How is your PC behaving now?
How is your PC behaving now?
It *seems* normal now. I'm still getting the prompt in my sys tray to download the latest Windows automatic update from MS. If you recall, I had mentioned that one of the problems I was having was that I would download this update for the latest Malicious Software Remover tool version over and over, only to have the prompt show up again each time I restarted my PC.
Also, whenever I shut down my PC I see the same prompt to allow the Windows update to install while shutting down. No matter how many times I allow it to do so, it's still there the next time I shut down.
Since running these fixes, I've refrained from initiating the Windows update download for fear of making any changes to my PC during this time.
--Ryodin
Greetings Ryodin,
We need to check one more please.
Please go to one of the below sites to scan the following files:
Virus Total
VirScan
jotti.org
click on Browse, and upload the following file for analysis:
C:\WINDOWS\system32\drivers\serial.sys
Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Whoa! Seems we hit the jackpot! Quite a few suspicious looking items on this one. Here's the results:
=========================================================
File name: serial.sys
Submission date: 2011-08-24 00:16:08 (UTC)
Current status: queued (#4) queued analysing finished
Result: 22/ 44 (50.0%)
Antivirus Version Last Update Result
AhnLab-V3 2011.08.23.01 2011.08.23 Backdoor/Win32.ZAccess
AntiVir 7.11.13.196 2011.08.23 TR/Gendal.kdv.302318
Antiy-AVL 2.0.3.7 2011.08.23 -
Avast 4.8.1351.0 2011.08.24 Win32:Sirefef-H [Rtk]
Avast5 5.0.677.0 2011.08.24 Win32:Sirefef-H [Rtk]
AVG 10.0.0.1190 2011.08.24 BackDoor.Generic14.PXV
BitDefender 7.2 2011.08.24 Trojan.Generic.KDV.302318
ByteHero 1.0.0.1 2011.08.22 -
CAT-QuickHeal 11.00 2011.08.23 -
ClamAV 0.97.0.0 2011.08.23 -
Commtouch 5.3.2.6 2011.08.23 -
Comodo 9849 2011.08.23 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.08.24 -
Emsisoft 5.1.0.10 2011.08.23 -
eSafe 7.0.17.0 2011.08.22 -
eTrust-Vet 36.1.8518 2011.08.24 -
F-Prot 4.6.2.117 2011.08.23 -
F-Secure 9.0.16440.0 2011.08.24 Trojan.Generic.KDV.302318
Fortinet 4.2.257.0 2011.08.23 -
GData 22 2011.08.24 Trojan.Generic.KDV.302318
Ikarus T3.1.1.107.0 2011.08.23 -
Jiangmin 13.0.900 2011.08.23 Trojan/Generic.jdvy
K7AntiVirus 9.111.5047 2011.08.23 -
Kaspersky 9.0.0.837 2011.08.24 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.08.24 Artemis!1B7E9A275B4E
McAfee-GW-Edition 2010.1D 2011.08.23 Artemis!1B7E9A275B4E
Microsoft 1.7604 2011.08.24 -
NOD32 6404 2011.08.24 a variant of Win32/Rootkit.Kryptik.DM
Norman 6.07.10 2011.08.23 -
nProtect 2011-08-23.01 2011.08.23 Gen:Variant.TDss.15
Panda 10.0.3.5 2011.08.23 Generic Trojan
PCTools 8.0.0.5 2011.08.24 Trojan.ADH
Prevx 3.0 2011.08.24 -
Rising 23.72.01.03 2011.08.23 -
Sophos 4.68.0 2011.08.24 Mal/TDSSPack-A
SUPERAntiSpyware 4.40.0.1006 2011.08.24 -
Symantec 20111.2.0.82 2011.08.24 Trojan.ADH
TheHacker 6.7.0.1.284 2011.08.23 Trojan/Kryptik.dm
TrendMicro 9.500.0.1008 2011.08.23 -
TrendMicro-HouseCall 9.500.0.1008 2011.08.24 -
VBA32 3.12.16.4 2011.08.23 -
VIPRE 10251 2011.08.24 Trojan.Win32.Generic!BT
ViRobot 2011.8.23.4635 2011.08.23 -
VirusBuster 14.0.182.0 2011.08.23 Rootkit.Kryptik!PC535YpzZcY
Additional informationShow all
MD5 : 1b7e9a275b4e01615667611596608c5c
SHA1 : 705c9da83bd825b2014f0c734d312be26cb119ed
SHA256: 6744d39c417292c96f71f38e69f7eb618b4281f779f7d63c5a1b768020c806cb
=========================================================
--Ryodin
Greetings Ryodin,
Here we go with Combofix
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
Save this as "CFScript.txt", and as* Type: All Files (*.*) in the same location as ComboFix.exeFile::
Filelook::
C:\WINDOWS\system32\drivers\serial.sys
Folder::
Registry::
Driver::
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Everything went smoothly. Phew!
Here's the log of the results:
=========================================================
ComboFix 11-08-23.06 - David Batista 08/23/2011 22:20:00.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1293 [GMT -4:00]
Running from: c:\documents and settings\David Batista\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David Batista\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-23 11:01 . 2011-08-23 11:01 -------- d-----w- c:\windows\LastGood
2011-08-19 23:31 . 2011-08-19 23:31 -------- d--h--w- c:\windows\PIF
2011-08-19 02:16 . 2011-08-19 02:16 388096 ----a-r- c:\documents and settings\David Batista\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-13 16:13 . 2011-05-19 02:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-17 17:20 . 2011-01-09 18:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-15 13:29 . 2002-08-29 11:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 15:20 . 2011-07-12 15:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20 . 2011-07-12 15:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2002-08-29 11:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2002-08-29 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-02-06 22:05 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2002-08-29 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2006-03-26 00:22 . 2006-03-26 00:23 774144 ----a-w- c:\program files\RngInterstitial.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\serial.sys ---
Company: Microsoft Corporation
File Description: Serial Device Driver
File Version: 5.1.2600.5512 (xpsp.080413-2108)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: serial.sys
File size: 64512
Created time: 2002-08-29 11:00
Modified time: 2008-04-13 19:15
MD5: CCA207A8896D4C6A0C9CE29A4AE411A7
SHA1: 57F1FAE6A306BF14F6EF3E43C0C4252E9F21C0DC
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-22_01.16.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 10:57 . 2011-08-23 10:57 16384 c:\windows\temp\Perflib_Perfdata_344.dat
+ 2002-09-03 08:08 . 2011-08-23 22:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2011-08-21 15:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2002-09-03 08:08 . 2011-08-23 22:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2002-09-03 08:08 . 2011-08-21 15:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-07-01 03:00 . 2011-08-23 22:23 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
- 2009-07-01 03:00 . 2011-08-21 15:49 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\IETldCache\index.dat
- 2002-09-03 08:08 . 2011-08-21 15:49 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2011-08-23 03:51 . 2011-08-23 22:23 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2011-08-23 11:01 . 2002-09-03 14:31 4594 c:\windows\LastGood\system32\oembios.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\David Batista\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-23 1306728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\documents and settings\David Batista\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\David Batista\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
HotSync Manager.LNK - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-3-17 327680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-2-17 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Red Chair Software\\Dudebox Explorer\\dudemgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Red Chair Software\\Deubox Explorer\\deumgr.exe"=
"c:\\Documents and Settings\\David Batista\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/9/2011 2:00 PM 64288]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\mfetdi2k.sys [5/8/2010 3:40 PM 89368]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/8/2010 3:40 PM 214904]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/8/2010 3:40 PM 214904]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/8/2010 3:41 PM 159832]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/8/2010 3:41 PM 148520]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [9/8/2010 11:41 AM 237056]
R2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [9/8/2010 11:45 AM 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [9/8/2010 11:44 AM 484352]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/8/2010 3:40 PM 57432]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\mfefirek.sys [5/8/2010 3:40 PM 337912]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/8/2010 3:40 PM 83688]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [5/6/2008 5:06 PM 11520]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 5:05 AM 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/3/2010 5:05 AM 15232]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\mfendisk.sys [5/8/2010 3:40 PM 83688]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/8/2010 3:40 PM 85984]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 11:19]
.
2011-08-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-08-23 22:34:46
ComboFix-quarantined-files.txt 2011-08-24 02:34
ComboFix2.txt 2011-08-22 01:21
ComboFix3.txt 2008-07-22 22:54
.
Pre-Run: 70,550,511,616 bytes free
Post-Run: 70,587,117,568 bytes free
.
- - End Of File - - 5CC3C1B1A26A530F12DBABA71AB75CB5
=========================================================
--Ryodin
Greetings Ryodin,
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
Code::filefind serial.sys- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Here is the log of the SystemLook scan:
=========================================================
SystemLook 30.07.11 by jpshortstuff
Log created at 18:20 on 25/08/2011 by David Batista
Administrator - Elevation successful
========== filefind ==========
Searching for "serial.sys"
C:\I386\SERIAL.SYS --a---- 62464 bytes [05:54 21/02/2004] [11:00 29/08/2002] DC7CBFEC14B1B38BCF32ABA922FFEAAD
C:\WINDOWS\$NtServicePackUninstall$\serial.sys -----c- 64896 bytes [02:06 23/07/2008] [06:15 04/08/2004] CD9404D115A00D249F70A371B46D5A26
C:\WINDOWS\ServicePackFiles\i386\serial.sys ------- 64512 bytes [06:15 04/08/2004] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\SYSTEM32\DLLCACHE\serial.sys --a---- 64512 bytes [11:00 29/08/2002] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\SYSTEM32\DRIVERS\serial.sys --a---- 64512 bytes [11:00 29/08/2002] [19:15 13/04/2008] CCA207A8896D4C6A0C9CE29A4AE411A7
-= EOF =-
=========================================================
--Ryodin
Bump to next post
Last edited by ken545; 2011-08-26 at 03:52.
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Greetings Ryodin,
Let's run aswMBR to see if serial.sys still shows up.
- Double click the aswMBR.exe icon to run it
- Click the Scan button to start the scan
- On completion of the scan, click the**save log button, save it to your desktop and post it in your next reply.