Virtumonde - Avid machine

**redblotch83** · 2010-12-08, 22:08

Hello.
I keep having trouble with Virtumonde popping up.
I've tried fixing, and then having it scan on startup, and fixing it there again. Without internet connection. It still keeps showing up in future scans.

I have run ERUNT.

Before I posted here, I had run AVG free 3 times, and spybot 3 times. I fixed the issues that it came up with. But the virtumonde keeps showing up in the registry.

Here are my thingys:

DDS

DDS (Ver_10-12-05.01) - NTFSx86
Run by ASSIST EDIT at 11:02:58.93 on Wed 12/08/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3072.2283 [GMT -8:00]

AV: Antivirus *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k wudfservicegroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe
C:\Program Files\WinTV\WinTV7\WinTVTray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\WINDOWS\system32\AvidFS_Service.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Smith Micro\StuffIt 2009\ArcNameService.exe
C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hp.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\kensington\mouseworks\IE_KMW.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [Mediafour Mac Volume Notifications] "c:\program files\common files\mediafour\MACVNTFY.EXE" /auto
mRun: [MediafourGettingStartedWithMacDrive6] "c:\program files\mediafour\macdrive\MacDrive.exe" /runonce
mRun: [MDDiskProtect.exe] c:\program files\mediafour\macdrive\MDDiskProtect.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy media creator 7\drag to disc\DrgToDsc.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [kmw_run.exe] kmw_run.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autost~1.lnk - c:\program files\wintv\Ir.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\avidun~1.lnk - c:\program files\avid technology\avidunity\connectionmanager\ConnectionManager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wintvr~1.lnk - c:\program files\wintv\wintv7\WinTVTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\coreftp\pftpns.dll
Notify: MacDrive-iTunes compatibility - c:\program files\common files\mediafour\MacDriveiTunesPatch.dll
Notify: winzfg32 - winzfg32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\assist~1\applic~1\mozilla\firefox\profiles\c8bf1vjd.default\
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPOJI610.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 avidcomm;AvidComm;c:\windows\system32\drivers\AvidComm.sys [2008-9-30 186740]
R0 ExpresFC;ExpresFC;c:\windows\system32\drivers\expresfc.sys [2006-6-9 67575]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [2006-4-30 16640]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [2006-5-30 212480]
R1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [2007-8-23 20272]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 AvidFS;AvidFS;c:\windows\system32\drivers\AvidFS.sys [2008-9-30 77602]
R2 AvidUnityFS;AvidUnity FS;c:\windows\system32\AvidFS_Service.exe [2008-9-30 20480]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2007-7-25 11776]
R2 fsdk-wrap;fsdk-wrap;c:\windows\system32\drivers\fsdk-wrap.sys [2008-9-30 212864]
R2 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\tvserver\HAUPPA~1.EXE [2010-2-5 434176]
R2 MSSQL$BKUPEXEC;SQL Server (BKUPEXEC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2006-2-21 476160]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 hplto;hplto;c:\windows\system32\drivers\hplto.sys [2007-3-2 11264]
R3 tpfilter;Symantec SCSI Tape/Changer Log Driver;c:\windows\system32\drivers\tpfilter.sys [2008-1-18 32688]
S1 halfinchVRTS;halfinchVRTS;c:\windows\system32\drivers\halfinch.sys [2007-7-27 39600]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-7 135664]
S3 4mmdat;4mmdat;c:\windows\system32\drivers\4mmdat.sys [2008-10-2 12288]
S3 Flamethrower;Flamethrower;c:\windows\system32\drivers\Flamethrower.sys [2006-6-9 145536]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2010-2-5 28672]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2010-2-5 1218944]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2010-2-5 1216512]

=============== Created Last 30 ================

2010-12-07 23:27:04 -------- d-----w- c:\docume~1\assist~1\locals~1\applic~1\Smith Micro
2010-12-07 23:24:12 -------- d-----w- c:\docume~1\assist~1\locals~1\applic~1\Mozilla
2010-12-07 23:22:45 -------- d-----w- c:\docume~1\assist~1\locals~1\applic~1\Symantec_Corporation
2010-12-07 20:51:45 -------- d-----w- c:\docume~1\assist~1\applic~1\Malwarebytes
2010-12-07 20:48:40 -------- d-----w- c:\docume~1\assist~1\applic~1\AVG10
2010-12-07 20:48:37 -------- d-----w- c:\docume~1\assist~1\applic~1\Kensington
2010-12-07 20:48:36 -------- d-----w- c:\docume~1\assist~1\locals~1\applic~1\Roxio
2010-12-07 17:12:37 -------- d--h--w- C:\$AVG
2010-12-07 01:15:17 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-07 00:09:33 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-07 00:09:11 -------- d-----w- c:\program files\AVG
2010-12-06 18:20:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-06 18:20:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-06 18:18:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-06 18:18:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-06 18:18:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 18:18:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-20 05:54:44 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2010-12-08 02:19:40 7304 ----a-w- c:\windows\TMP0001.TMP
2010-12-06 22:07:32 202448 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-06 05:50:57 47616 ---ha-w- c:\windows\system32\bootetup.dll
2010-09-22 19:03:55 82432 ----a-w- c:\windows\system32\winzfg32.dll
2010-09-22 19:01:36 81920 ----a-w- c:\windows\system32\winfjt32.dll
2010-09-22 19:00:57 81920 ----a-w- c:\windows\system32\winvdi32.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600

CreateFile("\\.\PHYSICALDRIVE0"): The maximum number of secrets that may be stored in a single system has been exceeded.
device: opened successfully
user: error reading MBR

Disk trace:
called modules: ntoskrnl.exe >>UNKNOWN [0xFC2DCA83]<< >>UNKNOWN [0xF2FDFC5F]<<
_asm { JMP 0xfffffffff6d031dc; }
1 nt!IofCallDriver[0xE0B94397] -> \Device\Harddisk0\DR0[0xFC8FFAB8]
kernel: MBR read successfully
_asm { CLI ; XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, SP; PUSH AX; POP ES; PUSH AX; POP DS; STI ; CLD ; MOV DI, 0x600; MOV CX, 0x100; REPNZ MOVSW ; JMP FAR 0x0:0x61d; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xFC1FDAEA
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 11:14:54.73 ===============

Spybot.

Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

Virtumonde: [SBI $1F8EC695] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR

Win32.AutoRun.tmp: [SBI $751B1850] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-12-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-11-30 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-11-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-12-07 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-12 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-11-30 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-11-30 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-11-01 Includes\Trojans.sbi (*)
2010-11-30 Includes\TrojansC-02.sbi (*)
2010-11-30 Includes\TrojansC-03.sbi (*)
2010-11-30 Includes\TrojansC-04.sbi (*)
2010-12-07 Includes\TrojansC-05.sbi (*)
2010-11-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

That is all.
Thanks!

**ken545** · 2010-12-13, 23:49

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Sorry for the delay but we get a bit overwhelmed at times.

Your system is infected with the TDL4 rootkit

Download TDSSKiller and save it to your Desktop.
Extract the file and run it.
Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
Please post the content of the TDSSKiller log

**redblotch83** · 2010-12-15, 19:16

It won't let me upload the tdsskiller log file. It says it is too big of a file for upload. It is 55.7 kb. What's the next step?

Thanks for the help!
Rob

**redblotch83** · 2010-12-15, 20:26

wow.
Having an idiot day here.
Here's the post from the log.

2010/12/15 09:19:24.0984 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/15 09:19:24.0984 ================================================================================
2010/12/15 09:19:24.0984 SystemInfo:
2010/12/15 09:19:24.0984
2010/12/15 09:19:24.0984 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/15 09:19:24.0984 Product type: Workstation
2010/12/15 09:19:24.0984 ComputerName: Z
2010/12/15 09:19:24.0984 UserName: ASSIST EDIT
2010/12/15 09:19:24.0984 Windows directory: C:\WINDOWS
2010/12/15 09:19:24.0984 System windows directory: C:\WINDOWS
2010/12/15 09:19:24.0984 Processor architecture: Intel x86
2010/12/15 09:19:24.0984 Number of processors: 2
2010/12/15 09:19:24.0984 Page size: 0x1000
2010/12/15 09:19:24.0984 Boot type: Normal boot
2010/12/15 09:19:24.0984 ================================================================================
2010/12/15 09:19:25.0921 Initialize success
2010/12/15 09:19:30.0515 ================================================================================
2010/12/15 09:19:30.0515 Scan started
2010/12/15 09:19:30.0515 Mode: Manual;
2010/12/15 09:19:30.0515 ================================================================================
2010/12/15 09:19:34.0203 4mmdat (9546d4cf7f9e902d20b269511ca1f95d) C:\WINDOWS\system32\DRIVERS\4mmdat.sys
2010/12/15 09:19:34.0281 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/12/15 09:19:34.0312 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/15 09:19:34.0328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/15 09:19:34.0343 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/15 09:19:34.0359 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys
2010/12/15 09:19:34.0421 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/12/15 09:19:34.0453 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/12/15 09:19:34.0468 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/15 09:19:34.0515 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/15 09:19:34.0531 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/15 09:19:34.0593 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/15 09:19:34.0671 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/12/15 09:19:34.0687 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/15 09:19:34.0734 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/15 09:19:34.0765 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/15 09:19:34.0796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/15 09:19:34.0843 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2010/12/15 09:19:34.0859 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/15 09:19:34.0890 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2010/12/15 09:19:34.0921 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2010/12/15 09:19:34.0968 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/15 09:19:35.0000 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/15 09:19:35.0015 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/15 09:19:35.0062 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2010/12/15 09:19:35.0109 avidcomm (5e4861a2c29f54eaf3354c60351b7306) C:\WINDOWS\system32\drivers\avidcomm.sys
2010/12/15 09:19:35.0140 AvidFS (601d8603a865426f3be708e607c74f53) C:\WINDOWS\system32\drivers\AvidFS.sys
2010/12/15 09:19:35.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/15 09:19:35.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/15 09:19:35.0312 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/15 09:19:35.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/15 09:19:35.0390 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/15 09:19:35.0453 Cdr4_xp (681a83e2b0ae8ab723a98a42edb7629a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/15 09:19:35.0468 Cdralw2k (8732a257f57aaa718f0c587cf5d0b430) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/15 09:19:35.0484 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/15 09:19:35.0531 cdudf_xp (65a9c15050c06829c8d907dbd39c13e1) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/12/15 09:19:35.0687 DigiNet (41bad852f40c18e007d6260df0109de0) C:\WINDOWS\system32\DRIVERS\diginet.sys
2010/12/15 09:19:35.0703 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/15 09:19:35.0750 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/15 09:19:35.0796 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/15 09:19:35.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/15 09:19:35.0843 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/15 09:19:35.0890 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/15 09:19:35.0921 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/15 09:19:35.0953 drvmcdb (c20167f9d175b6d1851ab05d25ad0209) C:\WINDOWS\system32\drivers\drvmcdb.sys
2010/12/15 09:19:35.0968 drvnddm (2ff629c1c443e25d0149b9dfb77e43a8) C:\WINDOWS\system32\drivers\drvnddm.sys
2010/12/15 09:19:36.0000 DVDVRRdr_xp (668ffa03397aa70aae3bff2c81775a59) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
2010/12/15 09:19:36.0031 dvd_2K (240ea965412f5db3a6e587700c1fe4ea) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/12/15 09:19:36.0093 E1000 (73c0eef62ad50c7ff7a4b1ec9321af9f) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2010/12/15 09:19:36.0125 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/15 09:19:36.0187 ExpresFC (718d12216314ebb1ff063af41dccbe40) C:\WINDOWS\system32\DRIVERS\ExpresFC.sys
2010/12/15 09:19:36.0218 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/15 09:19:36.0265 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/15 09:19:36.0296 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/15 09:19:36.0328 Flamethrower (c8f1a86f61ab3fcec4bf41268c24412e) C:\WINDOWS\system32\drivers\Flamethrower.sys
2010/12/15 09:19:36.0343 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/15 09:19:36.0359 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/15 09:19:36.0390 fsdk-wrap (4a55a8c07735bc6e6598641faa3d9eac) C:\WINDOWS\system32\drivers\fsdk-wrap.sys
2010/12/15 09:19:36.0437 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/15 09:19:36.0453 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/15 09:19:36.0500 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\drivers\gearaspiwdm.sys
2010/12/15 09:19:36.0531 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/15 09:19:36.0562 halfinchVRTS (fc0262c724abab6fd4f1fe9c230e8616) C:\WINDOWS\system32\DRIVERS\halfinch.sys
2010/12/15 09:19:36.0609 hcw72ADFilter (c06d4716baf501781e30b28812f4dcca) C:\WINDOWS\system32\DRIVERS\hcw72ADFilter.sys
2010/12/15 09:19:36.0671 hcw72ATV (b685f8303af11750311abe965c2eb3b8) C:\WINDOWS\system32\DRIVERS\hcw72ATV.sys
2010/12/15 09:19:36.0750 hcw72DTV (f42dc1ea0315ebe25e76edb27b6a85b7) C:\WINDOWS\system32\DRIVERS\hcw72DTV.sys
2010/12/15 09:19:36.0812 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/15 09:19:36.0859 hplto (ab918b7cbf460a49eb03d6a8b4dbab12) C:\WINDOWS\system32\DRIVERS\hplto.sys
2010/12/15 09:19:36.0921 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/15 09:19:36.0984 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/15 09:19:37.0031 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
2010/12/15 09:19:37.0062 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
2010/12/15 09:19:37.0078 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
2010/12/15 09:19:37.0093 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
2010/12/15 09:19:37.0109 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
2010/12/15 09:19:37.0125 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
2010/12/15 09:19:37.0140 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
2010/12/15 09:19:37.0156 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
2010/12/15 09:19:37.0171 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
2010/12/15 09:19:37.0187 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
2010/12/15 09:19:37.0203 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
2010/12/15 09:19:37.0218 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
2010/12/15 09:19:37.0234 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
2010/12/15 09:19:37.0250 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
2010/12/15 09:19:37.0265 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
2010/12/15 09:19:37.0312 iaStor (a1cddd91c3335cdffc942fedf9384952) C:\WINDOWS\System32\DRIVERS\iaStor.sys
2010/12/15 09:19:37.0359 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/15 09:19:37.0390 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/15 09:19:37.0406 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/15 09:19:37.0421 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/15 09:19:37.0437 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/15 09:19:37.0453 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/15 09:19:37.0484 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/15 09:19:37.0515 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/15 09:19:37.0531 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/15 09:19:37.0562 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/15 09:19:37.0578 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/15 09:19:37.0640 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/15 09:19:37.0656 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/15 09:19:37.0687 KMW_KBD (56c128e5a723f41fc254cdc01e31cf8e) C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
2010/12/15 09:19:37.0718 KMW_SYS (56ab6419f4a49b91964c5c6ded4b0fbe) C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
2010/12/15 09:19:37.0750 KMW_USB (ef593601f3a79bf852fdade89df41223) C:\WINDOWS\system32\DRIVERS\KMW_USB.sys
2010/12/15 09:19:37.0781 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/15 09:19:37.0859 MDFSYSNT (71469cfd402621ed2f329fb1aa3fd0f0) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2010/12/15 09:19:37.0875 MDPMGRNT (54d441f64ce6da15820ef49cd705376f) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2010/12/15 09:19:37.0906 mmc_2K (26a06fb2315ad15613420054107be520) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/12/15 09:19:37.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/15 09:19:37.0968 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/15 09:19:38.0000 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/15 09:19:38.0031 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/15 09:19:38.0046 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/15 09:19:38.0093 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2010/12/15 09:19:38.0125 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/15 09:19:38.0171 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/15 09:19:38.0203 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/15 09:19:38.0234 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/15 09:19:38.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/15 09:19:38.0265 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/15 09:19:38.0312 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/15 09:19:38.0343 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/15 09:19:38.0359 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/15 09:19:38.0390 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/15 09:19:38.0437 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/15 09:19:38.0453 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/15 09:19:38.0484 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/15 09:19:38.0500 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/15 09:19:38.0515 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/15 09:19:38.0531 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/15 09:19:38.0562 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/15 09:19:38.0593 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/15 09:19:38.0625 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/15 09:19:38.0640 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/15 09:19:38.0687 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/15 09:19:38.0718 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/15 09:19:38.0906 nv (e6412ce5a04ed36f77e47244076efa95) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/15 09:19:38.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/15 09:19:38.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/15 09:19:38.0984 ohci1394 (c91f4ab66638a255660137a36e729fc4) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/15 09:19:39.0031 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys
2010/12/15 09:19:39.0046 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/15 09:19:39.0062 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/15 09:19:39.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/15 09:19:39.0125 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/15 09:19:39.0156 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/15 09:19:39.0187 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/15 09:19:39.0328 PnkBstrK (d9145f60012289421f1b2dee4945c845) C:\WINDOWS\system32\drivers\PnkBstrK.sys
2010/12/15 09:19:39.0375 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/15 09:19:39.0375 Suspicious service (Hidden): PRAGMAibadmxvpex
2010/12/15 09:19:39.0453 PRAGMAibadmxvpex (4fc1255817092de5c285440cf477035e) C:\WINDOWS\PRAGMAibadmxvpex\PRAGMAd.sys
2010/12/15 09:19:39.0453 Suspicious file (Hidden): C:\WINDOWS\PRAGMAibadmxvpex\PRAGMAd.sys. md5: 4fc1255817092de5c285440cf477035e
2010/12/15 09:19:39.0453 PRAGMAibadmxvpex - detected Rootkit.Win32.TDSS.tdl2 (0)
2010/12/15 09:19:39.0468 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/15 09:19:39.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/15 09:19:39.0562 pwd_2k (55b943f509ed863b86e685aee1445890) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/12/15 09:19:39.0625 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/15 09:19:39.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/15 09:19:39.0750 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/15 09:19:39.0765 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/15 09:19:39.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/15 09:19:39.0812 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/15 09:19:39.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/15 09:19:39.0859 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/15 09:19:39.0906 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/15 09:19:39.0921 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/15 09:19:40.0000 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2010/12/15 09:19:40.0062 SCSIChanger (609761ad18b4c7c82db3d43433a1e108) C:\WINDOWS\system32\DRIVERS\scsichng.sys
2010/12/15 09:19:40.0125 Secdrv (72dffa33f8ed1c847075eee2c1e790ee) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/15 09:19:40.0187 Sentinel (4b926f60ccce0c410591c66446675496) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/12/15 09:19:40.0203 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/15 09:19:40.0265 Serial (e2d2492422300a7df6e46232f4c389c5) C:\WINDOWS\system32\DRIVERS\avidXPserial.sys
2010/12/15 09:19:40.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/15 09:19:40.0375 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/15 09:19:40.0437 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2010/12/15 09:19:40.0500 SNTNLUSB (1475a9533649935a048ea5e27f8c3b37) C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
2010/12/15 09:19:40.0562 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/15 09:19:40.0609 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/15 09:19:40.0656 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/15 09:19:40.0703 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2010/12/15 09:19:40.0718 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys
2010/12/15 09:19:40.0781 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/15 09:19:40.0812 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/15 09:19:40.0843 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/15 09:19:40.0875 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/15 09:19:40.0890 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/15 09:19:40.0937 Symmpi (f32b8c39e5c54e765595c9c5b9b9ab9e) C:\WINDOWS\system32\DRIVERS\symmpi.sys
2010/12/15 09:19:40.0953 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/15 09:19:40.0968 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/15 09:19:40.0984 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/15 09:19:41.0031 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/15 09:19:41.0062 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/15 09:19:41.0078 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/15 09:19:41.0125 TermDD (c845b7ffc3ff40d5bad678832f471c2d) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 09:19:41.0125 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c845b7ffc3ff40d5bad678832f471c2d, Fake md5: a540a99c281d933f3d69d55e48727f47
2010/12/15 09:19:41.0125 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/12/15 09:19:41.0218 tfsnboio (e233957bbdf9272f5ced5dd407b3a0f8) C:\WINDOWS\system32\dla\tfsnboio.sys
2010/12/15 09:19:41.0234 tfsncofs (f9feaff0b229bb6b8f1e2d30e7a293ad) C:\WINDOWS\system32\dla\tfsncofs.sys
2010/12/15 09:19:41.0250 tfsndrct (06577195e2114dfd3444a5aa1c0a1ff4) C:\WINDOWS\system32\dla\tfsndrct.sys
2010/12/15 09:19:41.0265 tfsndres (79f959f7a8d07ac198bb60165be81dfe) C:\WINDOWS\system32\dla\tfsndres.sys
2010/12/15 09:19:41.0296 tfsnifs (6bfe88537918bc21d490bf99a696614f) C:\WINDOWS\system32\dla\tfsnifs.sys
2010/12/15 09:19:41.0312 tfsnopio (7ba555af534f8d243841f1c98ddbd0f3) C:\WINDOWS\system32\dla\tfsnopio.sys
2010/12/15 09:19:41.0328 tfsnpool (02ccb675d966e6d4c6f85ed321aabe3f) C:\WINDOWS\system32\dla\tfsnpool.sys
2010/12/15 09:19:41.0343 tfsnudf (20012e5dae2e73dd7b55efbd4d379821) C:\WINDOWS\system32\dla\tfsnudf.sys
2010/12/15 09:19:41.0359 tfsnudfa (987f9d0db1d3586c0537408654f8b576) C:\WINDOWS\system32\dla\tfsnudfa.sys
2010/12/15 09:19:41.0453 tpfilter (1e9c7b4b1ca527fe754d4f871249fa16) C:\WINDOWS\system32\DRIVERS\tpfilter.sys
2010/12/15 09:19:41.0515 TPkd (78b7066f8b444667ab1f076ec7d7a0a4) C:\WINDOWS\system32\drivers\TPkd.sys
2010/12/15 09:19:41.0562 UDFReadr (e3f66ac25ac2a0b7fda19df4651def82) C:\WINDOWS\system32\drivers\UDFReadr.sys
2010/12/15 09:19:41.0593 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/15 09:19:41.0656 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/15 09:19:41.0718 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/15 09:19:41.0765 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/15 09:19:41.0828 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/15 09:19:41.0890 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/15 09:19:41.0937 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/15 09:19:41.0953 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/15 09:19:41.0984 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/15 09:19:42.0031 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/15 09:19:42.0062 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/15 09:19:42.0093 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/15 09:19:42.0140 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/15 09:19:42.0203 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/15 09:19:42.0265 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/12/15 09:19:42.0328 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/15 09:19:42.0375 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/15 09:19:42.0421 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/15 09:19:43.0875 ================================================================================
2010/12/15 09:19:43.0875 Scan finished
2010/12/15 09:19:43.0875 ================================================================================
2010/12/15 09:19:43.0890 Detected object count: 2
2010/12/15 09:20:19.0187 C:\WINDOWS\PRAGMAibadmxvpex\PRAGMAd.sys - will be deleted after reboot
2010/12/15 09:20:19.0187 C:\WINDOWS\PRAGMAibadmxvpex\PRAGMAc.dll - will be deleted after reboot
2010/12/15 09:20:19.0187 HKLM\SYSTEM\ControlSet001\services\PRAGMAibadmxvpex - will be deleted after reboot
2010/12/15 09:20:19.0187 HKLM\SYSTEM\ControlSet003\services\PRAGMAibadmxvpex - will be deleted after reboot
2010/12/15 09:20:19.0187 C:\WINDOWS\PRAGMAibadmxvpex\PRAGMAd.sys - will be deleted after reboot
2010/12/15 09:20:19.0187 Rootkit.Win32.TDSS.tdl2(PRAGMAibadmxvpex) - User select action: Delete
2010/12/15 09:20:19.0296 TermDD (c845b7ffc3ff40d5bad678832f471c2d) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 09:20:19.0296 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: c845b7ffc3ff40d5bad678832f471c2d, Fake md5: a540a99c281d933f3d69d55e48727f47

**ken545** · 2010-12-15, 22:20

Having an idiot day here.

Your doing fine

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**ken545** · 2010-12-21, 13:04

Still with us ?

**ken545** · 2010-12-28, 13:27

Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Thread: Virtumonde - Avid machine

Thread Tools

Display

Virtumonde - Avid machine

Posting Permissions