0636 1524 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
10:12:27.0646 1524 W32Time - ok
10:12:27.0716 1524 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:12:27.0726 1524 Wanarp - ok
10:12:27.0736 1524 WDICA - ok
10:12:27.0796 1524 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
10:12:27.0806 1524 wdmaud - ok
10:12:27.0846 1524 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
10:12:27.0856 1524 WebClient - ok
10:12:27.0986 1524 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
10:12:27.0996 1524 winmgmt - ok
10:12:28.0117 1524 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
10:12:28.0287 1524 WinRM - ok
10:12:28.0327 1524 wltrysvc - ok
10:12:28.0397 1524 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
10:12:28.0417 1524 WmdmPmSN - ok
10:12:28.0497 1524 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
10:12:28.0517 1524 Wmi - ok
10:12:28.0587 1524 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
10:12:28.0597 1524 WmiApSrv - ok
10:12:28.0727 1524 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
10:12:28.0777 1524 WMPNetworkSvc - ok
10:12:28.0908 1524 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:12:28.0948 1524 WPFFontCache_v0400 - ok
10:12:29.0078 1524 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
10:12:29.0088 1524 wscsvc - ok
10:12:29.0108 1524 WSearch - ok
10:12:29.0138 1524 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
10:12:29.0138 1524 wuauserv - ok
10:12:29.0208 1524 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
10:12:29.0238 1524 WudfPf - ok
10:12:29.0318 1524 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
10:12:29.0358 1524 WudfRd - ok
10:12:29.0679 1524 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
10:12:29.0709 1524 WudfSvc - ok
10:12:29.0789 1524 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
10:12:29.0809 1524 WZCSVC - ok
10:12:29.0869 1524 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
10:12:29.0879 1524 xmlprov - ok
10:12:29.0899 1524 ================ Scan global ===============================
10:12:29.0949 1524 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
10:12:30.0019 1524 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:12:30.0059 1524 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
10:12:30.0099 1524 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
10:12:30.0099 1524 [Global] - ok
10:12:30.0109 1524 ================ Scan MBR ==================================
10:12:30.0139 1524 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
10:12:30.0440 1524 \Device\Harddisk0\DR0 - ok
10:12:30.0440 1524 ================ Scan VBR ==================================
10:12:30.0450 1524 [ F9084D68A22996034AEEF2453B4F4166 ] \Device\Harddisk0\DR0\Partition1
10:12:30.0450 1524 \Device\Harddisk0\DR0\Partition1 - ok
10:12:30.0460 1524 ============================================================
10:12:30.0460 1524 Scan finished
10:12:30.0460 1524 ============================================================
10:12:30.0480 0192 Detected object count: 1
10:12:30.0480 0192 Actual detected object count: 1
10:13:10.0908 0192 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:13:10.0908 0192 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
10:15:49.0136 2528 Deinitialize success
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Raptor » July 2nd, 2013, 12:04 pm

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-02 11:50:08
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e TOSHIBA_MK3021GAS rev.GA124A 27.95GB
Running: 6wn7uw97.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwldypoc.sys


---- System - GMER 2.1 ----

SSDT spvl.sys ZwCreateKey [0xF74E40E0]
SSDT spvl.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spvl.sys ZwEnumerateValueKey [0xF74FD132]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xB0FDA5D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xB0FDA700]
SSDT spvl.sys ZwOpenKey [0xF74E40C0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xB0FDA010]
SSDT spvl.sys ZwQueryKey [0xF74FD20A]
SSDT \??\C:\WINDOWS\system32\drivers\avgtpx86.sys ZwQueryValueKey [0xF76C81D6]
SSDT spvl.sys ZwSetValueKey [0xF74FD29C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xB0FDA300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xB0FDA3E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xB0FDA120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xB0FDA210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xB0FDA4D0]

INT 0x3B ? 89729BF8
INT 0x3B ? 89729BF8
INT 0x3B ? 89729BF8
INT 0x3B ? 89729BF8
INT 0x3E ? 89799BF8
INT 0x3F ? 89799BF8

---- Kernel code sections - GMER 2.1 ----

? spvl.sys The system cannot find the file specified. !

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3572] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs 897281F8
Device \FileSystem\Udfs \UdfsCdRom 89372500
Device \FileSystem\Udfs \UdfsDisk 89372500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys

Device \Driver\usbuhci \Device\USBPDO-0 893D9500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8972A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8972A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8972A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8972A1F8
Device \Driver\usbuhci \Device\USBPDO-1 893D9500
Device \Driver\usbuhci \Device\USBPDO-2 893D9500
Device \Driver\usbehci \Device\USBPDO-3 893CA1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys

Device \Driver\Ftdisk \Device\HarddiskVolume1 8979A1F8
Device \Driver\Cdrom \Device\CdRom0 895421F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F7A40B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 88DFE1F8
Device \Driver\NetBT \Device\NetbiosSmb 88DFE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6E740CA9-1E7B-4511-A56E-B56C399F39D8} 88DFE1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

Device \Driver\usbuhci \Device\USBFDO-0 893D9500
Device \Driver\usbuhci \Device\USBFDO-1 893D9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 88DD71F8
Device \Driver\usbuhci \Device\USBFDO-2 893D9500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 88DD71F8
Device \Driver\usbehci \Device\USBFDO-3 893CA1F8
Device \Driver\Ftdisk \Device\FtControl 8979A1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{E3A2F4E7-D153-44FA-BEF1-BE96EB14433C} 88DFE1F8
Device \FileSystem\Cdfs \Cdfs 89339500

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys spvl.sys hal.dll >>UNKNOWN [0x8974a938]<< 8974a938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8971bab8] 8971bab8
Trace 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8971cb00] 8971cb00

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 2.1 ----
Raptor
Regular Member
 
Posts: 36
Joined: March 12th, 2012, 2:13 am
Location: Pinetops, NC (USA)

Re: Repost to Gary R.AVG Free Finds/Secures/And Then Finds A

Unread postby Gary R » July 2nd, 2013, 1:18 pm

OK, there appears to be a random named driver on your machine, which so far has had the following names .... spbh.sys .... spmi.sys .... spvl.sys

Quite what is creating it, or whether it is malicious, I'm unable to say at this time, since it has so far not been possible to find it on your machine, or to get any details for it, since it appears to change name each time it's loaded. So we'll try running a wildcard scan, and see if it turns up on that.

I'd like you to run another scan for me using SystemLook ...

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
Code: Select all
:Filefind
sp*.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 279 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware